1CONFIDENTIAL

Microsoft Containers in Windows Server 2016Dzmitry Durasau

JANUARY 20, 2016

2CONFIDENTIAL

MICROSOFT CONTAINERS IN WINDOWS SERVER 2016DZMITRY DURASAU

JANUARY 20, 2016

3CONFIDENTIAL

HelloSpeaker: Dzmitry Durasau

Microsoft Certified Trainer, MCSA, MCTS, MCPSolution Architect at EPAM Systems

Main areas of expertise: Cloud Infrastructures, Enterprise Windows-based IT, Virtualization and PowerShell.

4CONFIDENTIAL

• Containerization in Windows Server 2016• Windows Container Under the Hood• Hello, World!

Agenda

5CONFIDENTIAL

CONTAINERIZATION INWINDOWS SERVER 2016

SECTION 1

6CONFIDENTIAL

Containers – no magic insideJust another isolation technologyLike many others

• Remote Desktop Session• Application Virtualization• IIS Application Pool• Citrix• Thin Clients

7CONFIDENTIAL

Isolation Technologies

8CONFIDENTIAL

• Multiple containers run on a host with isolation provided through namespace and process isolation technologies.

Windows Server Containers

9CONFIDENTIAL

• Multiple containers run on a host, however each container is run inside of a utility virtual machine. This provides kernel level isolation between a Hyper-V container, the container host, and any other containers running on the container host.

Hyper-V Containers

10CONFIDENTIAL

Windows and Hyper-V Containers

11CONFIDENTIAL

Container Management Stack

• PowerShell• Docker

12CONFIDENTIAL

Compatibility• Windows Container can run only on Windows

Host• Windows Containers and Hyper-V Containers are

compatible • Docker Containers and PowerShell Containers

are not compatible• Docker Containert can be managed via

PowerShell in a restricted way (from TP4)

13CONFIDENTIAL

Containers Deployment

Operating System

Operating System

Physical System

VM

Container

Nested Virtualization in Windows Server 2016

14CONFIDENTIAL

Windows Containers in Azure

15CONFIDENTIAL

WINDOWS CONTAINER:UNDER THE HOOD

SECTION 2

16CONFIDENTIAL

Installation• Containers• Hyper-V

17CONFIDENTIAL

Manage Containers with PowerShell

18CONFIDENTIAL

Windows Container Anatomy

• Container Runtime• Container Image

Container RuntimeContainer Image (based on

WIM)

19CONFIDENTIAL

Windows Containers Image: WIM Package

20CONFIDENTIAL

Install WIM Image

Install-ContainerOSImage

21CONFIDENTIAL

Container OS ImageC:\ProgramData\Microsoft\Windows\Images

22CONFIDENTIAL

Create ContainerNew-Container -Name <ContainerName> -ContainerImageName <ImageName>

Optional:-SwitchName <SwitchName>-MemoryStartupBytes

23CONFIDENTIAL

Containers

24CONFIDENTIAL

25CONFIDENTIAL

Containers Structure

26CONFIDENTIAL

Start Container

Start-Container –Name <ContainerName>

27CONFIDENTIAL

Container Start Procedure

28CONFIDENTIAL

Processes

29CONFIDENTIAL

CPU and RAM• 1 CPU per Container (not verified)• Startup RAM amount can be defined within the

container properties.

30CONFIDENTIAL

Manage Resources• Memory• Network Bandwidth• CPU (Relative Weight)• Storage IO (IOPS and Bandwidth)

31CONFIDENTIAL

Network• Windows Containers use Hyper-V Virtual Host

Network Adapter• Because Firewall is shared between Container and

OS the FW configuration should be performed in OS• MAC Address is the same as OS.

32CONFIDENTIAL

Hyper-V Containers Anatomy

33CONFIDENTIAL

34CONFIDENTIAL

HELLO, WORLD!

SECTION 3

35CONFIDENTIAL

Windows Container Restrictions• Windows Server Containers created with PowerShell can not

currently be managed with Docker and visa versa – Docker containers can be managed via PowerShell in TP4 in a restricted way (discovery, stop)

• Commands sporadically fail -- try again• Currently it is not possible to create a file share within a

Container - Fixed in TP4.• ASP.NET 4.5 and 3.5 doesn't run in a container – Fixed in TP4• ASP 5.0 does work.• Windows Server Containers can be managed/interacted with

through a RDP session – removed in TP4

36CONFIDENTIAL

https://msdn.microsoft.com/en-us/virtualization/windowscontainers/about/work_in_progress

37CONFIDENTIAL

Demo1. Create new container2. Start container3. Connect to the container via PowerShell4. Install IIS Role5. Check Web site via PowerShell6. Check Web site via IE from host7. Export container image

38CONFIDENTIAL

39CONFIDENTIAL

40CONFIDENTIAL

41CONFIDENTIAL

42CONFIDENTIAL

Demo Code#Review PowerShell cmdletsGet-Command -Module Containers

#Review Container ImagesGet-ContainerImage

#Because Containers use Hyper-V Virtual Switch we need to have at least one for network communicationsGet-VMSwitch

#Note: We can communicate with Containers even without network via PowerShell

#Let's create Container object $HelloWorld$HelloWorld = New-Container -Name "HelloWorld" -ContainerImageName WindowsServerCore -SwitchName Internal_Switch

#How they look:Get-Container

#Lets get the party started!Start-Container -Container $HelloWorld

#See container stateGet-Container

#Enter to the container with PowerShellEnter-PSSession -ContainerId $HelloWorld.ContainerId -RunAsAdministrator

#Install IISInstall-WindowsFeature -Name Web-Server

#Get Web SitesGet-IISSite

#Create Container ImageNew-ContainerImage -ContainerName $HelloWorld.Name -Publisher HDConf -Version 1.0 -Name HelloWorldHDConf

#Review our new containerGet-ContainerImage

#Export ContainerExport-ContainerImage -Name HelloWorldHDConf -Path c:\test\

43CONFIDENTIAL

Thank you!

44CONFIDENTIAL

• http://www.creationline.com/lab/11385• http://blog.engineer-memo.com/2015/08/21/windows-server-containers• http://blogs.msdn.com/b/msgulfcommunity/archive/2015/09/08/why-win

dows-server-containers-and-why-you-need-to-look-at-containers-hands-on.aspx

• https://msdn.microsoft.com/en-us/virtualization/windowscontainers/about/work_in_progress

• http://blogs.technet.com/b/rutechnews/archive/2015/09/16/24-171-windows-server-2016-techincal-preview-3-187.aspx

• https://www.techdays.ru/videos/10093.html• https://

channel9.msdn.com/Blogs/TechDays-Russia/Containers-in-Windows-Server-2016

Links and credits

45CONFIDENTIAL

Questions?Email:dzmitry_durasau@epam.com