SlideShare una empresa de Scribd logo

Windows Server and Docker - The Internals Behind Bringing Docker and Containers to Windows by Taylor Brown and John Starks

Descargar como PPTX, PDF
Docker, Inc.
Docker, Inc.

Docker leverages capabilities in Linux like namespaces and cgroups to enable containers and then builds tooling on top to enable users to build distributed apps. A common question is "What about Docker support for Windows?" In this session the Windows engineering leads will dive deep into the primitives within Windows to enable an awesome Docker experience on Windows. This session will also include a live demo of Docker and Windows Server.

Tecnología
1 de 27
Windows Server and Docker The Internals Behind Bringing Docker and Containers to Windows John Starks & Taylor Brown Principal Leads in Windows
Basics Architecture Porting Docker Agenda Shallow dive Namespaces File system Base images Hyper-V Containers Two great things Better together
Back to basics
Docker on Windows • Not “Docker for Windows” • Integration coming • Port of Docker Engine (not a fork) • Same remote API, same tools work on top (Compose, Swarm, etc.) • Built on new native container technology in Windows • Runs on Windows Server 2016 and on the latest Windows 10 • Runs Windows Server containers on Windows hosts • Doesn't run Linux containers • Available to try now • http://aka.ms/containers
Demo!
How? • New system-level container capabilities in Windows • Namespaces • Resource controls • Union file system • Adapted Docker to Windows • Adapted Windows to Docker
Architecture In Linux containerd + runc REST Interface libcontainerd graphlibnetwork plugins Control Groups cgroups Namespaces Pid, net, ipc, mnt, uts Layer Capabilities Union Filesystems AUFS, btrfs, vfs, zfs*, DeviceMapper Other OS Functionality Docker Client Docker Registry Docker Compose Docker Swarm
Architecture In Windows REST Interface libcontainerd graphlibnetwork plugins Control Groups Job objects Namespaces Object Namespace, Process Table, Networking Layer Capabilities Registry, Union like filesystem extensions Other OS Functionality Compute Service Docker Client Docker Registry Docker Compose Docker Swarm
Compute Service • Public interface to containers • Replaces containerd on Windows • Manages running containers • Abstracts low-level capabilities • Language bindings available • C#: https://github.com/Microsoft/ dotnet-computevirtualization • Go: https://github.com/Microsoft/ hcsshim
Architecture Windows Server Containers
Host User Mode Container Management Windows Server Containers System Processes Application Processes System Processes System Processes Application Processes
Container contents • Public Windows API delivered via DLLs, not syscalls • Lots of interdependencies • Highly dependent on system services running • RPC calls hidden in Win32 APIs • Automatically starts smss • init equivalent • Launches a variety of system services • No “FROM scratch”
Base images • Distributed by Microsoft • Two options • windowsservercore: large (huge?), highly compatible • nanoserver: small, fast, smaller API surface • docker pull coming soon! • microsoft/windowsservercore • microsoft/nanoserver
Demo!
Namespaces • Silo: extension to Windows Job object • Set of processes • Resource controls • New: set of namespaces • New namespace virtualization • Registry • Process IDs, sessions • Object namespace • File system • Network compartments
Object namespace • System-level namespace, hidden from users • C:Windows maps to DosDevicesC:Windows • Contains all device entry points • DosDevicesC: • Registry • DeviceTcp • Silo can "chroot" to different object root • SilosfooDosDevicesC: • SilosbarDosDevicesC:
Demo!
File system • Windows applications expect NTFS semantics • Transactions, file IDs, USN journal • Building a full union FS with NTFS semantics is hard • Hybrid model • Virtual block device + NTFS partition per container • Symlinks to layers on host FS to keep block devices small
Registry… Windows Registry • Basically a simple file system • Built a true union FS • Saves cloning a full set of registry hives per container
Architecture Hyper-V Containers
Hyper-V Containers • Some workloads need more isolation • Hostile multi-tenancy • Regulated workloads • Solution: transparently run each container in a VM! • (Mostly) invisible to both Docker and the user • docker run --isolation=hyperv • Hyper-V Containers are the default on Windows 10 • Images are the same
Host User Mode Container Management Windows Server Containers System Processes Application Processes System Processes System Processes Application Processes
Hyper-V Containers Host User Mode Virtual Machine Specifically Optimized To Run a Container Container Management System Processes System Processes Application Processes
Making it work • Small, stateless “utility VM” • Smallest Windows yet? • Writes not persisted • Storage attached via SMB • VMBus transport • File cache sharing • Networking attached via virtual NIC
Cloning • Launching the utility VM takes time and memory • Do it once, freeze the result • Fork the VM for each new instance • Eliminates startup time • Shares memory
Demo!
Thank you!

