Nano Server IaaS Image in the Azure Gallery

  • Article

This blog post is now obsolete. Please refer to the TP5 version here: https://blogs.technet.com/b/nanoserver/archive/2016/04/27/nano-server-tp5-iaas-image-in-the-azure-gallery.aspx

Update: November 25, 2015:

  • Added steps to export the certificate to another machine for secure connection to the same VM

Update: November 24, 2015:

  • Added support for secure strings

  • Fixed a bug in the script when using uppercase VM names

 

Now you can create Nano Server VMs directly in Azure, using the Nano Server image in the Azure Gallery.

Please use an elevated PowerShell console (classic or ISE) and use the instructions in the following blog to install the Azure Resource Manager cmdlets: https://msdn.microsoft.com/en-us/library/mt125356.aspx

Instructions

Download the zip file attached to this blog and unzip its contents to a local folder on your machine.

Log in to your Azure account:

Login-AzureRmAccount

Run the following commands to create a resource group and a key vault, if you haven’t already:

New-AzureRmResourceGroup -Name "MyResourceGroupName" -Location 'West US'

New-AzureRmKeyVault -VaultName "MyKeyVaultName" -ResourceGroupName "MyResourceGroupName" -Location 'West US' -EnabledForDeployment

 

Make sure you use the same Resource Group Name in both cmdlets. Select the Azure location that is best for you. I chose ‘West US’ because I’m on the West coast.

Now, it’s time to import the module that was part of the package you unzipped to a local folder:

Import-Module .\NanoServerAzureHelper.psm1 -Verbose 

 

You’re now ready to create a Nano Server VM (you will be prompted for the admin password):

New-NanoServerAzureVM -Location 'West US' –VMName "MyVMName" -AdminUsername "MyAdminName" -VaultName "MyKeyVaultName" -ResourceGroupName "MyResourceGroupName" -Verbose 

 

Let’s establish a secure PowerShell remote session to our new VM:

Get-AzureRmPublicIpAddress -ResourceGroupName "MyResourceGroupName"

 

Observe the output of this cmdlet and copy the FQDN string, under DnsSettings. It will look something like: "MyVMName.westus.cloudapp.com". Use it for the secure connection as follows:

 

Enter-PSSession -ConnectionUri "https://MyVMName.westus.cloudapp.com:5986/WSMAN" -Credential MyAdminName

 

That’s it! You’ll notice that there is a “Packages” folder on the root of your Nano Server VM. This folder contains the .cab files you can use to enable various roles & features in your Nano Server Azure image. For more information, please see the “Nano Server Getting Started Guide”.

To access the VM securely from another machine

If you want to access the VM you created securely from another machine, you need to export the certificate from your original client to another machine. Here’s how:

  1. Run certlm.msc
  2. Select “Trusted Root Certification Authorities”
  3. Select “Certificates”
  4. Look for the certificate that is named after your VM name
  5. Right-click this certificate and select “All Tasks” -> “Export” and save it to a USB drive or a shared folder.
  6. On the target machine, double-click this exported certificate and click “Install Certificate”
  7. Select “Current User” -> Next
  8. Select “Place all certificates in the following store”, click “Browse” and select “Trusted Root Certification Authorities” -> Next -> Finish

For information on Nano Server containers, please see the following blogs:

https://msdn.microsoft.com/en-us/virtualization/windowscontainers/deployment/deployment?branch=TP4Stage

https://msdn.microsoft.com/en-us/virtualization/windowscontainers/quick_start/manage_powershell?branch=TP4Stage

 

ref@