Sunday, 30 December 2018

Installing Nano Server

Overview of installing Nano Server

As mentioned previously, Nano Server cannot be directly installed from the installation media during setup. The files required for setting up Nano Server are located in the \NanoServer folder located on the Windows Server 2016 Installation media. Nano Server is installed using one of three methods:

 Deploying a VHD image that will be hosted as a virtual machine on a Hyper-V host.

 Deploying a VHD as a bootable drive on a physical computer.

 Deploying a Nano Server WIM file on a physical computer. The steps are similar for each option:

Copy the NanoServerImageGenerator folder from the NanoServer folder on the Windows Server 2016 installation media to a folder on your local machine.

Start Windows PowerShell as an administrator and change the directory to the NanoServerImageGenerator folder on your local drive.

Import the NanoServerImageGenerator module by using the following Windows PowerShell Import-Module cmdlet:

Import-Module .\NanoServerImageGenerator -Verbose

 Create the VHD or WIM by using the New-NanoServerImage cmdlet with the following syntax:

New-NanoServerImage -Edition <edition> -DeploymentType <deployment type> -MediaPath <media path> -BasePath <base path> -TargetPath <target path> -ComputerName <computer name> -Packages <packages> -<other package switches>

where:

Edition – is the Windows Server 2016 edition the Nano Server will be based on; either Standard or Datacenter.

Deployment type – The type of deployment; Host for WIM or bootable VHD, Guest for VHDs hosted in Hyper-V.            •   
       Media path – The path to the root of the Windows Server 2016 installation media.





Base path – This optional switch is used when creating a WIM file. When creating a WIM file, the

Nano Server binaries will be copied to this folder so that the New-NanoServerWim cmdlet can
be used to create a new image without specifying the -MediaPath switch.
MCT
USE
Target path – The path and file name, including extension, of the Nano Server Image. The file
type created depends on the file extension specified: .vhd for a Generation 1 virtual machine,
.vhdx for a Generation virtual machine, and .wim for a WIM file.
Computer name – The name of the target Nano Server computer.

Packages – The -Packages switch is used to install certain roles and features, listed in the

previous topic on Nano Server. Multiple packages can be combined in a comma-separated list.
.ONLY

Other package switches – Some Packages are installed using their own switches. See the previous
topic for a complete list. If you want to deploy a Nano Server to a physical machine, be sure to

use the -OEMDrivers switch to install the basic set of device drivers that are included in the

Standard edition installation.

The Windows PowerShell script prompts you for an administrator account and password when it is

run.




Deploying the Nano Server VHD in Hyper-V

Once you create the VHD for the Nano Server, the steps for deploying the Nano Server in Hyper-V is

similar to deploying any virtual machine:
STUDENT
1.   Create a new virtual machine, by using the VHD, in Hyper-V Manager.
management tools to manage the server.
2.   Boot and then connect to the virtual machine from Hyper-V Manager.

3.   Log on to the Nano Server Recovery Console using the administrator account and password.

4.   Obtain the IP address for the virtual machine and connect to the Nano Server by using the remote

Deploying the Nano Server VHD on a physical computer
USE
You can also run the Nano Server on a physical computer by using the VHD that you created. As noted
previously, you must ensure that the OEM drivers for the most common hardware are installed by using the -OEMDrivers switch during VHD creation. The steps for deploying the VHD to the physical computer are as follows:

            Sign in to the physical computer as an administrator.

            Copy the VHD to the local computer.

            Configure the VHD to boot by using the following steps:

            Mount the VHD.

            Run the bcdboot command targeting the VHD. For example, if the VHD is mounted to the E:\ drive:


bcdboot e:\windows






c.   Unmount the VHD.
PROHIBITED
4.   Boot the computer into the Nano Server VHD.




Deploying a Nano Server WIM

Creating a Nano Server WIM is as simple as specifying .wim as the file extension when providing the -

TargetPath value. Once the WIM file is created you can deploy it by using WinPE:

            Ensure the .wim file is accessible from WinPE.

            Boot into WinPE on the local server.

            Use Diskpart.exe to prepare the local hard drive.

            Apply the Nano Server image by using Dism.exe.

            Remove the WinPE media if applicable, and reboot the system by using the following command:

Wpeutil.exe reboot

After you reboot the Nano Server from whichever deployment method you used:

            Sign in to the Nano Server Recovery Console by using the administrator account and password.

            Obtain the IP address of the Nano Server computer and use the remote management tools or Windows PowerShell to connect and manage the server.






Deploying a Nano Server WIM

Creating a Nano Server WIM is as simple as specifying .wim as the file extension when providing the -

TargetPath value. Once the WIM file is created you can deploy it by using WinPE:

            Ensure the .wim file is accessible from WinPE.

            Boot into WinPE on the local server.

            Use Diskpart.exe to prepare the local hard drive.

            Apply the Nano Server image by using Dism.exe.

