Windows Admin Center “Modernized Gateway” is now in Public Preview!
By Trung Tran, Program Manager, Microsoft
An upgraded version of Windows Admin Center has been released to public preview. This is in addition to the latest generally available release, Windows Admin Center version 2311. These two versions of Windows Admin Center can be installed side-by-side, allowing you to get a taste of what’s coming in Windows Admin Center without sacrificing your existing setups.
We’ve been working behind the scenes to ensure that Windows Admin Center is up-to-date, secure, and reliable. We suggest experienced users of Windows Admin Center and Windows Admin Center developers give this build a try. Read on to find out what the modernized gateway is and all the exciting new performance, extensibility, and security features we’re now leveraging!
What’s new in the modernized gateway
Upgrade to .NET Core
The Windows Admin Center frontend UI is built on Angular, which is in turn built on our shell. The shell hosts all the core services and most of our UI components, our solutions like server and cluster manager, and, on top of that, every extension that you use for server management.
Our front end interacts with our backend, which is also known as our gateway. The gateway hosts our authorization structure, our PS services, our gateway plug-ins, and plays a critical role in every single experience that you use in Windows Admin Center.
In this release, we’re upgrading our backend from the .NET 4.6.2 framework upgrade to .NET Core, bringing enhanced security and improved cryptography to our product. This also includes support for HTTP 2, reducing latency and enhancing the responsiveness of Windows Admin Center. Combined with improved performance, providing faster load times, you’ll be able to get your tasks done more quickly and efficiently.
While modernizing our gateway, we also made the installer more flexible by providing increased customization options including network access settings, selecting trusted hosts, providing a fully qualified domain name (FQDN) for your gateway machine, and more. For more details about the installer, read on to the Installing the modernized gateway section.
As part of our gateway modernization effort, you may notice that your Windows Admin Center settings look a little bit different.
As we discussed in the 2211 Windows Admin Center release, we have deprecated the in-app update experience and have consequently removed the settings blade for Updates. Additionally, the Access and Shared Connections blades are now available on local gateway installations (also known as “desktop mode” in legacy gateway builds).
Multi-process, micro-service based
The modernized gateway also leverages microservice architecture. Prior to this upgrade, Windows Admin Center performed all tasks in a single process. With our new model, we start one process for Windows Admin Center on application startup that serves as a process manager. As you use Windows Admin Center, additional sub-processes are spun up to perform specific tasks.
Additionally, gateway plug-ins that are compatible with the modernized gateway will also run their own collection of sub-processes under the Windows Admin Center service manager to perform their functions.
Changing from a monolithic service to a microservice model helps our modernized gateway be more flexible, scalable, and resilient.
Kestrel HTTP web server
Previously, Windows Admin Center utilized Katana components, including a web server, on the backend. With the modernized gateway, we’ve shifted to an ASP.NET Core Kestrel web server.
Kestrel is the recommended web server for ASP.NET Core applications. Kestrel is:
- High performing: Kestrel is optimized to handle a large number of concurrent connections efficiently.
- Lightweight: Optimized for running in resource-constrained environments, such as containers and edge devices.
- Security hardened: Kestrel supports HTTPS and is hardened against web server vulnerabilities.
Additionally, Kestrel supports the HTTP/2 web protocol, where previously we had only supported HTTP1.1 with the Katana components. The upgrade from HTTP1.1 to HTTP/2 brings reduced latency to our application as well as increased responsiveness through enhanced features like multiplexing and server push.
Switching to a Kestrel web server will also allow for Windows Admin Center to potentially enable cross-platform support in the future.
How does the modernized gateway impact my extension?
Gateway plug-in extensions will be the most impacted by the changes to our modernized gateway. Windows Admin Center gateway plug-ins enable API communication from the UI of your tool or solution to a target node. Windows Admin Center hosts a gateway service that relays commands and scripts from gateway plug-ins to be executed on target nodes. The gateway service can be extended to include custom gateway plug-ins that support protocols other than the default ones (PowerShell and WMI).
Because gateway plug-ins communicate with Windows Admin Center’s backend to enable API communication, gateway plug-in code may include components written with the .NET framework version 4.6.2, which will not function with .NET Core. This code needs to be updated to use the .NET Core framework.
Additionally, we’ve modified the way plug-ins work with our modernized gateway. Instead of developing a C# class which implements the IPlugIn interface from the Microsoft.ManagementExperience.FeatureInterfaces namespace to extend the gateway plug-in, extensions will now be written in the form of ASP.NET MVC controllers. These controllers have increased flexibility compared to the simple C# class and extensive documentation.
Learn more about gateway plug-in development in Windows Admin Center here.
What about my tool and/or solution extension?
Solution and tool extensions do not communicate with Windows Admin Center’s backend in-depth and should be minimally impacted by the modernized gateway. We strongly recommend testing your extension to ensure it continues to run smoothly on the new backend.
Installing the modernized gateway
With our modernized gateway, we’ve made changes to our installer to offer more flexibility to the user.
