all you need to know about microsoft windows nano server
TRANSCRIPT
1
All you need to know about Microsoft Nano Server (Updated for TP5) Mike Resseler Technical Evangelist
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 2
Introduction Windows Server 2016 will become generally available sometime in 2016. As of today, Microsoft hasn’t
announced the release date yet, but it does provide technical previews (TPs) for us to learn the new
technology on a regular basis. Many organizations and their IT teams say they don’t want to work with
beta software yet, and that they want to wait to learn the platform when it is ready. I strongly advise you
to change that way of thinking. With Microsoft picking up the pace — and with the increased pressure
on IT departments worldwide — moving your data center to new technology faster than ever before will
become a game changer. It will enable your business to be more agile and competitive, which will
provide your organization with a big advantage in today’s business landscape.
Today, I want to talk about Microsoft Windows Nano Server. Nano Server is a headless deployment
option for Windows Server, coming in 64-bit only. It may look very confusing at first, and many will look
at it and quickly decide it is not for their environment. I hope to provide as much information and
guidance as possible to convince you to take a closer look.
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 3
Content Introduction............................................................................................................................................................................................................................................................. 2
History .......................................................................................................................................................................................................................................................................... 5
Windows NT to Windows Server 2003 ....................................................................................................................................................................................... 5
Windows Server 2008 and R2 ............................................................................................................................................................................................................ 5
Windows Server 2012 and R2 ............................................................................................................................................................................................................ 5
What is Nano Server? ....................................................................................................................................................................................................................................... 6
Why? .............................................................................................................................................................................................................................................................................. 6
Reboots ................................................................................................................................................................................................................................................................ 6
Server images .................................................................................................................................................................................................................................................. 7
Conclusion ......................................................................................................................................................................................................................................................... 9
Setting the expectations ............................................................................................................................................................................................................................... 9
Let’s look at the quick installation ....................................................................................................................................................................................................... 10
A virtual Nano Server.............................................................................................................................................................................................................................. 10
A physical Nano Server ......................................................................................................................................................................................................................... 16
Packages .................................................................................................................................................................................................................................................................. 18
Advanced installation/deployment options ............................................................................................................................................................................. 22
New-NanoServerImage ....................................................................................................................................................................................................................... 22
Get-NanoServerPackages ................................................................................................................................................................................................................... 26
Edit-NanoServerImage ......................................................................................................................................................................................................................... 27
Additional information for advanced installation/deployment .......................................................................................................................... 29
Domain join options........................................................................................................................................................................................................................ 29
Joining the to the domain where the local computer resides ..................................................................................................................... 29
Joining a different domain ......................................................................................................................................................................................................... 29
Reusing a domain account ........................................................................................................................................................................................................ 30
Joining Nano Server to a domain online ........................................................................................................................................................................ 30
Using the unattend file.................................................................................................................................................................................................................. 31
Azure ............................................................................................................................................................................................................................................................ 32
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 4
Managing Nano Server ........................................................................................................................................................................................................................ 33
The Nano Server Recovery Console .................................................................................................................................................................................... 33
Figuring out the IP address ........................................................................................................................................................................................................ 38
PowerShell Remoting/PowerShell Direct ...................................................................................................................................................................... 38
Windows PowerShell CIM sessions over WinRM...................................................................................................................................................... 41
Windows Remote Management ........................................................................................................................................................................................... 42
Working with remote consoles .............................................................................................................................................................................................. 43
Server Management Tools ......................................................................................................................................................................................................... 48
Deploying apps on Nano Server .................................................................................................................................................................................................. 49
Appendix A: Additional information on packages................................................................................................................................................................ 50
DNS Package................................................................................................................................................................................................................................................. 50
IIS Server ........................................................................................................................................................................................................................................................... 51
Offline installation ..................................................................................................................................................................................................................................... 51
Online installation ..................................................................................................................................................................................................................................... 52
Working with IIS ......................................................................................................................................................................................................................................... 53
Hyper-V.............................................................................................................................................................................................................................................................. 54
Failover Clustering.................................................................................................................................................................................................................................... 55
Appendix B: Setup & Boot Eventing, Kernel Debugging & Emergency Management Services ...................................................... 56
Setup & Boot Eventing.......................................................................................................................................................................................................................... 56
Kernel Debugging .................................................................................................................................................................................................................................... 57
Emergency Management Services ............................................................................................................................................................................................. 58
Appendix C: Unattend, SetupComplete and DISM .............................................................................................................................................................. 59
DISM .................................................................................................................................................................................................................................................................... 59
Unattend File ................................................................................................................................................................................................................................................ 60
Using setupcomplete.cmd ............................................................................................................................................................................................................... 61
Appendix D: Using MPIO on Nano Server ................................................................................................................................................................................... 63
Appendix E: Using Windows Update............................................................................................................................................................................................... 64
Appendix F: More on PowerShell on Nano Server ............................................................................................................................................................... 68
Appendix G: Installing roles and features online .................................................................................................................................................................... 70
Appendix H: Connecting to a DFS host ....................................................................................................................................................................................... 74
About the Author............................................................................................................................................................................................................................................. 75
About Veeam Software ............................................................................................................................................................................................................................... 75
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 5
History The best way to explain Nano Server is to dive into the history of Windows Server and how it has evolved
over the years.
Windows NT to Windows Server 2003 If you look at Windows NT until Windows Server 2003, it is a full-blown server system with a graphical
user interface (GUI) and lots of functionality right out of the box. On top of that, it allows you to deploy
roles and features like Active Directory (AD), DNS, DHCP, clustering and many more. Only one server
installation was the full-blown server at that time.
Windows Server 2008 and R2 With Windows Server 2008 and R2, a new server installation option came to life. It was called Core Server.
