Introduction to Windows Server 2016 Containers

2017-05-25 // By LRS Education Services

Introduction to Windows Server 2016 Containers

Many businesses today, especially those that specialize in software development, are always looking for ways to get from development to deployment more quickly. We’ve seen the implementation of virtualization over the last several years, which has most definitely helped, but there is still a process, most often somewhat intense and time consuming, for provisioning a virtualized environment. This provisioning process most typically involves creating and deploying multiple virtual machines, considering the resource and operating system requirements of each, as well as the management requirements.

A concept referred to as “containers” helps to automate the provisioning process. Containers, while not new to the world of technology (they appeared long ago in the Linux world), are now making their way into the Microsoft world and gaining rapid interest.

So, what exactly are containers?

Containers are an isolated, resource controlled, and portable operating environment. They provide operating system level virtualization that allows multiple isolated applications to be run on a single system. You may already be familiar with a similar technology, App-V, which provides a way to virtualize desktop applications on Remote Desktop Services or personal computers. With App-V, each application lives in a bubble that runs side by side with other virtualized as well as non-virtualized apps on the client device, sharing a single OS. Containers are a similar concept, but are designed for use with server applications. Basically, a container is an isolated place where an application can run without touching the resources (memory, disk, network, etc) of other containers or the host. A container looks and acts like a newly installed physical computer or a virtual machine.

When you begin working with containers you will notice many similarities between a container and a virtual machine. A container runs an operating system, has a file system and can be accessed over a network just as if it was a physical or virtual computer system. That being said, the technology and concepts behind containers are very different from that of virtual machines.

Here’s a quick view and summary of the basic differences between virtual machines and containers. Using the diagram below, you can see the components of each. On the left, you’ll see the structure of a standard virtual machine environment. Each VM contains a hardware layer, a layer for the operating system and kernel of the host, and a layer providing the hypervisor technology. Then on top of the hypervisor, you have each virtual machine with its own operating system and kernel running within itself. Essentially, every time you boot up a VM, you are loading a full OS and kernel, which can be quite time consuming and resource intensive. Virtual machines typically also have a virtual hard disk which can grow as changes are made, and will be consuming significant storage space on your backend storage.

On the right side of the diagram you can see some differences in the structure of a typical container environment. Here you see hardware and kernel layers of the host, but rather than each container running its own operating system/kernel, each container shares the OS and kernel with the host OS. This sharing will provide faster boot times and better resource control and utilization than that of a VM.

Two types of containers are offered to us in Windows Server 2016: Windows Server Containers and Hyper-V Containers.

A Windows Server Container shares a kernel with the container host and all containers running on the host (as shown in the previous diagram). These containers only isolate the applications and runtime. In environments where you have a high degree of sensitivity, these containers may not provide enough isolation.

Hyper-V Containers expand on the isolation provided by Windows Server Containers by running each container in a highly optimized virtual machine. In this configuration the kernel of the container host is not shared with other containers on the same host. These containers are better designed for potentially hostile multitenant hosting environments with the same security assurances of a virtual machine. Hyper-V containers allow developers to take the standard containers they’ve built their applications around in the development and test environments and easily move them to production where they get a lightweight and completely isolated OS and container instance separating and isolating the application and all of its various micro services instances securely. One of the largest benefits here is that your development team won’t have to worry about repackaging the application nor worry about where they plan to deploy, as these containers are designed to be not only secure, but highly portable.

So now you may be wondering, how do containers actually work?

Containers are deployed from images. A container image is created from a read-only template which contains the base operating system, application, all application dependencies and process execution instructions needed to quickly deploy the container. Images can be comprised of multiple layers (such as the base OS, a web application, etc) and these layers can be built upon each other and shared between containers. This sharing of layers provides for optimized resource usage as well as a small footprint. Images are stored and retrieved from a repository referred to as a container image registry, which allows another big benefit of using containers….portability. Images can be developed locally, stored in a registry, which can be shared publicly or kept private to your development team/project, and then pulled easily into production.

When you containerize an application, only the app and the components needed to run the app are combined into an “image”. Containers are then created from this image as you need them. You can also use an image as a baseline to create another image, making image creation even faster. Multiple containers can share the same image, which means containers start very quickly and use fewer resources. Because the container has everything it needs to run your application, they are very portable and can run on any machine that is running Windows Server 2016. You can create and test containers locally, then deploy that same container image to your company’s private cloud, public cloud or service provider. The natural agility of Containers supports modern app development patterns in large scale, virtualized and cloud environments.

As for the management of containers, you will have two primary options. Containers can be managed using Windows PowerShell, or an open source project which became popularized in the Linux world, Docker. With Microsoft’s partnership with Docker back in 2014, this set of tools has increased popularity amongst developers. Docker provides a rich toolset and APIs to help build, ship and run applications. You may even want to check out Docker Hub, which provides a public repository of container images.

Containers are empowering software developers to build and ship higher-quality applications faster. These apps can be built in any language, with complete portability to run anywhere, including a laptop, desktop, private/public cloud, or server, without requiring any code changes and with much higher efficiency than that of a virtual machine. Not only are there benefits in development, but also IT Professionals and administrators will be able provide standardized environments for their development and production teams. The complexity of installation and configuration has been removed and a much simpler infrastructure to update and maintain will remain. You will be able to put many more containers onto a server than you could VMs, achieving faster boot times, faster migrations and better resource utilization. However, if you need full security and isolation, you will still desire the use of VMs. If you have full physical control over a server and are just needing an efficient, scalable place to deploy and app, containers would be a great choice.

You can find references to this information, as well as more details at the following locations:
https://docs.microsoft.com/en-us/virtualization/windowscontainers/about/

https://azure.microsoft.com/en-us/blog/containers-docker-windows-and-trends/

You can also learn more about Containers in the following course:

Microsoft course MS-20740 – Installation, Storage, and Compute with Windows Server 2016

And learn more about additional features of Windows Server 2016 in these courses:

Microsoft course MS-20741 – Networking with Windows Server 2016

Microsoft course MS-20742 – Identity with Windows Server 2016

Watch our schedule for upcoming Windows Server 2016 courses!

http://www.lrseducationservices.com/

Please let us know if you have any questions or if you would like more information regarding courses scheduled at LRS Education Services.

Penny Morgan, MCT, MCSA, MCITP, MCTS, MCSE, MCP

LRS Education Services GetSmart@lrs.com (877) 832-0678 x1493 toll free

Start Wide, Go Deep with Microsoft Security SC-200 Course

Microsoft designed their recently updated Microsoft Security Operations Analyst course (SC-200) using a method that lends itself well not only to learning, but also to implementation.

Winter 2024 Newsletter and Schedule

Read the Winter 2024 newsletter and course information.

Happy holidays or bah humbug due to cyber attacks?

Here are a few tips to help you stay safe online while buying gifts this holiday season.

Webinar Recording: The NIST Cybersecurity Framework 2.0 Initial Public Draft

This webinar discusses the NIST Cybersecurity Framework 2.0 Initial Public Draft, with updates making it easier to implement the tool to improve cybersecurity programs.

Microsoft Teams desktop client update!

Here we are, in October, with the newly released Microsoft Teams desktop client being made publicly available for Windows and Mac.