Windows Server 2016 introduced a new feature called Containers. By installing this feature, you can run windows containers on your server. However, these are not Linux-based and they are not related to docker (as in docker software) as well. These containers run on Windows and run Windows on the inside. Also, These conform to the Open Container Initiative (OCI). They allow you to run applications insulated from the rest of the system, within portable containers that include everything an application needs to be fully functional.
The windows containers technology from Microsoft shares many similarities with its Linux counterpart. Both provide an isolated environment for running applications without affecting the rest of the system and without being affected by that system.
The containers use advanced isolation techniques to provide discreet and portable environments that include most everything an application needs to be fully functional.
Why Containers After All?
Containers are a way to wrap up an application into its own isolated box. They wrap software up within in a complete file system that contains everything it needs to run: code, runtime, system tools and system libraries. You can think of it as complete package. This guarantees that it will always run the same, regardless of the environment it is running within.
Because the container has everything it needs to run your application, they are very portable and can run on any machine that is running Windows Server 2016. You can create and test containers locally, then deploy that same container image to your company’s private cloud, public cloud or service provider. The natural agility of Containers supports modern app development patterns in large scale, virtualized cloud environments.
With containers, developers can build an app in any language. These apps are completely portable and can run anywhere – laptop, desktop, server, private cloud, public cloud or service provider – without any code changes.
System administrators or IT Professionals can use containers to provide standardized environments for their development, QA, and production teams. They no longer have to worry about complex installation and configuration steps. By using containers, systems administrators abstract away differences in OS installations and underlying infrastructure.
What are Windows Containers?
Window Containers are a free offering from Microsoft if you have the required license for Windows Server. With this technology, you can leverage the benefits of containers. The Windows Server container shares the kernel with the OS running on the host machine, which means all containers running on that machine share the same kernel. At the same time, each container maintains its own view of the OS, registry, file system, IP address, and other components, with isolation provided to each container through process, namespace, and resource control technologies.
The Windows Server container is well suited for situations in which the host OS and containerized applications all lie within the same trust boundary, such as applications that span multiple containers or make up a shared service. However, Windows Server containers are also subject to an OS/patch dependency with the host system, which can complicate maintenance and interfere with operations. For example, a patch applied to the host can break an application running in a container, ,even though it is a rare case. Even more importantly, in situations such as multi-tenant environments, the shared kernel model can open up a system to application vulnerabilities and cross-container attacks.
What are Hyper-V Containers
Do note that Microsoft also offers Hyper-V containers. This expands on the isolation provided by Windows Server Containers by running each container in a highly optimized virtual machine. The kernel of the container host is not shared with other Hyper-V Containers. If all the code running on a host is trusted, then the isolation provided by Windows Containers is likely to be adequate. But if we don’t trust the code, then Hyper-V Containers provide the same level of isolation as virtual machines, but with many of the benefits of standard containers.
For Hyper-V Containers, you do need to have Hyper-V installed on the Windows Server.
The Docker Connection
In October 2014, Microsoft Corp and Docker announced a strategic partnership to bring the agility, portability, and security benefits of the Docker platform to Windows Server.
Result: Windows Server Containers (Introduced in Windows Server 2016)
As part of this initiative, Docker is now offering Docker Engine for Windows and Docker Client for Windows as part of Docker ecosystem.
The Docker engine provides the functionality necessary to manage your Docker environment. For example, the engine makes it possible to automate the creation of container images. Although you can create the images manually, the engine offers a number of benefits, such as the ability to store images as code, easily recreate those images, or incorporate them into a continuous integration development cycle.
The Docker engine essentially does all the container-management grunt work for you, while exposing the API necessary for the Docker client to interface with the engine. The client is a command-line interface that provides a set of commands for managing images and containers. These are the same commands that allow you to create and run Docker containers on Linux.
In upcoming blog posts, we’ll discuss more on the technical aspects and get our hands dirty on the installation and configuration of windows containers.