Testdriving Windows Nano on Azure

Posted on by kvaes

Introduction

This week I wanted to have a simple slave machine that I could use for our CI/CD integration of our ARM templates. Here I was thinking of leveraging an A0 machine (10-11€/month) with Windows Nano on it, as this doesn’t need the biggest footprint. So out I went to deploy!

 

Deploying

When you want to deploy a nano system, just look it up like you would with (for example) a windows 2012 / 2016 machine… Type “nano” in the search bar.
2016-05-20 10_10_41-Everything - Microsoft Azure

I’m not going to elaborate on the deployment, as this is pretty straightforward and like any system deployment.

Post-Deployment

Once the system is deployed… It is important to realise that there is NO gui for Nano. So how do we connect to it? Via winrm… One caveat with that, by default it will only allow connections from within the subnet is was deployed. So if this is the first machine in your subnet, make sure to deploy another system as “hub” / “stepping stone” / “jumpbox” system. As I wanted this box to be externally reachable, we’ll need to do some configurations…

First things first… Be sure to add an additional rule to your NSG (network security group). By default; the deployment will provide you want a rule to allow RDP. Where I find this odd… as there is no RDP deployed on Nano, we’ll need a rule to allow winrm (port 5985) ;

2016-05-20 10_37_02-Inbound security rules - Microsoft Azure

On your client machine (or jumbox) ;

First enable win rm

net start winrm

and now let’s add the host to our list of trusted hosts

Set-Item WSMan:\localhost\Client\TrustedHosts -Value "10.3.0.4"

of if you want to connect to all hosts

Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*"

And now you can connect to your hosts

Enter-PSSession -ComputerName "10.3.0.4" -Credential machine\username

Now if you want to allow connections from outside of your subnet, execute the following command

NETSH advfirewall firewall add rule name=”WinRM 5985" protocol=TCP dir=in localport=5985 action=allow

 

Test from outside

A quick test run from an external / internet based machine…

2016-05-20 10_22_33-Administrator_ Windows PowerShell

And that worked great!

 

TL;DR

  • By default nano will only allow connections from the internal subnet
  • Think about security when opening up things!
  • Nano is the way to the future! As the footprint is LIGHT!

2016-05-20 10_27_01-Administrator_ Windows PowerShell

Published by kvaes

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.