Wednesday, November 9, 2016

Nano Server on AWS: Step by Step

Windows server 2016 comes in many flavors. Nano server is the new addition that is optimized to be lightweight and with smaller attack surface. It has much less memory and disk footprint and much faster boot time than Windows Core and the full windows server. These characteristics make Nano a perfect OS for the cloud and similar scenarios.
However, being a headless (no GUI) OS means that no RDP connection can be made to administer the server. Also since only the very core bits are included by default means that configuring the server features is a different story than what we have in the full windows server.
In this post I'll explain how to launch and connect to a Nano instance on AWS. And then use the package management features to install IIS.

Launching an EC2 Nano server instance:

  • In the AWS console under the EC2 section, click "Launch Instance"
  • Select the "Microsoft Windows Server 2016 Base Nano" AMI.

  • In the "Choose an Instance Type" page, select "t2.nano" instance type. This instance type has 0.5GB of RAM. Yes! this will be more than enough for this experiment.
  • Use the default VPC and use the default 8GB storage.
  • In the "Configure Security Group" page things will start to be a bit different from the usual full windows server. Create a new security group and select these two inbound rules: 
    • WinRM-HTTP: Port 5985. This will be used for the remote administration.
    • HTTP: Port 80. To test IIS from our local browser.

  • Note that AWS console gives a warning regarding port 3389 which is used for RDP. We can safely ignore this rule as we'll use WinRM. RDP is not an option with Nano server.
  • Continue as usual and use an existing key pair or let AWS generate a new key pair to be used for windows password retrieval.


Connecting to the Nano server instance:

After the instance status becomes "running" and all status checks pass, observe the public IP of the instance. To manage this server, we'll use WinRM (Windows Remote Management) over HTTP. To be able to connect the machine, we need to add it to the trusted hosts as follows:
  • Open PowerShell in administrator mode
  • Enter the following commands to add the server : (assuming the public IP is
$ip = ""
Set-Item WSMan:\localhost\Client\TrustedHosts "$ip" -Concatenate -Force

Now we're ready to connect to the Nano server:
-ComputerName $ip -Credential "~\Administrator"

PowerShell will ask for the password which you can retrieve from AWS console using the "Get Windows Password" menu option and uploading your key pair you saved on your local machine.

If everything goes well, all PowerShell commands you'll enter from now on will be executed on the remote server. So now let's reset the administrator password for the Nano instance:
$pass = ConvertTo-SecureString -String "MyNewPass" -AsPlainText -Force
Set-LocalUser -Name Administrator -Password $pass

This will change the password and disconnect. To connect again, we can use the following commands and use the new password:
$session = New-PSSession -ComputerName $ip -Credential "~\Administrator"
Enter-PSSession $session

Installing IIS:

As Nano is a "Just Enough" OS. Feature binaries are not included by default. We'll use external package repositories to install other features like IIS, Containers, Clustering, etc. This is very similar to apt-get and yum tools in the Linux world and the windows alternative is OneGet. The NanoServerPackage repository has instructions regarding adding the Nano server package source which depends on the Nano server version. We know that the AWS AMI is based on the released version, but it doesn't harm to do a quick check:
Get-CimInstance win32_operatingsystem | Select-Object Version

The version in my case is 10.0.14393. So to install the provider, we'll run the following:
Save-Module -Path "$env:programfiles\WindowsPowerShell\Modules\" -Name NanoServerPackage -minimumVersion
Import-PackageProvider NanoServerPackage

Now let's explore the available packages using:
or the more generic command:
Find-Package -ProviderName NanoServerPackage

We'll find the highlighted IIS package. So let's install it and start the required services:
Install-Package -ProviderName NanoServerPackage -Name Microsoft-NanoServer-IIS-Package
Start-Service WAS
Start-Service W3SVC

Now let's point our browser to the IP address of the server. And here is our beloved IIS default page:

Uploading a basic HTML page:

Just for fun, create a basic HTML page on your local machine using your favorite tool and let's upload it and try accessing it. First enter the exit command to exit the remote management session and get back to the local computer. Note that in a previous step, we had the result of the New-PSSession in the $session variable so we'll use it to copy the HTML page to the remote server over the management session:
Copy-Item "C:\start.html"  -ToSession $session -Destination C:\inetpub\wwwroot\

Navigate to http://nanoserverip/start.html to verify the successful copy of the file.


Nano server is a huge step forward to enable higher density of infrastructure and applications especially on the cloud. However it requires adopting a new mindset and a set of tools to get the best of it.
In this post I just scratched the surface of using Nano Server on AWS. In future posts we'll explore deploying applications on it to get real benefits.


Fletcher Bush said...

Thanks for your post. I tried to replicate unsucessfully. I did exactly as specified but still I could not connect to the server using WinRM.

The differences I noted were that I could not find the AMI with that id (ami-e4e61f8b) and could not find a 'Datacenter Edition' of Nano.

Hesham A. Amin said...

The AMI id differs from a region to another. The region I used is Frankfurt. and the image name was "Microsoft Windows Server 2016 Base Nano" with description: "Microsoft Windows 2016 Datacenter Edition Nano. [English]".

Anonymous said...