Core Server is still a full-blown Windows Server that allows you to run almost every application, role or
workload on top of it, but all of the GUI elements are removed, including Microsoft Management
Consoles (MMCs) and more. It was a very big deal at first sight because it lowered the attack footprint,
patching and resource usage. However, it never gained the attraction of the IT world that it deserved.
The reasons for that are simple:
• You couldn’t switch between core and the full GUI. The option was chosen at the installation, so reinstalling it was the only way to switch
• It was very difficult to configure. Everything had to be done through command line. PowerShell wasn’t fully supported (and many modules for technologies didn’t exist yet or were lacking) and remote management through MMCs, or that version of the server manager, weren’t that good
As a result, the adoption ranged from very limited to nonexistent.
Windows Server 2012 and R2 Microsoft listened to the feedback and concerns about Core Server very well and brought many
enhancements to Windows Server 2012 and R2. For starters, there is now one base Windows Server,
which is the core version. On top of that, you can deploy features and roles. But, you can also deploy the
minimal server interface on it, which again, is a role. The minimal server interface gave you some limited
access to management tools, but not the full-blown GUI tools. This in-the-middle solution seemed like a
good idea, but it wasn’t deployed a lot. Still, there are many administrators that choose the full-blown
solution, although adoption of the core model picked up some fans. This model certainly becomes more
and more popular in high-density environments, or in environments where resources are very valuable.
But, what if you could go even further and look at an even smaller operating system (OS) option that has
multiple benefits and will allow us to start deploying application workloads exactly as it happens in the
cloud? As you can imagine, this requires a shift in thinking and operations. Don’t be scared of it — just
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 6
continue reading and find out everything there is to know.
What is Nano Server? Nano Server is a headless, 64-bit-only deployment option for Windows Server 2016. Microsoft created
this component specifically with key scenarios in mind: Nano Server was created to serve as cloud fabric
and infrastructure (Hyper-V host, clustering, networking, storage) and as a deployment option for
applications that are — as they call it — born in the cloud (Platform-as-a-Service v2 and ASP.NET v5
applications).
It’s important to know is that this deployment option is really headless. The moment you decide to
deploy a supported role (such as Hyper-V), you need to realize that this lives outside of Nano Server.
There are absolutely no binaries or metadata inside this server. Even the drivers come as a package that
you can install on top of it. This makes this server option perfect for those that want to deploy only what
they need and keep everything else as minimalistic as possible.
Nano Server is ideal for some key scenarios in your environment such as:
• Hyper-V host
• Storage host for scale-out file servers
• DNS server
• Web server (IIS)
• A host for applications specifically designed for this
• Container host
This is just the beginning. I can’t predict the future, but image if I can deploy Nano Servers for my specific
core infrastructure such as Active Directory, DHCP, DNS (which already works today) and such — it
would save me a lot of management trouble and resources.
Why? Read further, and you’ll see that Nano Server will give you some challenges in the way you deploy,
configure and manage it. But, don’t forget that this is a TP, so these challenges might change and
become easier or even go away when we hit general availability (GA). So, before you decide it’s not
worth the trouble, let’s explore the advantages of deploying Nano Server in your environment.
Reboots Reboots for a Windows Server are something we learned to live with for many years. IT administrators all
around the world are familiar with Patch Tuesday. However, in many cases, it creates a lot of headaches.
While you will never be able to remove patches and updates, a headless solution will definitely require
less patches.
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 7
Less patches means less security. Because there are less components to patch, the attack vector also
decreases. Many attacks are done on components that simply do not exist in the server core anymore,
especially when you come to think of GUI elements. Microsoft did some research in 2014 to list the
differences:
Figure 1: Patches & Reboots ©Microsoft
Figure 1 shows the amount of important bulletins, critical bulletins and reboots required in 2014 for
Nano Server, Server Core and the Full Server option. As you can see, there are quite a few differences, and
the maintenance work that needs to be done on Nano Server is lower than on the other options. It
should also show that when you can’t choose Nano Server, Server Core is your best option.
Server images You will notice that we will create small images of servers later in this document. Those of you who need
to manage server image libraries will welcome Nano Server because it will take less disk space. Again,
Microsoft provided us with numbers, as you can see below:
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 8
Figure 2: Server Images. ©Microsoft
Figure 2 shows the differences in setup time, disk footprint and VHD(x) size between Server Core and
Nano Server. You can imagine that these numbers are even higher on the Full Server flavor.
Resources
Last but not least, you’ll also notice a huge difference in resource consumption. There are fewer
processes running, and the boot IO and kernel MB in use are all lower on Nano Server. As you can see, in
Figure 3:
Figure 3: Resource Utilization ©Microsoft
Figure 4 shows the differences in the amount of drivers loaded, services running and ports open
between Server Core and Nano Server:
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 9
Figure 4: Drivers, services & ports ©Microsoft
Many of you might think that the last figure should fall under security and not resources, and you are not
wrong. Microsoft does exactly the same. On the other hand, less services and drivers loaded also means
less resources necessary so I could argue that they fall under both.
Conclusion While the above numbers are certainly not final and are only from the measurement Microsoft did in
2014, you should be able to see that using Nano Server can deliver some huge improvements and
advantages. And, if using Nano Server is not a possibility, then Server Core should be your choice. I
personally expect these numbers to improve even further. Although the way you manage Nano Server
will be different than how you have always managed Windows Server operating systems, the advantages
are higher than the downsides. In the end, you will notice that managing Nano Server isn’t difficult — it is
just a matter of getting used to it.
Setting the expectations Starting to work with Nano Server today is, in my humble opinion, a must. If you are an IT professional,
you need to learn how it works, how it needs to be managed (which requires a change in mindset) and
how to troubleshoot it. The faster you do this, the more your business will benefit. But, don’t forget that
we are still working on a TP. A lot can change between now and GA, and whatever you do with it today
will still be a great learning experience.
With that said, we are not at GA yet, and the differences and enhancements that were introduced
between TP3 and TP4 were massive. And now, there are some changes with this updated guide to TP5.
