You might be hiding under a rock over the last six to 12 months if you haven’t heard of Windows Server 2016 containers. I’ll explain what all this means and how containers may or may not affect how you deploy your applications.
More Apps, Faster
A lot of businesses, particularly in businesses that specialize in software development, are constantly looking for ways to deploy services more quickly. Machine virtualization certainly helps, but there’s still a provisioning process. Although the public and private cloud has improved this, there’s still a need to deploy machines, each with resource requirements and their own operating system (OS) that requires management.
Machine virtualization is what most of us use for deployment, and it uses software to create a simulated machine. In this machine, there is a guest OS that provides a single user space to install and run services from. We use virtual machines from the service perspective, much like we used physical servers, where we install one service in each VM.
A concept called software containers appeared in the Linux world, headlined by an open source project called Docker that automates the provisioning of this mechanism. Containers are a form of application virtualization. Some readers will have heard of or used App-V, a way to virtualize desktop applications on Remote Desktop Services or PCs. Each app lives in a bubble that runs side by side with other virtualized and non-virtualized apps on the client device, sharing a single OS. Containers are a similar concept, but are designed for use with server applications.
The idea is that a machine is deployed to host containers. Containers are deployed onto the host and consume the shared resources of the host, including the operating system. To a certain extent, these containers are isolated, but there is no security boundary between them. If one container is compromised, then the container host and the other containers on that host are vulnerable.
Windows Server Containers
In 2014, Microsoft announced that they had formed a close partnership with Docker. The goal behind this partnership was to bring container technology to the Microsoft server and cloud stack. Soon after, a Ubuntu image with container support was added to Microsoft Azure, and Docker released a beta client for Windows. At the same time, Microsoft is also working to add containers to Windows Server 2016.
Microsoft first started to talk in detail about Windows Server Containers at Microsoft Ignite 2015 in Chicago, where they revealed their technology and plans. At the event, Microsoft announced that the Windows Server 2016 Technical Preview 3 would give us our first glimpse of Windows Server Containers. We can also expect a technical preview release toward the end of 2015, which will give us access to Hyper-V containers.
Windows Server Containers offers a solution that is consistent with containers on Linux, where containers can be managed using PowerShell or Docker. They feature the same level of isolation as containers on Linux, too. This is why Microsoft created Hyper-V containers; we know little about Hyper-V containers at this point, other than that they will use the hypervisor to offer secure isolation between containers. One interesting fact about Hyper-V containers is that they require Microsoft to add support for nested virtualization in Hyper-V — we’ll love that in our demo and test labs!
How Do Windows Server Containers Work?
Microsoft has given us a nicely packaged introduction to the first preview release of Windows Server Containers in Technical Preview 3. The solution works by deploying a Windows Server 2016 Hyper-V host, where you create one or more virtual machines on the host that will be configured as VM hosts. The guest OS is Server Core or Nano Server. Containers are created inside the VM hosts, and networking access for the containers is via a virtual switch running inside the virtual machine. Finally, the OS and services are deployed into containers from reusable images that are stored in a repository. That repository is not shared and is stored in the VM host in the current technical preview. I suspect that SMB 3.0 will play a big part here in later preview releases.
Here’s the best part about Windows Server containers: Once you have a VM host running, it takes only a few seconds to deploy and start a new service from an image in the repository. Image a new WordPress server or SQL Server in a few seconds!
Windows Server 2016 Container Limitations
Containers are not stateless, but they are pretty close to it. Containers are for born-in-the-cloud applications that are designed to have lots of small disposable parts. These service components require little customization and are disposable. This means that networking is different (dynamic addressing is the norm) and authentication is different (no support for Active Directory membership).
We’ll also use different ways to store data, storing as little as possible in the container, making the container something we can afford to lose and replace very quickly. These limitations will mean that few of us will ever use containers in the near future, but for those organizations that have evolved how they create their services, Windows Server Containers will drastically improve their speed, quality, and consistency of deployment.
The Future of Containers
It’s clear from the release of Windows Server 2016 Technical Preview 3 that Microsoft is serious about containers. With that said, I don’t think that I’ll see a production deployment of containers in the next year or two. But after spending some time playing with the technical preview, I am sure that containers has a place in Windows Server. It’s amazing how quickly I could image and deploy a service. And yes, the default admin tool is PowerShell, but the cmdlets are superbly designed — I was able to create containers and images, and deploy those images without reading any documentation when I first was granted access. If you are in a company that could use containers, then be sure to check them out. If you’re a nerd like me, then Windows Server containers is a must see.