Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Windows Server and Docker
The Internals Behind Bringing Docker and Containers to Windows
John Starks &
Taylor Brown
Princi...
Basics
Architecture
Porting Docker
Agenda
Shallow dive
Namespaces
File system
Base images
Hyper-V Containers
Two great thi...
Back to basics
Docker on Windows
• Not “Docker for Windows”
• Integration coming
• Port of Docker Engine (not a fork)
• Same remote API, ...
Demo!
How?
• New system-level container capabilities in Windows
• Namespaces
• Resource controls
• Union file system
• Adapted D...
Architecture In Linux
containerd + runc
REST Interface
libcontainerd graphlibnetwork plugins
Control Groups
cgroups
Namesp...
Architecture In Windows
REST Interface
libcontainerd graphlibnetwork plugins
Control Groups
Job objects
Namespaces
Object ...
Compute Service
• Public interface to containers
• Replaces containerd on Windows
• Manages running containers
• Abstracts...
Architecture
Windows Server Containers
Host User Mode
Container
Management
Windows Server Containers
System
Processes
Application
Processes
System
Processes
Syst...
Container contents
• Public Windows API delivered via DLLs, not syscalls
• Lots of interdependencies
• Highly dependent on...
Base images
• Distributed by Microsoft
• Two options
• windowsservercore: large (huge?), highly compatible
• nanoserver: s...
Demo!
Namespaces
• Silo: extension to Windows Job object
• Set of processes
• Resource controls
• New: set of namespaces
• New n...
Object namespace
• System-level namespace, hidden from users
• C:Windows maps to DosDevicesC:Windows
• Contains all device...
Demo!
File system
• Windows applications expect NTFS semantics
• Transactions, file IDs, USN journal
• Building a full union FS ...
Registry… Windows Registry
• Basically a simple file system
• Built a true union FS
• Saves cloning a full set of registry...
Architecture
Hyper-V Containers
Hyper-V Containers
• Some workloads need more isolation
• Hostile multi-tenancy
• Regulated workloads
• Solution: transpar...
Host User Mode
Container
Management
Windows Server Containers
System
Processes
Application
Processes
System
Processes
Syst...
Hyper-V Containers
Host User Mode Virtual Machine
Specifically Optimized To Run a Container
Container
Management
System
Pr...
Making it work
• Small, stateless “utility VM”
• Smallest Windows yet?
• Writes not persisted
• Storage attached via SMB
•...
Cloning
• Launching the utility VM takes time and memory
• Do it once, freeze the result
• Fork the VM for each new instan...
Demo!
Thank you!
Upcoming SlideShare
Loading in …5
×

Windows Server and Docker - The Internals Behind Bringing Docker and Containers to Windows by Taylor Brown and John Starks

8,762 views

Published on

Docker leverages capabilities in Linux like namespaces and cgroups to enable containers and then builds tooling on top to enable users to build distributed apps. A common question is "What about Docker support for Windows?" In this session the Windows engineering leads will dive deep into the primitives within Windows to enable an awesome Docker experience on Windows. This session will also include a live demo of Docker and Windows Server.

Published in: Technology
  • Be the first to comment

Windows Server and Docker - The Internals Behind Bringing Docker and Containers to Windows by Taylor Brown and John Starks