            Remove the WinPE media if applicable, and reboot the system by using the following command:

Wpeutil.exe reboot

After you reboot the Nano Server from whichever deployment method you used:

            Sign in to the Nano Server Recovery Console by using the administrator account and password.

            Obtain the IP address of the Nano Server computer and use the remote management tools or Windows PowerShell to connect and manage the server.

Managing and configuring Nano Server


You can change the basic network configuration by using the Tab key to navigate to Networking and
PROHIBITED
then pressing Enter. You can then select the appropriate network adapter from the list by using the cursor keys to navigate to the correct adapter and then pressing Enter.

The current network settings are displayed. You can press either F11 to configure IPv4 settings or F12 for IPv6 settings. If you choose to configure IPv4, use the F4 key to switch the settings. For example, to enable or disable DHCP, press F4. To enter a manual IPv4 configuration, disable DHCP and then use the number keys to type a suitable IP address, subnet mask, and default gateway. Press Enter twice to update the configuration. Press Esc repeatedly to return to the main menu.

Configuring the firewall

You might need to configure firewall settings to enable remote management. From the main Nano Server Recovery Console, press the Tab key to navigate to Firewall, and then press Enter. A list of firewall rules is displayed. Use the cursor keys to navigate up and down the list and press Enter for a rule you want to configure.



For example, to enable remote event log management, locate the remote event log management (RPC)
rule and press Enter. Press F4 to Enable/Disable. Press ESC and select the next rule, and then repeat the


procedure. When you have configured all rules, press ESC to return to the main menu.
USE
Ongoing management



Once you have configured the networking settings and enabled the appropriate remote management firewall ports for inbound communications, you can manage the Nano Server remotely by using either Server Manager, Windows PowerShell, or any other management tool by using the Connect to option to select the Nano Server. Typical management tasks include:

     Adding the computer to a domain

     Adding roles and features to the server
the domain and using that data blob when joining the domain. The basic steps for this follow.      ONLY
Adding the Nano Server to a domain online

You perform an online domain join by harvesting a domain data blob from a computer already joined to

.

1.   Harvest the domain data blob from a computer running Windows Server 2016 that is already joined

to the domain by using the following command:

Djoin.exe /provision /domain <domain name> /machine <Nano Server machine name> /savefile <path and name of blob file>

2.   Enable File and Printer Sharing on the Nano Server.

a.   Using Windows PowerShell Remoting, connect to the Nano Server with the following commands from a Windows PowerShell session running as administrator:



Set-Item WSMan:\localhost\client\TrustedHosts “<Nano Server IP address>”




$ipaddress = “<Nano Server IP address>”
STUDENT


Enter-PSSession -ComputerName $ipaddress -Credential $ipaddress\Administrator









b.  Provide the Administrator password and set the firewall rule to enable file and printer sharing:









Netsh advfirewall firewall set rule group=”File and Printer Sharing” new




enable=yes







3.   Copy the data blob file to the Nano Server by using the following commands:
USE




Net use z: \\<Nano Server IP address>\c$



Md z:\temp



copy <name of blob file> z:\temp








4.         Using the Windows PowerShell Remoting session, join the domain by using the following command:

Djoin.exe /requestodj /loadfile c:\temp\<name of blob file> /windowspath c:\windows /localos

5.   Use the following commands to restart the Nano Server computer and exit the Windows PowerShell Remoting session:

shutdown /r /t
5


Exit-PSSession

PROHIBITED


Adding roles and features to Nano Server online



To install new roles and features to Nano Server online without editing or rebuilding the VHD, you will



need to find and install those roles and features from the online repository by using the



PackageManagement PowerShell module and the NanoServerPackage provider.



You install the provider by using the following PackageManagement cmdlets:
STUDENT






Install-PackageProvider NanoServerPackage




Import-PackageProvider NanoServerPackage







Once the NanoServerPackage provider is installed you can find and install Nano Server packages by using



either Nano Server specific cmdlets or the generic PackageManagement variations of those cmdlets. The



Nano Server package cmdlets are:



Find-NanoServerPackage



Save-NanoServerPackage



Install-NanoServerPackage



You can use the Install-NanoServerPackage cmdlet to install packages to both online images and offline images.

You can also install roles and features by using Deployment Image 










Installing and configuring Nano Server

What is Nano Server?

Nano Server is a new installation option for Windows Server 2016 that is similar to Windows Server in Server Core mode. However, although it has a significantly smaller hardware footprint, it has no local sign-in capability and supports only 64-bit apps, tools, and agents. Setup is significantly faster, and after installation, the operating system requires far fewer updates.

  Note: Nano Server is not available for selection through the Windows Server 2016 setup wizard. Instead, you must create a virtual hard

drive by using Windows PowerShell. You can then use this virtual hard drive on a virtual machine to support a virtualized Nano Server in Hyper-V, or you can configure your server computer to start from a .vhd file for a physical Nano Server deployment option.