We can only assume (and hope) that there will be many more enhancements and improvements in the
GA version. Everything in this paper is performed on TP5, so you will need to work with TP5 if you want
to follow this guide.
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 10
Let’s look at the quick installation You have to realize that Nano Server is not an installation option when you start. It cannot be selected
during setup as you are used to with other versions of Windows Server. The binaries are found on the
installation media, but you need to create a “base-image” first before you can deploy it. There are many
possibilities to create that image, so let’s start here with a quick way to get things going.
A virtual Nano Server Copy the files NanoServerImageGenerator.psm1, NanoServerImageGenerator.psd1 and Convert-
WindowsImage.ps1 from the NanoServerImageGenerator folder on the installation media to a folder
on your hard drive. In my case, I copy them to a folder called
D:\NanoServer\NanoServerImageGenerator
Figure 5: Copied files
Open Windows PowerShell, Windows PowerShell ISE (or the tool of your choice) as an administrator
and navigate to the folder where you have copied your scripts.
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 11
Figure 6: PowerShell ISE
Before you can start, you’ll need to import the NanoServerImageGenerator.psm1 module. This is already
a great improvement compared to the previous TP because you don’t need to dot source the scripts
anymore.
The command to do this is: Import-Module .\NanoServerImageGenerator.psm1 -Verbose
Note: The “verbose” is not necessary, but it will show you all the work that is done while importing this
module. As you can see in Figure 7: Importing the module, three functions are imported. We will go into detail
about those later.
Figure 7: Importing the module
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 12
Now you can create the first VHD you can use in a virtual environment. Don’t worry about the different
parameters yet, I will dive deep into those next. What you are doing here is creating a simple VHD, setting
an administrator password and including Hyper-V guest drivers.
New-NanoServerImage -Edition Datacenter -DeploymentType Guest -MediaPath <path to root of media> -BasePath .\Base -TargetPath .\NanoServerVMs\NanoServerVM.vhd -ComputerName <computer name>
• Edition can be standard or datacenter build
• DeploymentType (guest or host) defines whether it will be virtual or physical
• Mediapath is the path where the contents of the TP5 ISO are (either copied to disk or mounted as ISO)
• BasePath is the folder where the Nano Server WIM and packages will be placed
• TargetPath will be the folder where the VHD (or VHDX) will be created
• ComputerName is where you define the name of the computer
We will go further into details about those parameters later on.
In my case, this becomes: New-NanoServerImage -Edition Datacenter -DeploymentType Guest -MediaPath E:\ -BasePath .\Base -TargetPath .\NanoServerVMS\TP5Nano02\TP5Nano02.vhdx -ComputerName TP5Nano02
Figure 8: Creating your first image, with password request
After entering the password, the system will start creating the VHD.
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 13
Figure 9: Creating the VHD
After creation, the only thing left to do is create a virtual machine (VM) in Hyper-V and attach the VHD(X)
to it. This is how:
Open Hyper-V Manager and select New > Virtual Machine
Press Next on the Before You Begin page
Figure 10: Before You Begin
On the Specify Name and Location page, choose the name of the VM (this is not the computer name
but rather the name that will be visible in Hyper-V Manager) and the location where you want to store it
and press Next.
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 14
Figure 11: Specify Name and Location
On the Specify Generation page, choose the generation. If you chose to deploy a VHD, then choose
Generation 1. If you want to deploy a VHDX then choose Generation 2. Press Next
Figure 12: Specify Generation
On the Assign Memory page, adjust the startup memory and decide whether you want to use Dynamic
Memory or Static Memory. Press Next
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 15
Figure 13: Assign Memory
On the Configure Networking page, select the network that you want to connect to and press Next.
Figure 14: Configure Networking
On the Connect Virtual Hard Disk page, select Use an existing virtual hard disk, point to the created
VHD(X) and press Next.
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 16
Figure 15: Connect Virtual Hard Disk
On the Complete page, review your settings and press Finish.
Figure 16: Completing the New Virtual Machine Wizard
This is possible with PowerShell. I will show you an example of how to do that in the next chapter,
Advanced installation/Deployment options.
A physical Nano Server While most of the examples in this paper will be virtual Nano Servers, some of them will run on physical
servers. When you use Nano Server as a Hyper-V node (either clustered or not), it is necessary that it is a
physical server. I actually run nested Hyper-V so I can simulate this behavior for the purpose of this paper.
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 17
However, this probably won’t be the case in a real world environment.
The procedure to create a VHD for a physical machine is more or less the same as it is for a VM. I used the
following command: New-NanoServerImage -Edition Datacenter -DeploymentType Host -BasePath .\Base -TargetPath .\NanoServerVMS\NanoPhys01\NanoPhys01.vhd -ComputerName NanoPhys01 -OEMDrivers –Compute -Clustering
The difference between this one and the one for the VM, is that I already added roles — packages such
as compute and clustering — and also added the OEMDrivers package to include drivers. In the next
chapter, I’ll talk about these packages in more detail.
Another note of importance is that I actually didn’t have to specify the –MediaPath anymore because I
already had a base image created. After you do this once, you can keep using this base until there are
updates to the media.
Figure 17: Creating a physical Nano Server
Another difference is that you aren’t going to connect the VHD to a VM, but will instead deploy that VHD
onto a physical server.
If that physical server already has an operating system, you can simply copy the VHD to that server,
mount the VHD and then run bcdboot d:\windows. Finally un-mount the VHD and restart the server.
You should be able to boot into the Nano Server VHD.
Of course, if you prefer a dual boot, you can always use bcdboot to add a boot listing, but this won’t
happen very often. In most cases, you’d want to deploy it on a clean, empty server.
In that case, I advise you to read the following two excellent blog posts that explain what other methods
you have (and will prefer). Again, because this is not the scope of this paper and most people will have
their own deployment preferences, I won’t dive deeper into this.
