Containers are an increasingly hot topic these days. They are constantly written about in the news and talked about in forums; there’s even a number of conferences—DockerCon, ContainerCon and Container World, for example—dedicated entirely to the container revolution. It’s no wonder then why, according to a recent Penton Research survey, of those IT professionals currently leveraging the cloud, a full 57 percent are either planning to use or thinking of using containerization for their applications in the next 2 years. Although containers have their roots in developer communities, they are quickly becoming first-class citizens in the datacenter.
The widespread interest in containers has sparked a number of efforts to improve and further bolster its capabilities, especially around open-source Docker containers. Security scanning technology, for example, was recently rolled out to help find and remove Docker container vulnerabilities, while also safeguarding the container content lifecycle. But that’s not the only new capability being eyed for containers. Given that containers are increasingly being used to deploy new cloud-borne applications, the idea of being able to isolate them in the same way that one would traditionally isolate Virtual Machines (VMs) has quickly gained steam and today is much more than a concept; it’s a reality.
Helping to motivate the move toward more VM-like capabilities for containers is a partnership between Docker and Microsoft. Together, the two are working to provide a platform for developers and IT professionals that will allow them to build, ship and run distributed applications—whether on-premise, in the cloud or through service providers across both Windows and Linux operating systems. Microsoft is also working to provide VM-like capabilities for containers to its cloud customers. With the introduction of Windows Containers, it has done just that.
Windows containers comprise Windows Server and Hyper-V Containers. Windows Server Containers share the OS kernel of the container host, while Hyper-V containers are wrapped in a lightweight “optimized VM,” which has an isolated OS kernel. With Windows Server 2016, Microsoft has placed a large emphasis behind just isolation. They introduced Hyper-V Containers, which utilize VM technologies, to provide isolation, but with the same container experience including through Docker.
Windows containers obtain network connectivity through a Hyper-V Virtual Switch—similar to VMs. Depending on the networking mode (or driver) used, the containers can connected to a NAT, directly to the physical network, or even to an overlay virtual network. Each container has access to the network through a virtual network adapter, which is isolated in its own network compartment and connected to a virtual switch, over which traffic (inbound and outbound) is forwarded. The container networks and endpoints are managed through Docker using a network plug-in for Windows and a management system known as the Host Network Service (HNS).
A key benefit of these containers is that they can be used to rapidly deploy many isolated applications on a single computer system. This OS-level virtualization is possible because of the isolation enforced between Windows containers on the same host. Essentially, a network compartment is created for each Windows Server and Hyper-V Container into which the network adapter for the container is installed.
Of course, being able to isolate containers is not the only VM-like capability coming down the turnpike for containers. The ability to enforce advanced network policy such as Firewall or Access Control List (ACL) rules, Quality of Service (QoS) queues, and load balancing is also on the horizon. It is just such capabilities as these that will continue to cement the usefulness and prominence of containers in the modern data center alongside VMs.
For a look at past and future blogs on a whole range of IT-related topics check out this page. And if you have any comments on containers or networking, feel free to drop me a line at [email protected]
This blog is sponsored by Microsoft.
Cheryl J. Ajluni is a freelance writer and editor based in California. She is the former Editor-in-Chief of Wireless Systems Design and served as the EDA/Advanced Technology editor for Electronic Design for over 10 years. She is also a published book author and patented engineer. Her work regularly appears in print and online publications. Contact her at [email protected] with your comments or story ideas.