Recomendados

Docker swarm
Docker swarmDocker swarm
Docker swarm
Alberto Guimarães Viana
 
Weblogic
WeblogicWeblogic
Weblogic
sudeeporcl
 
Introduction to Nexus Repository Manager.pdf
Introduction to Nexus Repository Manager.pdfIntroduction to Nexus Repository Manager.pdf
Introduction to Nexus Repository Manager.pdf
Knoldus Inc.
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s Vault
AWS Germany
 
Kubernetes #1 intro
Kubernetes #1 introKubernetes #1 intro
Kubernetes #1 intro
Terry Cho
 
OpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleOpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image Lifecycle
Mihai Criveti
 
IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with Ansible
Rayed Alrashed
 
Apache Camel - The integration library
Apache Camel - The integration libraryApache Camel - The integration library
Apache Camel - The integration library
Claus Ibsen
 

Recomendados

Docker swarm
Docker swarmDocker swarm
Docker swarm
Alberto Guimarães Viana
 
Weblogic
WeblogicWeblogic
Weblogic
sudeeporcl
 
Introduction to Nexus Repository Manager.pdf
Introduction to Nexus Repository Manager.pdfIntroduction to Nexus Repository Manager.pdf
Introduction to Nexus Repository Manager.pdf
Knoldus Inc.
 
Secret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s VaultSecret Management with Hashicorp’s Vault
Secret Management with Hashicorp’s Vault
AWS Germany
 
Kubernetes #1 intro
Kubernetes #1 introKubernetes #1 intro
Kubernetes #1 intro
Terry Cho
 
OpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image LifecycleOpenShift Virtualization - VM and OS Image Lifecycle
OpenShift Virtualization - VM and OS Image Lifecycle
Mihai Criveti
 
IT Automation with Ansible
IT Automation with AnsibleIT Automation with Ansible
IT Automation with Ansible
Rayed Alrashed
 
Apache Camel - The integration library
Apache Camel - The integration libraryApache Camel - The integration library
Apache Camel - The integration library
Claus Ibsen
 
Leveraging Nexus Repository Manager at the Heart of DevOps
Leveraging Nexus Repository Manager at the Heart of DevOpsLeveraging Nexus Repository Manager at the Heart of DevOps
Leveraging Nexus Repository Manager at the Heart of DevOps
SeniorStoryteller
 
Jenkins tutorial
Jenkins tutorialJenkins tutorial
Jenkins tutorial
HarikaReddy115
 
Designing a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd productsDesigning a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd products
Julian Mazzitelli
 
Monitoring Kubernetes with Prometheus
Monitoring Kubernetes with PrometheusMonitoring Kubernetes with Prometheus
Monitoring Kubernetes with Prometheus
Grafana Labs
 
Red Hat Ansible 적용 사례
Red Hat Ansible 적용 사례Red Hat Ansible 적용 사례
Red Hat Ansible 적용 사례
Opennaru, inc.
 
Prometheus - basics
Prometheus - basicsPrometheus - basics
Prometheus - basics
Juraj Hantak
 
Vagrant
VagrantVagrant
Vagrant
Evans Ye
 
Jfrog artifactory as private docker registry
Jfrog artifactory as private docker registryJfrog artifactory as private docker registry
Jfrog artifactory as private docker registry
Vipin Mandale
 
Prometheus 101
Prometheus 101Prometheus 101
Prometheus 101
Paul Podolny
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
Imesh Gunaratne
 
Ansible
AnsibleAnsible
Ansible
Rahul Bajaj
 
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...
Vietnam Open Infrastructure User Group
 
Hypervisors
HypervisorsHypervisors
Hypervisors
SrikantMishra12
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
Aditya Konarde
 
Docker Advanced registry usage
Docker Advanced registry usageDocker Advanced registry usage
Docker Advanced registry usage
Docker, Inc.
 
