Windows server 2016 nano server

If you haven’t yet tried Windows Server 2016, today we hope to give you a few more reasons to try out our latest technical preview. On this week’s Microsoft Mechanics show, we feature updates to Nano Server with Jeffrey Snover, Chief Architect, Enterprise Cloud.

Nano Server is the new headless deployment option for Windows Server 2016. As a deeply refactored version of Windows Server, it’s designed to give you the lightest and fastest server OS configuration with fewer patch and update events, faster restarts, better resource utilization and tighter security.

To explain further, today’s show enumerates the key differences between our various server instantiations: notably, the server with desktop experience, Server Core and Nano Server, which sans 32-bit support (WOW64), the graphic stack, Remote Desktop and local logon is at least 25 times smaller.

While offering a deliberately small initial footprint, Jeffrey demonstrates for the first time how easy it is to customize Nano Server, by sourcing packages from repositories either on a local path or from the cloud.

The future of the datacenter

In response to increased needs for higher density and more efficient OS resource utilization, Nano Server is foundational to the modern datacenter and is useful in two core scenarios: As a private cloud infrastructure it’s particularly useful for clustered Hyper-V, clustered storage and core networking services scenarios; or as an application platform it’s highly optimized for modern distributed and cloud-based apps which leverage containers and micro service architectures. Ultimately, Nano Server is designed to ensure that more resources are freed up to run apps and services.

The advantages of Nano Server, as evidenced by the latest build stats shared on the show, include significantly lower resource consumption, greater agility and speed with exceptionally fast set-up times (40 seconds versus 19 minutes for server with a desktop experience).

All management is performed remotely via PowerShell and WMI, with remote management options via existing tools and a new web-based remote management tool. Further, offline management can be achieved via the new Nano Server Recovery Console, which gives you a local interface with a simplified UI, all of which you can see for yourself in Jeffrey’s final demo.

We hope that you enjoy today’s demo-rich overview. Also be sure to check out Nano Server running a Hyper-V container as demonstrated recently by Mark Russinovich on Microsoft Mechanics.

Nano Server is a new and super small footprint of Windows Server 2016.  You do not deploy by using the setup like you do with other versions of the OS. Nano Server is deployed via PowerShell.  The files and scripts needed for deployment are on the Windows server 2016 ISO image. There are several different options for running Nano Server.  Do you want to run as a host or on a VM?  Do you want to use a custom image or a basic deployment?  This article will cover these and more, giving you the information you need to get started playing with Nano Server 2016.  There is no GUI and there is no RDP to a Nano Server.  Remote management is however enabled by default.  You simply need the IP address and credentials.

Follow the steps to get started quickly with a basic deployment of Nano Server using DHCP to obtain an IP address. The sections that come after go into more detail about further customizing the image for your specific needs, as well as remotely managing Nano Server. You can run a Nano Server VHD either in a virtual machine or boot to it on a physical computer; the steps are slightly different. 

Nano Server is ideal for a number of scenarios including:

• As a “compute” host for Hyper-V virtual machines, either in clusters or not
• As a storage host for Scale-Out File Server.
• As a DNS server
• As a web server running Internet Information Services (IIS)
• As a host for applications that are developed using cloud application patterns and run in a container or virtual machine guest operating system

——————————————–

Nano Server in a virtual machine

Follow these steps to create a Nano Server VHD that will run in a virtual machine.

To quickly deploy Nano Server in a virtual machine

1. Copy NanoServerImageGenerator.psm1 and Convert-WindowsImage.ps1 from the NanoServer folder in the Windows Server Technical Preview ISO to a folder on your hard drive.

2. Start Windows PowerShell as an administrator, change directory to the folder where you’ve placed these scripts and then import the NanoServerImageGenerator script with Import-Module NanoServerImageGenerator.psm1 -Verbose

1. In Hyper-V Manager, create a new virtual machine and use the VHD created in Step 3.

2. Boot the virtual machine and in Hyper-V Manager connect to the virtual machine.

3. Log on to the Recovery Console (see the “Nano Server Recovery Console” section in this guide), using the administrator and password you supplied while running the script in Step 3.

4. Obtain the IP address of the Nano Server virtual machine and use Windows PowerShell remoting or other remote management tool to connect to and remotely manage the virtual machine.

——————————————–

Nano Server on a physical computer

You can also create a Nano Server VHD that will run Server Core on a physical computer, using the pre-installed device drivers. If your hardware requires a driver that is not already provided in order to boot or connect to a network, follow the steps in the “Adding Additional Drivers” section of this guide.

To quickly deploy Nano Server on a physical computer

1. Copy NanoServerImageGenerator.psm1 and Convert-WindowsImage.ps1 from the NanoServer folder in the Windows Server Technical Preview ISO to a folder on your hard drive

2. Start Windows PowerShell as an administrator, change directory to the folder where you’ve placed these scripts and then import the NanoServerImageGenerator script with Import-Module NanoServerImageGenerator.psm1 -Verbose.

3. Create a VHD that sets a computer name and includes the OEM drivers and Hyper-V by running the following command which will prompt you for an administrator password for the new VHD:

   New-NanoServerImage -MediaPath <path to root of media> -BasePath .Base -TargetPath .NanoServerPhysicalNanoServer.vhd -ComputerName <computer name> -OEMDrivers -Compute where

   • <path to root of media> is the path to the root of the contents of the Technical Preview ISO. For example if you have copied the contents of the ISO to d:TP4ISO you would use that path.

   • BasePath is a folder that will be created to copy the Nano Server WIM and packages to. (This parameter is optional.)

   • TargetPath is a folder that will be created where the resulting VHD will be created.

   • Computer_name is the computer name for the Nano Server virtual machine you are creating.

   Example: New-NanoServerImage -MediaPath F: -BasePath .Base -TargetPath .Nano1NanoServer.vhd -ComputerName Nano-srv1 -OEMDrivers –Compute -Clustering

   This example creates a VHD from an ISO mounted as f:. When creating the VHD it will use a folder called Base in the same directory where you ran New-NanoServerImage; it will place the VHD in a folder called Nano1 in the folder from where the command is run. The computer name will be Nano-srv1 and will have OEM drivers installed for most common hardware and has the Hyper-V role and the clustering feature enabled. If the server uses UEFI to boot, change NanoServer.vhd to NanoServer.vhdx.

4. Log in as an administrator on the physical server where you want to run the Nano Server VHD.

5. Copy the VHD that this script creates to the physical computer and configure it to boot from this new VHD. To do that, follow these steps:

   1. Mount the generated VHD. In this example, it’s mounded under D:.

   2. Run bcdboot d:windows.

   3. Unmount the VHD.

6. Boot the physical computer into the Nano Server VHD.

7. Log on to the Recovery Console (see the “Nano Server Recovery Console” section in this guide), using the administrator and password you supplied while running the script in Step 3.