Use scenarios
Nano Server is ideal for use in the following scenarios:
   Hyper-V host for virtual machines, either in clusters or not (compute host) USE
   As a storage host for a scale-out file server, either in clusters or not
   As a DNS server
   As a web server running Microsoft Internet Information Services (IIS)
   As a host for applications that are developed by using cloud application patterns and run in a
container or virtual machine guest operating system .ONLY
Server roles available in Nano Server

The following table shows the server roles and features that you can either install when you deploy Nano
Server or subsequently install by using Windows PowerShell on a previously deployed Nano Server.


Role or feature Option to install

Hyper-V role -Compute

Failover clustering -Clustering  


Drivers for a variety of network adapters and -OEMDrivers
storage controllers (this is the same set of
drivers included in a Server Core installation of
Windows Server 2016)

File Server role and other storage components -Storage

Windows Defender Antimalware, including a -Defender
default signature file

DNS Server role -Packages Microsoft-NanoServer-DNS-Package

Desired State Configuration  Packages Microsoft-NanoServer-DSC-Package

IIS -Packages Microsoft-NanoServer-IIS-Package

Host support for Windows Containers -Containers

System Center Virtual Machine Manager agent
-Packages Microsoft-Windows-Server-SCVMM-
Package
-Packages Microsoft-Windows-Server-SCVMM-

Compute-Package

Network Performance Diagnostics Service -Packages Microsoft-NanoServer-NPDS-
(NPDS) Package

Data Center Bridging -Packages Microsoft-NanoServer-DCB-Package

Boot and run from a RAM disk -Packages Microsoft-NanoServer-Guest-
Package

Deploy on a virtual machine -Packages Microsoft-NanoServer-Host-Package



Role or feature Option to install


Secure Startup -Packages Microsoft-NanoServer-
SecureStartup-Package
Shielded Virtual Machine -Packages Microsoft-NanoServer-ShieldedVM-
Package


While many roles are supported by Nano Server, several important roles and features are not supported, including AD DS, AD CS, and DHCP.

features and improvements introduced in Windows Server 2016

features and feature improvements were introduced in Windows Server 2016:


   Nano Server. Nano Server is a new installation option for Windows Server 2016. With no graphical or
command prompt interface, it has a significantly lower hardware requirement than Server Core. NanoUSE
Server is the ideal platform for Hyper-V, Hyper-V cluster, and scale-out file servers and cloud service .ONLY
apps.
   Windows Server containers and Hyper-V containers. Containers enable you to isolate your apps from
the operating system environment. This improves security and reliability. Windows containers are
isolated from one another but run on the host operating system. Hyper-V containers are further
isolated, because they run within a virtual machine.
   Docker. Docker is a technology for managing containers. Although Docker is usually associated with
Linux, Windows Server 2016 provides support for Docker for managing Windows containers andHyper-V containers.
   Rolling upgrades for Hyper-V and storage clusters. These upgrades enable you to add Windows
Server 2016 nodes to an existing Windows Server 2012 R2 failover cluster. The cluster continues to
operate at a Windows Server 2012 R2 functional level until all the nodes are upgraded.
   The ability to hot add and hot remove virtual memory and network adapters from virtual machines. In
Hyper-V in Windows Server 2016, you can now add or remove virtual memory and network adapters
while the virtual machines are running.
   Nested virtualization. In Hyper-V in Windows Server 2016, you can enable nested virtualization,
enabling you to run Hyper-V virtual machines within a virtual machine.
   Shielded virtual machines. Shielding your virtual machines enables you to help protect the data on
them from unauthorized access.
USE
   PowerShell Direct. This feature enables you to run Windows PowerShell commands against a guest
operating system in a virtual machine without handling security policies, host network settings, or
firewall settings.
   Windows Defender. Windows Defender is provided to help protect your server against malware.
Although the Windows Defender interface is not installed by default, the antimalware patterns are automatically kept up-to-date.
Storage Spaces Direct. This feature enables you to build highly available storage with directly attached disks on each node in a cluster. The Server Message Block 3 (SMB3) protocol provides resiliency.

Storage Replica. This feature enables you to synchronously or asynchronously replicate volumes at the block level.

Microsoft Passport. This service replaces passwords with two-factor authentication that consists of an enrolled device and a Windows Hello (biometric) or PIN. This helps provide a more secure and convenient sign-in experience.

Remote Desktop Services. You can now use an Azure SQL database to create a high availability environment for Remote Desktop Connection Broker.

Active Directory Domain Services (AD DS). AD DS improvements include support for privileged access management (PAM), support for Azure AD Join, along with support for Microsoft Passport.



Note: Windows Server 2016 includes many other improvements to existing features. For a

full list of all the changes in Windows Server 2016, refer to: “What's New in Windows Server 2016

Technical Preview 5” at: http://aka.ms/S4u2tt