

However, being a headless (no GUI) OS means that no RDP connection can be made to administer the server. Also since only the very core bits are included by default means that configuring the server features is a different story than what we have in the full windows server.

In this post I'll explain how to launch and connect to a Nano instance on AWS. And then use the package management features to install IIS.



Launching an EC2 Nano server instance: In the AWS console under the EC2 section, click "Launch Instance"

Select the "Microsoft Windows Server 2016 Base Nano" AMI. Windows server 2016 comes in many flavors. Nano server is the new addition that is optimized to be lightweight and with smaller attack surface. It has much less memory and disk footprint and much faster boot time than Windows Core and the full windows server. These characteristics make Nano a perfect OS for the cloud and similar scenarios.However, being a headless (no GUI) OS means that no RDP connection can be made to administer the server. Also since only the very core bits are included by default means that configuring the server features is a different story than what we have in the full windows server.In this post I'll explain how to launch and connect to a Nano instance on AWS. And then use the package management features to install IIS.

In the "Choose an Instance Type" page, select "t2.nano" instance type. This instance type has 0.5GB of RAM. Yes! this will be more than enough for this experiment.

Use the default VPC and use the default 8GB storage.

In the " Configure Security Group" page things will start to be a bit different from the usual full windows server. Create a new security group and select these two inbound rules:

WinRM-HTTP: Port 5985. This will be used for the remote administration.



HTTP: Port 80. To test IIS from our local browser.





Note that AWS console gives a warning regarding port 3389 which is used for RDP. We can safely ignore this rule as we'll use WinRM. RDP is not an option with Nano server.

Continue as usual and use an existing key pair or let AWS generate a new key pair to be used for windows password retrieval. Connecting to the Nano server instance: After the instance status becomes "running" and all status checks pass, observe the public IP of the instance. To manage this server, we'll use WinRM (Windows Remote Management) over HTTP. To be able to connect the machine, we need to add it to the trusted hosts as follows:

Open PowerShell in administrator mode

Enter the following commands to add the server : (assuming the public IP is 52.59.253.247) After the instance status becomes "running" and all status checks pass, observe the public IP of the instance. To manage this server, we'll use WinRM (Windows Remote Management) over HTTP. To be able to connect the machine, we need to add it to the trusted hosts as follows:

$ip = "52.59.253.247" Set-Item WSMan:\localhost\Client\TrustedHosts "$ip" -Concatenate -Force





Enter-PSSession -ComputerName $ip -Credential "~\Administrator"

$pass = ConvertTo-SecureString -String "MyNewPass" -AsPlainText -Force Set-LocalUser -Name Administrator -Password $pass

Exit

$session = New-PSSession -ComputerName $ip -Credential "~\Administrator" Enter-PSSession $session

Installing IIS:

Get-CimInstance win32_operatingsystem | Select-Object Version

Save-Module -Path "$env:programfiles\WindowsPowerShell\Modules\" -Name NanoServerPackage -minimumVersion 1.0.1.0 Import-PackageProvider NanoServerPackage

Find-NanoServerPackage

Find-Package -ProviderName NanoServerPackage

Install-Package -ProviderName NanoServerPackage -Name Microsoft-NanoServer-IIS-Package Start-Service WAS Start-Service W3SVC

Uploading a basic HTML page:

Copy-Item "C:\start.html" -ToSession $session -Destination C:\inetpub\wwwroot\

Now we're ready to connect to the Nano server:PowerShell will ask for the password which you can retrieve from AWS console using the "Get Windows Password" menu option and uploading your key pair you saved on your local machine.If everything goes well, all PowerShell commands you'll enter from now on will be executed on the remote server. So now let's reset the administrator password for the Nano instance:This will change the password and disconnect. To connect again, we can use the following commands and use the new password:As Nano is a "Just Enough" OS. Feature binaries are not included by default. We'll use external package repositories to install other features like IIS, Containers, Clustering, etc. This is very similar to apt-get and yum tools in the Linux world and the windows alternative is OneGet . The NanoServerPackage repository has instructions regarding adding the Nano server package source which depends on the Nano server version. We know that the AWS AMI is based on the released version, but it doesn't harm to do a quick check:The version in my case is 10.0.14393. So to install the provider, we'll run the following:Now let's explore the available packages using:or the more generic command:We'll find the highlighted IIS package. So let's install it and start the required services:Now let's point our browser to the IP address of the server. And here is our beloved IIS default page:Just for fun, create a basic HTML page on your local machine using your favorite tool and let's upload it and try accessing it. First enter thecommand to exit the remote management session and get back to the local computer. Note that in a previous step, we had the result of thein thevariable so we'll use it to copy the HTML page to the remote server over the management session:Navigate to http://nanoserverip/start.html to verify the successful copy of the file.