• Deploying Nano Server to a Bare-Metal Machine using a WIM and WinPE
• How to use WDS to PxE Boot a Nano Server VHD
Last, but certainly not least, you can also create a .WIM file directly, and deploy a Nano server with the
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 18
option -Ramdiskboot if you want to generate media that can be booted from a RAM disk.
Packages The previous steps (in the A virtual section) will give you a running VM. Unfortunately, this VM only has a
name and administrator login. The VM is not domain joined, and maybe it requires a static IP address,
special firewall settings and many other changes your specific environment requires.
It is also completely headless at this point in time. No packages are installed, so you have a running
operating system that isn’t performing any functions at all. Before we dive into more advanced
deployments, let’s take a look at the available packages. Note that we discussed that TP5 contains more
installation packages than the previous TPs earlier. We expect this pattern to continue as we approach
GA. If you have packages that you would like to see included with Nano Server, you can go to Microsoft’s
UserVoice initiative and vote for your preferred package.
The size of the core OS that we deployed is only around 522 MB and will grow slightly by adding
packages but not by much. However, as previously mentioned, this is only the core OS and doesn’t
perform anything yet.
Figure 18: Size of a headless Nano Server
In the Role/Feature column in Table 1: Roles and Features, you can see the various roles or features,
and the option you’ll need to use to deploy those through the script.
Role/Feature Parameter for the script Filename on ISO Hyper-V -Compute Microsoft-NanoServer-Compute-Package Failover Clustering -Clustering Microsoft-NanoServer-FailoverCluster-
Package Basic drivers (physical deployment) — these drivers are the same as the drivers included in the core version of the OS
-OEMDrivers Microsoft-NanoServer-OEM-Drivers-Package
File Server role and other storage components
-Storage Microsoft-NanoServer-Storage-Package
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 19
Windows Defender (including a default signature file)
-Defender Microsoft-NanoServer-Defender-Package
Reverse forwarders for application compatibility for application frameworks such as Ruby, Node.js etc.…
N/A Included by default!
DNS Server role -Packages Microsoft-NanoServer-DNS-Package
Microsoft-NanoServer-DNS-Package
Desired State Configuration (DSC)
-Packages Microsoft-NanoServer-DSC-Package
Microsoft-NanoServer-DSC-Package
Internet Information Server (IIS)
-Packages Microsoft-NanoServer-IIS-Package
Microsoft-NanoServer-IIS-Package
Host support for Windows Containers
-Containers Microsoft-NanoServer-Containers-Package
System Center Virtual Machine Manager agent
-Packages Microsoft-Windows-Server-SCVMM-Package -Packages Microsoft-Windows-Server-SCVMM-Compute-Package
Microsoft-Windows-Server-SCVMM-Compute-Package Microsoft-Windows-Server-SCVMM-Package
Network Performance Diagnostics Service (NPDS)
-Packages Microsoft-NanoServer-NPDS-Package
Microsoft-NanoServer-NPDS-Package
Data Center Bridging -Packages Microsoft-NanoServer-DCB-Package
Microsoft-NanoServer-DCB-Package
Ability to boot and run from a RAM disk
-Ramdiskboot Microsoft-NanoServer-BootFromWim-Package
Deploying on a virtual machine -DeploymentType Guest Microsoft-NanoServer-Guest-Package Deploying on a physical machine
-DeploymentType Host Microsoft-NanoServer-Host-Package
Secure startup -Packages Microsoft-NanoServer-SecureStartup-Package
Microsoft-NanoServer-SecureStartup-Package
Shielded VM -Packages Microsoft-NanoServer-ShieldedVM-Package
Microsoft-NanoServer-ShieldedVM-Package
Table 1: Roles and Features
The Hyper-V role seems clear enough. With a minimum installation and all the benefits described in the
Why? Section, Nano Server should be the option of choice for each deployment. However, as of today in
TP5, there are still a few differences between Hyper-V running on Nano Server, or on any other
installation option. More information can be found within Appendix A, section Hyper-V
Clustering services is also a straightforward role. In my opinion, it doesn’t matter whether this is for
Hyper-V or for file servers. As long as it is servicing the customers and you can do all the management
and monitoring remotely, all the resources you can take away from the OS and give to the application
services is beneficial. You can find more information about the clustering package under Appendix A,
section Failover Clustering
The OEMdrivers (or basic drivers) provide the same set of drivers that are also in the core version of the
operating system. While it is possible to add other drivers (which I will explain later), you can easily add
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 20
defaults just by adding this package.
The Storage package will add the necessary file server services and other storage components. Think
about the necessary solutions for connecting to storage such as MPIO or deploying scale-out file servers.
The Windows Defender package will add Windows Defender, including a default signature file. Note
that it will need to be updated if you want this. Because most of my host servers are not connected in
any way to the internet or any other network where there is a risk for infection, I actually think it is great
that you can decide whether or not you are going to deploy Defender.
The DNS server package will add the DNS server on top of Nano Server. However, there are some
catches, which I will cover in the DNS Package chapter.
The Desired State Configuration package adds the necessary components to work with this
technology. In the current preview, it is only push, but that doesn’t mean there aren’t already great things
you can do with Desired State Configuration.
The IIS package will add the necessary binaries to run IIS and certain features of that service. However,
not all features are already supported. For more information, look at chapter IIS Server under Appendix
A: Additional information on packages.
The Containers package will add host container support into the Nano Server. At this point, the
deployed Nano Server will be able to run containerized applications.
The System Center Virtual Machine agent actually comes in two flavors and can be a bit confusing.
There is a little catch: You don’t need to use the –Compute option when you want to create a Hyper-V
host with the SCVMM agent. Instead, you need to use –Packages Microsoft-NanoServer-Compute-
Package, Microsoft-Windows-Server-SCVMM-Compute-Package
If you do not include the -SCVMM package at the time of creation, but rather at the host or cluster to
VMM at a later point, the VMM agent will automatically deploy then. Note that this package requires the
Windows Defender package first.
