Docker, Inc., profile picture
Uploaded byDocker, Inc.
PPTX, PDF11,194 views

Windows Server and Docker - The Internals Behind Bringing Docker and Containers to Windows by Taylor Brown and John Starks

The document details the integration of Docker with Windows, particularly focusing on Windows Server 2016 and the latest Windows 10. It outlines the architecture behind Windows Server containers, including namespaces, resource controls, and Hyper-V containers for enhanced isolation. Key features include the adaptation of Docker technology to work with Windows' native capabilities and the introduction of both Windows Server Core and Nano Server for container images.

Technology
In this document
Powered by AI

Overview of Docker integration with Windows presented by John Starks & Taylor Brown.

Presentation agenda covering the basics, architecture, and integration of Docker with Windows.

Revisiting essential concepts of Docker for better understanding in context.

Details on Docker for Windows, integration features, availability, and limitations on Linux containers.

Demo segment showcasing Docker functionality on Windows.

Explanation of system-level capabilities such as namespaces and resource controls adapted for Windows.

In-depth look at Linux architecture utilizing containerd, namespaces, and various functionalities.

Description of Windows architecture similarities and differences in container handling compared to Linux.

Announcement of the Compute service managing running containers and available language bindings.

Structural overview of Windows Server Containers and related processes.

In-depth look into how processes interact within Windows Server Containers.

Discussion on the importance of APIs and system services necessary for container operations.

Introduction to Microsoft-distributed base images for containers: windowsservercore and nanoserver.

Second demo segment illustrating the workings of Windows containers.

Explanation of resource control improvements and namespace utilization in Windows.

Details about system-level namespaces hidden from users and their mapping.

Challenges of using NTFS semantics in container frameworks and the hybrid file system model.

Discussion on how Windows Registry functions as a simple file system supporting Docker.

The presentation on Hyper-V containers providing enhanced isolation for specific workloads.

Details about executing containers in virtual machines for improved security and isolation.

Description of the internal operations of Windows Server containers with Hyper-V.

Insight into the optimized infrastructure of Hyper-V containers and their management.

Methods for streamlined operations using small utility VMs to enhance performance.

Techniques for increasing efficiency through cloning and forking utility VMs.

Final demonstration showcasing the functionality of the presented technologies.

Thanking the audience and concluding the presentation.

