MENU

Get started with Windows Containers

Posted by Romain Serre on January 10, 2017
Share on Facebook0Share on Google+0Share on LinkedIn38Share on Reddit0Tweet about this on Twitter0
5/5 (2)
5/52

Windows Server 2016 has been released in October 2016 and comes with a new feature called Containers. Containers already exists in Linux world and enables to make OS virtualization. Basically, a container is an isolated place where an application can run without affecting the rest of the system and without the system affecting the application (MSDN definition).

What is a container

Like I said above, a container is an OS virtualization environment to run multiple isolated systems on a container host. Container uses namespace isolation technology that includes all resources that an application needs as process list, files, ports and so on. The container can only access to the resource of its namespace.

Several files and services are shared between containers. When an application in a container make a change on a file for example, the container creates its own copy of this file.

Windows Containers

There is two kind of Windows Container: Windows Containers and Hyper-V Containers.

Windows Server Containers share the host kernel and libraries. In this way, you don’t need to deploy an OS and you have not to “waste” RAM or disk for multiple operating system. In this scenario the containers boot quickly, you have a great density and you can deploy several instances of the application on the same machine.

Windows Containers and Hyper-V Containers

The main disadvantage about this scenario is about security. If your container host is corrupted, the issue can impact several containers and so several applications. This is true also about a container which can impact the container host. In multi-tenants scenarios, this can be a huge problem because several customers can be impacted. To resolve this, Hyper-V containers have been developed. This kind of containers has their own copy of OS Kernel and their own memory assigned. This enables to make isolation and so a security boundary.

Windows Containers and Hyper-V role

Because in this scenario you assign memory and you have multiple copy of the kernel, you have less density than Windows Server Containers. The startup time is also longer. But you have a great security boundary for the multi-tenants scenario.

Hyper-V Containers and Windows Server Containers

Container OS Image and Image

The container can only be deployed from images. The container OS image is the operating system environment. This image cannot be modified.

Now you deploy a container from the OS Image and you make change by installing IIS for example. Changes are captured in the Sandbox. You can then stop this container and convert it to a Container Image. Then this container image can be used to deploy new container with IIS pre-installed. To finish these Container Images can be shared in an Image repository.

Container OS Image and Image

To deploy container host and containers themselves, I have followed this topic.

Requirements

To prepare your physical or virtual server as container host you need:

  • A system running Windows Server 2016 (Datacenter for unlimited Hyper-V Containers)
  • 10GB available storage for OS Base Image and setup scripts
  • Administrator permissions on the machine or VM

For this topic, I have used a virtual machine as container host.

Install feature

To install Docker engine and requirements, install the below module first:

Install-Module -Name DockerMsftProvider -Repository PSGallery -Force

PowerShell module

Then run the following cmdlet:

Install-Package -Name docker -ProviderName DockerMsftProvider

PowerShell module

To finish, restart the computer. After the restart, you will be able to run containers.

Restart-computer

Basic command

Since Windows Server 2016 Technical Preview 4, the PowerShell module for containers has been removed. In the final release of Windows Server, you have to use the Docker command to manage containers and related services such as a network. This section introduces some Docker command to manage your containers.

Review network configuration

First section I’d like introduce you is about the network. When you have installed Docker on the system, a NAT switch is automatically created. You can review it by using “standard” Windows cmdlet:

Get-VMSwitch

PowerShell module

In Docker world, you can review networks by using the following command:

Docker network ls

PowerShell module

If you want show more information about a network, you can run the below command:

Docker network inspect <network ID>

PowerShell module

You can create more network by using this command

docker network create

PowerShell command

The NAT network is not the only available. You can create transparent network (this is almost the same than Hyper-V external network), L2 bridge and so on.

List container

You can list the running containers by using this command:

Docker container ls

PowerShell command

The above command doesn’t show the stopped container. If you want get information about stopped containers, you have to run the following command:

Docker container ls -a

Download Windows Server Core image

To run container, you have to use an image. Change can be applied in this image and committed later to a custom image. But first, you should download an image from Docker repository. You can search for an image by using this command:

PowerShell command

In the above screenshot, I have searched for images related to Microsoft. Now I download the image called microsoft/windowsservercore (be careful to the case). To download an image, run the following command:

Docker pull <image name>

PowerShell command

Once the image is downloaded, you can run the below command to list image in your local repository:

docker image ls

PowerShell command

Create a custom image

To create a custom image, I’ll use the previously downloaded image. Then I’ll add the IIS role in the container and to finish, I’ll commit the changes to a new image.

So first, I start the container based on image microsoft/windowsservercore. I use the below command to start an interactive PowerShell inside the container. I don’t specify the name so it will be generated by docker. The docker run command create and start the container. If the container already exists, the command just start the container.

docker run -it microsoft/windowsservercore “powershell”

Once the container is running, I show the available features.

docker command

Then I run the following PowerShell cmdlet to install IIS inside the container.

PowerShell cmdlet

Once the Web-Server is installed inside the container, you can leave it. Then I have retrieved the container name (with Docker container ls -a). The random name of the container is sharp_mestorf. To commit the change to a new image, you must stop the container first:

Docker container stop sharp_mestorf

Then I commit the change to a new image:

Docker commit <docker source> <image name:tag>

N.B: be careful about the image name, it must be in lower case.

sharp_mestorf

To finish, I start a container called IIS01 with the new image. I run also an interactive PowerShell inside the container.

docker run –name IIS01 -it custom/iiscore:IIS “powershell”

I retrieve the IP address and I browse it from Edge:

Windows PowerShell view

Related materials:

Views All Time
4
Views Today
7

Please rate this

Return to all posts

Exploring VMWare’s VPID Technology
Ransomware: 14 Key Methods of Protection
The following two tabs change content below.
Romain Serre
Romain Serre
Senior consultant at Exakis
Romain Serre works in Lyon as a Senior Consultant. He is focused on Microsoft Technology, especially on Hyper-V, System Center, Storage, networking and Cloud OS technology as Microsoft Azure or Azure Stack. He is a MVP and he is certified Microsoft Certified Solution Expert (MCSE Server Infrastructure & Private Cloud), on Hyper-V and on Microsoft Azure (Implementing a Microsoft Azure Solution).