6. Live VM migration
6. Live VM migration6. Live VM migration
6. Live VM migration
Hwanju Kim
 
An Introduction To Jenkins
An Introduction To JenkinsAn Introduction To Jenkins
An Introduction To Jenkins
Knoldus Inc.
 
General introduction to intellij idea
General introduction to intellij ideaGeneral introduction to intellij idea
General introduction to intellij idea
Yusup
 
Cloud Monitoring with Prometheus
Cloud Monitoring with PrometheusCloud Monitoring with Prometheus
Cloud Monitoring with Prometheus
QAware GmbH
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
Peng Xiao
 
Containerized Delivery on the Microsoft Stack
Containerized Delivery on the Microsoft StackContainerized Delivery on the Microsoft Stack
Containerized Delivery on the Microsoft Stack
Cornell Knulst
 
Docker Dojo
Docker DojoDocker Dojo
Docker Dojo
Hugo González Labrador
 

Más contenido relacionado

La actualidad más candente

An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
Imesh Gunaratne
 
General introduction to intellij idea
General introduction to intellij ideaGeneral introduction to intellij idea
General introduction to intellij idea
Yusup
 

La actualidad más candente (20)

Leveraging Nexus Repository Manager at the Heart of DevOps
Leveraging Nexus Repository Manager at the Heart of DevOpsLeveraging Nexus Repository Manager at the Heart of DevOps
Leveraging Nexus Repository Manager at the Heart of DevOps
 
Jenkins tutorial
Jenkins tutorialJenkins tutorial
Jenkins tutorial
 
Designing a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd productsDesigning a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd products
 
Monitoring Kubernetes with Prometheus
Monitoring Kubernetes with PrometheusMonitoring Kubernetes with Prometheus
Monitoring Kubernetes with Prometheus
 
Red Hat Ansible 적용 사례
Red Hat Ansible 적용 사례Red Hat Ansible 적용 사례
Red Hat Ansible 적용 사례
 
Prometheus - basics
Prometheus - basicsPrometheus - basics
Prometheus - basics
 
Vagrant
VagrantVagrant
Vagrant
 
Jfrog artifactory as private docker registry
Jfrog artifactory as private docker registryJfrog artifactory as private docker registry
Jfrog artifactory as private docker registry
 
Prometheus 101
Prometheus 101Prometheus 101
Prometheus 101
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
 
Ansible
AnsibleAnsible
Ansible
 
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...
 
Hypervisors
HypervisorsHypervisors
Hypervisors
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
Docker Advanced registry usage
Docker Advanced registry usageDocker Advanced registry usage
Docker Advanced registry usage
 
6. Live VM migration
6. Live VM migration6. Live VM migration
6. Live VM migration
 
An Introduction To Jenkins
An Introduction To JenkinsAn Introduction To Jenkins
An Introduction To Jenkins
 
General introduction to intellij idea
General introduction to intellij ideaGeneral introduction to intellij idea
General introduction to intellij idea
 
Cloud Monitoring with Prometheus
Cloud Monitoring with PrometheusCloud Monitoring with Prometheus
Cloud Monitoring with Prometheus
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 

Similar a Windows Server and Docker - The Internals Behind Bringing Docker and Containers to Windows by Taylor Brown and John Starks

Docker
DockerDocker
Docker
Codeister Technolgoies
 
Michigan IT Symposium 2017 - Container BOF
Michigan IT Symposium 2017 - Container BOFMichigan IT Symposium 2017 - Container BOF
Michigan IT Symposium 2017 - Container BOF
Jeffrey Sica
 
Intro Docker october 2013
Intro Docker october 2013Intro Docker october 2013
Intro Docker october 2013
dotCloud
 
Windows Server Containers- How we hot here and architecture deep dive
Windows Server Containers- How we hot here and architecture deep diveWindows Server Containers- How we hot here and architecture deep dive
Windows Server Containers- How we hot here and architecture deep dive
Docker, Inc.
 
Intro to Docker October 2013
Intro to Docker October 2013Intro to Docker October 2013
Intro to Docker October 2013
Docker, Inc.
 