The Network Performance Diagnostics Service (NPDS) package enables a new feature that comes
more — or less — straight out of the Azure world, and builds on top of the network discovery.
The Data Center Bridging package is a set of standards to enable converged fabrics in a data center to
allow storage, networking, clustering and the like, so traffic can all share the same network infrastructure.
Nano Server supports this also, just like the other server options.
The Ability to boot and run from a RAM disk package allows you to run Nano Server in an
environment where there is no physical disk, by using a RAM disk.
The Deploying on a virtual machine package tells your deployment you want to use it as a virtual
machine and automatically deploys the Hyper-V guest drivers
The Deploying on a physical machine package gives you support for bare metal deployments
The Secure startup package provides support for secure startup
The Shielded VM package is the host guardian that provides everything necessary to provision shielded
virtual machines. Note that this package is only available in the datacenter edition of Nano Server.
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 21
Finally, you can monitor Nano Server with Microsoft System Center Operations Manager. System Center
TP5 includes an agent that you can deploy onto Nano Server TP5.
As you can see, you can already install quite a few roles and features on Nano Server, and I believe more
will come.
Some additional roles and features that don’t come in a package but are still important are MPIO, SET
NIC teaming and the Windows Update WMI provider.
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 22
Advanced installation/deployment options As you may recall, I used the –Verbose parameter when I imported the module
NanoServerImageGenerator. We saw in the output that it added three cmdlets or scripts.
Let’s look at all the parameters that exist with the scripts that come with Nano Server and what you can
customize.
Note: You can only use these scripts on a Windows 8.1, Windows 10, Windows Server 2012 R2 or Windows
Server 2016 TP installation. Other OSs are not supported.
New-NanoServerImage This function allows you to create a new Nano Server image. In the quick installation, we only briefly
touched the potential of what we can do, so let’s dive a bit deeper into all the parameters that exist.
Parameter Value Explanation -AdministratorPassword Securestring
This sets the image’s administrator password. If you do not specify this on the command line, you will be interactively prompted to do so.
-BasePath String
This is the location for the copy of the source media. It will be under a folder (auto-created if not exist) and contains the packages, tools, hard disk image and WIM file.
-Clustering N/A This allows you to add the clustering role. -Compute
N/A With this, you can add the Compute (Hyper-V) role.
-ComputerName String
This sets the computer name of the image. Note that the computer name can’t be longer than 15 characters
-Containers N/A This allows you to add the Containers role. -CopyFiles String[] This parameter specifies additional
directory path on the computer where you create the image and that directory and the files in it will be added to the root of the VHD(X).
-DebugMethod
String With this parameter, you will enable kernel debugging on the target image with the specified method. The values can be Serial, Net, 1394 or USB
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 23
Depending on the value of this parameter, other parameters may become available. See kernel debugging for more information.
-Defender N/A This adds the Windows Defender feature. -DeploymentType String Guest or host, depending on whether you
want to deploy a virtual or physical Nano Server.
-Development N/A This is used to test on Nano server which allows unsigned drivers, copy debugger binaries and so on.
-DomainBlobPath String This lets you Join the image to the domain as specified in the given domain blob. For more information, see the chapter about domain join.
-DomainName String This joins the image to the specified domain performing an offline join. For more information, see the chapter about domain join.
-DriversPath
String If you need additional drivers or specific ones instead of the OEM drivers, you can add them with this parameter. It should point to the path containing the drivers (.inf and binaries). Note that the drivers need to be signed, otherwise the command will fail.
-EMSBaudRate UInt32 This is the baud rate to use for EMS. The default is 115200bps.
-EMSPort Byte This is the port to enable EMS on. The default is 1.
-Edition String Standard or Datacenter, the windows edition you want to deploy
-EnableEMS
N/A This enables EMS (Emergency Management Services) and BootEMS on the image. See Emergency Management Services for more information.
-EnableRemoteManagementPort N/A This parameter opens port 5985 for inbound TCP connections for Windows Remote Management (WinRM). See Windows Remote Management for more information.
-InterfaceNameOrIndex
String If you want to change the IP settings of an adapter, you need to use this parameter in conjunction with the below IP parameters. You can retrieve these using Get-NetAdapter, netsh or EMC if you already created an image, and in a VM, the first will always be named Ethernet.
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 24
-Ipv4Address
String This sets the given IPv4 static address on the interface specified by InterfaceNameOrIndex.
-IPv4Dns String[] This sets the given IPv4 DNS server (can be multiple DNS servers) on the interface specified by InterfaceNameOrIndex
-Ipv4Gateway
String This sets the given IPv4 gateway on the interface specified by InterfaceNameOrIndex.
-Ipv4SubnetMask
String This sets the given IPv4 subnet mask on the interface specified by InterfaceNameOrIndex.
-Ipv6Address
String This sets the given IPv6 static address on the interface specified by InterfaceNameOrIndex.
-Ipv6Dns String[] This sets the given IPv6 DNS server on the interface specified by InterfaceNameOrIndex
-MaxSize Uint64 Size in bytes of the dynamic VHD(X) to be created. Default is 4 GB.
-MediaPath * String The location of the source media. If a local copy of the source media already exists, and it is specified as the base path, then no copying is performed. This is the downloaded ISO that you either have mounted or copied to a specific location. This is only necessary the first time.
-OEMDrivers N/A This is used to add the OEM Drivers package. Those drivers are the same set of drivers that exists in Server Core.
-Packages String[]
Include the following packages separated by a comma. This is the specific parameter that adds the packages that don’t have a specific parameter. See the Packages chapter for more information.
-RamdiskBoot N/A You can run Nano Server in an environment with no physical disk by using a RAM disk. To generate media that can boot from a RAM disk, use the —RamdiskBoot parameter and pass the path to a WIM file as –TargetPath.