Embed presentation

Downloaded 270 times
Windows Server and Docker The Internals Behind Bringing Docker and Containers to Windows John Starks & Taylor Brown Principal Leads in Windows
Basics Architecture Porting Docker Agenda Shallow dive Namespaces File system Base images Hyper-V Containers Two great things Better together
Back to basics
Docker on Windows • Not “Docker for Windows” • Integration coming • Port of Docker Engine (not a fork) • Same remote API, same tools work on top (Compose, Swarm, etc.) • Built on new native container technology in Windows • Runs on Windows Server 2016 and on the latest Windows 10 • Runs Windows Server containers on Windows hosts • Doesn't run Linux containers • Available to try now • http://aka.ms/containers
Demo!
How? • New system-level container capabilities in Windows • Namespaces • Resource controls • Union file system • Adapted Docker to Windows • Adapted Windows to Docker
Architecture In Linux containerd + runc REST Interface libcontainerd graphlibnetwork plugins Control Groups cgroups Namespaces Pid, net, ipc, mnt, uts Layer Capabilities Union Filesystems AUFS, btrfs, vfs, zfs*, DeviceMapper Other OS Functionality Docker Client Docker Registry Docker Compose Docker Swarm
Architecture In Windows REST Interface libcontainerd graphlibnetwork plugins Control Groups Job objects Namespaces Object Namespace, Process Table, Networking Layer Capabilities Registry, Union like filesystem extensions Other OS Functionality Compute Service Docker Client Docker Registry Docker Compose Docker Swarm
Compute Service • Public interface to containers • Replaces containerd on Windows • Manages running containers • Abstracts low-level capabilities • Language bindings available • C#: https://github.com/Microsoft/ dotnet-computevirtualization • Go: https://github.com/Microsoft/ hcsshim
Architecture Windows Server Containers
Host User Mode Container Management Windows Server Containers System Processes Application Processes System Processes System Processes Application Processes
Container contents • Public Windows API delivered via DLLs, not syscalls • Lots of interdependencies • Highly dependent on system services running • RPC calls hidden in Win32 APIs • Automatically starts smss • init equivalent • Launches a variety of system services • No “FROM scratch”
Base images • Distributed by Microsoft • Two options • windowsservercore: large (huge?), highly compatible • nanoserver: small, fast, smaller API surface • docker pull coming soon! • microsoft/windowsservercore • microsoft/nanoserver
Demo!
Namespaces • Silo: extension to Windows Job object • Set of processes • Resource controls • New: set of namespaces • New namespace virtualization • Registry • Process IDs, sessions • Object namespace • File system • Network compartments
Object namespace • System-level namespace, hidden from users • C:Windows maps to DosDevicesC:Windows • Contains all device entry points • DosDevicesC: • Registry • DeviceTcp • Silo can "chroot" to different object root • SilosfooDosDevicesC: • SilosbarDosDevicesC:
Demo!
File system • Windows applications expect NTFS semantics • Transactions, file IDs, USN journal • Building a full union FS with NTFS semantics is hard • Hybrid model • Virtual block device + NTFS partition per container • Symlinks to layers on host FS to keep block devices small
Registry… Windows Registry • Basically a simple file system • Built a true union FS • Saves cloning a full set of registry hives per container
Architecture Hyper-V Containers
Hyper-V Containers • Some workloads need more isolation • Hostile multi-tenancy • Regulated workloads • Solution: transparently run each container in a VM! • (Mostly) invisible to both Docker and the user • docker run --isolation=hyperv • Hyper-V Containers are the default on Windows 10 • Images are the same
Host User Mode Container Management Windows Server Containers System Processes Application Processes System Processes System Processes Application Processes
Hyper-V Containers Host User Mode Virtual Machine Specifically Optimized To Run a Container Container Management System Processes System Processes Application Processes
Making it work • Small, stateless “utility VM” • Smallest Windows yet? • Writes not persisted • Storage attached via SMB • VMBus transport • File cache sharing • Networking attached via virtual NIC
Cloning • Launching the utility VM takes time and memory • Do it once, freeze the result • Fork the VM for each new instance • Eliminates startup time • Shares memory
Demo!
Thank you!

More Related Content

PPTX
Mongo db
byGyanendra Yadav
 
PDF
Windows container security
byDocker, Inc.
 
PDF
Db2 & Db2 Warehouse v11.5.4 最新情報アップデート2020年8月25日
byIBM Analytics Japan
 
PPTX
Dockerと外部ルータを連携させる仕組みを作ってみた
bynpsg
 
PDF
Apache Sparkに手を出してヤケドしないための基本 ~「Apache Spark入門より」~ (デブサミ 2016 講演資料)
byNTT DATA OSS Professional Services
 
PPTX
Karpenterで君だけの最強のオートスケーリングを実装しよう
byKohei Nagase
 
PDF
Oficina docker
byMorvana Bonin
 
PPTX
Veeam v12新機能セミナー!クラウドへの直接バックアップ、多要素認証など便利機能をまるっと解説
by株式会社クライム
 
Mongo db
byGyanendra Yadav
 
Windows container security
byDocker, Inc.
 
Db2 & Db2 Warehouse v11.5.4 最新情報アップデート2020年8月25日
byIBM Analytics Japan
 
Dockerと外部ルータを連携させる仕組みを作ってみた
bynpsg
 
Apache Sparkに手を出してヤケドしないための基本 ~「Apache Spark入門より」~ (デブサミ 2016 講演資料)
byNTT DATA OSS Professional Services
 
Karpenterで君だけの最強のオートスケーリングを実装しよう
byKohei Nagase
 
Oficina docker
byMorvana Bonin
 
Veeam v12新機能セミナー!クラウドへの直接バックアップ、多要素認証など便利機能をまるっと解説
by株式会社クライム
 

What's hot

PDF
PacemakerのMaster/Slave構成の基本と事例紹介(DRBD、PostgreSQLレプリケーション) @Open Source Confer...
byTatsuya Watanabe
 