8. Obtain the IP address of the Nano Server computer and use Windows PowerShell remoting or other remote management tool to connect to and remotely manage the virtual machine.

——————————————–

Custom Deployment Images

For Windows Server 2016 Technical Preview, Nano Server is distributed on the physical media, where you will find a NanoServer folder; this contains a .wim image and a subfolder called Packages. It is these package files that you use to add server roles and features to the VHD image, which you then boot to.

This table shows the roles and features that are available in this release of Nano Server, along with the Windows PowerShell options that will install the packages for them. Some packages are installed directly with their own Windows PowerShell options (such as -Compute); others you install as extensions to the -Packages option, which you can combine in a comma-separated list.

Note

When you install packages with these options, a corresponding language pack is also installed based on the configured locale of the administrator account. If, for example, your locale is set to France (fr_fr) but you are configuring a Swedish image (sv_se), you will receive an error stating that the fr_fr packages are not present. To set the cmdlet to use a different language, use the -Language parameter (for example, -Language sv_se). You can find the available language packs and their locale abbreviations in the installation media in subfolders named for the locale of the image.

Tip

To convert the WIM image to a VHD

1. Copy NanoServerImageGenerator.psm1 and Convert-WindowsImage.ps1 from the NanoServer folder in the Windows Server Technical Preview ISO to your hard drive.

2. Start an elevated Windows PowerShell console, change directory to the folder where you placed these scripts, and then import the NanoServerImageGenerator script with Import-Module NanoServerImageGenerator.psm1 -Verbose.

This example creates a GPT-based VHDX image with a given computer name and including Hyper-V guest drivers, starting with Nano Server installation media on a network share. In an elevated Windows PowerShell prompt, start with this cmdlet:

Import-Module <Server media location>NanoServerNanoServerImageGenerator.psm1; New-NanoServerImage -MediaPath \PathToMediaen_us -BasePath .Base -TargetPath .FirstStepsNano.vhdx -ComputerName FirstStepsNano -GuestDrivers

The cmdlet will accomplish all of these tasks:

1. Prompt you for the Administrator password

2. Copy installation media from \PathToMediaen_us into .Base

3. Convert the WIM image to a VHD. (The file extension of the target path argument determines whether it creates an MBR-based VHD for Generation 1 virtual machines versus a GPT-based VHDX for Generation 2 virtual machines.)

4. Copy the resulting VHD into .FirstStepsNano.vhdx

5. Set the Administrator password for the image as specified

6. Set the computer name of the image to FirstStepsNano

7. Install the Hyper-V guest drivers

All of this results in an image of .FirstStepsNano.vhdx.

The cmdlet generates a log as it runs and will let you know where this log is located once it is finished. The WIM-to-VHD conversion accomplished by the companion script generates its own log in %TEMP%Convert-WindowsImage<GUID> (where <GUID> is a unique identifier per conversion session).

As long as you use the same base path, you can omit the media path parameter every time you run this cmdlet, since it will use cached files from the base path. If you don’t specify a base path, the cmdlet will generate a default one in the TEMP folder. If you want to use different source media, but the same base path, you should specify the media path parameter, however.

——————————————–

More tips on Nano Server

Joining Domains

New-NanoServerImage offers two methods of joining a domain; both rely on offline domain provisioning, but one harvests a blob to accomplish the join. In this example, the cmdlet harvests a domain blob for the Contoso domain from the local computer (which of course must be part of the Contoso domain), then it performs offline provisioning of the image using the blob:

New-NanoServerImage -MediaPath \PathToMediaen_us -BasePath .Base -TargetPath .JoinDomHarvest.vhdx -ComputerName JoinDomHarvest -DomainName Contoso

When this cmdlet completes, you should find a computer named “JoinDomHarvest” in the Active Directory computer list.

You can also use this cmdlet on a computer that is not joined to a domain. To do this, harvest a blob from any computer that is joined to the domain, and then provide the blob to the cmdlet yourself. Note that when you harvest such a blob from another computer, the blob already includes that computer’s name–so if you try to add the -ComputerName parameter, an error will result.

You can harvest the blob with this command:

djoin /Provision /Domain Contoso /Machine JoiningDomainsNoHarvest /SaveFile JoiningDomainsNoHarvest.djoin

Run New-NanoServerImage using the harvested blob:

New-NanoServerImage -MediaPath \PathToMediaen_us -BasePath .Base -TargetPath .JoinDomNoHrvest.vhd -DomainBlobPath .PathToDomainBlobJoinDomNoHrvestContoso.djoin

In the event that you already have a node in the domain with the same computer name as your future Nano Server, you could reuse the computer name by adding the -ReuseDomainNode parameter.

Injecting drivers

Nano Server offers a package that includes a set of basic drivers for a variety of network adapters and storage controllers; it’s possible that drivers for your network adapters might not be included. You can use this syntax to have New-NanoServerImage search the directory for available drivers and inject them into the Nano Server image:

New-NanoServerImage -MediaPath \PathToMediaen_us -BasePath .Base -TargetPath .InjectingDrivers.vhdx -DriversPath .ExtraDrivers

Note

In the folder where you keep your drivers, both the SYS files and corresponding INF files must be present. Also, Nano Server only supports signed, 64-bit drivers.

Connecting with WinRM

To be able to connect to a Nano Server computer using Windows Remote Management (WinRM) (from another computer that is not on the same subnet), open port 5985 for inbound TCP traffic on the Nano Server image. Use this cmdlet:

New-NanoServerImage -MediaPath \PathToMediaen_us -BasePath .Base -TargetPath .ConnectingOverWinRM.vhd -EnableRemoteManagementPort

Setting static IP addresses

To configure a Nano Server image to use static IP addresses, first find the name or index of the interface you want to modify by using Get-NetAdapter, netsh, or the Nano Server Recovery Console. Use the -Ipv6Address, -Ipv4Address, -Ipv4SubnetMask, or -Ipv4Gateway extensions to specify the configuration, as in this example:

New-NanoServerImage -MediaPath \PathToMediaen_us -BasePath .Base -TargetPath .StaticIpv4.vhd -InterfaceNameOrIndex Ethernet -Ipv4Address 192.168.1.2 -Ipv4SubnetMask 255.255.255.0 -Ipv4Gateway 192.168.1.1

Custom image size

You can configure the Nano Server image to be a dynamically expanding VHD or VHDX with the -MaxSize extension, as in this example:

New-NanoServerImage -MediaPath \PathToMediaen_us -BasePath .Base -TargetPath .BigBoss.vhd -MaxSize 100GB

Embedding custom data

To embed your own script or binaries in the Nano Server image, use the -MergePath extension:

New-NanoServerImage -MediaPath \PathToMediaen_us -BasePath .Base -TargetPath .BigBoss.vhd -MergePath .tools

Preparing for Azure

If you want to run Nano Server in Azure, the Hyper-V guest drivers are required, along with opening the remote management port. Both of these features are provided in one step by the -ForAzure extension:

New-NanoServerImage -MediaPath \PathToMediaen_us -BasePath .Base -TargetPath .NanoServerOnAzure.vhdx -ForAzure

ToMediaen_us -BasePath .Base -TargetPath .NanoServerOnAzure.vhdx -ForAzure

Joining Nano Server to a domain

To add Nano Server to a domain online

1. Harvest a data blob from a computer in the domain that is already running Windows Threshold Server using this command:

   djoin.exe /provision /domain <domain-name> /machine <machine-name> /savefile .odjblob

   This saves the data blob in a file called “odjblob”.

