This blog was originally written by Navya SM from OS Engineering team in Dell

Windows containers is a concept introduced with Windows server 2016 TP3 on both Core and GUI based OS image. A container looks a lot like a virtual machine (VM)-and is often considered a type of virtualization-but the two are distinctly different. Both host an operating system (OS), provide a local file system, and can be accessed over a network, just like a physical computer. However, a VM provides a full and independent OS, along with virtualized device drivers, memory management, and other components that add to the overhead. A container shares more of the host’s resources and consequently is more lightweight, quicker to deploy, and easier to scale across data centers. In this way, the container can offer a more efficient mechanism for encapsulating an application, while providing the necessary interface to the host system, all of which leads to more effective resource usage and greater portability. More details about the containers can be found at https://msdn.microsoft.com/en-us/virtualization/ windowscontainers/about/about_overview.

          Windows Server 2016 actually offers two different types of container run times, each with different degrees of application isolation.

  1. Windows Containers
  2. Hyper-V Containers

          Windows Containers offer isolation through namespace and process isolation, whereas Hyper-V Containers isolate each container via VMs. Windows Containers share a kernel with the container host and all the containers running on the host. In contrast, with Hyper-V Containers the kernel of the container host is not shared with the Hyper-V Containers. The Container Host can be either full OS or Core OS or a Nano edition. Both the types of Containers can be managed using Docker.

Prerequisites:

  • The Windows container feature is only available on Windows Server 2016 (Core and with Desktop Experience), Nano Server, and Windows 10 Professional and Enterprise (Anniversary Edition).
  • The Hyper-V role must be installed before running Hyper-V Containers.
  • Windows Server Container hosts must have Windows installed to C drive. This restriction does not apply if only Hyper-V Containers will be deployed.

Note: For the Container feature to work better all the Microsoft updates should be installed along with the OS.

Windows Containers on Full OS:

  1. Install either Windows Server 2016 or Windows Server Core 2016 on a physical or virtual system. Also keep the system up-to-date by installed all the available updates.
  2. The Docker commands are used to create and manage the containers in windows. The below cmdlets helps in downloading and installing docker. The DockerMsftProvider will enable container feature on the machine and also helps to install docker.
    1. Install-Module -Name DockerMsftProvider -Repository PSGallery –Force
    2. Install-Package -Name docker -ProviderName DockerMsftProvider
    3. Restart-Computer –Force

 

3.       Configure the firewall on the container host for the docker and configure the docker to listen on both the tcp and pipe using the commands given below. 

    1. netsh advfirewall firewall add rule name="docker engine" dir=in action=allow protocol=TCP localport=2375
    2. Stop-Service docker
    3. dockerd --unregister-service
    4. dockerd -H npipe:// -H 0.0.0.0:2375 --register-service
    5. Start-Service docker

4. Windows Containers need a base image to be installed. Base OS images are available with both Windows Server Core and Nano Server as the underlying operating system and can be installed using docker pull.

a.       docker pull microsoft/windowsservercore or

b.      docker pull microsoft/nanoserver

 

5. The docker command set is used to manage and work with containers. To create a new container and run commands on it we will have to use “Docker run” command and “docker ps” lists the containers that are running.

 6. To run commands on the existing container we can use “docker exec <container name> <cmd>”

7. To start or stop a container we can run using “docker start/stop <container ID>”.

8. Hyper-V containers on the other hand needs nested virtualization to be enabled (before installing Hyper-V role) as the Hyper-V host will be a VM and the containers will be the nested VMs on top of it. Below are the steps to create Hyper-V containers

    1. #replace with the virtual machine
      • name $vm = "<virtual-machine>"
    2. #configure virtual processor
      • Set-VMProcessor -VMName $vm -ExposeVirtualizationExtensions $true -Count
    3. #disable dynamic memory
      • Set-VMMemory $vm -DynamicMemoryEnabled $false
    4. enable mac spoofing
      • Get-VMNetworkAdapter -VMName $vm | Set-VMNetworkAdapter -MacAddressSpoofing On

                 The rest of the steps remain same on the Hyper-V container host

Windows Containers on Nano Server:

  1. Install the Nano image with container module or if the server with Nano image is ready we can install the container package onto it or an evaluation VHD can be downloaded from here and create a VM from the same.
  2. In order to work with Nano we have to connect it through remote Powershell using ‘Enter- PSSession’ cmdlet as shown below
  3. All the critical updates has to be installed for the containers feature to work properly. Once the updates are installed reboot the server for the updates to apply.
  4. Once the server is up and running then install the docker. The docker has to be installed first to work with the containers. Below cmdlets help in installing the docker.
  •  The below command installs the NuGet that is required for the powershellGet module

Install-Module -Name DockerMsftProvider -Repository PSGallery –Force

  • Now using the PowerShell Get we will install the latest available docker.

Install-Package -Name docker -ProviderName DockerMsftProvider

  •  Reboot the Nanoserver once before using docker.

Restart-Computer –Force

5. The container host needs base OS image to hold the containers. The Windows Server Core and Nano Server has got the base OS image as the underlying OS. We can pull the base OS images using the docker pull cmd which fetches the ready image for use.

    • docker pull microsoft/nanoserver    or

If the hyper-V containers are needed the also get the server core image using

    • docker pull Microsoft/Windowsservercore

6. We need a remote system to manage docker on Nano server and so we need to configure the following for the same by installing docker on the remote server.

7. Now we can create and connect to the container by using docker commands as same as that of the full Windows server OS

The same can be seen using “docker ps –a” command as shown. We have to start the container using “docker start <container ID>” and can stop the container using “docker stop <container ID>”. To execute a command on a running container “docker exec <container ID> <cmd>”

 

If the Nano server is installed on a VM, then the Hyper-V role has to be installed to create the Hyper-V container with nested virtualization being enabled but the rest of the steps remain same.

This part is to cover the creation of containers, but to use the containers we have to get the network connections for the same.