Windows Admin Center High-availability deployment

in this article, Lao Wang will be a high-availability deployment for Windows Admin Center, and I believe the highly available architecture support will further advance the product's Landing

Environment Introduction

08dc2

LAN 10.0.0.2 255.0.0.0

16server1

LAN 10.0.0.3 255.0.0.0 DNS 10.0.0.2

Clus 18.0.0.3 255.0.0.0

Storage 30.0.0.3 255.0.0.0

16server2

LAN 10.0.0.4 255.0.0.0 DNS 10.0.0.2

Clus 18.0.0.4 255.0.0.0

Storage 30.0.0.4 255.0.0.0

Windows Admin Center (hereinafter referred to as WAC) supports the deployment platform: Windows ten, Windows Server 2016,windows Server 2019

WAC support for Managed Server clients: Windows server 2008r2,2012,2012r2,2016,2019, Hyperv-server 2012r2,2016,windows 10

The Management Server 2008R2 needs to be installed beforehand. NET4.5.2 WMF5.1

Management Server 2012R2 requires prior installation of WMF5.1

Managing Hyper-V Server 2012R2 requires installing WMF5.1 beforehand, enabling remote administration, enabling the file server role, enabling the Hyper-V module for PowerShell

Managing Hyper-V Server 2016 requires pre-enabling remote administration, enabling the file server role, enabling the Hyper-V module for PowerShell

Windows Admin Center High-availability deployment ideas

WAC currently does not take a front-end separation architecture, presenting a Windows Admin Center-only app service on Windows, a highly available deployment with the WSFC architecture, and installing WAC files on both nodes through a/p deployment. WSFC applies a cluster to the WAC service to detect the health of the service and, if the node is down, to start the Mount WAC service on another node

WAC Prerequisites

1. already installed WSFC cluster

2. The cluster provides a normally available CSV for storing the WAC database file

3. download WAC high-availability deployment scripts, the deployment process is all done by script Automation
   

4. ready to export the private key certificate template, request a certificate, place the certificate export in the same folder as the script

5. Copy the script and Certificates folder to the same path for each node of the cluster

WAC can integrate the 2016,2019 technology

1. WAC itself can be deployed on a s2d cluster

2. WAC now supports managing storage replicas

3. WAC is now able to monitor Hyper-V SDN

4. 2019 The latest storage migration technology can only manage operations on WAC

5. WAC now exposes the SDK and can use the PS script

when writing SDK extensions

Now Lao Wang has deployed a WSFC cluster with a file share witness

Storage with S2D architecture

Enable-clusters2d-cachestate Disabled-autoconfig 0-skipeligibilitychecks

Later in the s2d will be created in the upper layer CSV,WAC will WAC operation process required database files, interface files, such as the unified existence of CSV, if the test environment, or WAC management of the host is not much, the database is small, you can not consider the cache mechanism, if the WAC management host a lot, the use of many people, It is recommended that you consider configuring the caching architecture to improve management efficiency

Create a CSV based on a cluster disk

Prepare a certificate that can export the private key, by default, the certificate that we request through the MMC to the enterprise CA does not support the export of the private key, so we need to copy the new certificate template, log in to the Certificate Server, open the certificate template, copy the Web server certificate template, check the request processing page allow private key to be exported

Check the publish certificate in AD in the general interface

Under the secure interface, add computer objects, Domain Computers tick registration permissions, or consider security factors or you can add only WAC cluster nodes to allow registration.

Create a new certificate template to issue at the certificate template, select our Custom certificate template

When the release is complete, go back to the cluster node via MMC-computer account-Personal request certificate, you can see the newly published certificate template in the CA that we just

Select configuration details at the certificate request office

Add the WAC cluster VCO name at the common name, and after the cluster is created, everyone accesses WAC by this name, so be sure to ensure that the certificate name is consistent

Add DNS name at alternate name, WAC vco name, each node FQDN name

After the configuration is complete, export the certificate with the private key to the same path as the installation file, and then copy the folder to the same path for each node in the cluster

WAC cluster installation scripts http://aka.ms/WACHASetupScripts

WAC 1804 Http://aka.ms/WACDownload , 1804 is currently a GA version, this article is deployed in version 1804, the updated version can be downloaded in the Insider center

When the prerequisites are ready, on one of the cluster nodes, open the Windows Power Shell as an administrator, ready to install

The script commands are described below

. \install-windowsadmincenterha.ps1-clusterstorage C:\ClusterStorage\Volume1-ClientAccessPoint Wac-msipath C: Wacfile\windowsadmincenter.msi-certpath C:\WACFile\wac.pfx-CertPassword $cerpassword-staticaddress 10.0.0.20

-clusterstorage: The local path to the cluster shared volume used to store windows Central Administration data.