2. Copy the “odjblob” file to the Nano Server computer with these commands:

   net use z: \<ip address of Nano Server>c$

   Note

   If the net use command fails, you probably need to adjust Windows Firewall rules. To do this, first open an elevated command prompt, start Windows PowerShell and then connect to the Nano Server computer with Windows PowerShell Remoting with these commands:

   Set-Item WSMan:localhostClientTrustedHosts “<IP address of Nano Server>”

   $ip = “<ip address of Nano Server>”

   Enter-PSSession -ComputerName $ip -Credential $ipAdministrator

   When prompted, provide the Administrator password, then run this command to set the firewall rule:

   netsh advfirewall firewall set rule group=”File and Printer Sharing” new enable=yes

   Exit Windows PowerShell with Exit-PSSession, and then retry the net use command. If successful, continue copying the “odjblob” file contents to the Nano Server.

   md z:Temp

   copy odjblob z:Temp

3. Open an elevated command prompt, start Windows PowerShell and then connect to the Nano Server computer with Windows PowerShell remoting with these commands:

   Set-Item WSMan:localhostClientTrustedHosts “<IP address of Nano Server>”

   $ip = “<ip address of Nano Server>”

   Enter-PSSession -ComputerName $ip -Credential $ipAdministrator

   When prompted, provide the Administrator password, then run this command to join the domain:

   djoin /requestodj /loadfile c:Tempodjblob /windowspath c:windows /localos

4. Restart the Nano Server computer, and then exist the Windows PowerShell session:

   shutdown /r /t 5

   Exit-PSSession

5. After you have joined Nano Server to a domain, add the domain user account to the Administrators group on the Nano Server.

Alternate method to join a domain in one step

First, harvest the data blob from another computer running Windows Threshold Server that is already in your domain using this command:

djoin.exe /provision /domain <domain-name> /machine <machine-name> /savefile .odjblob

Open the file “odjblob” (perhaps in Notepad), copy its contents, and then paste the contents into the <AccountData> section of the Unattend.xml file below.

Put this Unattend.xml file into the C:NanoServer folder, and then use the following commands to mount the VHD and apply the settings in the offlineServicing section:

dismdism /Mount-Image /ImageFile:.NanoServer.vhd /Index:1 /MountDir:.mountdir

dismdism /image:.mountdir /Apply-Unattend:.unattend.xml

Create a “Panther” folder (used by Windows systems for storing files during setup; see Windows 7, Windows Server 2008 R2, and Windows Vista setup log file locations if you’re curious), copy the Unattend.xml file to it, and then unmount the VHD with these commands:

md .mountdirwindowspanther

copy .unattend.xml .mountdirwindowspanther

dismdism /Unmount-Image /MountDir:.mountdir /Commit

The first time you boot Nano Server from this VHD, the other settings will be applied.

After you have joined Nano Server to a domain, add the domain user account to the Administrators group on the Nano Server.

Using the Nano Server Recovery Console

Starting with Windows Server 2016 Technical Preview, Nano Server includes an Recovery Console that ensures you can access your Nano Server even if a network mis-configuration interferes with connecting to the Nano Server. You can use the Recovery Console to fix the network and then use your usual remote management tools.

When you boot Nano Server in either a virtual machine or on a physical computer that has a monitor and keyboard attached, you’ll see a full-screen, text-mode logon prompt. Log into this prompt with an administrator account to see the computer name and IP address of the Nano Server. You can use these commands to navigate in this console:

• Use arrow keys to scroll

• Use TAB to move to any text that starts with >; then press ENTER to select.

• To go back one screen or page, press ESC. If you’re on the home page, pressing ESC will log you off.

• Some screens have additional capabilities displayed on the last line of the screen. For example, if you explore a network adapter, F4 will disable the network adapter.

In Windows Server 2016 Technical Preview, the Recovery Console allows you to view and configure network adapters and TCP/IP settings, as well as firewall rules.

Managing Nano Server remotely

Nano Server is 100% managed remotely. There is no local logon capability at all, nor does it support Terminal Services. However, you have a wide variety of options for managing Nano Server remotely, including Windows PowerShell, Windows Management Instrumentation (WMI), Windows Remote Management, and Emergency Management Services (EMS).

To use any remote management tool, you will probably need to know the IP address of the Nano Server. Some ways to find out the IP address include:

• Use the Nano Recovery Console (see the Using the Nano Server Recovery Console section of this topic for details).

• Connect a serial cable to the computer and use EMS.

• Using the computer name you assigned to the Nano Server while configuring it, you can get the IP address with ping. For example, ping NanoServer-PC /4.

Using Windows PowerShell remoting

To manage Nano Server with Windows PowerShell remoting, you need to add the IP address of the Nano Server to your management computer’s list of trusted hosts, add the account you are using to the Nano Server’s administrators, and enable CredSSP if you plan to use that feature.

To add the Nano Server to the list of trusted hosts, run this command at an elevated Windows PowerShell prompt:

Set-Item WSMan:localhostClientTrustedHosts “<IP address of Nano Server>”

To start the remote Windows PowerShell session, start an elevated local Windows PowerShell session, and then run these commands:

$ip = “<IP address of Nano Server>”

$user = “$ipAdministrator”

Enter-PSSession -ComputerName $ip -Credential $user

You can now run Windows PowerShell commands on the Nano Server as normal.

Note

Not all Windows PowerShell commands are available in this release of Nano Server. To see which are available, run Get-Command -CommandType Cmdlet

Stop the remote session with the command Exit-PSSession

Using Windows PowerShell CIM sessions over WinRM

You can use CIM sessions and instances in Windows PowerShell to run WMI commands over Windows Remote Management (WinRM).

Start the CIM session by running these commands in a Windows PowerShell prompt:

$ip = “<IP address of the Nano Server>”

$ipAdministrator

$cim = New-CimSession –Credential $user –ComputerName $ip

With the session established, you can run various WMI commands, for example:

Get-CimInstance –CimSession $cim –ClassName Win32_ComputerSystem | Format-List *

Get-CimInstance -CimSession $Cim -Query “SELECT * from Win32_Process WHERE name LIKE ‘p%’”

Windows Remote Management

You can run programs remotely on the Nano Server with Windows Remote Management (WinRM). To use WinRM, first configure the service and set the code page with these commands at an elevated command prompt:

winrm quickconfig

winrm set winrm/config/client @{TrustedHosts=”*”}

chcp 65001

Now you can run commands remotely on the Nano Server. For example:

winrs –r:<IP address of Nano Server> -u:Administrator -p:<Nano Server administrator password> ipconfig

For more information about Windows Remote Management, see <LINKS>.

