x

Agile Insider Blog

Step by Step Guide to Building Your Own Nano Server with Windows Server 2016 Technical Preview 4

Step by Step Guide to Building Your Own Nano Server with Windows Server 2016 Technical Preview 4

Windows Server 2016 TP4 introduced two new major virtualization features: Nano Server and Windows Containers. This how-to will be focusing on setting up a new Windows Nano Server in your lab environment.

What is Windows Nano Server?

Nano server is a headless version of Windows Server designed to improve security and reliability by minimizing the attack surface of the operating system and reducing resource overhead. Microsoft states that Nano Server will have:

  • 93% smaller VHD size
  • 92% fewer critical bulletins
  • 80% fewer required reboots

Although Microsoft first introduced Server Core with Windows Server 2008, this is their smallest and most secure installation option to date. The reduced hardware requirements can be visualized in the following diagram:

nano1

Why is Nano Server Important to my Organization?

Although all organizations can benefit from the improved virtualization and security features of Windows Nano server, here is a brief list of 5 points to consider for your organization:

  1. Improved Security
    With a reduced attack surface, no Internet Explorer or GUI to exploit, Nano server is the most secure installation option for Windows servers. By default, there are only 12 ports opened on a Nano server compared to 34 ports on a full Windows GUI Server install.
  2. Lowered Total Cost of Ownership (TCO)
    As a result of Nano server creating very little overhead, companies will not need to dedicate as many resources to server patching and maintenance. As a direct result of the improved security, organizations that must comply with PCI, SOX, or HIPAA compliance will see significant returns in the reduced amount of time spent patching vulnerabilities.
  3. Fast Boot Times
    The boot IO of Nano server is around 150 MB. In my lab, I’m seeing boot times of around 5-10 seconds.
  4. Fewer Reboots Required
    Microsoft is estimating that Nano server will only require 3 reboots a year for security patching, and is working diligently to get that number down to 2 reboots per year. Fewer reboots means less interruption to services and less after-hours work for your employees.
  5. Smaller Server Image
    Nano server is 20x smaller than the full GUI installation of Windows Server. This will reduce the amount of space consumed on your expensive SAN storage by the operating system.

 

Server Roles

Below is a list of server roles currently supported on Windows Nano Server.

Role / Feature Physical / Virtual Description
Compute Physical Hyper-V Role
Storage Both Storage role
Clustering Both Failover Clustering role
Reverse Forwarders Both Helps in testing legacy tools
Defender Both Anti-Malware Defender package

Containerization also allows Nano Server to scale rapidly, as this video shows a demonstration of Nano Server running 1,000 VMs on an 8 processor server with 1TB of RAM: https://channel9.msdn.com/Blogs/Regular-IT-Guy/Quick-Nano-Server-Scale-Demo

So let’s get started building our own Nano server!

Pre-Requisites

First, you’ll need to download an evaluation copy of Windows Server 2016 TP 4 using your MSDN subscription, or available here:

https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-technical-preview

We’ll cover both physical and virtual installations for the server, so you’ll need access to both platforms for this lab. To deploy on a physical server, you’ll need to download the Microsoft USB Download tool, available here: http://wudt.codeplex.com/

You’ll also need a separate instance of Server 2016 TP4 running to use the management consoles to access and manage the Nano Server.

Step 1 – Mount the ISO

After you finish downloading the Windows Server 2016 TP4 ISO, you’ll need to double click the file to mount it in File Explorer. In our lab, this is mounted as drive letter E:.

nano2

Step 2 – Build the Nano Server VHD or VHDX file

Nano Server is not a default installation option when you boot from the Windows Server 2016 TP4 ISO, so we’ll need to create a bootable VHD(X) file to use. In this lab, we will be creating a VHDX volume which requires UEFI or a second generation Hyper-V VM. We will also auto join the Nano server to an Active Directory domain during the VHDX creation process.

Create a bootable VHDX for a Physical Server with the Hyper-V Role Installed

Open a Powershell admin command prompt, navigate to C:Temp (or any directory where you’d like to build your VHDX image) and run the following script. (Be sure to modify the Domain and Server name/filepath to fit your needs.)

$adminPass = ConvertTo-SecureString “SecurePassword!2015” -AsPlainText –Force
$Domain = ‘YourDomain.com’
Import-Module ‘E:NanoServerNanoServerImageGenerator.psm1’
New-NanoServerImage -MediaPath ‘E:’ `
-BasePath .Base -TargetPath . Nano-01.vhdx -ComputerName NANO-01 `
-oemdrivers -Storage -Defender -compute -clustering -containers -EnableRemoteManagementPort `  -AdministratorPassword $adminPass -DomainName $Domain #-ReuseDomainNode `

Create a bootable VHDX for a Virtual Server with the Hyper-V Role Installed

Creating a VHDX for a virtual server is the same as a physical server, except we will include guest drivers instead of the OEM drivers package.