-ReuseDomainNode
N/A When joining a domain, reuse a node with the same name if it exists. For more information, see the chapter about domain join.
-ServicingPackages String[] With this parameter you can add servicing packages (multiple is possible) that you downloaded from the Microsoft Update catalog.
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 25
-SetupCompleteCommands String[] You can add custom commands here as part of setupcomplete.cmd.
-Storage N/A This adds the Storage role. -TargetPath String This is the location of the final, modified
image. The image format is determined based on the file extension. Possible extension values are .VHD and .VHDX. VHD will come with MBR and VHDX with GPT disk layout.
-UnattendPath String Location to add your own, custom, unattend.xml file.
Now, let’s look at an example. What I want to create is a Nano Server that has the packages clustering
and compute (I want to build a Hyper-V cluster). It also needs to be automatically joined to the domain
MD.local, because that is the domain in which I am working (I will explore in this topic further in the
Domain join options). Remote Management is enabled, Guest drivers are installed and a static IPv4
address is attached to it. I also want my VHDX (it is going to be a Generation 2 machine) defined with a
maximum of 100 GB (but it will be smaller as it is dynamically expanding). I’ll add my local scripts
directory (D:\Scripts) into the C: volume of that Nano Server. This is how the PowerShell line will look: New-NanoServerImage -DeploymentType Guest -Edition Datacenter -TargetPath .\NanoServerVMs\TP5Nano03\TP5Nano03.vhdx -BasePath .\Base -Clustering -Compute -ComputerName TP5Nano03 -CopyFiles D:\Scripts -DomainName MD.local -EnableRemoteManagementPort -InterfaceNameOrIndex ethernet -Ipv4Address 192.168.1.203 -Ipv4Dns 192.168.1.220 -Ipv4Gateway 192.168.1.1 -Ipv4SubnetMask 255.255.255.0 -MaxSize 100GB
Figure 19: Advanced creation of a Nano Server
Again, I want to add this as a VM to my environment. But as promised, I will not go through the wizard
again, I’ll use PowerShell to do the job instead. To do this, I’ll create a new VM, attach the created VHDX to
it, give it a startup memory of 256 MB and attach it to the LAN virtual network. New-VM -VHDPath .\NanoServerVMs\TP5Nano03\TP5Nano03.vhdx -Generation 2 -MemoryStartupBytes 268435456 -Name TP5Nano03 -Path D:\VM -SwitchName LAN
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 26
Figure 20: New-VM through PowerShell
Get-NanoServerPackages This script won’t let you do anything, but it makes it easy to see which packages are included in the base
image or on the media. We talked about all of these packages before, and if you want to figure out which
ones are included (with or without different languages), this cmdlet will give you all the information you
need.
It comes with two optional parameters.
Parameter Explanation BasePath You can add the location of where the base
files are here. The script will look at that location and output the packages it has found.
MediaPath You can add the location of where the media is here (mounted ISO as example). Again, the script will look at that location and output the packages it has found.
Below is a simple example of how I checked the packages that were included on my base image: Get-NanoServerPackage -BasePath .\Base
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 27
Figure 21: Packages available on my base image
As you can see, I have the available packages I described before.
Edit-NanoServerImage If you already created a Nano Server but want to add additional packages — maybe change the IP
address or do any other customizations — you don’t need to rebuild or create a new image. You can
modify a created image afterwards. Before TP4, this had to be done with DISM. For those of you who
prefer this method, this is still possible but it can be done with the cmdlet Edit-NanoServerImage also.
A few notes on this script:
• The Nano Server needs to be turned off
• You cannot change VHD to VHDX with this script
Most parameters that are described in the New-NanoServerImage cmdlet are the same but some can’t
be used, and Edit-NanoServerImage also has a few additional ones:
There are four parameters that cannot be used when editing a Nano server:
• DeploymentType
• Edition
• MaxSize
• MediaPath
On the other hand, Edit-NanoServerImage has two additional parameters:
• LangPackages
• NeutralPackages
Please note that those two will be deprecated in the GA version and were intended for internal tests at Microsoft, so don’t use them.
In the example below, I’m going to modify the Nano Server we created in the Quick Start chapter and
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 28
add a fixed IP address (and some more networking data), but I’m also going to add the IIS and DNS
package. This is something I will use later on when diving deeper into those two packages. Edit-NanoServerImage -BasePath .\Base -TargetPath .\NanoServerVMS\TP5Nano02\TP5Nano02.vhdx -EnableRemoteManagementPort -InterfaceNameOrIndex Ethernet -Ipv4Address 192.168.1.202 -Ipv4Dns 192.168.1.220 -Ipv4SubnetMask 255.255.255.0 -Ipv4Gateway 192.168.1.1 -Packages Microsoft-NanoServer-IIS-Package, Microsoft-NanoServer-DNS-Package
Figure 22: Script is running and modifying the Nano Server
After running this script and starting the Nano Server again, I can check if everything worked. In the DNS Package chapter, I will actually show you how I did it.
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 29
Additional information for advanced installation/deployment Before we continue our mission with Nano Server, there are a few things I want to talk about. Let’s take a
deeper look at the domain join possibilities and the specific Azure parameter you can use.
Domain join options
There are many possibilities to join your Nano Server to an existing domain. I prefer the first option
described below, but this will not always be the best option. Let’s look at the five different methods you
can use.
Joining the to the domain where the local computer resides
This is by far my most favorite option, because it is very easy to do. In TP3, joining a domain took quite a
bit of work, but starting from TP4 (and of course also in TP5), it is much easier. If the workstation or server
on which you are building the image is joined to the same domain to which you want to join the Nano
Server, you only need to use the appropriate switch within the PowerShell script and the rest will be
automatically done for you.
