This week I wanted to have a simple slave machine that I could use for our CI/CD integration of our ARM templates. Here I was thinking of leveraging an A0 machine (10-11€/month) with Windows Nano on it, as this doesn’t need the biggest footprint. So out I went to deploy!
I’m not going to elaborate on the deployment, as this is pretty straightforward and like any system deployment.
Once the system is deployed… It is important to realise that there is NO gui for Nano. So how do we connect to it? Via winrm… One caveat with that, by default it will only allow connections from within the subnet is was deployed. So if this is the first machine in your subnet, make sure to deploy another system as “hub” / “stepping stone” / “jumpbox” system. As I wanted this box to be externally reachable, we’ll need to do some configurations…
First things first… Be sure to add an additional rule to your NSG (network security group). By default; the deployment will provide you want a rule to allow RDP. Where I find this odd… as there is no RDP deployed on Nano, we’ll need a rule to allow winrm (port 5985) ;
On your client machine (or jumbox) ;
First enable win rm
net start winrm
and now let’s add the host to our list of trusted hosts
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "10.3.0.4"
of if you want to connect to all hosts
Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*"
And now you can connect to your hosts
Enter-PSSession -ComputerName "10.3.0.4" -Credential machine\username
Now if you want to allow connections from outside of your subnet, execute the following command
NETSH advfirewall firewall add rule name=”WinRM 5985" protocol=TCP dir=in localport=5985 action=allow
Test from outside
A quick test run from an external / internet based machine…
And that worked great!
- By default nano will only allow connections from the internal subnet
- Think about security when opening up things!
- Nano is the way to the future! As the footprint is LIGHT!