Similar a Windows Server and Docker - The Internals Behind Bringing Docker and Containers to Windows by Taylor Brown and John Starks (20)

Containerized Delivery on the Microsoft Stack
Containerized Delivery on the Microsoft StackContainerized Delivery on the Microsoft Stack
Containerized Delivery on the Microsoft Stack
 
Docker Dojo
Docker DojoDocker Dojo
Docker Dojo
 
Developer workflow with docker
Developer workflow with dockerDeveloper workflow with docker
Developer workflow with docker
 
Docker.pptx
Docker.pptxDocker.pptx
Docker.pptx
 
Containers and Cloud: From LXC to Docker to Kubernetes
Containers and Cloud: From LXC to Docker to KubernetesContainers and Cloud: From LXC to Docker to Kubernetes
Containers and Cloud: From LXC to Docker to Kubernetes
 
Docker
DockerDocker
Docker
 
Docker - Hack Salem! - November 2014
Docker - Hack Salem! - November 2014Docker - Hack Salem! - November 2014
Docker - Hack Salem! - November 2014
 
From VMs to Containers: Introducing Docker Containers for Linux and Windows S...
From VMs to Containers: Introducing Docker Containers for Linux and Windows S...From VMs to Containers: Introducing Docker Containers for Linux and Windows S...
From VMs to Containers: Introducing Docker Containers for Linux and Windows S...
 
State of the Container Ecosystem
State of the Container EcosystemState of the Container Ecosystem
State of the Container Ecosystem
 
Docker
Docker Docker
Docker
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
Michigan IT Symposium 2017 - Container BOF
Michigan IT Symposium 2017 - Container BOFMichigan IT Symposium 2017 - Container BOF
Michigan IT Symposium 2017 - Container BOF
 
Intro Docker october 2013
Intro Docker october 2013Intro Docker october 2013
Intro Docker october 2013
 
Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On! Using Docker with OpenStack - Hands On!
Using Docker with OpenStack - Hands On!
 
Introduction to Containers - SQL Server and Docker
Introduction to Containers - SQL Server and DockerIntroduction to Containers - SQL Server and Docker
Introduction to Containers - SQL Server and Docker
 
Windows Server Containers- How we hot here and architecture deep dive
Windows Server Containers- How we hot here and architecture deep diveWindows Server Containers- How we hot here and architecture deep dive
Windows Server Containers- How we hot here and architecture deep dive
 
CNIT 152 13 Investigating Mac OS X Systems
CNIT 152 13 Investigating Mac OS X SystemsCNIT 152 13 Investigating Mac OS X Systems
CNIT 152 13 Investigating Mac OS X Systems
 
Docker for PHP Developers - ZendCon 2016
Docker for PHP Developers - ZendCon 2016Docker for PHP Developers - ZendCon 2016
Docker for PHP Developers - ZendCon 2016
 
Intro to Docker October 2013
Intro to Docker October 2013Intro to Docker October 2013
Intro to Docker October 2013
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 

Más de Docker, Inc.

Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
Docker, Inc.
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
Docker, Inc.
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
Docker, Inc.
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
Docker, Inc.
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
Docker, Inc.
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
Docker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
Docker, Inc.
 

Más de Docker, Inc. (20)

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker Build
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and Compose
 
Hands-on Helm
Hands-on Helm Hands-on Helm
Hands-on Helm
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker Hub
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio Code
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container Registry
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm Architecture
 

Último

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Último (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

Windows Server and Docker - The Internals Behind Bringing Docker and Containers to Windows by Taylor Brown and John Starks

