Post on 13-Feb-2017
Dockerizing Windows Server Applications
Ender BarillasTaylor BrownProgram ManagerPrincipal Program Manager Lead
Setting Up
Agenda
Architecture
More
Setting up
Setting up
Containers Feature:• Install-WindowsFeature containers• Restart-Computer –Force
Setting up
Docker:• New-Item -Type Directory -Path 'C:\Program Files\docker\'• Invoke-WebRequest https://aka.ms/tp5/b/dockerd -OutFile
$env:ProgramFiles\docker\dockerd.exe• Invoke-WebRequest https://aka.ms/tp5/b/docker -OutFile
$env:ProgramFiles\docker\docker.exe• [Environment]::SetEnvironmentVariable("Path", $env:Path + ";C:\Program
Files\Docker", [EnvironmentVariableTarget]::Machine)• Close and reopen powershell
• dockerd --register-service• Start-Service docker
Setting up
Base OS image:• Install-ContainerOSImage <wim path>• Restart-Service docker• docker images• docker tag windowsservercore:10.0.14300.1000 windowsservercore:latest
Architecture
Architecture
Operating System
Docker Engine
Docker Client
Docker Registry
Docker Compose Docker Swarm
Docker Universal Control Plane } Container
Development and Management Toolset
Container Runtime
Architecture In Linux
containerd + runc
Docker Engine
REST Interface
libcontainerd graphlibnetwork plugins
Operating System
Control Groupscgroups
NamespacesPid, net, ipc, mnt, uts
Layer CapabilitiesUnion Filesystems AUFS,
btrfs, vfs, zfs*, DeviceMapper
Other OS Functionality
Docker Client DockerRegistryDocker Compose Docker Swarm
Architecture In Windows
Docker Engine
REST Interface
libcontainerd graphlibnetwork plugins
Operating System
Control GroupsJob objects
NamespacesObject Namespace,
Process Table, Networking
Layer CapabilitiesRegistry, Union like
filesystem extensions
Other OS Functionality
Compute Service
Docker Client DockerRegistryDocker Compose Docker Swarm
Docker
PlatformSpecific
PlatformIndependent
Comparing OS Architectures
Linux Control Groupscgroups
NamespacesPid, net, ipc, mnt, uts
Layer CapabilitiesUnion Filesystems: AUFS,
btrfs, vfs, zfs*,DeviceMapper
Other OS Functionality
runC
Docker EngineREST Interface
libcontainerd graphlibnetwork plugins
Windows Control GroupsJob objects
NamespacesObject Namespace, Process
Table, Networking
Layer CapabilitiesRegistry, Union like filesystem
extensions
Other OS Functionality
Compute Services
Docker Client Docker SwarmDocker Compose Docker Registry
Windows Kernel
Host User Mode
Container Management
Windows Server Containers
Compute Services
Docker Engine
Windows Server Container
System Processes
Application Processes
System Processes
Session Manager
Local Security Authority
Event Manager…
Etc…
Job Object Net Interface
StorageRegistry
Windows Server Container
System Processes
Application Processes
Job Object Net Interface
StorageRegistry
Hyper-V ContainersHost User Mode Virtual Machine
Specifically Optimized To Run a Container
Container Management
Windows Kernel
Compute Services
Docker Engine
System Processes
Session Manager
Local Security Authority
Event Manager…
Etc…
Hyper-V Hypervisor
Hyper-V Container
Windows Kernel
Guest Compute Service
Windows Server Container
System Processes
Application Processes
Job Object Net Interface
StorageRegistry
Basic System
Processes
Same Container Images, Same API
Container Management
Docker
Windows Container Images
Application
Framework
Container Run-TimesHyper-V Container
Windows Server Container
Write once, deploy anywhere
Networking
Container Networking ChoicesNAT
• Simple
• Private IP Addresses
• No cross-node container traffic
• Port Forwarding
• Host-based Firewall & QoS
• Ideal for Developers
L2 Tunneling
• Full network virtualization
• Isolated network & services
• Multi-node traffic
• MAC Virtualization
• Cloud-scale Deployments
Transparent
• Simple
• Existing L2 network (DHCP)
• Cross-node traffic
• No isolation (MAC spoofing)
• Developers or Small Deployments
Physical HostNetwork StackVirtual Machine
Specifically Optimized To Run a Container
Windows Server
Container
System Processes
Application Processes
TCP/IPSoftware
Windows Server
Container
System Processes
Application Processes
Guest Compute Service
Basic System
Processes
Compartment Compartment Default Compartment
Host TCP/IPSoftware
Hyper-V Container
Windows Server
Container
System Processes
Application Processes
TCP/IPSoftware
vNIC vNIC vNICvmNIC
vSwitchHost vNICWinNAT
Physical NIC
• Containers connect to the Virtual Switch over a Host vNIC (Windows Server Container) or Synthetic VM NIC (Hyper-V Containers)
• The Host vNIC sits within its own Network Compartment (isolation) for Windows Server Containers
• Network connectivity to Hyper-V Containers through synthetic VM NIC is transparent to the Utility VM
• (Optional) Host vNIC assigned default gateway IP from WinNAT which binds to TCPIP
Physical Network
Thank you!