Post on 22-Jan-2017
1CONFIDENTIAL
Microsoft Containers in Windows Server 2016Dzmitry Durasau
JANUARY 20, 2016
2CONFIDENTIAL
MICROSOFT CONTAINERS IN WINDOWS SERVER 2016DZMITRY DURASAU
JANUARY 20, 2016
3CONFIDENTIAL
HelloSpeaker: Dzmitry Durasau
Microsoft Certified Trainer, MCSA, MCTS, MCPSolution Architect at EPAM Systems
Main areas of expertise: Cloud Infrastructures, Enterprise Windows-based IT, Virtualization and PowerShell.
4CONFIDENTIAL
• Containerization in Windows Server 2016• Windows Container Under the Hood• Hello, World!
Agenda
5CONFIDENTIAL
CONTAINERIZATION INWINDOWS SERVER 2016
SECTION 1
6CONFIDENTIAL
Containers – no magic insideJust another isolation technologyLike many others
• Remote Desktop Session• Application Virtualization• IIS Application Pool• Citrix• Thin Clients
7CONFIDENTIAL
Isolation Technologies
8CONFIDENTIAL
• Multiple containers run on a host with isolation provided through namespace and process isolation technologies.
Windows Server Containers
9CONFIDENTIAL
• Multiple containers run on a host, however each container is run inside of a utility virtual machine. This provides kernel level isolation between a Hyper-V container, the container host, and any other containers running on the container host.
Hyper-V Containers
10CONFIDENTIAL
Windows and Hyper-V Containers
11CONFIDENTIAL
Container Management Stack
• PowerShell• Docker
12CONFIDENTIAL
Compatibility• Windows Container can run only on Windows
Host• Windows Containers and Hyper-V Containers are
compatible • Docker Containers and PowerShell Containers
are not compatible• Docker Containert can be managed via
PowerShell in a restricted way (from TP4)
13CONFIDENTIAL
Containers Deployment
Operating System
Operating System
Physical System
VM
Container
Nested Virtualization in Windows Server 2016
14CONFIDENTIAL
Windows Containers in Azure
15CONFIDENTIAL
WINDOWS CONTAINER:UNDER THE HOOD
SECTION 2
16CONFIDENTIAL
Installation• Containers• Hyper-V
17CONFIDENTIAL
Manage Containers with PowerShell
18CONFIDENTIAL
Windows Container Anatomy
• Container Runtime• Container Image
Container RuntimeContainer Image (based on
WIM)
19CONFIDENTIAL
Windows Containers Image: WIM Package
20CONFIDENTIAL
Install WIM Image
Install-ContainerOSImage
21CONFIDENTIAL
Container OS ImageC:\ProgramData\Microsoft\Windows\Images
22CONFIDENTIAL
Create ContainerNew-Container -Name <ContainerName> -ContainerImageName <ImageName>
Optional:-SwitchName <SwitchName>-MemoryStartupBytes
23CONFIDENTIAL
Containers
24CONFIDENTIAL
25CONFIDENTIAL
Containers Structure
26CONFIDENTIAL
Start Container
Start-Container –Name <ContainerName>
27CONFIDENTIAL
Container Start Procedure
28CONFIDENTIAL
Processes
29CONFIDENTIAL
CPU and RAM• 1 CPU per Container (not verified)• Startup RAM amount can be defined within the
container properties.
30CONFIDENTIAL
Manage Resources• Memory• Network Bandwidth• CPU (Relative Weight)• Storage IO (IOPS and Bandwidth)
31CONFIDENTIAL
Network• Windows Containers use Hyper-V Virtual Host
Network Adapter• Because Firewall is shared between Container and
OS the FW configuration should be performed in OS• MAC Address is the same as OS.
32CONFIDENTIAL
Hyper-V Containers Anatomy
33CONFIDENTIAL
34CONFIDENTIAL
HELLO, WORLD!
SECTION 3
35CONFIDENTIAL
Windows Container Restrictions• Windows Server Containers created with PowerShell can not
currently be managed with Docker and visa versa – Docker containers can be managed via PowerShell in TP4 in a restricted way (discovery, stop)
• Commands sporadically fail -- try again• Currently it is not possible to create a file share within a
Container - Fixed in TP4.• ASP.NET 4.5 and 3.5 doesn't run in a container – Fixed in TP4• ASP 5.0 does work.• Windows Server Containers can be managed/interacted with
through a RDP session – removed in TP4
36CONFIDENTIAL
https://msdn.microsoft.com/en-us/virtualization/windowscontainers/about/work_in_progress
37CONFIDENTIAL
Demo1. Create new container2. Start container3. Connect to the container via PowerShell4. Install IIS Role5. Check Web site via PowerShell6. Check Web site via IE from host7. Export container image
38CONFIDENTIAL
39CONFIDENTIAL
40CONFIDENTIAL
41CONFIDENTIAL
42CONFIDENTIAL
Demo Code#Review PowerShell cmdletsGet-Command -Module Containers
#Review Container ImagesGet-ContainerImage
#Because Containers use Hyper-V Virtual Switch we need to have at least one for network communicationsGet-VMSwitch
#Note: We can communicate with Containers even without network via PowerShell
#Let's create Container object $HelloWorld$HelloWorld = New-Container -Name "HelloWorld" -ContainerImageName WindowsServerCore -SwitchName Internal_Switch
#How they look:Get-Container
#Lets get the party started!Start-Container -Container $HelloWorld
#See container stateGet-Container
#Enter to the container with PowerShellEnter-PSSession -ContainerId $HelloWorld.ContainerId -RunAsAdministrator
#Install IISInstall-WindowsFeature -Name Web-Server
#Get Web SitesGet-IISSite
#Create Container ImageNew-ContainerImage -ContainerName $HelloWorld.Name -Publisher HDConf -Version 1.0 -Name HelloWorldHDConf
#Review our new containerGet-ContainerImage
#Export ContainerExport-ContainerImage -Name HelloWorldHDConf -Path c:\test\
43CONFIDENTIAL
Thank you!
44CONFIDENTIAL
• http://www.creationline.com/lab/11385• http://blog.engineer-memo.com/2015/08/21/windows-server-containers• http://blogs.msdn.com/b/msgulfcommunity/archive/2015/09/08/why-win
dows-server-containers-and-why-you-need-to-look-at-containers-hands-on.aspx
• https://msdn.microsoft.com/en-us/virtualization/windowscontainers/about/work_in_progress
• http://blogs.technet.com/b/rutechnews/archive/2015/09/16/24-171-windows-server-2016-techincal-preview-3-187.aspx
• https://www.techdays.ru/videos/10093.html• https://
channel9.msdn.com/Blogs/TechDays-Russia/Containers-in-Windows-Server-2016
Links and credits
45CONFIDENTIAL
Questions?Email:dzmitry_durasau@epam.com