Azure Unblogged - Windows Container for IT Pros
Feb 19, 2020 08:34 · 4795 words · 23 minute read
Hi, everyone. My name is Thomas Maurer, I’m a Cloud Advocate at Microsoft, and I am here with Vinicius from the Windows Container team to talk about Windows Containers for IT Pros. So Vinicius, why are we here? >> Well, if you’re an IT Pro today, you probably noticed that when you start to learn about Containers, a lot of the documentation and a lot of the recipes out there for using Containers, they are heavily focused on Developers. So one of the concerns we have is as Ops folks and IT Pros, they start to work with Containers. We want to make sure that the have the documentation, and they know how to get started. So that’s the reason why we decided to do this. >> Okay. That’s awesome.
So let’s 00:40 - have a look what a Container really is. >> Cool. Okay. So if you’re an IT Pro, you are used to this. You have a rack with multiple servers, and then you go and you install the operating system in that specific server. This is what it looks like from the operating system architecture. You have your hardware, and then on top of that, you have your operating system composed by the kernel, and then the application and services running on top of that. In a Virtual Machine, what you would do is you virtualize everything above the hardware.
01:09 - Now, if you really look into what’s happening inside the operating system, you have two levels there. The first one is the user Space. User space is where all your applications, and all your processes, and all your services will be run. The kernel mode or the kernel space is where the operating system action takes over, and instrument, everything that is going on in the application level, should the hardware itself. So when an application needs to access the memory or the network card, that’s what the kernel does. They will operate that for the applications.
01:43 - Again, in a Virtual Machine, when you virtualize above the hardware, multiple OSs will have those levels, and that’s the isolation you have between the Virtual Machine. In a Container, what happens here is that we are virtualizing above the kernel, not the hardware. So they are all sharing the kernel. So when you spin up a new Container, what you get is you have a virtualized version of the user mode. So you have applications, processes, services running all of them inside that Container. If you spin up a new Container, you have another isolation for the other application in there.
02:19 - So that’s the main difference between a Virtual Machine and a Container. So that’s what Containers are. They are a virtualization of the operating system. >> Okay. That’s awesome. So I don’t need to take care of virtualized hardware or anything, that’s basically really a level higher than that. >> That is correct. The most important thing here is that all your applications, they are isolated from each other, but then a Container, you’ll spin up way faster than a Virtual Machine. Also, when you think about the management, you only manage one operating system itself. >> Okay.
So that just mean I 02:54 - should remove everything to a Container? >> Well, not exactly. Of course, there will be applications where you need more flexibility and you need more control over the operating system, and even sometimes, the runtime for the Container itself does not allow the application to run. So you still need Virtual Machines. Now, there are other applications that will greatly benefit from Containers and the way they spin up very fast. Web applications are one example. The other thing is, when you spin up a container, we have what do you call as the scratch space. So everything that could the Container does, if you don’t store in a persistent storage, will be lost when you kill the Container. >> Okay.
03:41 - >> If you want to actually persistently store that information, you need to find a persistent storage for that container. So Web applications and many other applications can greatly benefit from our Containers, but not everything should be running in a Container. It should have applications that will need some flexibility, so you can use Virtual Machines for that. >> Okay. So that sounds like this could also potentially help me with my 2008 and 2008 R2 migrations? >> Yeah, absolutely. We are very close from the end of support of Windows Server 2008 and 2008 R2.
04:13 - In fact, we have a great Ignite Session coming up, explaining how you can take an application that is running in a Windows Server 2008 R2 machine. It’s a ASP.NET 3.5 application, and we export that application, we containerize the application, and we show the whole process is a breakout session. A lot of good stuff in there. I recommend everybody to go check the session. >> Okay. No, that sounds great. So we’ve talked a lot about Containers now, can you show us something? >> Yeah, absolutely. >> So how do we get started with Containers? >> Okay.