When running the installer, you will be presented with three different installation modes: express localhost setup, express remote setup, and custom setup.
Express setup options
Two of the three installation modes for the modernized gateway are express modes—express localhost setup and express remote setup.
Both express setup options do not allow for the configuration of the following features:
- Login authentication mode
- Host access network names
- Internal and external network ports
- Certificate type and thumbprint
- Endpoint FQDN
- Trusted hosts mode
- WinRM over HTTPS
If you would like to configure any of these features, please use the custom setup option instead.
If you select the express localhost setup option, WAC will be accessible through port 6600 and will use internal ports 6601-6610.
If you select the express remote setup option, WAC will be accessible through port 443 and will use internal ports 6601-6610.
Selecting custom setup allows you to configure all Windows Admin Center setup options:
- Network access – This page allows you to select how you will be using Windows Admin Center. You may choose to restrict WAC access to other users by selecting localhost access only or allow remote access through machine name of FQDN.
- Port numbers – This page allows you to select the ports that will be reserved for Windows Admin Center. WAC uses one external port for its primary processes. Other processes use internal ports. There are two internal processes by default, but extensions may define their own services that will require port access. By default, the internal range is 10 ports.
- Select TLS certificate – This page allows you to select Self-Signed certificates or an official TLS certificate that Windows Admin Center should use. Self-Signed certificates include Self-signed CA root certificates and TLS certificates that work with the latest Edge/Chrome browser.
- Fully qualified domain name – This page allows you to provide a fully qualified domain name for network access. This name must match the name on the TLS certificate.
- Trusted hosts – This page allows you to select which type of remote hosts you’d like to manage. You may choose to manage only trusted domain computers or allow access to non-domain joined machines.
- WinRM over HTTPS – This page allows you to select whether to use HTTPS for WinRM communication. WinRM communicates over HTTP by default.
If your installation failed, or you’re having trouble opening WAC after install, you may need to uninstall and reinstall. This can also happen if you have an older version of a modernized gateway build installed, and you are trying to update to a newer version. To uninstall, follow the instructions in the Uninstalling and cleanup section of this document.
Uninstalling the modernized gateway
To uninstall the Windows Admin Center modernized gateway, perform one of the following actions:
- In the Apps & Features page of your gateway machine settings, select Windows Admin Center (v2) Preview from the program list and then select uninstall.
- Navigate to the folder where the Windows Admin Center modernized gateway is installed (default directory is C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Admin Center (v2)) and select “Uninstall Windows Admin Center (v2)”
- Run C:\Program Files\WindowsAdminCenter\unins000.exe
Running the installer again will not result in an uninstall option at this time. To ensure your installation was removed successfully, check if a WindowsAdminCenter folder exists in C:\ProgramData or C:\Program Files. If it does not exist in either location, your application has been successfully uninstalled.
During the uninstallation process, everything put on the machine during installation will be removed, except for the Windows Admin Center modernized gateway .exe installer file. If you have another build of Windows Admin Center also installed at the time of your modernized gateway uninstallation, no files or properties of the other build will be touched during the uninstallation process. There are no interdependencies between the two installations.
Q: Can you install a build of Windows Admin Center with the modernized gateway when you already have an existing build of Windows Admin Center installed?
A: Yes, you can install a modernized gateway build of Windows Admin Center side-by-side with a legacy gateway build as long as you do not choose the same ports for both installations.
Q: Can I change the ports my Windows Admin Center installation is using after install?
A: Yes, In the Program Files for Windows Admin Center, we’ve included a PowerShell module called Microsoft.WindowsAdminCenter.Configuration.psm1. This module allows you to modify your WAC configuration after installation and can be found in the PowerShellModules folder of your installation (C:\Program Files\WindowsAdminCenter\PowerShellModules\ by default).
To change the ports WAC is using, run the following command:
Set-WACHttpsPort -Wacport <port> -ServicePortRangeStart <port> -ServicePortRangeEnd <port>
Q: Changing the ports is great, but can I change other configuration settings after install?
A: Yes! You may use the PowerShell module Microsoft.WindowsAdminCenter.Configuration.psm1 to change your configuration settings. It can be found in the PowerShellModules folder of your installation.
Q: Why aren’t all these changes just in the 2311 release?
A: To ensure the best quality experience, we require customer and developer feedback before these changes are generally available.
Q: Are all the features in the 2311 release available in this build?
The account for the PowerShell session in the PowerShell tool always defaults to the user signed into the Windows Admin Center gateway, even if different management credentials were specified when remoting to a connection.
The extension feed for the modernized gateway has not been configured. Extensions not included in the Windows Admin Center installer (including external partner extensions) will not be available unless you add an extension feed. Even with an added feed, the following extensions do not currently function with the modernized gateway:
- Dell OpenManage
- Lenovo XClarity Integrator
- Fujitsu ServerView RAID
- Fujitsu Software Infrastructure Manager (ISM)
- Fujitsu ServerView Health
- Pure Storage FlashArray
We hope you enjoy this new, modern version of Windows Admin Center and the various new functionality in preview. Learn more and download today!