Using Hyper-V on Nano Server

Hyper-V works the same on Nano Server as it does on Windows Server in Server Core mode, with two exceptions:

• You must perform all management remotely and the management computer must be running the same build of Windows Server as the Nano Server. Older versions of Hyper-V Manager or Hyper-V Windows PowerShell cmdlets will not work.

• RemoteFX is not available.

In this release, these features of Hyper-V have been verified:

• Enabling Hyper-V

• Creation of Generation 1 and Generation 2 virtual machines

• Creation of virtual switches

• Starting virtual machines and running Windows guest operating systems

Note

Hyper-V Replica is not supported in this release.

If you want to perform a live migration of virtual machines, create a virtual machine on an SMB share, or connect resources on an existing SMB share to an existing virtual machine, it is vital that you configure authentication correctly. You have two options for doing this:

Constrained delegation

Constrained delegation works exactly the same as in previous releases. Refer to these articles for more information:

• Enabling Hyper-V Remote Management – Configuring Constrained Delegation For SMB and Highly Available SMB

• Enabling Hyper-V Remote Management – Configuring Constrained Delegation For Non-Clustered Live Migration

CredSSP

First, refer to the “Using Windows PowerShell remoting” section of this topic to enable and test CredSSP. Then, on the management computer, you can use Hyper-V Manager and select the option to “connect as another user.” Hyper-V Manager will use CredSSP. You should do this even if you are using your current account.

Windows PowerShell cmdlets for Hyper-V can use CimSession or Credential parameters, either of which work with CredSSP.

Using Failover Clustering on Nano Server

Failover clustering works the same on Nano Server as it does on Windows Server in Server Core mode, but keep these caveats in mind:

• Clusters must be managed remotely with Failover Cluster Manager or Windows PowerShell.

• All Nano Server cluster nodes must be joined to the same domain, similar to cluster nodes in Windows Server.

• The domain account must have Administrator privileges on all Nano Server nodes, as with cluster nodes in Windows Server.

• All commands must be run in an elevated command prompt.

Note

Additionally, certain features are not supported in this release:

• You cannot run failover clustering cmdlets on a local Nano Server through Windows PowerShell.

• Clustering roles other than Hyper-V and File Server.

You’ll find these Windows PowerShell cmdlets useful in managing Failover clusters:

You can create a new cluster with New-Cluster -Name <clustername> -Node <comma-separated cluster node list>

Once you’ve established a new cluster, you should run Set-StorageSetting -NewDiskPolicy OfflineShared on all nodes.

Add an additional node to the cluster with Add-ClusterNode -Name <comma-separated cluster node list> -Cluster <clustername>

Remove a node from the cluster with Remove-ClusterNode -Name <comma-separated cluster node list> -Cluster <clustername>

Create a Scale-Out File Server with Add-ClusterScaleoutFileServerRole -name <sofsname> -cluster <clustername>

You can find additional cmdlets for failover clustering at Microsoft.FailoverClusters.PowerShell.

Using DNS Server on Nano Server

To provide Nano Server with the DNS Server role, add the Microsoft-NanoServer-DNS-Package to the image (see the “Creating a custom Nano Server image” section of this topic. Once the Nano Server is running, connect to it and run this command from and elevated Windows PowerShell console to enable the feature:

Enable-WindowsOptionalFeature -Online -FeatureName DNS-Server-Full-Role

Using IIS on Nano Server

For steps to use the Internet Information Services (IIS) role, see IIS on Nano Server.

Source: Getting Started with Nano Server Please see the post for even more great information  https://technet.microsoft.com/en-us/library/mt126167.aspx

Корпорация Microsoft выпустила серверную операционную систему Windows Server 2016, дополнив ее поддержкой контейнеров и новым изданием Nano Server. Windows Server 2016 разрабатывалась несколько лет и параллельно с совершенствованием ОС выходили ее предварительные версии. С 1 октября 2016 года доступна линейка продуктов Windows Server 2016, состоящая из шести изданий: WS 2016 Datacenter, Standard, Essentials, MultiPoint Premium Server, CAL, Windows Remote Desktop Services CAL 2016.

Одним из основных направлений при разработке Microsoft Server 2016 стала поддержка публичных и частных облаков. Многие инновации Windows Server 2016 заимствованы из Azure и доведены до уровня мейнстрима. В Windows Server 2016 также значительно усовершенствован гипервизор Hyper-V, появилась поддержка контейнеров и Nano Server – новая «урезанная» версия Windows Server. Цель все та же – нативная поддержка облачных приложений.

Картинка с сайта: habr.com

10 причин полюбить Windows Server 2016: безопасность (управление привилегиями/идентификационными данными, средства защиты), платформа для приложений (Nano Server, контейнеры), платформа для программно-определяемых дата-центров (вычисления, хранение данных, сетевые функции, RDS), управление (средства управления сервером, новая версия PowerShell).

По сути эта ОС напоминает Windows 10 в серверном исполнении. В Server 2016 используется то же ядро, что и в Windows 10 Anniversary, и, введя ver в командной строке, вы получите тот же ответ: Microsoft Windows [Version 10.0.14393]. В Windows Server 2016 — то же меню «Пуск», что и в Windows 10 Anniversary (при инсталляции с Desktop Experience).

Картинка с сайта: habr.com

Windows Server 2016, теперь с «рабочим столом» Windows 10.

Что интересного можно отметить? В списке Microsoft – более 40 новых средств, включая вложенную виртуализацию для контейнеров Hyper-V и развертывания хостов Hyper-V в Azure или других публичных облаках. Многие новые средства Hyper-V относятся к созданию и обслуживанию гостевых ВМ.

Можно «на лету» менять емкость виртуальных дисков, памяти, добавлять и удалять виртуальные сетевые карты. Виртуальным машинам можно предоставлять дискретный доступ к устройствам на шине PCIe, таким как контроллеры дисков. А кластер Windows Server 2012 R2 с Hyper-V можно обновить до Server 2016 без прерывания сервисов.

Конечно, некоторые решения не дешевы, а потому к категории массовых не относятся. Например, защищенная от аварий конфигурация с двумя разнесенными на разные площадки системами Azure Stack. Конечно, можно запустить Azure Stack и на одном сервере, но, скорее, с целью тестирования. Тем не менее, большинство изменений касаются самого широкого круга пользователей.

