This document discusses deploying Docker containers on Windows Server 2016. It provides an introduction to Docker and containers, explains how containers work on Windows, and demonstrates how to deploy common applications like IIS and ASP.NET within Windows containers. It also covers building Windows-based Docker images, running containers in production, and the future of containers on Windows platforms.

1. Deploying Docker Containers on Windows
Server 2016
@Ben_Hall
Ben@BenHall.me.uk
OcelotUproar.com / Katacoda.com

2. @Ben_Hall / Blog.BenHall.me.uk
Tech Support > Tester > Developer >
Founder
Software Development Studio
WHOAMI?

3. https://www.katacoda.com/

4. Agenda
• Introduction to Docker
• Windows Containers
• Deploying IIS / ASP.NET with Containers
• Running containers in Production
• Future

5. doger.io

7. https://www.docker.com/whatisdocker/
Container

8. Own Process Space
Own Network Interface
Own Root Directories
Sandboxed
Like a lightweight VM. But it’s not a VM.

9. Native CPU
Native Memory
Native IO
No Pre-Allocation
No Performance Overheard

10. Milliseconds to launch
Still fully isolated

11. Docker - An open platform for distributed
applications for developers and sysadmins.

12. Got us to agree on something!

14. Batteries included but removable

15. Linux cgroups & namespaces

17. > docker run –p 6379:6379 redis
_.-``__ ''-._
_.-`` `. `_. ''-._ Redis 3.0.3 (00000000/0) 64 bit
.-`` .-```. ```/ _.,_ ''-._
( ' , .-` | `, ) Running in standalone mode
|`-._`-...-` __...-.``-._|'` _.-'| Port: 6379
| `-._ `._ / _.-' | PID: 1
`-._ `-._ `-./ _.-' _.-'
|`-._`-._ `-.__.-' _.-'_.-'|
| `-._`-._ _.-'_.-' | http://redis.io
`-._ `-._`-.__.-'_.-' _.-'
|`-._`-._ `-.__.-' _.-'_.-'|
| `-._`-._ _.-'_.-' |
`-._ `-._`-.__.-'_.-' _.-'
`-._ `-.__.-' _.-'
`-._ _.-'
`-.__.-'
1:M 05 Nov 10:42:24.402 # Server started, Redis version 3.0.3
1:M 05 Nov 10:42:24.402 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition.
To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl
vm.overcommit_memory=1' for this to take effect.
1:M 05 Nov 10:42:24.402 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will
create latency and memory usage issues with Redis. To fix this issue run the command 'echo never >
/sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a
reboot. Redis must be restarted after THP is disabled.
1:M 05 Nov 10:42:24.403 # WARNING: The TCP backlog setting of 511 cannot be enforced because
/proc/sys/net/core/somaxconn is set to the lower value of 128.
1:M 05 Nov 10:42:24.403 * The server is now ready to accept connections on port 6379

18. RStudio
> docker run -d -p 8787:8787 rocker/rstudio

19. Windows?

20. Windows Server 2016
• Currently TP4
• TP5 is coming “very soon”
• RTM in Q3ish

21. Windows
Server Core
Windows
Nano
Windows
Containers
Windows
Hyper-V
Containers

22. Windows Containers
Windows Kernel
Windows Server 2016
SQL
Server
MSMQ
IIS /
ASP.NET
Docker Engine

23. Windows Hyper-V Containers
Windows Kernel
Windows Server 2016
SQL
Server
MSMQ
IIS /
ASP.NET
Windows Kernel
Windows Server 2016
Hyper-V
Docker Engine

25. Windows Server Core
• Nearly Win32 Compatiable
• Same behaviour of Windows
• Install all of the same tooling

26. Windows Nano
• Stripped down
• Smallest footprint
• 1/20th the size of Windows Server Core
• Only essential components
– Hyper-V, Clustering, Networking, Storage, .Net,
Core CLR

27. Windows Server Core => Ubuntu Linux
Windows Nano => Alpine Linux
Windows Server Core => Legacy Apps?
Windows Nano => Modern Apps?

28. Work In Progress
• https://msdn.microsoft.com/en-
us/virtualization/windowscontainers/about/w
ork_in_progress
• eg: Windows Containers cannot be
managed/interacted with through a RDP
session in TP4.

29. Installing Windows Containers

30. C:> Install-WindowsFeature containers
C:> wget https://aka.ms/tp4/docker -OutFile
$env:SystemRootsystem32docker.exe
C:> start-process nssm install

33. Microsoft

34. Windows Linux Subsystem
• Completely unrelated
• Maybe not in the future…

35. What is a Windows Docker
Image?

36. PS C:> docker images
REPOSITORY TAG IMAGE ID CREATED
windowsservercore 10.0.10586.0 6801d964fda5 2 weeks ago
windowsservercore latest 6801d964fda5 2 weeks ago
nanoserver 10.0.10586.0 8572198a60f1 2 weeks ago
nanoserver latest 8572198a60f1 2 weeks ago

37. PS C:> docker run -it
windowsservercore cmd
C:> dir
Users Program Files Windows etc
Thank you to https://msdn.microsoft.com/en-
us/virtualization/windowscontainers/quick_start/manage_docker

