SlideShare a Scribd company logo

DockerCon 2016 - Windows Server and Docker

Download as PPTX, PDF
T
Taylor Brown

This document discusses bringing Docker and containers to Windows. It provides an overview of the architecture and key components involved, including: - Porting Docker to run natively on Windows using new container capabilities in Windows like namespaces and resource controls. - The use of two base images - windowsservercore for compatibility and nanoserver for small size. - Running Windows Server containers on Windows hosts directly using namespaces and resource controls or using Hyper-V for more isolation by running each container in a lightweight, stateless utility virtual machine. - Key components adapted from Linux like namespaces, a union filesystem approach, and control groups implemented using Windows job objects and other capabilities. - A demo of Windows containers showing

Technology
1 of 27
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Windows Server and Docker The Internals Behind Bringing Docker and Containers to Windows John Starks & Taylor Brown Principal Leads in Windows
Basics Architecture Porting Docker Agenda Shallow dive Namespaces File system Base images Hyper-V Containers Two great things Better together
Back to basics
Docker on Windows • Not “Docker for Windows” • Integration coming • Port of Docker Engine (not a fork) • Same remote API, same tools work on top (Compose, Swarm, etc.) • Built on new native container technology in Windows • Runs on Windows Server 2016 and on the latest Windows 10 • Runs Windows Server containers on Windows hosts • Doesn't run Linux containers • Available to try now • http://aka.ms/containers
Demo!
How? • New system-level container capabilities in Windows • Namespaces • Resource controls • Union file system • Adapted Docker to Windows • Adapted Windows to Docker
Architecture In Linux containerd + runc REST Interface libcontainerd graphlibnetwork plugins Control Groups cgroups Namespaces Pid, net, ipc, mnt, uts Layer Capabilities Union Filesystems AUFS, btrfs, vfs, zfs*, DeviceMapper Other OS Functionality Docker Client Docker Registry Docker Compose Docker Swarm
Architecture In Windows REST Interface libcontainerd graphlibnetwork plugins Control Groups Job objects Namespaces Object Namespace, Process Table, Networking Layer Capabilities Registry, Union like filesystem extensions Other OS Functionality Compute Service Docker Client Docker Registry Docker Compose Docker Swarm
Compute Service • Public interface to containers • Replaces containerd on Windows • Manages running containers • Abstracts low-level capabilities • Language bindings available • C#: https://github.com/Microsoft/ dotnet-computevirtualization • Go: https://github.com/Microsoft/ hcsshim
Architecture Windows Server Containers
Host User Mode Container Management Windows Server Containers System Processes Application Processes System Processes System Processes Application Processes
Container contents • Public Windows API delivered via DLLs, not syscalls • Lots of interdependencies • Highly dependent on system services running • RPC calls hidden in Win32 APIs • Automatically starts smss • init equivalent • Launches a variety of system services • No “FROM scratch”
Base images • Distributed by Microsoft • Two options • windowsservercore: large (huge?), highly compatible • nanoserver: small, fast, smaller API surface • docker pull coming soon! • microsoft/windowsservercore • microsoft/nanoserver
Demo!
Namespaces • Silo: extension to Windows Job object • Set of processes • Resource controls • New: set of namespaces • New namespace virtualization • Registry • Process IDs, sessions • Object namespace • File system • Network compartments
Object namespace • System-level namespace, hidden from users • C:Windows maps to DosDevicesC:Windows • Contains all device entry points • DosDevicesC: • Registry • DeviceTcp • Silo can "chroot" to different object root • SilosfooDosDevicesC: • SilosbarDosDevicesC:
Demo!
File system • Windows applications expect NTFS semantics • Transactions, file IDs, USN journal • Building a full union FS with NTFS semantics is hard • Hybrid model • Virtual block device + NTFS partition per container • Symlinks to layers on host FS to keep block devices small
Registry… Windows Registry • Basically a simple file system • Built a true union FS • Saves cloning a full set of registry hives per container
Architecture Hyper-V Containers
Hyper-V Containers • Some workloads need more isolation • Hostile multi-tenancy • Regulated workloads • Solution: transparently run each container in a VM! • (Mostly) invisible to both Docker and the user • docker run --isolation=hyperv • Hyper-V Containers are the default on Windows 10 • Images are the same
Host User Mode Container Management Windows Server Containers System Processes Application Processes System Processes System Processes Application Processes
Hyper-V Containers Host User Mode Virtual Machine Specifically Optimized To Run a Container Container Management System Processes System Processes Application Processes
Making it work • Small, stateless “utility VM” • Smallest Windows yet? • Writes not persisted • Storage attached via SMB • VMBus transport • File cache sharing • Networking attached via virtual NIC
Cloning • Launching the utility VM takes time and memory • Do it once, freeze the result • Fork the VM for each new instance • Eliminates startup time • Shares memory
Demo!
Thank you!