Обновленный гипервизор

Многочисленным доработкам подвергся гипервизор Hyper-V. Можно выделить следующие изменения:

• Клиент Hyper-V поддерживает Windows 10.
• Совместимость с Connected Standby.
• Назначение дискретного устройства.
• Мониторинг активности виртуальных машин для оптимизации использования системных ресурсов (RCT).
• Использование альтернативных аккаунтов при подключении к другой системе Windows Server 2016.
• Обновленный протокол управления и другие улучшения.

Картинка с сайта: habr.com

Новые функциональные возможности Hyper-V – самые востребованные и ожидаемые новшества Windows Server 2016 (по данным опроса SpiceWorks). Их отмечают более 30% респондентов.

В нем появилась и поддержка вложенной виртуализации (Nested virtualization), позволяющая запускать виртуальные машины на гипервизоре, который сам установлен в виртуальном окружении.

Картинка с сайта: habr.com

Вложенная виртуализация означает, что можно запустить Hyper-V в ВМ, являющейся гостевой на сервере Hyper-V, гостевом на сервере Hyper-V и т.д.

Такая возможность может быть актуальной для разработчиков и моделирования виртуальных инфраструктур, а также для более эффективного использования контейнерных приложений. Устранены и многие прежние ограничения.

Картинка с сайта: habr.com

Hyper-V в Server 2016 стал более масштабируемым.

Теперь Microsoft Hyper-V позволяет выделять виртуальной машине до 12 Тбайт ОЗУ (вместо одного) и до 240 виртуальных процессоров (вместо 64). Хост Hyper-V поддерживает ОЗУ до 24 Тбайт. Для снижения непроизводительных потерь и усиления безопасности на хосте Hyper-V можно запустить Nano Server. Для администрирования в этом случае можно использовать PowerShell и удаленный доступ.

Безопасность

В Windows Server 2016 дальнейшее развитие получили механизмы обеспечения безопасности. В частности, в отдельный контейнер Hyper-V под названием Virtual Security Module (VSM) помещены самые ценные системные данные, криптографические модули Windows Server 2016, компоненты, отвечающие за целостность ядра ОС, пароли и пр. Доступ к этим данным невозможен даже при компрометации системы.

Еще одно важное средство — виртуальный TPM (Trusted Platform Module), позволяющий задействовать в виртуальных машинах средства шифрования с использованием Bitlocker, и Credential Guard для безопасного хранения идентификационных данных. Применение Virtual TPM особенно актуально, например, при размещении ВМ в облаке.

Картинка с сайта: habr.com

Host Guardian Service – важный компонент обеспечения безопасности. Он работает в сочетании с другими компонентами Windows Server 2016 и обеспечивает высокий уровень защиты Shielded VM.

В плане безопасности интересным решением стали защищенные виртуальные машины — Shielded VM, но для их создания требуется Windows Server Datacenter и отдельный сервер со службой Host Guardian Service для хранения ключей и проверки прав ВМ на запуск на конкретной платформе.

Картинка с сайта: habr.com

Host Guardian Service используется для верификации запуска Shielded VM. А с помощью инструментария Guarded Fabric можно гибко сконфигурировать сетевую инфраструктуру и разбить ее на отдельные изолированные сетевые сегменты.

Технология Shielded VM позволяет создавать в облачной инфраструктуре защищенные виртуальные машины, доступ к которым может получить только их владелец. Администратору разрешено только включать и выключать такие виртуальные машины. Вмешиваться в их работу, читать данные, перехватывать трафик, менять их конфигурацию он не имеет права. Механизм Shielded VM может быть востребован хостинг-провайдерами, предоставляющими услуги аренды виртуальных серверов.

Возможность подключения виртуального дисплея к ВМ средствами администрирования Hyper-V в Shielded VM также заблокирована. Как же исправить ВМ, если что-то пошло не так, и она не запускается? На этот случая Microsoft предлагает хитрое решение – запуск такой ВМ внутри другой Shielded VM. При создании Shielded VM нужно также учитывать, что требования к системным ресурсам у них повышенные.

Улучшенный PowerShell обеспечивает более легкий и всесторонний контроль над средами, что значительно повышает уровень безопасности системы. Также одной из ключевых функций безопасности является разграничение прав доступа при администрировании.

В Windows Server 2016 также появилось средство под названием Just Enough Administration (JEA). Это означает, что администраторы могут логиниться под временными аккаунтами, ограниченными определенными ролями. То есть администратор, войдя в систему с зараженного вирусом ПК, большого вреда не причинит. Windows Credential Guard также ограничивает возможный ущерб от вредоносных программ при таком сценарии. А временные права администрирования (Just in Time Administration) можно предоставить с помощью Microsoft Identity Manager Privileged Access Manager.

Хранение данных и сети – Software Defined

Как известно, в Window Server 2012 помощью Storage Spaces можно создавать отказоустойчивые пулы памяти на дисках SAS, подключенных к серверу без помощи традиционной SAN (Storage Area Network). Storage Spaces Direct дает возможность напрямую подключать к кластеру Server 2016 накопители SAS, SATA или SSD. Это можно использовать для создания программно-конфигурируемых систем хранения (Software-Defined Storage, SDS).

Картинка с сайта: habr.com

Storage Spaces Direct можно использовать для прямого подключения накопителей.

Появилась возможность динамического управления пропускной способностью виртуальных дисков Storage Quality of Service (QoS). Применять политики Storage QoS можно как к дисковой подсистеме отдельной виртуальной машины, так и к группе ВМ.

Картинка с сайта: habr.com

Storage Replica реализует блочную синхронную репликацию между сконфигурированными серверами с использованием протокола SMB 3.1.1.

С помощью инструментария Storage Replica администраторы могут реплицировать данные между удаленными серверами, кластерными системами и центрами обработки данных, повышая тем самым их катастрофоустойчивость и предотвращая потери на уровне файловой системы.

Для поддержки SDN (Software Defined Networking) в Server 2016 добавлена роль Network Controller. Сетевой контроллер предназначен для управления в Hyper-V виртуальными коммутаторами, балансировщиками нагрузки, правилами межсетевых экранов и виртуальными шлюзами. Поддерживаются также VXLAN (Virtual Extensible Local Area Network).

Nano Server

Nano Server – это еще более компактный вариант Server Core. Его удобно использовать как хост-систему для развертывания виртуальных машин, использовать в качестве сервера DNS или IIS, для запуска приложений в контейнерах.

Картинка с сайта: habr.com

Улучшения в уровне обслуживания: меньше уязвимостей, меньше перезагрузок.

По данным Microsoft, у Nano Server на 93% меньше размер VHD, он требует на 80% меньше перезагрузок. Такую систему можно применять для различных специальных функций и задач. Причем Nano Server работает как на физическом сервере, так и в ВМ. GUI у него нет – только инструменты Sysinternals.