So in order to get started with Containers, 04:48 - just like Virtual Machines, you need a host or a node that is able to spin up Containers just like you have for Virtual Machines. In order to do that in Windows Server, all you have to do is install the Container’s role. That will install the Container’s role as well as a Docker runtime. What a Docker runtime will do, as you’ll see the command docker in here, is actually expose all the capabilities of the Container platform in a way that you can use and also manage the Containers itself. So in order to get started, the first thing you have to do after you install the containers role is to have Container images.
05:25 - One thing that everybody working in container needs to know is that all your Containers, they are created based on a Container image. >> Okay. So it’s not that I can read the empty Container and then install an operating system in it, it really comes from any predefined image. >> Correct. Yeah. In a Virtual Machine, you would spin up the Hyper-V Manager, create a new Virtual Machine, setup all the configuration, and then put an ISO file that you can go and install the operating system. With Containers, you already create a Container base on a base Container image. So if you run the Docker image command, you will see that in my case, you’ll see that I have already a few Container images in here.
06:08 - This is because I’m using a Virtual Machine in Azure that already come with these three Container images: the Windows, the Server Core, and the Nano Server. They all serve different purposes depending on the application that you are going to containerize. The most common for IT Pros and Ops folks would be to Server Core one. The reason is, this is a regular Windows Server Core installation. So everything you can do in a Server Core, actually, not exactly everything. Let me rephrase that.
So almost 06:41 - everything that you can do in a Server Core installation in a Virtual Machine, you can probably transport your Server Core Container image as well. >> Okay. So these are basically images from Microsoft, the base images you can get. These are not something you get from wherever you get them from, it’s really official Microsoft images. >> Absolutely. In fact, what I have here is a Docker Hub, which is probably the central location that you’ll be looking for when you get started with Containers. The Docker Hub is a central location that has a lot of community uploaded Container images, but Microsoft is also there.
07:20 - So one example here is the Windows IIS Container image that we’ll be using in a second. Basically, what this is, is a Server Core installation inside of a Container that already has IIS pre-installed. So you don’t have to go and install a Container base on Server Core, then you go and you stall IIS, then you create another Container image based on that container that you just created. We already have them running. If you have an ASP.NET application, we have a Container image ready for that. >> That’s great. So I don’t need to spend so much time creating everything by myself, I can really take pre-created images? >> Correct. Yeah.
07:55 - But for the purpose of learning here, let’s go ahead and spin up a Container based on this Server Core Container image. Just to briefly explain the other words that people might be wondering. The Nano Server Container image is extremely small Container image as you can see in comparison by the size, but is really focused on new application that Developers are running, and they target from the Visual Studio Code, they target Nano Server as the platform for their application. The Windows is a bigger Container image that has more features and API surface compared to the Server Core. So if you have an application that is not running on Server Core, you can probably try to run that on Windows Container image. >> Okay. That’s awesome. >> Cool. Okay. So let’s get started.
08:41 - What I’ll do here is I’ll change from this PowerShell Window to this one just because on this one, will be running inside of the Container, and from this one, I’ll show what’s happening on the host. So let’s run this one. What I’m doing here is I’m running the Docker run command, and the Docker run will basically tell Docker to execute a new Container and start that Container. The rest of the information in there was basically, that I said, the name of the Container that I was spinning up. I’m running a interactive session inside this Container, which is the Dash IT, and then I’m running from the Server Core Container image, and I’m running a PowerShell session. So what you’ll see here is that we are inside the Container, and we are inside of a PowerShell session.
09:31 - So if I type “dir”, for example, you can see that this is a regular Windows Server Core installation. The thing is inside the Container, remember that we are abstracting the kernel, we are virtualizing that and we are running a containerized version of the operating system. So it will be a little bit different from the Container as from the host, so let’s take a look at that. As you can see, I can type “dir” here, I see a very small installation of Windows Server Core here. I can also look for the C:\Users\ folder. If I type “dir”, you’ll see that we have a Container user and a Container administrator profiles in here, and if I do the same on the host, you see that I have a different version.