PPTX
【配信!Veeam情報局】バックアップ容量の最適化、ストレージ節約や拡張方法を解説!
by株式会社クライム
 
PPTX
DevAx::connect はじめました
by政雄 金森
 
PDF
Dockerセキュリティ: 今すぐ役に立つテクニックから,次世代技術まで
byAkihiro Suda
 
PDF
vRO Training Document
byMayank Goyal
 
PDF
Cloud spanner architecture and use cases
byGDG Cloud Bengaluru
 
PPT
Introduction to mongoDB
byCuelogic Technologies Pvt. Ltd.
 
PDF
Kongの概要と導入事例
bybriscola-tokyo
 
PDF
Introduction to spark
byDuyhai Doan
 
PDF
NewSQL overview, Feb 2015
byIvan Glushkov
 
ODP
Introduction to Apache Cassandra
byKnoldus Inc.
 
PDF
PGOを用いたPostgreSQL on Kubernetes入門(PostgreSQL Conference Japan 2022 発表資料)
byNTT DATA Technology & Innovation
 
PDF
Google Cloud ベストプラクティス:Google BigQuery 編 - 03 : パフォーマンスとコストの最適化
byGoogle Cloud Platform - Japan
 
PDF
Docker volume基礎/Project Longhorn紹介
byMasahito Zembutsu
 
PDF
Kubernetes Scheduler deep dive
byDONGJIN KIM
 
PPTX
AWSでのバースト ― GP2 T2 ご紹介資料
byRasmus Ekman
 
PPTX
大量のデータ処理や分析に使えるOSS Apache Sparkのご紹介(Open Source Conference 2020 Online/Kyoto ...
byNTT DATA Technology & Innovation
 
PPTX
The Basics of MongoDB
byvaluebound
 
PPTX
Bdd com cucumber + java + selenium
bySandy Maciel
 
PDF
コンテナ時代にインフラエンジニアは何をするのか
bygree_tech
 
PacemakerのMaster/Slave構成の基本と事例紹介(DRBD、PostgreSQLレプリケーション) @Open Source Confer...
byTatsuya Watanabe
 
【配信!Veeam情報局】バックアップ容量の最適化、ストレージ節約や拡張方法を解説!
by株式会社クライム
 
DevAx::connect はじめました
by政雄 金森
 
Dockerセキュリティ: 今すぐ役に立つテクニックから,次世代技術まで
byAkihiro Suda
 
vRO Training Document
byMayank Goyal
 
Cloud spanner architecture and use cases
byGDG Cloud Bengaluru
 
Introduction to mongoDB
byCuelogic Technologies Pvt. Ltd.
 
Kongの概要と導入事例
bybriscola-tokyo
 
Introduction to spark
byDuyhai Doan
 
NewSQL overview, Feb 2015
byIvan Glushkov
 
Introduction to Apache Cassandra
byKnoldus Inc.
 
PGOを用いたPostgreSQL on Kubernetes入門(PostgreSQL Conference Japan 2022 発表資料)
byNTT DATA Technology & Innovation
 
Google Cloud ベストプラクティス:Google BigQuery 編 - 03 : パフォーマンスとコストの最適化
byGoogle Cloud Platform - Japan
 
Docker volume基礎/Project Longhorn紹介
byMasahito Zembutsu
 
Kubernetes Scheduler deep dive
byDONGJIN KIM
 
AWSでのバースト ― GP2 T2 ご紹介資料
byRasmus Ekman
 
大量のデータ処理や分析に使えるOSS Apache Sparkのご紹介(Open Source Conference 2020 Online/Kyoto ...
byNTT DATA Technology & Innovation
 
The Basics of MongoDB
byvaluebound
 
Bdd com cucumber + java + selenium
bySandy Maciel
 
コンテナ時代にインフラエンジニアは何をするのか
bygree_tech
 

Similar to Windows Server and Docker - The Internals Behind Bringing Docker and Containers to Windows by Taylor Brown and John Starks

PDF
DockerCon EU 2015 - Windows Server Containers
byArnaud Porterie
 
PPTX
Windows Server Containers- How we hot here and architecture deep dive
byDocker, Inc.
 