Nano Server удобно также использовать в инфраструктуре Microsoft Cloud Platform для поддержки облачных служб и обслуживания приложений, функционирующих в виртуальном окружении, контейнерах или на физических серверах. Его можно применять для развертывания вычислительных кластеров и построения горизонтально-масштабируемых файловых хранилищ.

Картинка с сайта: habr.com

Благодаря своей компактности и эффективному использованию ресурсов Nano Server обеспечивает более высокую плотность ВМ, то есть на одном физическом хосте можно разместить больше экземпляров ОС, что сокращает расходы на ИТ-инфраструктуру.

Контейнеры

Важное отличие Windows Server 2016 от предыдущих версий серверных операционных систем Microsoft — поддержка технологий контейнеров. Контейнеры Windows Server — часть открытого проекта Docker. Они позволяют запускать приложения в изолированных средах на разных платформах, оперативно развертывать и перемещать их между серверами.

В Windows поддерживаются контейнеры двух видов — контейнеры Windows Server и контейнеры Hyper-V. Облегченные серверные контейнеры не требуют лицензии Windows. Контейнеры Windows Server функционируют подобно контейнерам Docker для платформы Linux. Они используют общее ядро операционной системы, что делает их более компактными и гибкими, чем обычные виртуальные машины.

Картинка с сайта: habr.com

У каждого контейнера Hyper-V своя копия ядра Windows Server, и изоляцию осуществляет не операционная система, а гипервизор.

Контейнеры Windows Server делят ресурсы ОС, но ведут себя как независимые экземпляры операционной системы. Однако в среде ОС Windows Server нельзя запустить контейнер Linux и наоборот. Для запуска контейнера его образ берется из репозитория (публичного или частного) и при необходимости модифицируется.

Картинка с сайта: habr.com

Контейнер Docker, работающий в Windows Server 2016.

Контейнеры Hyper-V изолированы средствами виртуализации, имеют свою копию ядра Windows, а в версии Standard лицензия для них не нужна. У таких контейнеров более высокий уровень изоляции, сравнимый с виртуальными машинами. Данный подход более требователен к ресурсам сервера, но повышает стабильность работы серверной ОС и надежность функционирования контейнеров.

Управляются оба вида контейнеров одинаково. Управление контейнерами Windows Server и Hyper-V может осуществляться как средствами PowerShell и WMI, так и при помощи инструментов Docker. Последние предоставляют единую среду администрирования и позволяют управлять контейнерными приложениями в среде Windows Server или Linux.

Картинка с сайта: habr.com

Конфигурирование контейнеров в Windows Server 2016. Контейнеры Hyper-V могут использоваться для запуска приложений с повышенными требованиями к информационной безопасности.

Хороший вариант для развертывания контейнеров — Nano Server. Однако нужно помнить, что Nano Server – это урезанная Windows. Если IIS, например, в нем работает, то .NET Framework – уже нет (только кросс-платформенная .NET Core). Не все приложения в настоящее время совместимы с Nano Server.

Картинка с сайта: habr.com

Образы Docker в Nano Server могут быть очень компактными.

Контейнеры Docker в Windows — пока что на начальном этапе. Потребуется время, чтобы администраторы их освоили, а разработчики – довели до ума. Microsoft понадобится также пополнить соответствующими опциями имеющийся инструментарий вроде Visual Studio.

Другие возможности

В Windows Server 2016 реализовано и множество других новшеств. Система получила новый механизм скачивания и раздачи обновлений, функционирующий по принципу P2P-протокола BitTorrent, поддержку протокола SSH. Windows Server 2016 поставляется с Windows Management Framework 5.1 и новой версией PowerShell, использующей .NET Framework 4.6.

Обновленный Windows PowerShell позволяет оперировать еще большим количеством командлетов (cmdlets), которые выполняют различные задачи управления. В частности, PowerShell 5 предлагает командлеты для управления локальными пользователями и группами и командлет Get-ComputerInfo для получения подробной информации о системе.

Нововведения коснулись и служб Active Directory. Теперь можно использовать смарт-карты для аттестационных ключей. Доменные службы Active Directory обеспечивают еще более высокий уровень безопасности при идентификации корпоративных и персональных устройств.

Картинка с сайта: habr.com

Планы перехода организаций на Windows Server 2016 (по данным опроса SpiceWorks, проведенного в ноябре 2015 года).

Появился новый формат файлов конфигурации виртуальных машин (.VMCX и .VMRS) с более высокой степенью защиты от сбоев на уровне хранилища, была добавлена возможность безопасной загрузки гостевых операционных систем Linux и поддержка OpenGL и OpenCL службой удаленных рабочих столов Remote Desktop Service (RDS).
Механизм обновления ОС хостов кластера без его остановки (Cluster Operating System Rolling Upgrade) дает возможность с нулевым временем простоя обновить кластер последовательным апдейтом отдельных его узлов.
В состав Windows Server 2016 включен также инструментарий IP Address Management (IPAM), позволяющий упростить управление IP-адресами. Конечно, обо всех новшествах новой ОС в одной статье рассказать невозможно. Это лишь весьма поверхностный «первый взгляд».

Издания Windows Server 2016

Сколько всего изданий у Windows Server 2016? Хороший вопрос. Выше говорилось о шести. Есть издания Standard и Datacenter, различающиеся схемами лицензирования. Standard включает лицензии только для двух ВМ или контейнеров Hyper-V под Windows Server, в то время как в Datacenter количество ВМ не ограничивается. Версия Datacenter потребуется для работы с некоторыми новыми средствами, включая Storage Spaces Direct, Storage Replica, Shielded Virtual Machine и ряд сетевых функций. Стоит версия Standard от 882 долл. для 16 ядер. Datacenter обойдется минимум в 6155 долл.

Картинка с сайта: habr.com

Функциональные отличия изданий Datacenter и Standard в Windows Server 2016.

Ниже представлены функции, которые есть только в редакции Windows Server 2016 Datacenter:

• Storage Spaces Direct — расширение технологии Storage Spaces для создания высокодоступных кластерных хранилищ;
• Storage Replica — технология блочной репликации данных между хранилищами;
• Shielded Virtual Machines — технология защиты содержимого виртуальных машин Hyper-V;
• Host Guardian Service — серверная роль, предназначенная для поддержки защищенных виртуальных машин (Shielded VM) и предотвращения несанкционированного доступа к ним;
• Network Fabric — централизованный мониторинг и управление сетевой инфраструктурой;
• Microsoft Azure Stack — поддержка SDN-стека для построения гибридных решений.

Nano Server лицензируется как средство Windows Server, но требует лицензии Software Assurance вместо базовой и отдельно не продается. Есть еще бесплатная Windows Hyper-V Server, используемая только как хост Hyper-V, а также версия Windows Server Essentials для малого бизнеса — до 25 пользователей и 50 устройств, для которой не нужны лицензии CAL (Client Access Licenses). Essentials стоит 501 долл., но существуют более дешевые OEM-версии. OEM-версии Windows Server Foundation больше не поставляются.