10:23 - So basically, what that tells us is that the Container has a different file system from the host. >> Okay. So I cannot basically not access files from the host, or if I save something it’s isolated from the host itself? >> Correct, yes. >> All right. >> The next thing the Containers have that is different from the host is Containers have their own view of the registry. So if we run the command to see our path variable here, you see that we have these options listed for us. If I run the same command from the host, you see that in this one for example, I have the C:\Program Files\Docker listed as one of the variables in the path, I don’t have that inside of the Container.
11:09 - In fact, I have a different set of configurations in here, that’s, again, because the container have a different registry when compared to the host. The third thing that Containers have that is different is the processes that they are running, and this is interesting because if I run for example, the Get-Process, there you go, I have a number of processes running in the Container. If I run the Get-Processes from the host, you see that I have way more, in fact if I run a Get-Process from the host and I measure it, I have 116, and if I run the same thing from the Container I have only 23 processes running. More importantly, one of the regular processes that we have, a process that we have in Windows is process and the name of the process is SMSS. In every Windows installation, we’ll have of course, just one instance of the SMSS process.
12:15 - Now, if we go to the host itself and I run the same command, you can see that I have two instances of this process running in here. The interesting thing is if you look at the ID of this process in the Container is exactly the same one as in the host, which tells me that the host has some administrative boundaries that he can see inside a container but the container cannot see from the host. >> Okay, that’s awesome. So from the host I have more control, I can see all the things running on the host, but from the Container, it’s really isolated and I cannot impact the host or all the Containers running next to them. >> That is correct, and that’s what we’re looking for. We want to run that application completely isolated from the others. >> Okay, awesome.
So you told me 13:10 - that every Container basically we start is based on the image. So can you show me how do I create for example my own image, if I want to create something like special or like something of my own application in there? >> Absolutely. So what happens with a Virtual Machine is when you have a template for the Virtual Machine, usually, as an IT pro what you would do? You would spin up a Virtual Machine and then you would configure that Virtual Machine exactly the way you want the other Virtual Machines that are based on this one to be. So you install your application, you configure the folder structure or files, you copy everything to that Virtual Machine. Then the final part is the good and old Sysprep, it runs this Sysprep, you turn off the virtual machine, you get the VHD file and then you put it in a place where it’s accessible to whoever wants to deploy new Virtual Machines based on that tablet.
14:03 - With Containers it would be a little bit different, so we talked about the Docker Hub already. The Docker Hub is the place where in the final portion for the Virtual Machine, you would store your VHD but in this case, it’s a Container image. Now, the process to create those Container images is a little bit different, you could spin up a Container, configure the Container you want and then turn that Container into a new Container image. But the other way to do with Containers is to actually do this declaratively. What that means is you’re going to specify what are the instructions to Docker in a file called Docker file.
14:41 - How to prepare that Container image to reflect what you want new Containers to be created. >> So basically, I would take like, let’s say, this is the Container I want to start with. Then I would basically go instead of doing everything manually, I would basically write it down in that Docker files. >> In a recipe, yeah. >> Okay, perfect. Then you basically you have that at the end, you build that Container and you have your new Container image basically. >> Yeah, absolutely. So let’s take a look. So of course, when you are working with a complex application, you would need to see what that application requires in order to work. If it’s ASP.
NET application, 15:19 - you have to first install IIS, then you have the IIS parameters that you have to setup and all the dependencies, the features itself. In this case just for the sake of explaining how building a new Container image work, I only have this text file here and I also have a Docker file. The Docker file is the recipe as I mentioned, and the command that I’m going to use to build a new Container image from this Docker file is a Docker Build, so let’s take a look at a “dockerfile” first. As you can see, the “dockerfile” is a Docker file as the name of the file itself with no extension, I can open with Notepad. You can also use Visual Studio Code, there’s extension for working with Docker with Visual Studio code if you are familiar with that.