PDF
Containerized Delivery on the Microsoft Stack
byCornell Knulst
 
PDF
Introduction to Containers - SQL Server and Docker
byChris Taylor
 
PPTX
[FDD 2016] Marek Śledziński - Microsoft Windows a sprawa kontenerów
byFuture Processing
 
PDF
Docker on Windows
byStefan Scherer
 
PPTX
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
byDocker, Inc.
 
PDF
SCUGBE_Lowlands_Unite_2017_Managing Windows Containers with Docker
byKenny Buntinx
 
PPTX
Deploying Windows Containers on Windows Server 2016
byBen Hall
 
PPTX
Windows server containers
bySri Kanth
 
PPTX
Windows server containers
bySri Kanth
 
PPTX
DockerCon17 - Beyond the backslash
byTaylor Brown
 
PPTX
Real dev ops with containers
byJulien Corioland
 
PPTX
Windows brings Docker Goodness - What does it mean for .NET developers?
byNaeem Sarfraz
 
PPTX
WinOps Conf 2016 - Richard Siddaway - DevOps With Nano Server and Windows Con...
byWinOps Conf
 
PPTX
Windows Containers
byEran Stiller
 
PDF
DockerDay2015: Microsoft and Docker
byDocker-Hanoi
 
PPTX
Windows server and docker
bygirish goudar
 
PPTX
Let's talk Windows Containers on Windows Server 2019
byStefan Scherer
 
PPTX
Advantage wvde containerization - june 2018
byJack Shaffer
 
DockerCon EU 2015 - Windows Server Containers
byArnaud Porterie
 
Windows Server Containers- How we hot here and architecture deep dive
byDocker, Inc.
 
Containerized Delivery on the Microsoft Stack
byCornell Knulst
 
Introduction to Containers - SQL Server and Docker
byChris Taylor
 
[FDD 2016] Marek Śledziński - Microsoft Windows a sprawa kontenerów
byFuture Processing
 
Docker on Windows
byStefan Scherer
 
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
byDocker, Inc.
 
SCUGBE_Lowlands_Unite_2017_Managing Windows Containers with Docker
byKenny Buntinx
 
Deploying Windows Containers on Windows Server 2016
byBen Hall
 
Windows server containers
bySri Kanth
 
Windows server containers
bySri Kanth
 
DockerCon17 - Beyond the backslash
byTaylor Brown
 
Real dev ops with containers
byJulien Corioland
 
Windows brings Docker Goodness - What does it mean for .NET developers?
byNaeem Sarfraz
 
WinOps Conf 2016 - Richard Siddaway - DevOps With Nano Server and Windows Con...
byWinOps Conf
 
Windows Containers
byEran Stiller
 
DockerDay2015: Microsoft and Docker
byDocker-Hanoi
 
Windows server and docker
bygirish goudar
 
Let's talk Windows Containers on Windows Server 2019
byStefan Scherer
 
Advantage wvde containerization - june 2018
byJack Shaffer
 

More from Docker, Inc.

PDF
Containerize Your Game Server for the Best Multiplayer Experience
byDocker, Inc.
 
PDF
How to Improve Your Image Builds Using Advance Docker Build
byDocker, Inc.
 
PDF
Build & Deploy Multi-Container Applications to AWS
byDocker, Inc.
 
PDF
Securing Your Containerized Applications with NGINX
byDocker, Inc.
 
PDF
How To Build and Run Node Apps with Docker and Compose
byDocker, Inc.
 
PDF
Hands-on Helm
byDocker, Inc.
 
PDF
Distributed Deep Learning with Docker at Salesforce
byDocker, Inc.
 
PDF
The First 10M Pulls: Building The Official Curl Image for Docker Hub
byDocker, Inc.
 