Open a Powershell admin command prompt, navigate to C:Temp (or any directory where you’d like to build your VHDX image) and run the following script. (Be sure to modify the Domain and Server name to fit your needs.)

$adminPass = ConvertTo-SecureString “SecurePassword!2015” -AsPlainText –Force
$Domain = ‘YourDomain.com’
Import-Module ‘E:NanoServerNanoServerImageGenerator.psm1’
New-NanoServerImage -MediaPath ‘E:’ `
-BasePath .Base -TargetPath . Nano-01.vhdx -ComputerName NANO-01 `
-guestdrivers -Storage -Defender -compute -clustering -containers -EnableRemoteManagementPort `  -AdministratorPassword $adminPass -DomainName $Domain #-ReuseDomainNode

Step 3a – Deploy Nano Server as the Native Boot Option on a Physical Server

  1. First, we’ll need a bootable USB drive. Follow the instructions here to create a bootable drive using the Windows Server 2016 TP4 ISO that you already have downloaded: https://www.microsoft.com/en-us/download/windows-usb-dvd-download-tool
  2. Next, copy the Nano-01.vhdx file that you created in Step 2 to the root of your USB drive.
  3. Boot your server from the USB drive and select the Repair your computer option from the boot menu:
  4. Complete the following steps to erase all data from the hard drive and boot from your VHDX file. This portion assumes that your USB drive is letter D:.
    1. diskpart
      select disk 0
      clean
    2. create partition primary size=300
      format quick fs=FAT32
      assign letter=s
      active
    3. create partition primary
      format quick fs=ntfs
      assign letter=C
      exit
    4. copy D:Nano-01.vhdx C:
    5. diskpart
      select vdisk file=C:Nano-01.vhdx
      attach vdisk
      list volume
      select volume <volume_number_of_attached_VHD>
      assign letter=E
      exit
  5. cd E:windowssystem32
    bcdboot E:windows /s S:

    * You may also need to identify the hidden virtual system drive and configure the boot options on this volume as well:

    diskpart
    list volume
    select volume <Volume with no drive letter>
    assign letter=q
    Exit
    bcdboot E:windows /s Q:

  6. Reboot and remove USB drive

Congratulations! You now have a bootable Windows Nano Server!

Step 3b – Deploy Nano Server as a Virtual Machine

Creating a virtual machine and booting from it is considerably easier.

  1. Copy your Nano-01.vhdx file to your VHD repository on your Hyper-V server
  2. Create a new Gen2 VM and select it to boot from the VHDX file you created

Step 4 – Managing Your Nano Server

One of the main security benefits of Window Server Nano is that there is no Windowed GUI. This means all management must be done via PowerShell or Remote Server Administration Tools.

This requires some initial setup on the Nano server from the console. First you’ll need to login using your domain credentials:

nano4

Next, you’ll have the option to configure a static IP address or enable Windows Firewall rules. For ease of management, I recommend enabling the SMB rules as well as the WinRM related rules.

Once your Nano server is configured to allow remote access, you can log into your Windows Server 2016 TP4 server with the full desktop experience and use the Hyper-V MMC to connect to your new Nano server for Management. Just right click the Hyper-V Manager icon and select Connect to Server:

nano5

Then enter the server name and click OK:

nano6

Now you have access to configure your Hyper-V server to your needs!

Note: if you’re using a static IP address to create a virtual switch on the same interface as your management network, you may need to reconfigure the static IP via PowerShell from another Server 2016 TP4 server after the vSwitch is created. For instance:

Enter-pssession <ServerName>
Netsh interface ip show interfaces
netsh interface ip set address “connection name” static 192.168.0.101 255.255.255.0 192.168.0.1
Netsh interface ip set dns “connection name” static 10.0.0.1 primary
Netsh interface ip addd dns “connection name”  addr=10.0.0.2 index=2
Exit-Pssession

Conclusions

While Windows Nano Server is a huge leap forward in security and server management, one of the main drawbacks that I ran into was a lack of iSCSI support. This means that I could not use shared storage on my Nano cluster to maintain high availability. This feature is expected to be released as part of Windows Server 2016 RTM, so we’ll have to wait patiently until then.


Dan Chemistruck is Agile IT’s resident Cloud Infrastructure Engineer, and man, are we grateful to have him.  Dan oversees Enterprise Mobility Suite implementation projects, ADFS SSO implementations, and our on-premises Exchange migrations.  To read more articles from our genius technical team, click here, and to speak with us today, click here.

Leave a comment

Learn More Today

Have questions or want to learn more about the services and solutions Agile IT has to offer?

Schedule a call with us today!

Schedule a Call
or

Request a Quote