More Related Content

What's hot (20)

PPTX
Ipfs
承翰 蔡
 
PDF
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Michelle Antebi
 
PDF
Docker Architecture (v1.3)
rajdeep
 
PDF
Docker Dojo
Hugo González Labrador
 
PPTX
DockerCon 18 docker storage
Daniel Finneran
 
PDF
Core OS
vyhliluk
 
PDF
Docker - Hack Salem! - November 2014
Charles Anderson
 
PDF
CoreOS Overview
Nikolay Yurin
 
PPTX
Oracle database on Docker Container
Jesus Guzman
 
PDF
Ansible docker
QNIB Solutions
 
PDF
Running Django on Docker: a workflow and code
Danielle Madeley
 
PDF
Behavioural activity monitoring on CoreOS with Sysdig Falco
Sysdig
 
PDF
CoreOS @Codetalks Hamburg
Timo Derstappen
 
PPTX
Containers in the Cloud
James Darrell Pratt
 
PPTX
Containers and docker
SUDIP GHOSH
 
PPTX
The How and Why of Windows containers
Ben Hall
 
PPTX
Balena: a Moby-based container engine for IoT
Balena
 
PPTX
Cohesion Techsessie Docker - Daniel Palstra
Daniel Palstra
 
PPTX
CoreOS Intro
Isaac Johnston
 
PPTX
Learning of docker storage driver (container file system)
Deepak Kumar
 
Ipfs
承翰 蔡
 
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Michelle Antebi
 
Docker Architecture (v1.3)
rajdeep
 
Docker Dojo
Hugo González Labrador
 
DockerCon 18 docker storage
Daniel Finneran
 
Core OS
vyhliluk
 
Docker - Hack Salem! - November 2014
Charles Anderson
 
CoreOS Overview
Nikolay Yurin
 
Oracle database on Docker Container
Jesus Guzman
 
Ansible docker
QNIB Solutions
 
Running Django on Docker: a workflow and code
Danielle Madeley
 
Behavioural activity monitoring on CoreOS with Sysdig Falco
Sysdig
 
CoreOS @Codetalks Hamburg
Timo Derstappen
 
Containers in the Cloud
James Darrell Pratt
 
Containers and docker
SUDIP GHOSH
 
The How and Why of Windows containers
Ben Hall
 
Balena: a Moby-based container engine for IoT
Balena
 
Cohesion Techsessie Docker - Daniel Palstra
Daniel Palstra
 
CoreOS Intro
Isaac Johnston
 
Learning of docker storage driver (container file system)
Deepak Kumar
 

Similar to DockerCon 2016 - Windows Server and Docker (20)

PDF
Containerized Delivery on the Microsoft Stack
Cornell Knulst
 
PPTX
Developer workflow with docker
Wyn B. Van Devanter
 
PPT
Docker Devops document for short summary
AdiB912552
 
PPTX
Docker.pptx
balaji257
 
PPTX
Containers and Cloud: From LXC to Docker to Kubernetes
Shreyas MM
 
PDF
Docker
Codeister Technolgoies
 
PPTX
From VMs to Containers: Introducing Docker Containers for Linux and Windows S...
Ido Flatow
 
PPTX
State of the Container Ecosystem
Vinay Rao
 
PPTX
Docker
Mindstorm Studios
 
PPTX
Introduction to Docker
Alan Forbes
 
PDF
Michigan IT Symposium 2017 - Container BOF
Jeffrey Sica
 
PPTX
Intro Docker october 2013
dotCloud
 
PDF
Using Docker with OpenStack - Hands On!
Adrian Otto
 
PDF
Introduction to Containers - SQL Server and Docker
Chris Taylor
 
PPTX
Windows Server Containers- How we hot here and architecture deep dive
Docker, Inc.
 
PDF
CNIT 152 13 Investigating Mac OS X Systems
Sam Bowne
 
PPTX
Docker for PHP Developers - ZendCon 2016
Chris Tankersley
 
PPTX
Intro to Docker October 2013
Docker, Inc.
 