38. Building Windows based Docker
Images

39. PS C:> docker run -it
--name iisbase
windowsservercore cmd
[iisbase] C:>
Thank you to https://msdn.microsoft.com/en-
us/virtualization/windowscontainers/quick_start/manage_docker

40. PS C:> docker run -it
--name iisbase
windowsservercore cmd
C:> powershell.exe Install-WindowsFeature web-server
C:> exit
PS C:> docker commit iisbase
windowsservercoreiis
4193c9f34e320c4e2c52ec52550df225b2243927ed21f014fbfff3f
29474b090

41. Running Windows Container

42. PS C:> docker run -it
--name iisdemo -p 80:80
windowsservercoreiis cmd

43. docker commit is an anti-pattern
Use a Dockerfile

44. C:docker-iis> type Dockerfile
FROM windowsservercore:10.0.10586
RUN dism /online
/enable-feature
/all
/featurename:iis-webserver
/NoRestart

45. C:>docker build –t iis:10 c:docker-iis
C:> docker images
REPOSITORY TAG IMAGE ID CREATED
iis 10 as4w9c928829 9 seconds ago
windowsservercore 10.0.10586.0 6801d964fda5 2 weeks ago
windowsservercore latest 6801d964fda5 2 weeks ago
nanoserver 10.0.10586.0 8572198a60f1 2 weeks ago
nanoserver latest 8572198a60f1 2 weeks ago

46. C:SourceCodeApp> type Dockerfile
RUN echo "Hello World - Dockerfile" >
c:inetpubwwwrootindex.html

47. C:SourceCode> docker build –t app .
PS C:> docker images
REPOSITORY TAG IMAGE ID CREATED
app latest k23jjin423d 1 minutes ago
iis 10 as4w9c928829 9 minutes ago
windowsservercore 10.0.10586.0 6801d964fda5 2 weeks ago
windowsservercore latest 6801d964fda5 2 weeks ago
nanoserver 10.0.10586.0 8572198a60f1 2 weeks ago
nanoserver latest 8572198a60f1 2 weeks ago

48. PS C:> docker run –name -it -p 80:80 app cmd

49. PS C:> docker run –name -it -p 80:80 --
isolation=hyperv app cmd

50. Building Windows Nano image?
• Wait until TP5
> docker run --name iisnanobase -it -v c:share:c:iisinstall -
-isolation=hyperv nanoserver cmd
> docker commit iisnanobase nanoserveriis

51. Immutable
Disposable Container Pattern

52. Simplification of deployments via
automation

53. Jenkins
•Builds Docker
Image
Testing QA Production
Build Lifecycle

54. Powershell API
PS C:> Get-ContainerImage
Name Publisher Version IsOSImage
---- --------- ------- ---------
NanoServer CN=Microsoft 10.0.10584.1000 True
WindowsServerCore CN=Microsoft 10.0.10584.1000 True

55. PS C:> New-Container -ContainerImageName
WindowsServerCore -Name demo -
ContainerComputerName demo
Name State Uptime ParentImageName
---- ----- ------ ---------------
demo Off 00:00:00 WindowsServerCore

56. Persisting Data
> docker run –v <host-dir>:<container-dir> image
-v /opt/docker/elasticsearch:/data
-v /opt/docker/mysql:/var/lib/mysql
-v /docker/scrapbook/uploads:/app/public/uploads
-v $(PWD):/host
-v /var/log/syslog:/var/log/syslog

57. Users and Domains
• Local user accounts may be created and used for
running Windows services and applications in
containers
• Containers cannot join Active Directory domains,
and cannot run services or applications as
domain users, service accounts, or machine
accounts.
• "Microsoft are actively looking at solutions to
support these types of scenarios."

58. Difference to Docker on Linux

59. Docker Images will behave as expected
• Linux Manifest
• Windows Manifest
• ARM Manifest
• Future IoT thing Manifest
• docker pull redis
– Image pulled depends on Docker Engine

60. What’s happening under the
covers?

61. Linux / Windows
• Linux has cgroups and namespaces
– cgroups – How much access/resources do I have?
– namespaces – What can I see?
• Windows wanted this in the Kernel
• Prototype was called Drawbridge
• Server 2016 Kernel brings in the new
cgroups/namespaces
• Microsoft reached out to Docker to partner

63. Security?

64. What about developers?

66. Running Containers in
Production

69. Bin Packing Pattern

70. Mesosphere DC/OS
Powering Azure Container Service

71. Host Fingerprinting
• Constraints based deployment
• Container is based on Nano Server, within
cluster, deploy to server capable of running
Nano Server (ie. Windows Server 2016)

72. The Future?

74. SQL Server as a Container

75. Visual Studio as a Container?

76. Everything as a Container

77. Deploy Anywhere

78. Resources
• https://channel9.msdn.com/Blogs/containers
• https://aka.ms/containers

79. www.katacoda.com

81. Summary
• Docker and Containers have changed how Linux
processes are managed
• Real container support coming to Windows
Kernel
• Automation will be easier
• Better ROI and cluster management

82. Thank you!
@Ben_Hall
Ben@BenHall.me.uk
Blog.BenHall.me.uk
www.Katacoda.com
Questions / Beer?