PDF
Monitoring in a Microservices World
byDocker, Inc.
 
PDF
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
byDocker, Inc.
 
PDF
Predicting Space Weather with Docker
byDocker, Inc.
 
PDF
Become a Docker Power User With Microsoft Visual Studio Code
byDocker, Inc.
 
PDF
How to Use Mirroring and Caching to Optimize your Container Registry
byDocker, Inc.
 
PDF
Monolithic to Microservices + Docker = SDLC on Steroids!
byDocker, Inc.
 
PDF
Kubernetes at Datadog Scale
byDocker, Inc.
 
PDF
Labels, Labels, Labels
byDocker, Inc.
 
PDF
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
byDocker, Inc.
 
PDF
Build & Deploy Multi-Container Applications to AWS
byDocker, Inc.
 
PDF
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
byDocker, Inc.
 
PDF
Developing with Docker for the Arm Architecture
byDocker, Inc.
 
Containerize Your Game Server for the Best Multiplayer Experience
byDocker, Inc.
 
How to Improve Your Image Builds Using Advance Docker Build
byDocker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
byDocker, Inc.
 
Securing Your Containerized Applications with NGINX
byDocker, Inc.
 
How To Build and Run Node Apps with Docker and Compose
byDocker, Inc.
 
Hands-on Helm
byDocker, Inc.
 
Distributed Deep Learning with Docker at Salesforce
byDocker, Inc.
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
byDocker, Inc.
 
Monitoring in a Microservices World
byDocker, Inc.
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
byDocker, Inc.
 
Predicting Space Weather with Docker
byDocker, Inc.
 
Become a Docker Power User With Microsoft Visual Studio Code
byDocker, Inc.
 
How to Use Mirroring and Caching to Optimize your Container Registry
byDocker, Inc.
 
Monolithic to Microservices + Docker = SDLC on Steroids!
byDocker, Inc.
 
Kubernetes at Datadog Scale
byDocker, Inc.
 
Labels, Labels, Labels
byDocker, Inc.
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
byDocker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
byDocker, Inc.
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
byDocker, Inc.
 
Developing with Docker for the Arm Architecture
byDocker, Inc.
 

Recently uploaded

PDF
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
PDF
MuleSoft Vibes is an AI-powered assistant
byVikalp Bhalia
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PPTX
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
PDF
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
PPTX
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
PDF
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PDF
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
PDF
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
PDF
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
PPTX
cybercrime in Information security .pptx
byismaeelsahib032
 
PPTX
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
PDF
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
DOCX
Cloud Security, Serverless Security. Cybersecurity
byEdcelPacayraDuena
 
PDF
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
PDF
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
MuleSoft Vibes is an AI-powered assistant
byVikalp Bhalia
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
cybercrime in Information security .pptx
byismaeelsahib032
 
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
Cloud Security, Serverless Security. Cybersecurity
byEdcelPacayraDuena
 
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 

Windows Server and Docker - The Internals Behind Bringing Docker and Containers to Windows by Taylor Brown and John Starks

