Slashdot Mirror
Microsoft Creates a Docker-Like Container For Windows
angry tapir writes Hoping to build on the success of Docker-based Linux containers, Microsoft has developed a container technology to run on its Windows Server operating system. The Windows Server Container can be used to package an application so it can be easily moved across different servers. It uses a similar approach to Docker's, in that all the containers running on a single server all share the same operating system kernel, making them smaller and more responsive than standard virtual machines.
Solaris Zones comes to Windows.
Welcome to 2005.
Why am I the only one completely unimpressed with Docker? It feels like a hacked together Solaris to me .... no thanks, I'll take the real deal.
Docker is moslty a set of tools to allow simple management of containers. It's not itself a container technology. On Linux, Docker leverages LXC and a bunch of other things. On Windows, the same functionality will be available but using Microsoft's container technology. MS and Docker are actually working on getting the Docker toolset on Windows
Leading the pack, from behind
The is to solve the problem is simple. Keep the apps self contained. No shared libraries or dll.
To move the package you just move the directory containing the app to an other location.
Some will say that is how Macs do it. But I would go further and say that is how it was done in DOS.
The shared library is an out of date concept, while sounds good when storage was expensive, today we are virtualizing full platforms just to prevent version incomparably.
What may be a little bonus is to give application/process level networking settings so you can just virtual network your app from the OS
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Microsoft copies someone else. In Microsoft language,
copying==innovation
To be fair, every company copies to some extent. It's just that nobody spins it as much as Microsoft.
Don't forget to use chrootuid.
While I'm not saying MS invented the concept in any way, MS has been public with the container project for years before docker even existed.
Just look for "Project Drawbridge", they have been changing the windows API since 7 to create a minimum windows image to work in a similar way to docker.
It was targeted originally at a different problem but it is in fact the same idea to the same problems.
After all, VMs were really only required for Windows where seperation of programs and libraries and process filesystem access restrictions was especially problematic compared to *nix. Now Windows looks like its finally dragged itself into the 1990s could VMs become a solution for niche edge case problems once more?
This IS docker for Windows. Misleading headline and article. I like Docker especially after providing support to SELinux.
Long before Docker, there was Thinstall/Thinapp
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
virtual machines might still hold a valuable feature in the future, since they would more strongly compartmentalize running code against exploit based escalation of privileges. Using chroot blocks processes from accessing files outside the jail, but does not prevent a running process from attacking the shared kernel space, and gaining access to the real root filesystem. An honest to goodness virtual machine offers additional layers of protection.
Given the increasing value in gaining unauthorized exclusive access (for criminals anyway-- That includes the spying antics of governments) to systems that host data for many different customers, the incentive to bust such jails and run amok on the server is only going to increase as the bean counters press more and more for "data based economy" models.
So while less sophisticated jails are faster and easier to deploy, they are also necessarily less secure than a fully blown VM with a full hypervisor monitoring them between them and the real server OS kernel, and thus more vulnerable, and thus more prone to being attacked-- That means that as the "Professional data criminal" element grows, the viability of these less sophisticated jails will diminish, and the viability of more sophisticated (but slower) jails will increase.
Are you kidding me? You can't imagine a single scenario where you'd like multiple seperate operating systems to run on a single machine?
I don't want to contaminate my Web server environment with whatever crap I run for other services. I don't want to be forced to use a single FS for root, just because I have different needs for different enviroments.
I want to know if that system crashes it doesn't take dozens of other unrelated things with it.
What am I supposed to do with the hundreds of Windows Server installations? It's not a niche case. Multiple servers that run dozens of virtualized Windows Server installations in High Availability or Fail-Over Clustering mode. Roles that should not by best practices or necessity run side by side.
I was trendy back before it was cool.
You miss the point of VMs. They allow for easy overbooking of hardware. They suck, but the industry loves them because of this.
A virtual machine is just another piece of software to attack.
As an ASP.NET developer I am really, really excited about this.
In the past few years nothing new has come from Microsoft that has really been a big deal. MVC and Razor were great and a pretty big deal, but everything else didn't really affect my day to day job of developing apps.
Deploying ASP.NET apps has always been a real pain in the neck. Sure, in theory it's as easy as xcopy, but once your apps start growing and your configuration grows it rapidly becomes a bigger thing to maintain. It takes a lot of time, there's lots of stuffing around, it's very fiddly and generally a PITA.
If I understand it all correctly, being able to package up my application into a sort of "mini vm", that has everything pre-configured, would be absolutely bloody amazing. Having it run on this new "Nano Server" thing sounds fantastic - it doesn't have a GUI or 32 bit support, so in my mind it should be much faster, quicker and much easier for remote administration.
I've been waiting for this announcement ever since I wrapped my head around ASP.NET vnext, and now that I think I get it, the future is looking cool. Good job MS.
Is it made of beige twill?
You guys got it wrong: Since popularization of mobile devices and decline sales of pc's, I think MS is trying to explore new markets by improving intermodal transportation. Why not? just look at GE in different fields.
I would rather have Windows make proper software management system like most Linux distributions have. One that makes staying upto date easy and removing software easy without leaving mile long trail behind...
No.
A VM also allows you to run disparate operating systems. If you are a Linux shop but have a single low-use-but-critical Windows application, you can still run it in a VM. Docker helps with a problem in Linux where you are a Red Hat shop and some one wrote code for Ubuntu that is not portable to Red Hat. It turns out that the versions of bash, glibc, boost, and various other libraries are different (and sometimes incompatible). It also turns out that the locations of configuration files and init scripts are not in the same places or work in the same way (init scripts? upstart? systemd?). So all those issues add up, making docker a handy tool.
I am not sure if the same kinds of issues happen with Windows server, which tends to have a longer support life. It would probably be more interesting if the Microsoft tool would include desktop and server platforms.
Additionally, it is often considered a best practice to isolate services into separate VMs. This means that a compromised password on one machine will not own services for your entire network. This security feature is not offered by docker.
I can guarantee you that MS advocates such as Gates and Balmer will be pointing to this technology too (just like others) saying it exemplifies the famous "Microsoft innovation".
Someone should have looked up Docker on urban dictionary before naming the project. That word doesn't mean what you think it does!
No updating A will cause B to break. Turn off all Windows updates and freeze time march 2013. We will just hire more mcses to clean infections as they come as this is too critical to break etc.
One company a coworker interviewed hasn't ran an update in 5 years as it breaks some add on for exchange. They still run XP too???!
The more pain you make dependencies the greater to resistance to change. Look at IE 6 as an example?
http://saveie6.com/
"Hoping to build on the success of Docker-based Linux containers, Microsoft has developed a container technology to run on its Windows Server operating system."
I'm confused, did Microsoft originally develop Docker-based Linux containers and is now cloning the technology to run natively under Windows?
I'll admit that I'm too lazy to read TFA but I think its portable app tech. With the acquisition of Softricity, Microsoft bought SoftGrid which it rebranded as Microsoft Application Virtualization for windows desktops and TS/RDS, then App-V for Servers. In reality it is COM/DCOM name space virtualization under the covers as I helped develop it. VMWare responded by acquiring Thinstall, nowcThinApp, which is also a portable app tech.
What microsoft are offering is virtual machines with a cut-down 64bit windows kernel, without the 32bit support, without the user interface and without all the other guff that bloats a normal windows install.
It's still a VM running on a hypervisor.
Containers on the other hand all share the same running kernel (linux kernel) and just include different application or systems files. Well at least that's what it has meant for the last few years with lxc, docker and rocket et al.
Who the fuck writes code for a specific distro?
No one. I can run anything that will compile on Linux on any distro I want.