  • 1. Windows Server and Docker The Internals Behind Bringing Docker and Containers to Windows John Starks & Taylor Brown Principal Leads in Windows
  • 2. Basics Architecture Porting Docker Agenda Shallow dive Namespaces File system Base images Hyper-V Containers Two great things Better together
  • 4. Docker on Windows • Not “Docker for Windows” • Integration coming • Port of Docker Engine (not a fork) • Same remote API, same tools work on top (Compose, Swarm, etc.) • Built on new native container technology in Windows • Runs on Windows Server 2016 and on the latest Windows 10 • Runs Windows Server containers on Windows hosts • Doesn't run Linux containers • Available to try now • http://aka.ms/containers
  • 6. How? • New system-level container capabilities in Windows • Namespaces • Resource controls • Union file system • Adapted Docker to Windows • Adapted Windows to Docker
  • 7. Architecture In Linux containerd + runc REST Interface libcontainerd graphlibnetwork plugins Control Groups cgroups Namespaces Pid, net, ipc, mnt, uts Layer Capabilities Union Filesystems AUFS, btrfs, vfs, zfs*, DeviceMapper Other OS Functionality Docker Client Docker Registry Docker Compose Docker Swarm
  • 8. Architecture In Windows REST Interface libcontainerd graphlibnetwork plugins Control Groups Job objects Namespaces Object Namespace, Process Table, Networking Layer Capabilities Registry, Union like filesystem extensions Other OS Functionality Compute Service Docker Client Docker Registry Docker Compose Docker Swarm
  • 9. Compute Service • Public interface to containers • Replaces containerd on Windows • Manages running containers • Abstracts low-level capabilities • Language bindings available • C#: https://github.com/Microsoft/ dotnet-computevirtualization • Go: https://github.com/Microsoft/ hcsshim
  • 11. Host User Mode Container Management Windows Server Containers System Processes Application Processes System Processes System Processes Application Processes
  • 12. Container contents • Public Windows API delivered via DLLs, not syscalls • Lots of interdependencies • Highly dependent on system services running • RPC calls hidden in Win32 APIs • Automatically starts smss • init equivalent • Launches a variety of system services • No “FROM scratch”
  • 13. Base images • Distributed by Microsoft • Two options • windowsservercore: large (huge?), highly compatible • nanoserver: small, fast, smaller API surface • docker pull coming soon! • microsoft/windowsservercore • microsoft/nanoserver
  • 14. Demo!
  • 15. Namespaces • Silo: extension to Windows Job object • Set of processes • Resource controls • New: set of namespaces • New namespace virtualization • Registry • Process IDs, sessions • Object namespace • File system • Network compartments
  • 16. Object namespace • System-level namespace, hidden from users • C:Windows maps to DosDevicesC:Windows • Contains all device entry points • DosDevicesC: • Registry • DeviceTcp • Silo can "chroot" to different object root • SilosfooDosDevicesC: • SilosbarDosDevicesC:
  • 17. Demo!
  • 18. File system • Windows applications expect NTFS semantics • Transactions, file IDs, USN journal • Building a full union FS with NTFS semantics is hard • Hybrid model • Virtual block device + NTFS partition per container • Symlinks to layers on host FS to keep block devices small
  • 19. Registry… Windows Registry • Basically a simple file system • Built a true union FS • Saves cloning a full set of registry hives per container
  • 21. Hyper-V Containers • Some workloads need more isolation • Hostile multi-tenancy • Regulated workloads • Solution: transparently run each container in a VM! • (Mostly) invisible to both Docker and the user • docker run --isolation=hyperv • Hyper-V Containers are the default on Windows 10 • Images are the same
  • 22. Host User Mode Container Management Windows Server Containers System Processes Application Processes System Processes System Processes Application Processes
  • 23. Hyper-V Containers Host User Mode Virtual Machine Specifically Optimized To Run a Container Container Management System Processes System Processes Application Processes
  • 24. Making it work • Small, stateless “utility VM” • Smallest Windows yet? • Writes not persisted • Storage attached via SMB • VMBus transport • File cache sharing • Networking attached via virtual NIC
  • 25. Cloning • Launching the utility VM takes time and memory • Do it once, freeze the result • Fork the VM for each new instance • Eliminates startup time • Shares memory
  • 26. Demo!

Notas del editor

  1. * docker images * docker run --rm test cmd /c echo Hello DockerCon!
  2. * docker run -it --rm windowsservercore powershell get-process * docker run -it --rm nanoserver powershell get-process * Look at taskmgr
  3. * objdir \ * objdir \DosDevices * docker run -it --rm test cmd objdir \DosDevices
  4. * docker run --rm --isolation=hyperv test cmd /c echo Help, I'm trapped in a VM! * Run it again (should be faster) * docker run --rm -it --isolation=hyperv test cmd powershell get-process * Show taskmgr on host