16:08 - But for regularity pro, if you are a little bit intimidated with Visual Studio just use Notepad. Basically, as I mentioned, everything we’re doing here is explaining in a declaratively way how to build the Container image. So what we are doing is we are telling the Docker file to start from the IIS Container image that I previously pulled from the Docker Hub. Then I’m going to say the working directory that we are going to use is the regular \inetpub\wwwroot, so every installation of IIS has this folder in here. Now, the interesting part about the WORKDIR command here is that if this folder doesn’t exist, it will create for us. >> Okay.
16:52 - >> So let’s say, I have a C-Tasks folder that I want to create, I can just put it in here, and WORKDIR will also start from the C Folder, so if you want to specify \inetpub\wwwroot, that’s what you would use. Then a copy file basically would say everything from the folder that we are running the command on the host copy to the working directory inside the Container, so that’s the reason why we only have two dots in here. So from the folder we are from the host to the folder we are inside the Container. >> Okay. So all we are doing here basically we are specifying the base image, when I have an IIS installation already. >> Correct. >> We specify the location where we want to work with like the work directory.
17:38 - Then we say, “Okay, let’s copy these files in that work directory.” >> If you remember in the old days where we used to manage IIS instances and you have a simple HTML file, copying the files to the Inetpub folder is exactly what you do to have the website running. >> Okay. >> So I can close this one, let’s take a look at our folder over here. There you go. So if I type “dir”, you can see that I have two files in there. So now, what I’m going to do is I’m going to use Docker build command, and then I’m going to associate a tag to this image so I can find it later. So testcontainerimage.
18:23 - Then I’m specifying the location I’m going to use is the exactly the same one that we are right now. So as you can see, this will be actually very fast because we’re not exactly running any processes at the Container. What we have in here is that you ran the command to use the IIS image, and then from the IIS image, what we did was we are creating a new layer for the Container to work with these directory and then copy the files to that specific directory. >> Okay, that’s all. >> That’s how Container images are built, and this is very important because the more instructions you have inside the Docker file, the bigger will be your Container image. So every command you specify inside the Docker build or the Docker file, this will generate the new layer for your Container image. >> Okay.
19:12 - >> So there are a set of best practices here. We can talk about this later in another video maybe. But for now, our command ran correctly. So if I run the Docker images again, you’ll see that I now have another image called testcontainerimage, the only difference between this one and this one is that this one has the new folder, the inetpub/wwwroot, and then we copy the file through inside that folder. >> Okay. So basically, it’s a base on that, and with all our changes we have, we have now in our own image, okay? >> Correct. So now, just like a Virtual Machines, you have a template for your Container.
19:53 - Now, the thing is, let’s create a new Container based on this Container image. In order to do that, I’m going to run the same command that I ran before, the Docker run. Now, this would be a little bit different than the one before, and the main reason is we have to specify a field things that are different from the previous one. So the first thing I’m going to do is, I’m going to say -d, because we are going to run detached from this session that we are in PowerShell, which means that it we’ll run the Container and it will run, but we’re not inside the Container. >> So basically, it runs in a background. >> Correct. >> So we don’t need to take care of the directory? >> Exactly.
The next thing we need to do is, 20:30 - because this is a IIS web server, we need to open the port from the host to map the porting side the Container and HTTP, that’s the port 80 from the host mapped to the port 80 of the Container. So we are using that here to translate the port from the host to the Container. >> Okay. >> Now, let’s give it a name to this Container. So I’m going to call it testcontainer. The image that we are going to use is the image that we created before, which is testcontainerimage. So the syntax here is a little bit different than regular PowerShell, but this is pretty much the command that you use to create a new Container based on a Container image that we just created there.
21:18 - So you said that in a matter of seconds, we have a new Container running. >> Yeah. >> So it’s really fast, we spin up and have the application up and running. >> So it’s way faster than starting up a VM or even a physical server running an IIS. >> Correct. Now, of course, whatever thing everyone wants to do is actually go and test is to see if it’s running or not. So if we run the local host on the port 80, you’ll see that we have the application up and running.