I followed your instructions but when attempting to connect to the Nano Server instance, I get the following error:

PS C:\> Enter-PSSession -ComputerName $ip -Credential "~\Administrator"
Enter-PSSession : Connecting to remote server failed with the following error message : WinRM
cannot complete the operation. Verify that the specified computer name is valid, that the computer is
accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access
from this computer. By default, the WinRM firewall exception for public profiles limits access to remote
computers within the same local subnet. For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:1
+ Enter-PSSession -ComputerName $ip -Credential "~\Administrator"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: ( [Enter-PSSession], PSRemotingTransportExc
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed

I've checked it is in the trustedhosts.

PS C:\> Get-Item WSMan:\localhost\Client\TrustedHosts

WSManConfig: Microsoft.WSMan.Management\WSMan::localhost\Client

Type Name SourceOfValue Value
---- ---- ------------- -----
System.String TrustedHosts

And PINGing the server results in timeout:

PS C:\> ping $ip

Pinging with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

NOTE: I have masked my IP address in the statements above.

Hesham A. Amin said...

These are some troubleshooting steps:
-Make sure you're using the public IP not the internal IP?
-try "telnet 5985" and observe the result
-Double check your security group setting.
-Make sure the problem is not with your corporate firewall.

isabellaJoseph said...

I’m really impressed with your blog article, such great & useful knowledge you mentioned here.Thanks for sharing.Any course related details learn.. Dot Net Training in Chennai
Selenium Training in Chennai

Olivia Princess said...

Really a great addition. I have read this marvelous post.
hacking forum

sai venkat said...

The great service in this blog and the nice technology is visible in this blog. I am really very happy for the nice approach is visible in this blog and thank you very much for using the nice technology in this blog

Aws Online Training

Yasmin Priya said...

Hi, I have read your blog. Really very informative and excellent post I had ever seen about AWS. Thank you for sharing such a wonderful blog to our vision. Learn AWS Training in Bangalore to know more details about this technology. AWS Training in Chennai.

sai venkat said...

Nice blog has been shared by you. it will be really helpful to many peoples who are all working under the technology.thank you for sharing this blog.
Aws Online Training

Unknown said...

Not sure why anybody would even want to use IIS given a choice or IIS on a Nano Server but I would recommend just following the relatively clear and comprehensive AWS documentation.

Sorry to say there's nothing "great" or "marvelous" or a "great addition" about regurgitating some AWS material. I really wish people would reserve praise for praiseworthy contributions, not a copy-paste job.

rose said...

Appreciation for really being thoughtful and also for deciding on certain marvelous guides most people really want to be aware of.

Java Training in Bangalore|

ari kesavan said...

It’s great to come across a blog every once in a while that isn’t the same out of date rehashed material. Fantastic read.
I’ve bookmarked your site, and I’m adding your RSS feeds to my Google account.
java training in bangalore

mary Brown said...

Hi, Great.. Tutorial is just awesome..It is really helpful for a newbie like me.. I am a regular follower of your blog. Really very informative post you shared here. Kindly keep blogging. If anyone wants to become a .Net developer learn from Dot Net Training in Chennai. or learn thru ASP.NET Essential Training Online . Nowadays Dot Net has tons of job opportunities on various vertical industry.
or Javascript Training in Chennai. Nowadays JavaScript has tons of job opportunities on various vertical industry.


Your good knowledge and kindness in playing with all the pieces were
very useful. I don’t know what I would have done if I had not
encountered such a step like this.

AWS Training in Bangalore

AWS Training in Bangalore

suresh H said...

Great Article… I love to read your articles because your writing style is too good, it is very very helpful for all of us and I never get bored while reading your article because they are becomes a more and more interesting from the starting lines until the end.
Hadoop Training in Chennai
Big Data Training in Chennai

Joel Wong said...

Hi! Just leaving a comment on how great your website looks! It's an amazing mix of color and the content is great too! If you ever need to register a business, do let me know, we are the best singapore company incorporation provider, accounting company today!

Peshawar Air Services said...

where to get computer name

Hesham A. Amin said...

@Peshawar Air Services
I used the public IP address to connect to the instance. You can find it in the EC2 instance details in the AWS console.

SachinVarshan said...

Good Post! Thank you so much for sharing this pretty post, it was so good to read and useful to improve my knowledge as updated one, keep blogging
aws training in chennai
selenium training in chennai

UX Business Solutions said...

I'm trying to connect to a newly spun up AWS EC2 Windows Nano Server from my OS X machine. is it possible?

AWS Authorized Training Partner chennai

sri krishna kumar said...

Really usable post...thank u

Sap MM Training In Chennai | Mainframe Training In Chennai | Hadoop Training In Chennai

John Alert said...

Hi, Great.. Tutorial is just awesome..It is really helpful for a newbie like me.. I am a regular follower of your blog. Really very informative post you shared here.
Kindly keep blogging. If anyone wants to become a Java developer learn from Java EE Online Training from India.
or learn thru Java EE Online Training from India . Nowadays Java has tons of job opportunities on various vertical industry.

Gopal Ainavalli said...

Nice information about test automation tools my sincere thanks for sharing post Please continue to share this post.

Weblogic Application Server training

Dissertation Writing Services said...

I read this article. I think You put a lot of effort to create this article. I appreciate your work.
Dissertation Writing Services