Windows Server 2016 Adds Hyper-V Container Support
The growing shift toward cloud-native technologies and applications running in "hybrid datacenters" continues with Microsoft's release of more technical details for Windows Server 2016.
As EnterpriseTech reported in August, Microsoft is emphasizing support for application containers, particularly Docker containers. The company released its first preview of its Hyper-V containers last week, which is touted as "new [application] deployment option with increased isolation," a security feature that prevents one application from “seeing” another.
The emphasis on isolation addresses Docker security concerns when running in multitenant environments, observers said.
Microsoft stressed that its approach would provide the option of adding Hyper-V isolation when applications are deployed "without having to make any changes to the container image or the container configuration."
The hypervisor also previews a nested virtualization feature, providing the ability to run a hypervisor inside of a virtual machine. Nested virtualization can be used in development and testing. Microsoft also described it as "a key enabling technology for Hyper-V containers."
The server release also addresses growing demand for running Docker containers on Windows while also supporting existing Windows applications and technologies. Microsoft noted this summer that it modified about 180,000 lines of code to allow the Docker Engine runtime (the operating system running inside the container) to operate on Windows Server 2016.
Beyond that, said Taylor Brown, a Microsoft program manager, "We really needed VM isolation" to securely run multiple containers on a virtual machine. Running a single container per VM "was going to sacrifice a lot of density."
After talking with cloud customers, Microsoft concluded that "if we optimize the heck out of a virtual machine … because all it's job is is to run a container, we can actually get pretty good density and performance for that virtual machine while still maintaining all the isolation benefits," Brown added.
The Hyper-V approach would therefore eliminate the need to isolate containers by spinning up a new virtual machine with Windows inside for every application container, Microsoft developers concluded.
The company also said several applications and application frameworks will work in Windows Server Containers, including several .NET frameworks.
Along with Docker Engine support, Microsoft also unveiled "nano-server" functionality this summer as a "foundational element" of Window Server 2016 designed as a lightweight deployment option. The company said last week the nano-server option can also be used either as a container host or container runtime for cloud-native applications.
While addressing security concerns that have slowed container production deployments through greater isolation and "shielded" VMs, Microsoft also rolled out an IT management platform. System Center 2016 targets cloud-scale deployments in software-defined datacenters and is billed as providing a view of across hybrids clouds and other infrastructure, operating systems and applications.
The latest Windows Server 2016 technical preview is available here.