Udostępnij za pośrednictwem


Nano Server TP5 IaaS Image in Azure - Updated 9/22/2016

[UPDATE 9/22/2016] We wanted to let everyone know that on September 22, 2016, we released an update to the TP5 images in Azure which extends the certificate expiration date on the image. If you are using TP5, please update your VMs to use the new image prior to the expiration on October 10, 2016.

 

With Windows Server 2016 Technical Preview 5, you can create Nano Server VMs directly in Azure, using the Nano Server image in the Azure Gallery.

There are 3 ways to do so:

  1. Using the new Azure portal (https://portal.azure.com/)
  2. Using the old Azure portal (https://manage.windowsazure.com/)
  3. Using Azure PowerShell cmdlets

1. Using the new Azure portal (https://portal.azure.com/)

  • Click “+ New” on the left to create a new VM.
  • In the search box, enter “Nano Server” and you’ll immediately find a match: “Windows Server 2016 Technical Preview 5 - Nano Server”. Select it.
  • In the “Everything” blade, click on the Nano Server image and click “Create” in the resulting blade.
  • Enter a VM name, user name and password, resource group and click “OK”.
  • Choose a VM size and click “Select”.
  • In the “Settings” blade, click on “Network security group”
  • Click on “+ Add an inbound rule”
  • Give the rule a name. Give it a priority, like 100, unless you have more important rules.
  • In “Destination port range”, enter 5985 and click “OK” to create the rule, and another “OK” to close the Network security group.
  • Note: You can create another inbound rule for port 5986 if you want to access your VM over https.
  • Follow the remaining screens and create your VM.

2. Using the old Azure portal (https://manage.windowsazure.com/)

  • Click on the “Virtual Machines” tab on the left.
  • In the bottom left of your browser, click “+ NEW” to create a new VM.
  • Select “Virtual Machine”, “From Gallery” and search for “Nano Server”. “Windows Server 2016 Technical Preview 5 - Nano Server” should appear as a match. Select it and click the “->” arrow in the bottom right
  • Enter a VM name, user name, password, and confirm the password.
  • On the “Virtual machine configuration” screen, under “Endpoints”, add an entry: give it a name, protocol “TCP”, public and private ports: 5985.
  • Notice that port 5986 is already defined for you, if you want to access your VM over https.
  • Follow the remaining screens and create your VM.

To access the VM you created (from either portal) over http, run the following commands from an elevated PowerShell console (classic or ISE):

$ip = "1.1.1.1"

# public IP address of your VM in Azure

Set-Item WSMan:\localhost\Client\TrustedHosts $ip

# use -Concatenate if you have existing values

$s = New-PSSession -ComputerName $ip -Credential ~\myAdmin

# replace myAdmin with the user name you specified

Enter-PSSession $s

3. Using Azure PowerShell cmdlets

Use an elevated PowerShell console (classic or ISE) and use the instructions in the following link to install the Azure Resource Manager cmdlets: https://msdn.microsoft.com/en-us/library/mt125356.aspx

Instructions:

Download the zip file attached to this blog and unzip its contents to a local folder on your machine.

Log in to your Azure account:

Login-AzureRmAccount

Run the following commands to create a resource group and a key vault, if you haven’t already:

New-AzureRmResourceGroup -Name “MyResourceGroupName” -Location ‘West US’

New-AzureRmKeyVault -VaultName “MyKeyVaultName” -ResourceGroupName “MyResourceGroupName” -Location ‘West US’ -EnabledForDeployment

Make sure you use the same Resource Group Name in both cmdlets.  Select the Azure location that is best for you. I chose ‘West US’ because I’m on the West coast.

Now, it’s time to import the module that was part of the package you unzipped to a local folder:

Import-Module .\NanoServerAzureHelper.psm1 -Verbose

You’re now ready to create a Nano Server VM (you will be prompted for the admin password):

New-NanoServerAzureVM -Location ‘West US’ –VMName “MyVMName” -AdminUsername “MyAdminName” -VaultName “MyKeyVaultName” -ResourceGroupName “MyResourceGroupName” -Verbose

Let’s establish a secure PowerShell remote session to our new VM:

Get-AzureRmPublicIpAddress -ResourceGroupName “MyResourceGroupName”

Observe the output of this cmdlet and copy the FQDN string, under DnsSettings. It will look something like: “MyVMName.westus.cloudapp.com”. Use it for the secure connection as follows:

Enter-PSSession -ConnectionUri “https://MyVMName.westus.cloudapp.com:5986/WSMAN” -Credential MyAdminName

That’s it!

Unlike previous Nano Server images in Azure, the optional roles and features are no longer in the image. Starting with TP5, they can be installed from an online repository so you have a smaller image. To add roles and features to your Nano Server VM, consult the Nano Server Getting Started Guide and refer to “Installing roles and features online”.

To access the VM securely from another machine

If you want to access the VM you created securely from another machine, you need to export the certificate from your original client to another machine. Here’s how:

  1. Run certlm.msc
  2. Select “Trusted Root Certification Authorities”
  3. Select “Certificates”
  4. Look for the certificate that is named after your VM name
  5. Right-click this certificate and select “All Tasks” -> “Export” and save it to a USB drive or a shared folder.
  6. On the target machine, double-click this exported certificate and click “Install Certificate”
  7. Select “Current User” -> Next
  8. Select “Place all certificates in the following store”, click “Browse” and select “Trusted Root Certification Authorities” -> Next -> Finish

For information on Nano Server containers and Docker, please see the following blogs:

https://msdn.microsoft.com/en-us/virtualization/windowscontainers/deployment/deployment_nano https://msdn.microsoft.com/en-us/virtualization/windowscontainers/quick_start/manage_docker

 

ref@

NanoServerAzureHelper_20160425

Comments

  • Anonymous
    June 10, 2016
    After deployment the Virtual Machine panel should disable the "Connect" button, or override its behavior as Nano can't be connected via RDP, but that button currently would give you an RDP file as other Windows Server editions.
    • Anonymous
      June 10, 2016
      Thanks for the feedback.
  • Anonymous
    August 02, 2016
    The comment has been removed
    • Anonymous
      August 02, 2016
      Hi Cesar,There seems to be an issue, and we're looking into it. Apologies for any inconvenience.ref@
      • Anonymous
        August 04, 2016
        Thanks Refaat, looks like engineers resolved the issue, today I was able to create a Nano server from Azure Gallery in less than 5min awesome!!!
  • Anonymous
    September 21, 2016
    great help! you wrote:"Note: You can create another inbound rule for port 5986 if you want to access your VM over https."can you show or link to the steps necessary for that? most google finding show selfcert-creating which is not possible with the modules of nano from the azure gallery