You might recall the example that we used in chapter the New-NanoServerImage New-NanoServerImage -DeploymentType Guest -Edition Datacenter -TargetPath .\NanoServerVMs\TP5Nano03\TP5Nano03.vhdx -BasePath .\Base -Clustering -Compute -ComputerName TP5Nano03 -CopyFiles D:\Scripts -DomainName MD.local -EnableRemoteManagementPort -InterfaceNameOrIndex ethernet -Ipv4Address 192.168.1.203 -Ipv4Dns 192.168.1.220 -Ipv4Gateway 192.168.1.1 -Ipv4SubnetMask 255.255.255.0 -MaxSize 100GB
One of the switches we use is –DomainName and the name of my domain. This is all you need to do to
get that computer joined to the domain.
An offline domain join happens in the background and the script will automatically harvest a domain
blob for the specific domain and use that to do the domain join. You need to have the administrative
rights to perform a domain join when you perform this action. So, make sure that the user you are
running the PowerShell cmdlets with has those rights.
If you want to know what happens in the background exactly, read on, because the next methods will
require more manual work.
Joining a different domain
If the workstation or server you are working on is not joined to a domain or is joined to another domain,
you can’t work with the fully automated parameter. However, it still isn’t difficult. What you need to do is
harvest a domain blob. You need to keep a few things in mind:
The blob must be manually harvested on a computer that is joined to the specific domain.
You need to have the rights to perform this action.
This is the command you need to use when harvesting a blob (Note: This is an elevated prompt): djoin /Provision /Domain Contoso /Machine serverName /SaveFile serverName.djoin
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 30
Copy that blob to a place on your computer where you are building the image and use the switch –
DomainBlobPath to perform the action. As an example: New-NanoServerImage -DeploymentType Guest -Edition Datacenter -MediaPath \\Path\To\Media\en_us -BasePath .\Base -TargetPath .\ServerName.vhd -DomainBlobPath .\Path\ServerName.djoin
Please note that you don’t add the parameter name –ComputerName anymore, because the blob
already contains the server name. It will throw an error if you do so.
Reusing a domain account
You can use the third method when you want to reuse a domain account. If the server name already
exists in Active Directory, you can use simple the parameter –ReuseDomainNode in your script.
Joining Nano Server to a domain online
All of the previous methods are offline joins when the image is created. But, what happens when your
server is already created and running? Can you still join it to a domain?
Luckily, the answer is yes. Performing an online join to a domain is possible, but it requires a bit of work.
Let’s go over the procedure.
Harvesting a blob.
Just like before, you will need to harvest a blob and use that to join the server online to a domain.
Note: The computer that is in that domain, and the location from which you will harvest the blob, needs
to be running Windows 10 or Windows Server Threshold! However, the domain controller does not. djoin.exe /provision /domain <domain-name> /machine <machine-name> /savefile .\objblob
You will have a file called objblob now. The next step is to copy that file to the Nano Server. You can do it
easily by mapping the administrative C$ share to a drive. net use z: \\<ip address of Nano Server>\c$ md z:\Temp copy odjblob z:\Temp
Note: You might receive an error when doing this. That probably means the firewall on the Nano Server
is blocking the request. In that case, run the following commands first: Set-Item WSMan:\localhost\Client\TrustedHosts "<IP address of Nano Server>" $ip = "<ip address of Nano Server>" Enter-PSSession -ComputerName $ip -Credential $ip\Administrator netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=yes Exit-PSSession
Note: You can find more information on this procedure in the PowerShell Remoting/ chapter.
Now you need to join the Nano Server to the domain. Again, for more information about Enter-
PSSession or about when the command fails, refer to the PowerShell Remoting/PowerShell Direct
chapter. Enter-PSSession -ComputerName $ip -Credential $ip\Administrator
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 31
djoin /requestodj /loadfile c:\Temp\odjblob /windowspath c:\windows /localos shutdown /r /t 5 Exit-PSSession
The procedure works like this:
• Connect remotely to the server and start a remote PowerShell session
• Use djoin to load the configuration out of the created blob file and join that server to the domain. (For more information on djoin, go to https://technet.microsoft.com/en-us/library/offline-domain-join-djoin-step-by-step(v=ws.10).aspx)
• Instruct the computer to restart (the parameter /r does this in the shutdown command) and wait 5 seconds.
• Those 5 seconds give you the time necessary to exit the remote PowerShell session (Exit-PSSession)
That’s it. After you reboot, your Nano Server will be joined to the domain.
Using the unattend file
The last option you have is using an unattend file. You will need to use parts of the procedure above to
do this.