PPTX
Docker introduction
dotCloud
 
PPTX
Docker and kubernetes
Dongwon Kim
 
Containerized Delivery on the Microsoft Stack
Cornell Knulst
 
Developer workflow with docker
Wyn B. Van Devanter
 
Docker Devops document for short summary
AdiB912552
 
Docker.pptx
balaji257
 
Containers and Cloud: From LXC to Docker to Kubernetes
Shreyas MM
 
Docker
Codeister Technolgoies
 
From VMs to Containers: Introducing Docker Containers for Linux and Windows S...
Ido Flatow
 
State of the Container Ecosystem
Vinay Rao
 
Docker
Mindstorm Studios
 
Introduction to Docker
Alan Forbes
 
Michigan IT Symposium 2017 - Container BOF
Jeffrey Sica
 
Intro Docker october 2013
dotCloud
 
Using Docker with OpenStack - Hands On!
Adrian Otto
 
Introduction to Containers - SQL Server and Docker
Chris Taylor
 
Windows Server Containers- How we hot here and architecture deep dive
Docker, Inc.
 
CNIT 152 13 Investigating Mac OS X Systems
Sam Bowne
 
Docker for PHP Developers - ZendCon 2016
Chris Tankersley
 
Intro to Docker October 2013
Docker, Inc.
 
Docker introduction
dotCloud
 
Docker and kubernetes
Dongwon Kim
 
Ad

More from Taylor Brown (13)

PPTX
Ignite 2017 - Windows Server Feature Release
Taylor Brown
 
PPTX
Modernizing your .net enterprise without a rewrite
Taylor Brown
 
PPTX
Ignite 2016 - Windows Containers
Taylor Brown
 
PPTX
Ignite 2016 - Transforming Workloads
Taylor Brown
 
PPTX
Ignite 2016 - Docker Overview
Taylor Brown
 
PPTX
Ignite 2015 - Windows Containers
Taylor Brown
 
PPTX
DockerCon17 - Beyond the backslash
Taylor Brown
 
PPTX
DockerCon 2017 - Ecosystem track presentation
Taylor Brown
 
PPTX
DockerCon 2016 - Dockerizing Windows Server Applications
Taylor Brown
 
PPTX
Build 2017 - Developing On Windows Server
Taylor Brown
 
PPTX
Accelerate application delivery with docker containers and windows server 2016
Taylor Brown
 
PPTX
Microsoft Ignite Preday - Container Keynote
Taylor Brown
 
PPTX
Microsoft Build 2017 - Developing on Windows Server
Taylor Brown
 
Ignite 2017 - Windows Server Feature Release
Taylor Brown
 
Modernizing your .net enterprise without a rewrite
Taylor Brown
 
Ignite 2016 - Windows Containers
Taylor Brown
 
Ignite 2016 - Transforming Workloads
Taylor Brown
 
Ignite 2016 - Docker Overview
Taylor Brown
 
Ignite 2015 - Windows Containers
Taylor Brown
 
DockerCon17 - Beyond the backslash
Taylor Brown
 
DockerCon 2017 - Ecosystem track presentation
Taylor Brown
 
DockerCon 2016 - Dockerizing Windows Server Applications
Taylor Brown
 
Build 2017 - Developing On Windows Server
Taylor Brown
 
Accelerate application delivery with docker containers and windows server 2016
Taylor Brown
 
Microsoft Ignite Preday - Container Keynote
Taylor Brown
 
Microsoft Build 2017 - Developing on Windows Server
Taylor Brown
 
Ad

Recently uploaded (20)

PDF
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
PPTX
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
PDF
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
PDF
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
PDF
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
PDF
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
PDF
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PDF
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
PDF
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
PDF
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
PDF
Blockchain Transactions Explained For Everyone
CIFDAQ
 
PDF
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
PDF
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
PPTX
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
PDF
From Code to Challenge: Crafting Skill-Based Games That Engage and Reward
aiyshauae
 
PDF
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
PPTX
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
PPTX
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit Team
 
PPTX
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
PDF
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
Blockchain Transactions Explained For Everyone
CIFDAQ
 
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
From Code to Challenge: Crafting Skill-Based Games That Engage and Reward
aiyshauae
 