  • 1.
    Windows Server andDocker The Internals Behind Bringing Docker and Containers to Windows John Starks & Taylor Brown Principal Leads in Windows
  • 2.
    Basics Architecture Porting Docker Agenda Shallow dive Namespaces Filesystem Base images Hyper-V Containers Two great things Better together
  • 3.
  • 4.
    Docker on Windows •Not “Docker for Windows” • Integration coming • Port of Docker Engine (not a fork) • Same remote API, same tools work on top (Compose, Swarm, etc.) • Built on new native container technology in Windows • Runs on Windows Server 2016 and on the latest Windows 10 • Runs Windows Server containers on Windows hosts • Doesn't run Linux containers • Available to try now • http://aka.ms/containers
  • 5.
  • 6.
    How? • New system-levelcontainer capabilities in Windows • Namespaces • Resource controls • Union file system • Adapted Docker to Windows • Adapted Windows to Docker
  • 7.
    Architecture In Linux containerd+ runc REST Interface libcontainerd graphlibnetwork plugins Control Groups cgroups Namespaces Pid, net, ipc, mnt, uts Layer Capabilities Union Filesystems AUFS, btrfs, vfs, zfs*, DeviceMapper Other OS Functionality Docker Client Docker Registry Docker Compose Docker Swarm
  • 8.
    Architecture In Windows RESTInterface libcontainerd graphlibnetwork plugins Control Groups Job objects Namespaces Object Namespace, Process Table, Networking Layer Capabilities Registry, Union like filesystem extensions Other OS Functionality Compute Service Docker Client Docker Registry Docker Compose Docker Swarm
  • 9.
    Compute Service • Publicinterface to containers • Replaces containerd on Windows • Manages running containers • Abstracts low-level capabilities • Language bindings available • C#: https://github.com/Microsoft/ dotnet-computevirtualization • Go: https://github.com/Microsoft/ hcsshim
  • 10.
  • 11.
    Host User Mode Container Management WindowsServer Containers System Processes Application Processes System Processes System Processes Application Processes
  • 12.
    Container contents • PublicWindows API delivered via DLLs, not syscalls • Lots of interdependencies • Highly dependent on system services running • RPC calls hidden in Win32 APIs • Automatically starts smss • init equivalent • Launches a variety of system services • No “FROM scratch”
  • 13.
    Base images • Distributedby Microsoft • Two options • windowsservercore: large (huge?), highly compatible • nanoserver: small, fast, smaller API surface • docker pull coming soon! • microsoft/windowsservercore • microsoft/nanoserver
  • 14.
  • 15.
    Namespaces • Silo: extensionto Windows Job object • Set of processes • Resource controls • New: set of namespaces • New namespace virtualization • Registry • Process IDs, sessions • Object namespace • File system • Network compartments
  • 16.
    Object namespace • System-levelnamespace, hidden from users • C:Windows maps to DosDevicesC:Windows • Contains all device entry points • DosDevicesC: • Registry • DeviceTcp • Silo can "chroot" to different object root • SilosfooDosDevicesC: • SilosbarDosDevicesC:
  • 17.
  • 18.
    File system • Windowsapplications expect NTFS semantics • Transactions, file IDs, USN journal • Building a full union FS with NTFS semantics is hard • Hybrid model • Virtual block device + NTFS partition per container • Symlinks to layers on host FS to keep block devices small
  • 19.
    Registry… Windows Registry •Basically a simple file system • Built a true union FS • Saves cloning a full set of registry hives per container
  • 20.
  • 21.
    Hyper-V Containers • Someworkloads need more isolation • Hostile multi-tenancy • Regulated workloads • Solution: transparently run each container in a VM! • (Mostly) invisible to both Docker and the user • docker run --isolation=hyperv • Hyper-V Containers are the default on Windows 10 • Images are the same
  • 22.
    Host User Mode Container Management WindowsServer Containers System Processes Application Processes System Processes System Processes Application Processes
  • 23.
    Hyper-V Containers Host UserMode Virtual Machine Specifically Optimized To Run a Container Container Management System Processes System Processes Application Processes
  • 24.
    Making it work •Small, stateless “utility VM” • Smallest Windows yet? • Writes not persisted • Storage attached via SMB • VMBus transport • File cache sharing • Networking attached via virtual NIC
  • 25.
    Cloning • Launching theutility VM takes time and memory • Do it once, freeze the result • Fork the VM for each new instance • Eliminates startup time • Shares memory
  • 26.
  • 27.

Editor's Notes

  • #6 * docker images * docker run --rm test cmd /c echo Hello DockerCon!
  • #15 * docker run -it --rm windowsservercore powershell get-process * docker run -it --rm nanoserver powershell get-process * Look at taskmgr
  • #18 * objdir \ * objdir \DosDevices * docker run -it --rm test cmd objdir \DosDevices
  • #27 * docker run --rm --isolation=hyperv test cmd /c echo Help, I'm trapped in a VM! * Run it again (should be faster) * docker run --rm -it --isolation=hyperv test cmd powershell get-process * Show taskmgr on host