First, you will start by harvesting a blob again, just like you did before. When you’re finished with that,
open the blob file with a text editor (Notepad works fine) and copy the files in the unattend file. See the
example below: <unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <settings pass="offlineServicing"> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> <ComputerName>NANO02</ComputerName> </component> <component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> <OfflineIdentification> <Provisioning> <AccountData>ARAIAMzMzMxYAwAAAAAAAAAAAgABAAAAAQAAAAQAAgABAAAAAQAAADADAAAIAAIAMAMAAAEQCADMzMzMIAMAAAAAAAAw3cPMQKrDzFC0xMyAS8PMBAAGAHCyxMwQABIAQKXDzBAAEgCArsPM5CERzLqjb0aCyTDByrOx3ACmw8yAq8PMQKzDzAEAAADkIRHMuqNvRoLJMMHKs7HcQK3DzACvw8z98QDgUPDDzPDww8wAAAAACQAAAAAAAAAJAAAATQBEAC4ATABPAEMAQQBMAAAAAAAHAAAAAAAAAAcAAABOAGEAbgBvADAAMgAAAAAAeQAAAAAAAAB5AAAAKwA0AC4AZgAvAFwATgBqAHAAUABeAGQASgBwAFQAYAAzAC8ATwBfAF0AZQBiAHkAQwBAAFUAJgApACEAdwA1AGMAQQBJAFsAVQBAACEANQBmACcANwBgAGYAOgBPAHIAcQAxAGwAOQBvAE8AYAAuAGQAbQBlACYAdwAnAHAASAAtAEQALAByAHgAMABaAF4AXgBMAHAANwB3AEcASgBnACUAJQA6AHAAKAAnAE8ATQBnAGcAUgB0AFoAXABFACgAaABNACcATwBnADUALAAlAGsAVwA8AGIAKwBXAD0AMABUAHMAQABvAFwAcgA9AGAAAAAAAAMAAAAAAAAAAgAAAE0ARAAJAAAAAAAAAAgAAABNAEQALgBsAG8AYwBhAGwACQAAAAAAAAAIAAAATQBEAC4AbABvAGMAYQBsAAQAAAABBAAAAAAABRUAAAB4U757beNM1WKt7FAQAAAAAAAAABAAAABcAFwARABDADAAMQAuAE0ARAAuAGwAbwBjAGEAbAAAABAAAAAAAAAAEAAAAFwAXAAxADkAMgAuADEANgA4AC4AMQAuADIAMgAwAAAACQAAAAAAAAAJAAAATQBEAC4AbABvAGMAYQBsAAAAAAAJAAAAAAAAAAkAAABNAEQALgBsAG8AYwBhAGwAAAAAABgAAAAAAAAAGAAAAEQAZQBmAGEAdQBsAHQALQBGAGkAcgBzAHQALQBTAGkAdABlAC0ATgBhAG0AZQAAABgAAAAAAAAAGAAAAEQAZQBmAGEAdQBsAHQALQBGAGkAcgBzAHQALQBTAGkAdABlAC0ATgBhAG0AZQAAAAAAAAA= </AccountData> </Provisioning> </OfflineIdentification> </component> </settings> <settings pass="offlineServicing"> </settings> <settings pass="oobeSystem"> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 32
<UserAccounts> <AdministratorPassword> <Value>P@ssw0rd</Value> <PlainText>true</PlainText> </AdministratorPassword> </UserAccounts> <TimeZone>Pacific Standard Time</TimeZone> </component> </settings> <settings pass="specialize"> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"> <RegisteredOwner>MD</RegisteredOwner> <RegisteredOrganization>MD</RegisteredOrganization> </component> </settings> </unattend>
The important part for the domain join is the data that resides between the <AccountData> and
</AccountData> part. This is the information you can copy from the blob file that you have harvested.
Now, you need to inject the unattend.xml file into the Nano Server image. This can be done manually
(see Appendix C: Unattend, SetupComplete and DISM) or through the parameter -UnattendPath
included with the New-NanoServerImage cmdlet.
Azure
Running Nano in Microsoft Azure is possible. There are two methods to do so as of today:
Method 1: Deploy Nano Server through the gallery
When you log in to your Microsoft Azure subscription, you can deploy a new VM. It doesn’t matter
whether you are using the classic method or the new resource manager deployment. You will need to
find this image in the gallery by running a search with the keyword Nano. Then, it’s just a matter of
choosing your size, networking and all other options, just as if you are deploying any other regular VM in
Microsoft Azure.
Figure 23: Nano Server build in Microsoft Azure
However, there is a difference. Because you are not building your image with the correct packages, you
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 33
can’t add roles to it upfront. Therefore, you will need to deploy your packages online. More information
on that process in Appendix G.
Method 2: Bring your own server to Azure
It is possible to bring your own VHD and use it as a server in Microsoft Azure. In TP4 there was a
parameter called –Azure. In TP5, this parameter is gone, but by simply using the parameters -
DeploymentType Guest and –EnableRemoteManagement, you can prepare a VHD for Azure.
For more information on how to upload your own VHD, visit
https://azure.microsoft.com/en-us/documentation/articles/virtual-machines-create-upload-
vhd-windows-server/.
Finally, note that Nano Server in TP5 does support nested virtualization, so you would be able to deploy
Nano Server hosts onto Azure and inside deployed VMs.
To read more about managing Microsoft Windows Nano Server and getting more details, please, follow the link: https://hyperv.veeam.com/windows-nano-server-all-you-need-to-know-7708/
All you need to know about Microsoft Nano Server (Updated for TP5)
© 2016 Veeam Software 34
About the Author
Mike Resseler is a Technical Evangelist for Veeam®. Mike is focused on
technologies around Hyper-V and System Center. With years of experience in
the field, he presents on many occasions at large events such as MMS, TechEd
and TechDays. Mike has been awarded the MVP for System Center Cloud and
Datacenter Management since 2010 and received the Hyper-V MVP since 2014.
His major hobby is discussing and developing solid Disaster Recovery (DR)
scenarios. Additionally, he has enterprise-class experience in Private Cloud
architecture and deployment with marked focus on protection from the
bottom to the top. He holds certifications in many Microsoft Technologies such
as MCITP.
Follow Mike on @MikeResseler or @Veeam and on Google+.
About Veeam Software Veeam recognizes the new challenges companies across the globe face in enabling the Always-On
Enterprise™, a business that must operate 24/7/365. To address this, Veeam has pioneered a new market
of Availability for the Always-On Enterprise™ by helping organizations meet recovery time and point
objectives (RTPO™) of < 15 minutes for all applications and data, through a fundamentally new kind of
solution that delivers high-speed recovery, data loss avoidance, verified protection, leveraged data and
complete visibility. Veeam Availability Suite™, which includes Veeam Backup & Replication™, leverages
virtualization, storage, and cloud technologies that enable the modern data center to help organizations
save time, mitigate risks and dramatically reduce capital and operational costs.
Founded in 2006, Veeam currently has 41,000 ProPartners and more than 205,000 customers worldwide.
Veeam's global headquarters are located in Baar, Switzerland, and the company has offices throughout
the world. To learn more, visit http://www.veeam.com.