21:50 - Now, the most important thing is that we also copied a file to the wwwroot inside a Container, and that was the test.txt, and you can see that the file was correctly copied to the inside the Container and the application, which in this case, is just a web server, is up and running. >> Okay. That’s pretty cool. So I can really pack my application into a container image and then basically just run it and it has done everything for me. We defined that Container file. >> Exactly. One thing that we can try, for example is, let’s say, you want to run another Container. Everything I have to do here is change the port that I’m opening because I can’t map the port 80 instances of Containers.
22:40 - So I’m going to change 81 in this case mapping to the port 80 of the Container, and I’m going to call a Container 2, it’s up and running. There you go. >> Awesome. So I could run like a couple of IIS instances like IIS even like servers basically or Containers on the same machine, with different versions if I want to. >> If you remember in a regular deployment of a Virtual Machine, you will specify how much you need for a regular windows deployment with IOS 304 gigs or depending on your application. Here we are running in the same Virtual Machine, two instances of our website, which means I’m using way less resources from this host. >> Yeah. Wow, that’s awesome. >> Cool. >> I would say we do that directly? >> With the Docker ps.
23:29 - So one last thing to show is the Docker ps command. So the Docker ps command will show you what are the Containers that you have running in a machine. So you see here that I have the testcontainer1, actually, no number specified, and then a testcontainer2, it shows what is the command that they are running, how long they have been created, and the ports that were open to this Container. >> So that’s how we can let you see what Containers are running, and what I have there. Is there also another way, like an IT Pro or me managing now these Containers, is there another way to manage these Containers instead just like using the PowerShell or this Docker command line? >> Absolutely.
So one of the tools that 24:18 - IT Pros are really familiar with today is Windows Admin Center. So what I’m doing here is I’m targeting my Container host, and I have an extension here called Containers once you enable this extension. So basically, what the Container’s extension shows me is, how many containers I have here. It shows me that I have two running, one is stopped probably from before the demo. I have four different images. One is the latest one that I’m using, five in total.
24:53 - How many networks I have, how many volumes I have associated to the Container. Then if I want to check the Containers itself, I click the “Containers” tab and then it shows me the Containers that I have. You can see that I had a testcontainer before we run this. So one of the things that you can do here in the Containers tab is to actually go and check what are the Containers that are running, you can see the logs from inside of the Container, you can see the stats like how much CPU and how much memory that Container is using. I can also look into the images that I have, from the image tab, I can see what are the images that we have and you remember that we just created a task Container image.
25:34 - I also have other tools in here like the networks and the volumes that I have associate each of these Containers. So it’s actually a visual way to manage the Containers you have running in a Container host. >> That’s awesome. I mean, that’s like for us, whereas, IT Pros who need to operate those Container hosts in those Container environments. We have a great tool basically to manage those hosts and see what’s going on in that way. Since you’ve now showed me how like basically we can get started with Containers, what would I do next? >> So the next step is try it out by yourself. So we have the webpage called aka.
ms/containers, 26:16 - and that’s where we have all of our documentation. If you want to try on Windows 10 or if you want to try on Windows Server, how to get started on downloading the images, how to use the Docker file, how to use Docker builds to create your Container images, and of course, as an Operations person, the next thing you want to know is, how do I scale from one Container to multiple Containers? And of course, for that you have Orchestrators to help with the task. Kubernetes is one option. We have our own service in Azure, called Azure Kubernetes Services, is something else that can look into the documentation. We are looking into improving those tools specifically for IT Pros. So if you have recommendations on stuff that we couldn’t get better or even in a documentation, let us know, we’re here to help folks get started and be successful when using Containers. >> No, that sounds great. >> Awesome.
27:11 - >> Thank you for having you and see you in the next one. .