-clientaccesspoint: Select the name that will be used to access the Windows Admin Center, such as filling in the WAC, which will be accessed wac.oa.com after the installation is complete WAC

-STATICADDRESS:WAC vco corresponding cluster IP address

Path to the-msipath:windows Admin Center. msi File

-certpath: Certificate. pfx file path

-certpassword: The securestring password for the supplied certificate. PFX

-generatesslcert: Optional, if you do not want to provide a signing certificate, include this parameter flag to generate a self-signed certificate, and the self-signed certificate expires after 90 days

-portnumber: Optional, if no port is specified, the Gateway service will be deployed on port 443 (HTTPS) to specify the use of a different port in this parameter

The script installs the WAC file on top of each node, except that the WAC service with only one node is turned on at the same time, and the other nodes stop waiting.

After installation, open CSV to see the following folder schema

Open the DB folder can see the WAC run process stored in the DB file format, visible is the windows above the traditional EDB format, there are checkpoint files, temporary files, database files, etc., when we open on one of the nodes WAC perform management operations, the node after the outage, In addition, when the node starts, it will go to CSV to load the WAC management data.

Installation completed WAC interface below, under normal circumstances if follow the steps of Lao Wang to install the certificate, SSL here should be a green trust, if the certificate does not trust check the certificate request step when the name is incorrect

Compared to September 24, 2017 when Lao Wang wrote Honolulu, Windows Admin Center has had a lot of enhancements

Support for direct storage replica management

Support for authorization management, azure consolidation

The actual test failover situation, the current WAC mainly by the 16server2 to provide services, the Lao Wang directly power off

In my virtualized experiment environment, from 16server2 down to 16server1 takeover service, a total of 2-3 minutes of downtime, according to my observation is not able to ping through, you can use, even after the ping to wait until 1-2 minutes after the Web page can be formally opened, Because it is both back and forth, because when one node goes down, when another node starts, it is necessary to reload the front and back steps, so this part of the load time will also count as downtime, depending on the machine performance, after 2-3 minutes of failover time You can see that the service is provided by 16server1 at this time, but the management data is still there and does not need to be re-added

WAC is simply the next generation of Microsoft Server Management Center, a compromise between stand-alone management tools and the private cloud, a lightweight data center management platform, administrators will be able to complete more than 70 Microsoft platform System management work through the WAC portal, To relieve the original daily work need to open a lot of management tools, through a gateway platform to manage the private cloud public cloud virtual machine physical machine, from its inception as a Honolulu project was the great expectations of Microsoft, developed to today's WAC, it is more extreme, more practical. Enhanced control of virtualization, S2D,SDN, Azuread, Azure Backup, Azure File Sync, disaster recovery hybrid cloud integration, enhanced authorization access, open SDK development specifications, Attracting developer and vendor ecology, support for enterprise-class high-availability deployments, support for Script viewer, the trend seems to WAC future keywords will be mixed, flexible, practical lightweight

From another updated message it appears that the next version of WAC will also introduce the System Insight feature, which can help administrators predict server cluster performance spikes and be able to set the automated actions that need to be taken when spikes are reached, which, frankly, may be a feature that many administrators have dreamed of. But then Lao Wang is also worried that WAC will be sunk, because the analysis of the forecast needs the database and analysis engine support, do not know what the final presentation will look like, I hope it will not violate the original intention of WAC, the current product in my view is very strong, from the system Insight can see that Microsoft intends to give this product smart label, while Windows Server 2019 Microsoft has also made a temptation, the storage migration of this new feature can only be done through the WAC operation, the purpose should be to test the acceptance of WAC, if the degree of acceptance is good, It is possible that new features will be available only on WAC, so it is necessary to understand and use WAC.

In the future I hope this product is so, keep light, keep the practical, the future may bring the change, I think Microsoft will consider the IT staff editing extension aspect, may introduce some easy IT personnel to operate the code-free extension tools, authentication and interface customization should be more flexible, There may be some enhancements to the client-side management, such as remote client demonstrations, remote counting of client assets, and remote direct software. Server management above I think WAC will focus on 2016 2019 of new functional modules, such as SDS,SDN, Microsoft will continue to optimize the management experience of these two functions on WAC, will consider docking Linux, containers and other emerging technologies.

This is the hope that through this article can bring people to think and harvest

Windows Admin Center High-availability deployment