How do Windows containers and Windows Server 2016 Hyper-V containers differ?

For starters, let’s deal with the question: What are containers? (No, we are not talking about something to store your rock collection in!) Containers constitute an OS virtualization and application-delivery technology that provides you the ability to set up a resource-controlled, portable, and isolated operating environment.

In essence, containers are similar to virtual machines or physical systems. The key difference between virtual machines and container technology is that container technology allows a container host to use common shared resources for several containers, which are not fully self-contained.

Containers are used to set up isolated environments where select applications can be executed without impacting the rest of the system. They make up the next step in the evolution of virtualization technology. Containers provide OS-level virtualization capabilities that allow for multiple isolated applications to be operated on one system.

Windows container architecture

What a container provides is a complete dependency for an application in terms of the runtimes, libraries, middleware, and the OS requirements. Each of these dependencies is packaged and runs in its own separate user-mode container, thus achieving complete isolation from other applications that might have the potential to cause incompatibility issues when run at the same time. Each such application has its own view of the registry, file system, and even network addresses.

How do containers operate?

Once again, it is critical to emphasize that there are indeed several similarities between a container and a virtual machine. Just a like a virtual or physical computer system, a container also has a file system, runs an operating system, and can be accessed over the network. But there are significant differences in the technology. Here are some of the key elements of container technology:

  • Container host: The virtual or physical computer system that is configured using the related Windows Container feature.
  • Container OS image: The general formula is that containers are always deployed using images. The container OS image is only the first layer in what could potentially be several image layers that make up the container. This particular image is the one that provides the complete specifications for the OS environment.
  • Container image: The container image contains, embedded within itself, the base OS, the application, and all the application dependencies that are required to rapidly complete the deployment of a container.
  • Container registry: All the container images are stored in a specific container registry and can be downloaded from there, whenever required or needed.
  • Dockerfile: Dockerfiles are used in order to complete the automation of the process related to the creation of container images.

What are the different types of containers within Windows?

Different types of containers within Windows

There are two distinct types of containers or runtimes with Windows containers:

  • Windows server containers provide application isolation through namespace and process-isolation technology. What a Windows server container does is that it shares a kernel with the specific container host in question and, in fact, all the containers running on that host.
  • Hyper-V containers expand on the isolation capability provided by the Windows Server containers by providing the ability to run each container within a lightweight virtual machine. In this specific configuration, the kernel in the container is not shared for operation with the other Hyper-V containers.

How do Windows containers differ from Hyper-V containers?

Windows containers operate in a manner similar to Linux containers, with each containerized application running in its own user mode and an isolated container on a shared host operating system.

Various containers may use the same libraries. It is also to be noted that whereas an application can have a dependency on a particular version of an OS, this must exactly match the version of the host OS. Multiple versions of the OS are not possible owing to the fact that they all share a common OS and kernel.

Disadvantages of Windows containers

There are a couple of key challenges with Windows containers that could lead to problems in specific environments.

  • Lack of sufficient isolation, given the fact that the isolation is at a user mode level — in other words, a shared kernel. This opens up attack points in a multi-tenant environment whereby a bad tenant (no, this has nothing to do with that noisy neighbor above you) can attempt to utilize the shared kernel to attack other containers.
  • There is a definite dependency on the version of the host OS and patch level that can cause problems when a patch is deployed onto the host. This can lead to the application being broken.

Advantages of Hyper-V containers

The key advantage with Hyper-V containers is that they use the application-defined base image and create a virtual machine using that base image. The virtual machine encapsulates the libraries, binaries, and the actual application inside a Windows container. Windows containers are still used inside the VM, with the only key difference being that the Windows container is now being run inside another Hyper-V container. This provides the necessary kernel isolation for the host patch from the application.

While the application is containerized using a Windows container structure, the actual level of isolation is chosen at the time of deployment by opting for either a Hyper-V or a Windows container. Multiple Hyper-V containers can utilize a common base image with no need for any manual VM management.

Docker platform for Windows Server 2016

Docker is a popular management layer and standard repository for all the native container functionality within the Linux OS. With Windows Server 2016, container-related capabilities have been completely brought into Windows Server. Windows Server 2016 provides integration with Docker for both types of containers, Windows containers and Hyper-V containers.

Docker and Microsoft are in a partnership that allows them to bring the portability, agility, and security-related benefits of the Docker container platform to all editions of Windows Server 2016. The Docker Engine brings you comprehensive container-related capability to native Windows applications and also expands the toolset available for IT professionals and traditional Linux developers.

What does the Microsoft Docker partnership bring you?

The partnership between Microsoft and Docker gives you a leading-edge platform on which to build, run, and ship distributed applications in the cloud or on premise. The platform supports both the Linux and Windows operating systems.


About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top