New Containers Tech From Microsoft Announced

Nano Server, Hyper-V Containers and Swarm

Yesterday Microsoft announced a couple things, Nano Sever in Server vNext, which is available to partners and I would guess to the public at Ignite.  The other announcement which is more interesting is the Hyper-V containers, running on Nano Server of course.  They also kind of snuck in support for Swarm.

So What?

To put this in context, you can run containers on Windows Server (Nano), using Windows container and Hyper-V containers.  This would allow you to take advantage of Swarm to deploy containers into virtual or real operating systems.  And when you add the isolation that Microsoft has added to containerization this is the virtual server killer app.

Still, So What???

Instead of installing a server OS on your server, and then multiple virtual servers, all running their own OS on that hardware, this completely removes the need for any virtualized OS.  Instead you have a single OS running on your hardware and your apps / services / processes are virtualized without the overhead of the virtual OS.  And then add in hyper-scale.

Interesting Details

I recommend you read the full article as it has many interesting items in it that I don’t include below, but here are some of my favorites.

“we are taking containerization one step further by expanding the scenarios and workloads developers can address with containers:

  • Hyper-V Containers, a new container deployment option with enhanced isolation powered by Hyper-V virtualization.
  • Nano Server, a minimal footprint installation of Windows Server that is highly optimized for the cloud, and ideal for containers.”

“Microsoft will now offer containers with a new level of isolation previously reserved only for fully dedicated physical or virtual machines”

“Hyper-V Containers will ensure code running in one container remains isolated and cannot impact the host operating system or other containers running on the same host.”

“Windows Server Containers can be deployed as a Hyper-V Container without modification”

“Finally, we’ve added integration for Swarm, Machine and Compose into Azure and Hyper-V.”

“Nano Server, a minimal footprint installation option of Windows Server that is highly optimized for the cloud, including containers. Nano Server provides just the components you need – nothing else, meaning smaller server images, which reduces deployment times, decreases network bandwidth consumption, and improves uptime and security.”

http://azure.microsoft.com/blog/2015/04/08/microsoft-unveils-new-container-technologies-for-the-next-generation-cloud/

Best,

Anthony

Microsoft Azure Versus VMware on Containers

Some basics if you are new to containers. CargoContainer Applications run inside containers.  Containers believe they are running on an independent operating system but in fact they are running in isolated partitions sharing a single operating system while other containers are also running other applications using the same operating system.  Where in traditional hypervisor virtualization a server will run several virtualized operating systems and applications.  Remember ESX?

Here is a popular graphic explaining the difference between the two types of virtualization.  The top of the graphic shows the hypervisor style of virtualizing and operating system an application while the lower portion shows a single operating system using Docker container software to virtualize the operating system while several instances use that one virtualized operating system.
docker-containers

Who cares?

Some companies think this is the future of virtualization, dismissing the traditional hypervisor model of virtulization as an archaic technology like the CD-ROM, good in its day but no longer needed. “Everything at Google runs in a container” according to Google.  Their entire cloud infrastructure is running on containers.  Also using another application to dynamically cluster containers known as Kubernetes. https://developers.google.com/compute/docs/containers The most popular container software today is known as Docker, like the formerly popular OG pleated pants, still worn by some, minus the ess. San Francisco 49ers v Arizona Cardinals

Microsoft’s Approach

How has Microsoft and VMware reacted to this new (not really) virtualization technology?  Microsoft to its credit has worked to embrace the technology by allowing customers to use it within Microsoft Azure.  In fact I am going to quote their explanation of Docker and Kubernetes because they do such a nice job of explaining them. “Docker is an open-source engine that automates the deployment of any application as a portable, self-sufficient container that will run almost anywhere. Kubernetes is an open source cluster management tool, a declarative technology supporting orchestration and scheduling of Docker containers.” Here is what they have actually implemented of the two technologies into Azure.

The key features we have implemented are documented in the Kubernetes project and can be summarized as:

  • Build a container and publish it to Azure Storage
  • Deploy an Azure cluster using container images from Azure Storage or the Docker Hub
  • Configure an Azure cluster
  • Update the Kubernetes application on an existing cluster
  • Tear down an Azure cluster

Keeping in mind that containers run on *nix, this is quite a departure from the traditional Microsoft.  While adoption and continued development will demonstrate if Microsoft has really embraced the technology at this point it looks like they are living up to their announcement back in July where they stated they would support containers and were joining the opensource development project.

MS-AZ-Kubernetes

VMware’s Approach

VMware also announced their partnership with Google, Docker and Pivotal last week during VMworld.  Their approach is slight different but also similar to Microsoft.  The major difference in VMware’s approach is that they support containers on top of their hypervisor.  While Microsoft’s approach is more inline with the spirit of how the technology was intended to be used.  Based on what VMware has announced it seems more like they are taking the traditional defensive approach I would expected Microsoft to have taken in the past.  I am not faulting VMware for this and I am sure they are making the best decisions regarding the technology that they feel is best for their vision of the company.  Keep in mind that they have recently purchased Air-Watch and I believe that coupled with the fact that their parent company EMC (for now) is a storage company I believe they are planning to compete with AWS and Microsoft in the DaaS (Desktop as a Service) space.

I don’t think VMware is ready to compete with Microsoft in the DaaS space, they don’t have the same configmgr tools as Microsoft, they don’t own the operating system but they are getting there so it will be an interesting battle over the next decade.

VMware Horizon 6 (View) Firewall and Network Ports Visualized | VMware Consulting Blog – VMware Blogs

 

VMware Horizon 6 (View) Firewall and Network Ports Visualized | VMware Consulting Blog – VMware Blogs

Key Firewall Considerations for VMware Horizon 6

  • TCP 8472: View interpod API (Cloud Pod Architecture) – NEW
  • TCP 22389: Global ADLDS (Cloud Pod Architecture) – NEW
  • HTTPS (443): Horizon Client access, authentication and RDP tunnel (HTTPS Secure Gateway)
  • HTTPS (8443): Used by HTML Access (Blast)
  • TCP 9427 (not shown): Used by Windows multimedia redirection (MMR)
  • TCP 32111: USB Redirection
  • ESP (Protocol 50) used for Security Server and Connection Server IPSEC communication (requires Windows firewall with Advanced Security to be enabled)
  • UDP 500: IPsec negotiation for Security Server and Connection Server communication and pairing.

For a full list of network ports please refer to the latest Horizon 6 documentation: https://www.vmware.com/support/pubs/view_pubs.html

You’ll notice the addition of VIPA (View inter-pod API) and ADLDS port 22389 which are both used for Cloud Pod Architecture. Bear in mind that between your View Pods, you will still require the usual Active Directory ports.