Картинка с сайта: habr.com

Назначение изданий Windows Server 2016 и модели лицензирования.

Есть еще пара специальных изданий: Windows Storage Server для систем хранения и Multipoint Premium Server, в основном для удаленных десктопов в сфере образования. Версии Standard и Datacenter по умолчанию инсталлируются без GUI (опция Server Core).

Картинка с сайта: habr.com

По умолчанию процедура установки Windows Server 2016 выполняется без GUI.

Резюмируя, можно отметить, что Windows Server 2016 предоставляет много возможностей для полноценного развертывания и функционирования ИТ-инфраструктуры в облаке. Новая ОС облегчает возможность доступа и идентификации служб и приложений организации в том случае, если они размещены и в облаке, и на физических серверах. Серверная платформа Microsoft активно развивается в соответствии с тенденциями развития индустрии и предпочтениями бизнеса. Работа проделана немалая, система развивается в правильном направлении. Проверить работу Windows Server 2016 можно, взяв виртуальный VPS сервер на бесплатный тестовый период в 3 дня.

In this post, we’ll learn the steps to install and configure Nano Server 2016 in Windows Server 2016. With Windows Server 2016 Microsoft introduced Nano Server. Nano Server 2016 is a minimal footprint option announced by Microsoft. It gives an option to deploy only those packages that are required instead of installing all the packages and services.

How many of us are using all the components and services that are available in Windows Server 2016. No one, even if we want those services, we deploy new Server and enable Roles and Features on that Server. Some of the other concerns of Administrators are:

Why shall I reboot a Server because of patching a component that I never used?
Server image is too big and require good amount of storage.
Large images take long time to install and configure.
Transferring images takes good amount of time and network bandwidth.

Microsoft has released Nano Server 2016 as a solution to all the above mentioned concerns. Now you only need to install the package (component) that you want to use in your environment. It would make an image of small footprint. But the only drawback is that you can’t RDP (Remote Desktop) to the server however you can manage the server using PowerShell and WMI.

Steps to install and configure Nano Server 2016

Step 1
To install and configure Nano Server 2016 we need to copy some of the files from Windows Server 2016 ISO image to local Server. Create a folder with the name of PowerShell in C:. Map the ISO of Windows Server 2016 to D: and then copy the contents from D:\NanoServer\NanoServerImageGenerator(assuming D is the DVD drive) to C:\PowerShell folder. This would copy three files to C:\PowerShell folder i.e. Convert-WindowsImage.ps1, NanoServerImageGenerator.psd1, NanoServerImageGenerator.psm1.

Картинка с сайта: itingredients.com

Step 2:
Run PowerShell as an Administrator and run the command “Set-ExecutionPolicy RemoteSigned” to change the execution policy.
The execution policy helps protect from scripts that you do not trust. Click on “Yes to All” to change the execution policy.

Step 3:
Run the command “Import-Module .\NanoServerImageGenerator.psm1 -verbose” to import the required files.

Картинка с сайта: itingredients.com

Step 4:
Run the New-NanoServerImage command to create the new VHD file. This command would convert the Image to Virtual HarDisk and then add packages in the HardDisk. This command requires multiple switches.

New-NanoServerImage -DeploymentType Guest -Edition Standard -TargetPath C:\NanoServer\Nano01.vhd -BasePath C:\NanoServer -ComputerName Nano01 -MediaPath D:\ -Packages Microsoft-NanoServer-DNS-Package,Microsoft-NanoServer-IIS-Package

Картинка с сайта: itingredients.com

Let’s understand switches in detail:

–DeploymentType: Define if you want Guest or Host
–Edition: Resulting Virtual HardDisk would contain Standard version of Windows Server 2016
–TargetPath : This path is where you want Virtual HardDisk to be created.
–BasePath: This path is optional, it defines the path where you can save Nano Server WIM and Packages.
–ComputerName: Specify the Computer name of Virtual Machine that we are created.
–MediaPath: Path of Windows Server 2016 DVD. This is to define the root path and not the path of nested files and folders.
–Packages: Specify all the packages that you want to install. For this practical, we’ll install Microsoft-NanoServer-DNS-Package for DNS and Microsoft-NanoServer-IIS-Package for IIS.

Step 5:
New VHD file named Nano01.vhd would be created in the folder C:\NanoServer. You can review the logs if you need more information.

Картинка с сайта: itingredients.com

Hope you understood the steps to install and configure Nano Server 2016 on Windows Server 2016. Please feel free to leave your comments and suggestions in the comment section.

Mikhail is IT engineer focusing on applications and infrastructure support domains. He works closely with K2 platform and Microsoft technology stack and holds number of certifications from these software vendors.

Картинка с сайта: www.starwindsoftware.com

Time to continue our conversation about that “scaled down even further” Server 2016 installation option. In my previous article, I covered general concepts around Nano Server, now I want to switch gears and talk about more practical aspects: installation and management. At the end of the day, you would agree that the best way to learn new technology it is trying to use it – this way you will be exposed to its strengths and weaknesses directly, and can get the real understanding of whether it works for you or not. Though at this point even Microsoft admits that despite all its greatness, at the moment, Nano Server has quite limited utility as it supports only a small subset of roles and features out of those which you can find in full GUI version of Windows Server.

I want to start with installation as it is quite natural to install thing first and then learn how to manage it. As I mentioned in my previous blog post you can’t find Nano Server as an installation option in Windows Server 2016 Setup Wizard, instead you perform installation of Nano Server by means of creating VHD on another computer from PowerShell, and next this VHD can be used to create Hyper-V VM or as a boot drive for a physical server.

Windows Server 2016 disk includes Nano Server directory which contains Nano Server image, a PS module and package files for the roles and features:

Importing PS module provides cmdlets you need to create and edit Nano server images. Let’s create our first Nano Server now. This folder contains NanoServerImageGenerator subfolder which needs to be copied locally before we can start provisioning Nano Server. Alongside it you may see base Nano Server image WIM file and Packages folder. Nano Server, being a zero-footprint installation type, does not contain any roles and features in it and it does not even have Install-WindowsFeature cmdlet because it uses PowerShell core (aka PSCore which is based on .NET CoreCLR). The way for you to get anything added to Nano Server is packages. You can preload them taking from installation media or get them from the online repository.

