Nano Server TP5 IaaS Image in Azure - Updated 9/22/2016
[UPDATE 9/22/2016] We wanted to let everyone know that on September 22, 2016, we released an update to the TP5 images in Azure which extends the certificate expiration date on the image. If you are using TP5, please update your VMs to use the new image prior to the expiration on October 10, 2016.
With Windows Server 2016 Technical Preview 5, you can create Nano Server VMs directly in Azure, using the Nano Server image in the Azure Gallery.
There are 3 ways to do so:
- Using the new Azure portal (http://portal.azure.com/)
- Using the old Azure portal (http://manage.windowsazure.com/)
- Using Azure PowerShell cmdlets
1. Using the new Azure portal (http://portal.azure.com/)
- Click “+ New” on the left to create a new VM.
- In the search box, enter “Nano Server” and you’ll immediately find a match: “Windows Server 2016 Technical Preview 5 - Nano Server”. Select it.
- In the “Everything” blade, click on the Nano Server image and click “Create” in the resulting blade.
- Enter a VM name, user name and password, resource group and click “OK”.
- Choose a VM size and click “Select”.
- In the “Settings” blade, click on “Network security group”
- Click on “+ Add an inbound rule”
- Give the rule a name. Give it a priority, like 100, unless you have more important rules.
- In “Destination port range”, enter 5985 and click “OK” to create the rule, and another “OK” to close the Network security group.
- Note: You can create another inbound rule for port 5986 if you want to access your VM over https.
- Follow the remaining screens and create your VM.
2. Using the old Azure portal (http://manage.windowsazure.com/)
- Click on the “Virtual Machines” tab on the left.
- In the bottom left of your browser, click “+ NEW” to create a new VM.
- Select “Virtual Machine”, “From Gallery” and search for “Nano Server”. “Windows Server 2016 Technical Preview 5 - Nano Server” should appear as a match. Select it and click the “->” arrow in the bottom right
- Enter a VM name, user name, password, and confirm the password.
- On the “Virtual machine configuration” screen, under “Endpoints”, add an entry: give it a name, protocol “TCP”, public and private ports: 5985.
- Notice that port 5986 is already defined for you, if you want to access your VM over https.
- Follow the remaining screens and create your VM.
To access the VM you created (from either portal) over http, run the following commands from an elevated PowerShell console (classic or ISE):
$ip = "126.96.36.199"
# public IP address of your VM in Azure
Set-Item WSMan:\localhost\Client\TrustedHosts $ip
# use -Concatenate if you have existing values
$s = New-PSSession -ComputerName $ip -Credential ~\myAdmin
# replace myAdmin with the user name you specified
3. Using Azure PowerShell cmdlets
Use an elevated PowerShell console (classic or ISE) and use the instructions in the following link to install the Azure Resource Manager cmdlets: https://msdn.microsoft.com/en-us/library/mt125356.aspx
Download the zip file attached to this blog and unzip its contents to a local folder on your machine.
Log in to your Azure account:
Run the following commands to create a resource group and a key vault, if you haven’t already:
New-AzureRmResourceGroup -Name “MyResourceGroupName” -Location ‘West US’
New-AzureRmKeyVault -VaultName “MyKeyVaultName” -ResourceGroupName “MyResourceGroupName” -Location ‘West US’ -EnabledForDeployment
Make sure you use the same Resource Group Name in both cmdlets. Select the Azure location that is best for you. I chose ‘West US’ because I’m on the West coast.
Now, it’s time to import the module that was part of the package you unzipped to a local folder:
Import-Module .\NanoServerAzureHelper.psm1 -Verbose
You’re now ready to create a Nano Server VM (you will be prompted for the admin password):
New-NanoServerAzureVM -Location ‘West US’ –VMName “MyVMName” -AdminUsername “MyAdminName” -VaultName “MyKeyVaultName” -ResourceGroupName “MyResourceGroupName” -Verbose
Let’s establish a secure PowerShell remote session to our new VM:
Get-AzureRmPublicIpAddress -ResourceGroupName “MyResourceGroupName”
Observe the output of this cmdlet and copy the FQDN string, under DnsSettings. It will look something like: “MyVMName.westus.cloudapp.com”. Use it for the secure connection as follows:
Enter-PSSession -ConnectionUri “https://MyVMName.westus.cloudapp.com:5986/WSMAN” -Credential MyAdminName
Unlike previous Nano Server images in Azure, the optional roles and features are no longer in the image. Starting with TP5, they can be installed from an online repository so you have a smaller image. To add roles and features to your Nano Server VM, consult the Nano Server Getting Started Guide and refer to “Installing roles and features online”.
To access the VM securely from another machine
If you want to access the VM you created securely from another machine, you need to export the certificate from your original client to another machine. Here’s how:
- Run certlm.msc
- Select “Trusted Root Certification Authorities”
- Select “Certificates”
- Look for the certificate that is named after your VM name
- Right-click this certificate and select “All Tasks” -> “Export” and save it to a USB drive or a shared folder.
- On the target machine, double-click this exported certificate and click “Install Certificate”
- Select “Current User” -> Next
- Select “Place all certificates in the following store”, click “Browse” and select “Trusted Root Certification Authorities” -> Next -> Finish
For information on Nano Server containers and Docker, please see the following blogs: