Containers

Containers are also a virtualization technology; however, they do not virtualize a physical server. Instead, a container is an operating-system-level virtualization. What this means is that containers share the operating system kernel provided by the host among themselves along with the host. Multiple containers running on a host (physical or virtual) share the host operating system kernel. Containers ensure that they reuse the host kernel instead of each having a dedicated kernel to themselves.

Containers are also completely isolated from the host and other containers, such as a virtual machine. Containers use Windows storage filter drivers and session isolation for providing isolation of operating system services such as the filesystem, registry, processes, and networks. Each container gets its own copy of operating system resources.

The container has the perception that it has a completely new and untouched operating system and resources. This arrangement provides lots of benefits, they are as follows:

• Containers are faster to provision. They do not need to provide the operating system and its kernel services. They are available from the host operating system.
• Containers are lightweight and require fewer computing resources compared to virtual machines. The operating system resource overhead is no longer required in containers.
• Containers are much smaller in size compared to virtual machines.
• Containers help in solving the problems related to managing multiple application dependencies in an intuitive, automated, and simple manner.
• Containers provide infrastructure to define all application dependencies in a single place.

Containers are an inherent part and feature of Windows Server 2016 and Windows 10; however, they are managed and accessed using a Docker client and Docker daemon. Containers can be created on Azure with Windows Server 2016 SKU as an image.

Each container has a single main process that must be running for the container to exist. A container will stop when this process ends. Also, a container can either run in interactive mode or in a detached mode like a service.

The figure shows all the technical layers that enable containers. The bottommost layer provides the core infrastructure in terms of network, storage, load balancers, and network cards. At the top of the infrastructure is the compute layer, consisting of either a physical server or both physical as well as virtual servers on top of a physical server. This layer contains the operating system with the ability to host containers. The operating system provides the execution driver that the layers above use to call kernel code and objects to execute containers. Microsoft has created Host Container System Shim (HCSShim) for managing and creating containers and uses Windows storage filter drivers for image and file management.

The container environment isolation ability is provided to the Windows session. Windows Server 2016 and Nano Server provide the operating system and enable the container features and execute the user-level Docker client and Docker engine. The Docker engine uses the services of HCSShim, storage filter drivers, and sessions to spawn multiple containers on the server, each containing a service, application, or database.