Windows Containers

Windows Containers and what they can do

More and more developers are taking advantage of containerisation – an innovative technology that allows applications to run easily across a wide range of host environments.

A software container is a portable runtime environment that packages up everything a specific application needs to function, including all the necessary files, while usually sharing an operating system with other containers on the same host (a virtual or physical machine).

The Docker platform makes container deployment simple, and the open nature of Linux often makes it the OS of choice for developers running containerised applications.

But some devs will always prefer to run Microsoft applications like ASP.NET, ISS or SQL Server on a Windows OS. Is this possible with containerisation? Thanks to Windows Containers, the answer is a resounding yes.

Docker for Windows

While Windows Containers are relatively new on the scene, the technology is still firmly based on the Docker platform.

Over the last few years, Microsoft has partnered with Docker to ensure full integration, meaning the same experience for developers using the Docker software for either Linux or Windows-based containerisation.

This means the same Docker client can manage multiple Linux and Windows containers. However, because Windows-based containers require Windows APIs from the host kernel, and the same applies to the Linux equivalents, you can’t run Windows containers on a Linux host, or vice versa.

So when it comes to Windows Containers, you’ll need a host system specially configured to run them. In terms of actual deployment, there are two options: Windows Server and Hyper-V.

Containers on Windows Server

Windows Server Containers share memory and a single Windows Server OS with the host. Because the kernel is shared, the containers must all use the same kernel version and configuration.

On the other hand, the shared OS and memory makes Windows Server Containers as lightweight as possible, and allows maximum efficiency in terms of start-up and density.

The shared nature of Windows Server Containers also has implications for security. Windows Server does not provide, in the words of Microsoft, ‘a hostile security boundary’. In other words, it’s not really equipped to deal with multiple containers that aren’t trusted by the host, or each other.

This isn’t an issue when containers are running in a trusted environment, e.g. within the same organisation, or as part of a single, larger application. But there is the (usually remote) possibility that an application will escape the constraints of its container and interfere with other containers, or the host itself. So when security is paramount, even more isolation is required.

Hyper-V isolation

Using Microsoft’s Hyper-V virtualisation technology, this option essentially creates a highly optimised, super-lightweight virtual machine for every container.

Hyper-V reinforces the isolation provided by Windows Server by giving containers their own OS kernels and dedicated memory – effectively the same level of isolation as a standard VM, but for each individual container.

Naturally, this makes Hyper-V containers a bit more cumbersome and less efficient than their Windows Server equivalents. But in multitenant environments, e.g. a PaaS or SaaS platform with multiple customers running their own code, the added isolation provided by Hyper-V can be essential. And because each Hyper-V container has its own OS kernel, it isn’t limited to the version and configuration of the host.

Ultimately, your choice of either Windows Server or Hyper-V containerisation will most likely come down to security. While Windows Server Containers can offer more efficiency in trusted environments, Hyper-V delivers maximum isolation to prevent security issues that can arise on a shared platform.

Inspired to get started with Windows Containers yourself? The Fasthosts CloudNX platform offers everything you need, with high-performance virtual machines, dedicated resources and a full range of server configuration options, plus the reliability of UK data centres and technical support.

Be Sociable, Share!