  1. 1. Windows Server and Docker The Internals Behind Bringing Docker and Containers to Windows John Starks & Taylor Brown Principal Leads in Windows
  2. 2. Basics Architecture Porting Docker Agenda Shallow dive Namespaces File system Base images Hyper-V Containers Two great things Better together
  3. 3. Back to basics
  4. 4. Docker on Windows • Not “Docker for Windows” • Integration coming • Port of Docker Engine (not a fork) • Same remote API, same tools work on top (Compose, Swarm, etc.) • Built on new native container technology in Windows • Runs on Windows Server 2016 and on the latest Windows 10 • Runs Windows Server containers on Windows hosts • Doesn't run Linux containers • Available to try now • http://aka.ms/containers
  5. 5. Demo!
  6. 6. How? • New system-level container capabilities in Windows • Namespaces • Resource controls • Union file system • Adapted Docker to Windows • Adapted Windows to Docker
  7. 7. Architecture In Linux containerd + runc REST Interface libcontainerd graphlibnetwork plugins Control Groups cgroups Namespaces Pid, net, ipc, mnt, uts Layer Capabilities Union Filesystems AUFS, btrfs, vfs, zfs*, DeviceMapper Other OS Functionality Docker Client Docker Registry Docker Compose Docker Swarm
  8. 8. Architecture In Windows REST Interface libcontainerd graphlibnetwork plugins Control Groups Job objects Namespaces Object Namespace, Process Table, Networking Layer Capabilities Registry, Union like filesystem extensions Other OS Functionality Compute Service Docker Client Docker Registry Docker Compose Docker Swarm
  9. 9. Compute Service • Public interface to containers • Replaces containerd on Windows • Manages running containers • Abstracts low-level capabilities • Language bindings available • C#: https://github.com/Microsoft/ dotnet-computevirtualization • Go: https://github.com/Microsoft/ hcsshim
  10. 10. Architecture Windows Server Containers
  11. 11. Host User Mode Container Management Windows Server Containers System Processes Application Processes System Processes System Processes Application Processes
  12. 12. Container contents • Public Windows API delivered via DLLs, not syscalls • Lots of interdependencies • Highly dependent on system services running • RPC calls hidden in Win32 APIs • Automatically starts smss • init equivalent • Launches a variety of system services • No “FROM scratch”
  13. 13. Base images • Distributed by Microsoft • Two options • windowsservercore: large (huge?), highly compatible • nanoserver: small, fast, smaller API surface • docker pull coming soon! • microsoft/windowsservercore • microsoft/nanoserver
  14. 14. Demo!
  15. 15. Namespaces • Silo: extension to Windows Job object • Set of processes • Resource controls • New: set of namespaces • New namespace virtualization • Registry • Process IDs, sessions • Object namespace • File system • Network compartments
  16. 16. Object namespace • System-level namespace, hidden from users • C:Windows maps to DosDevicesC:Windows • Contains all device entry points • DosDevicesC: • Registry • DeviceTcp • Silo can "chroot" to different object root • SilosfooDosDevicesC: • SilosbarDosDevicesC:
  17. 17. Demo!
  18. 18. File system • Windows applications expect NTFS semantics • Transactions, file IDs, USN journal • Building a full union FS with NTFS semantics is hard • Hybrid model • Virtual block device + NTFS partition per container • Symlinks to layers on host FS to keep block devices small
  19. 19. Registry… Windows Registry • Basically a simple file system • Built a true union FS • Saves cloning a full set of registry hives per container
  20. 20. Architecture Hyper-V Containers
  21. 21. Hyper-V Containers • Some workloads need more isolation • Hostile multi-tenancy • Regulated workloads • Solution: transparently run each container in a VM! • (Mostly) invisible to both Docker and the user • docker run --isolation=hyperv • Hyper-V Containers are the default on Windows 10 • Images are the same
  22. 22. Host User Mode Container Management Windows Server Containers System Processes Application Processes System Processes System Processes Application Processes
  23. 23. Hyper-V Containers Host User Mode Virtual Machine Specifically Optimized To Run a Container Container Management System Processes System Processes Application Processes
  24. 24. Making it work • Small, stateless “utility VM” • Smallest Windows yet? • Writes not persisted • Storage attached via SMB • VMBus transport • File cache sharing • Networking attached via virtual NIC
  25. 25. Cloning • Launching the utility VM takes time and memory • Do it once, freeze the result • Fork the VM for each new instance • Eliminates startup time • Shares memory
  26. 26. Demo!
  27. 27. Thank you!

×