Embracing And Extending With Docker Containers

It is still early days in the software container revolution, and Microsoft is working as fast as it can to be able to leverage Docker containers and minimalist operating systems to make its Windows Server stack competitive with other platforms. Linux has the jump start when it comes to creating modern, distributed applications, being open source and supporting various container technologies, including Docker, CoreOS rkt, and LXC Linux containers, and Red Hat is moving to aggressively commercialize its own minimalist Linux, called Atomic Host, and the Kubernetes container control system open sourced by Google.

Microsoft is also up against its server virtualization foe, VMware, in the race to support Docker and offer a minimalist operating system for containerized applications. VMware is going so far as to create its own minimalist Linux, called Project Photon, and opening it up to foster more widespread adoption, and it is also cooking up a clever implementation of its virtual machines for its ESXi hypervisor, called Project Bonneville, that makes a minimalist ESXi VM look and behave like a Docker container. The combination of Photon and Bonneville could be pretty powerful, and Microsoft knows that. Photon has a memory footprint of about 25 MB compared to around 3 GB for a full-blown Linux operating system; Microsoft has not given out specs for Nano Server, its future minimalist version of Windows Server, but has demonstrated a single host with 160 cores and 1 TB of memory can run up to 1,000 Nano Server instances on a Hyper-V hypervisor riding atop Nano Server itself – which implies it is very lightweight indeed. (If you do the math, that is something less than 1 GB of memory per instance, which is nowhere near as skinny as 25 MB, of course.)

VMware beat Microsoft to the server virtualization punch on X86 iron and built a $6 billion powerhouse with over 500,000 customers and maybe as many as 50 million virtual machines on many millions of servers worldwide. It has much to protect and is working as aggressively as Microsoft to catch the software container wave. VMware is adopting the tactics and strategies of the open source community – and sometimes literally the technologies like Docker and OpenStack – to allow its enterprise customer base to embrace these new technologies without having to abandon their core VMware technologies. This strategy is, of course, exactly the same one that Microsoft has employed since it entered the datacenter with Windows NT Server more than two decades ago, and one that it is continuing with its strategy for Docker containers and minimalist

There is a lot at stake for Microsoft and VMware, and everything to gain for Docker, which has quickly become the containerizing system of choice and, whether rivals like it or not, the one that is setting the pace when it comes to evolving – and much needed – container standards.

The thing to remember is that Microsoft has plenty of experience running distributed applications at hyperscale, thanks to its Azure cloud and the various services like Office365 and Xbox Live that it runs as part of its software empire. The minimalist Nano Server implementation of Windows Server 2016, which was unveiled back in April as part of Microsoft’s Docker plans, is a key element of this strategy. With Nano Server, Microsoft is taking the Server Core variant of its server operating system and excises a whole bunch of stuff, including 32-bit application support, the Minimal Server Interface and the entire graphical user interface stack, the Windows Installer Service, and the local and Remote Desktop Protocol logon features. To characterize its size, said back in the spring that Nano Server would have a 93 percent smaller footprint than Windows Server stored in a VHD virtual disk image as well as 92 percent fewer critical security bulletins and 80 percent fewer reboots. (You can see a review of the initial Nano Server test run by our sister publication The Register here.)

Nano Server has been in technical preview for some time, but in the third technical preview of Windows Server 2016, announced this week, Microsoft is showing off its Windows Server Containers implementation of Docker for the first time. Microsoft is embedding the same Docker Engine daemon that is used on Linux platforms inside of Windows Server 2016 and adding features into the Windows kernel to support it. Just to avoid confusion, this does not mean that Windows can run Linux-based Docker images. It just means the exact same processes to create and run Docker containers on Linux are now available on Windows. To put this in plain English, Docker won’t know or care if it is running on Windows or Linux the way to code is being implemented. Which seems to be correctly, thankfully.

Microsoft has had to modify about 180,000 lines of Windows Server code to do this, which is a small fraction of the code base. Microsoft has been adding low-level resource isolation abstractions, akin to the namespaces and cgroups that Google helped the Linux community develop, for the Windows Server kernel, which underpin the Docker containers on the Windows platform. The company has also tweaked its Visual Studio tools (both the on-premises and online versions) so they can create ASP.NET applications and fire them up in Windows Server Containers (Microsoft’s term for Docker containers) on the Azure public cloud. These containers can be managed using the Docker client, created by Docker, or PowerShell, the scripting launched created by Microsoft for the Windows platform.

Microsoft is promising that a future technical preview of Windows Server 2016 will further round out its Docker support with the release of Hyper-V Containers, which run Docker containers inside of a streamlined Hyper-V VM.

As Mark Russinovich, the chief technology officer for Azure, explains in a blog post, Hyper-V containers will have their own copy of the Windows kernel and have their own block of system memory assigned to them, providing for more isolation in containerized environments than the Windows Software Containers approach does. Both Windows Software Containers and Hyper-V containers will be deployable and controllable using the same Docker APIs and the Docker client. Again, they will look functionally equivalent as far as containerized software is concerned, but they will have different levels of resource isolation, security, startup speed, memory footprint, and other kinds of overhead.

Docker Is In the Driver’s Seat

Presumably, Microsoft already has lots of experience in using both types of containers internally on its Azure cloud. That is one of the things we want to talk to the software giant about. It would be interesting to know how Microsoft is using such technology and managing it internally. For Azure customers, Microsoft is allowing customers to use Mesos, Kubernetes, and Deis tools to manage Docker containers, and Azure also has hooks for the Docker Compose and Swarm container deployment and management tools. Most of the 180,000 containers in the DockerHub repository are aimed at Linux instances, and it will be interesting to see how rapidly the Windows repository grows once Windows Server 2016 is delivered. There is an installed base of several tens of millions of Windows servers worldwide that will be driving this.

Support for Docker in the myriad ways that Microsoft is offering is likely to be one of the strongest reasons why customers will upgrade to Windows Server 2016. To be sure, there are always some customers who need more memory capacity or more cores, a fatter hypervisor, or what have you. But for the vast majority of workloads out there today, the scalability of Windows Server 2012 is probably more than sufficient. So if you are wondering why Microsoft seems so gung-ho about Docker containers, there is your reason. Docker will not only keep Windows Server competitive in a DevOps, microservices world, but give customers a reason to move to a new OS and perhaps expand their Windows Server footprint. Or, at the very least, not shrink it by moving new applications to Linux.

VMware is enthusiastically embracing Docker for precisely the same reasons. The ESXi 6.0 hypervisor provides enough scalability for most customers, and so do the VMs that ride on top of it. And while VMware can talk all day long about the software-defined datacenter, most companies are not ready to fully embrace its NSX network virtualization and its vRealize cloud tools. The penetration of these in the VMware base is very low, even if they are growing. While VMware might have been thinking that the next logical thing for its 500,000 customers to do would be to virtualize their networking with NSX, it looks like what companies really want to do is kick their software development and deployment into hyperscale with Docker.

We think that both Microsoft and VMware will work very hard to keep their customer bases through aggressive Docker support. And if they don’t, then the Linux community will and both will lose market and revenue share.