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit Team
 
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 

DockerCon 2016 - Windows Server and Docker

  • 1. Windows Server and Docker The Internals Behind Bringing Docker and Containers to Windows John Starks & Taylor Brown Principal Leads in Windows
  • 2. Basics Architecture Porting Docker Agenda Shallow dive Namespaces File system Base images Hyper-V Containers Two great things Better together
  • 4. Docker on Windows • Not “Docker for Windows” • Integration coming • Port of Docker Engine (not a fork) • Same remote API, same tools work on top (Compose, Swarm, etc.) • Built on new native container technology in Windows • Runs on Windows Server 2016 and on the latest Windows 10 • Runs Windows Server containers on Windows hosts • Doesn't run Linux containers • Available to try now • http://aka.ms/containers
  • 6. How? • New system-level container capabilities in Windows • Namespaces • Resource controls • Union file system • Adapted Docker to Windows • Adapted Windows to Docker
  • 7. Architecture In Linux containerd + runc REST Interface libcontainerd graphlibnetwork plugins Control Groups cgroups Namespaces Pid, net, ipc, mnt, uts Layer Capabilities Union Filesystems AUFS, btrfs, vfs, zfs*, DeviceMapper Other OS Functionality Docker Client Docker Registry Docker Compose Docker Swarm
  • 8. Architecture In Windows REST Interface libcontainerd graphlibnetwork plugins Control Groups Job objects Namespaces Object Namespace, Process Table, Networking Layer Capabilities Registry, Union like filesystem extensions Other OS Functionality Compute Service Docker Client Docker Registry Docker Compose Docker Swarm
  • 9. Compute Service • Public interface to containers • Replaces containerd on Windows • Manages running containers • Abstracts low-level capabilities • Language bindings available • C#: https://github.com/Microsoft/ dotnet-computevirtualization • Go: https://github.com/Microsoft/ hcsshim
  • 11. Host User Mode Container Management Windows Server Containers System Processes Application Processes System Processes System Processes Application Processes
  • 12. Container contents • Public Windows API delivered via DLLs, not syscalls • Lots of interdependencies • Highly dependent on system services running • RPC calls hidden in Win32 APIs • Automatically starts smss • init equivalent • Launches a variety of system services • No “FROM scratch”
  • 13. Base images • Distributed by Microsoft • Two options • windowsservercore: large (huge?), highly compatible • nanoserver: small, fast, smaller API surface • docker pull coming soon! • microsoft/windowsservercore • microsoft/nanoserver
  • 14. Demo!
  • 15. Namespaces • Silo: extension to Windows Job object • Set of processes • Resource controls • New: set of namespaces • New namespace virtualization • Registry • Process IDs, sessions • Object namespace • File system • Network compartments
  • 16. Object namespace • System-level namespace, hidden from users • C:Windows maps to DosDevicesC:Windows • Contains all device entry points • DosDevicesC: • Registry • DeviceTcp • Silo can "chroot" to different object root • SilosfooDosDevicesC: • SilosbarDosDevicesC:
  • 17. Demo!
  • 18. File system • Windows applications expect NTFS semantics • Transactions, file IDs, USN journal • Building a full union FS with NTFS semantics is hard • Hybrid model • Virtual block device + NTFS partition per container • Symlinks to layers on host FS to keep block devices small
  • 19. Registry… Windows Registry • Basically a simple file system • Built a true union FS • Saves cloning a full set of registry hives per container
  • 21. Hyper-V Containers • Some workloads need more isolation • Hostile multi-tenancy • Regulated workloads • Solution: transparently run each container in a VM! • (Mostly) invisible to both Docker and the user • docker run --isolation=hyperv • Hyper-V Containers are the default on Windows 10 • Images are the same
  • 22. Host User Mode Container Management Windows Server Containers System Processes Application Processes System Processes System Processes Application Processes
  • 23. Hyper-V Containers Host User Mode Virtual Machine Specifically Optimized To Run a Container Container Management System Processes System Processes Application Processes
  • 24. Making it work • Small, stateless “utility VM” • Smallest Windows yet? • Writes not persisted • Storage attached via SMB • VMBus transport • File cache sharing • Networking attached via virtual NIC
  • 25. Cloning • Launching the utility VM takes time and memory • Do it once, freeze the result • Fork the VM for each new instance • Eliminates startup time • Shares memory
  • 26. Demo!

Editor's Notes

  • #6: * docker images * docker run --rm test cmd /c echo Hello DockerCon!
  • #15: * docker run -it --rm windowsservercore powershell get-process * docker run -it --rm nanoserver powershell get-process * Look at taskmgr
  • #18: * objdir \ * objdir \DosDevices * docker run -it --rm test cmd objdir \DosDevices
  • #27: * docker run --rm --isolation=hyperv test cmd /c echo Help, I'm trapped in a VM! * Run it again (should be faster) * docker run --rm -it --isolation=hyperv test cmd powershell get-process * Show taskmgr on host