If you want somewhat simpler installation process you may consider using Nano Server Image Builder which already has been covered on StarWind Blog but here I just explain how you can do it without additional tools. All you need to do is to run PowerShell ISE in elevated mode and then switch location to your local copy of NanoServerImageGenerator directory from which you can import all required modules (Edit-NanoServerImage, Get-NanoServerImage, New-NanoServerImage). And after this, you can create VHD with Nano Server and this longest part of Nano Server installation takes just a few minutes:

Картинка с сайта: www.starwindsoftware.com

Pay special attention to DeploymentType switch – this is what differentiates whether your VHD can be used for VM or physical machine (essentially this switch specifies set of drivers to inject). I also strongly recommend to provision your Nano Server “inside” of your domain (i.e. from domain member machine) and using account which has rights to add computers to domain – then your Nano Server will be joined to domain with easy DomainName switch which takes care about offline domain join procedure for you, otherwise you will be forced to deal with this procedure manually later, creating and copying blob file to your Nano Server. Make sure you save this script for further use. Note that extension of virtual disk file will define whether your VM will be Gen1 or Gen2.

Next, it is literally one line of PowerShell and you will be able to start your first Nano Server Hyper-V VM (note that we using -Generation 2 switch as we created VHDX file on the previous step):

New-VM -Name NANOSRV-01 -MemoryStartupBytes 1024MB -VHDPath '.\NANOSRV-01\Virtual Hard Disks\NANOSRV-01.vhdx' -Generation 2

-Path '.\'

PowerShell-challenged people can just use New Virtual Machine Wizard for this part attaching existing VHDX in the process. Make sure you used Set-Location (for example Set-Location ‘C:\Hyper-V’) in case you don’t want to specify the full path to VHDX file in command above and want your VM to be neatly placed in your dedicated folder for VMs. Command mentioned above should be executed on Hyper-V host of course. From this moment on you may access Hyper-V manager and run VM you created (staying in comfort of PowerShell session and starting VM from here is also an option). Once VM is started you can open up VMC to it, and lo and behold Nano Server Recovery Console showing you that your Nano Server is domain joined already:

Картинка с сайта: www.starwindsoftware.com

We are done with installation now. But installed like that our box is of no use – just because we have not added any packages yet. Remember that Packages subdirectory in NanoServer folder of Server 2016 installation media? Despite some of the packages have almost the same names as normal Windows Server roles they are not exactly the same, and cannot be installed in the same way. This is how Add Roles and Features Wizard reacts to Nano Server with no packages added:

Картинка с сайта: www.starwindsoftware.com

But once you add some packages this wizard will be able to list them and even add/remove sub-features:

Картинка с сайта: www.starwindsoftware.com

You normally add roles specifying packages either during initial provisioning of your NanoServer VHD or after it, using the following syntax:

Edit-NanoServerImage -BasePath 'C:\NanoServer' -TargetPath 'C:\Hyper-V\NANOSRV-01\Virtual Hard Disks\NANOSRV-01.vhdx' -Clustering -Storage -package Microsoft-NanoServer-IIS-Package

This example allows us to add services to offline image though nothing prevents us connect to our Nano Server and install roles online:

#Enter PS session on our Nano Server

Enter-PSSession -ComputerName NANOSRV-01

#Import module

Save-Module -Path “$env:ProgramFiles\WindowsPowerShell\Modules” -Name NanoServerPackage -MinimumVersion 1.0.0.0



Import-PackageProvider NanoServerPackage



#Search and confirm package name

Find-NanoServerPackage *iis*



#Online package Installation

Install-NanoServerPackage -Name Microsoft-NanoServer-IIS-Package -Culture en-us

An Example above adding IIS packages. After this has been done we have something on our box which can be used and managed:

Картинка с сайта: www.starwindsoftware.com

Now a bit about management. When it comes to Nano Server management it is no surprise that Nano is all about remote management. How else could it be done with a headless server without interactive logon capability? It seems that Microsoft got tired of preaching about managing servers remotely and not burden their resources with fancy GUI consoles and management tools, so now you get the ultimate push for that – you have an OS which just not allows that. But on remote management side you have it all:

• Server Manager
• Hyper-V Manager
• Failover Cluster Manager
• PerfMon, Event Viewer, etc.
• PowerShell Core (refactored PowerShell running on top of .NET Core)
• RSMT

As you can see most of existing MMCs are there and work with Nano, though pay attention that we have only PS Core which at least initially provides only subset of PS cmdlets but Microsoft works on expanding the number of those. You also have WMI V1 and V2, and old school commands like ipconfig, hostname and many others which also still work. There is also new web-based GUI for Nano named Server Management Tools and available through Azure subscription. It requires you to set up Server Management Tools Gateway to be able to manage your on-premise servers (see related blogpost @ StarWind Blog which discusses this tool). The Key thing to know about this tool is that it includes replacements for so-called local-only tools such as Task Manager, Registry Editor, Device Manager and so on and that it provides unified management, allowing you to manage Nano Server, Server Core, and Server with GUI machines. As this is the case with Exchange web management this tool is too based on PowerShell and WMI running in the background.

In the end, what we have at our disposal is configuration via PowerShell DSC (Nano cannot be managed by Group Policy! – read more here), remote management/automation via Core Power Shell and WMI, and good capabilities for integration into DevOps toolchains. I think it is worth to elaborate a bit on PowerShell Core. Essentially this is a version of PS refactored to run on CoreCLR which has full PS language compatibility and remoting (Invoke-Command, New-PSSession, Enter-PSSession, etc.). It has most core engine components and support for all cmdlet types: C#, script, and CIM. You will also see that with PS Core Get-WMIObject is not available, but it has a replacement in the form of Get-CIMInstance.

From little experience, I have so far with Nano, I can say that albeit MSFT invested into providing management of Nano Server roles via RSMT consoles, there are way too many things you going to use PowerShell for (e.g. copying data using PS remoting, getting updates applied on Nano box), it will be a pain for those who still not like using it and joy for proficient PowerShell users who already hooked on its power and simplicity.

Just to finish off with initial practice I suggest you try and create the cluster out of two Nano Servers. All you need to do is use steps above to create second Nano Server and then use old and familiar Failover Cluster console to configure your cluster in no time:

Картинка с сайта: www.starwindsoftware.com

While playing with Nano Server you will see that not all things work as you get used to while running Full Server installation and you need to do some research here and there, but, oh my goodness (can’t help using this phrase after watching some of Nigel Poulton’s Docker training videos 🙂 ), its reboot time is impressive – this is something you going to like for sure. Just to give an example – reboot is so quick that if I forgot to start my DHCP server before starting Nano Server it is faster for me to reboot Nano Server than connecting to it to the firing of ipconfig /renew. To reiterate what I said at the beginning of this post the only shortcoming of Nano Server is its limited use cases at the moment, but for the things it can handle it does it with remarkable efficiency. I have not yet heard about any ISV rebuilding their Windows Server based software to run on top of Nano Server, but from what I can gather most of the ISVs which have both cloud and on-premise versions of their products just starting to evaluate Nano as a base OS for their cloud software offerings.

I hope this article gave you just enough information to get started with Nano Server.

• Manage Nano Servers from Server Management Tools in Microsoft Azure
• How to Protect your Data on Nano Server using Storage Replica?