Chapter 13, Containers and Nano

Server
Application containers are quickly becoming the new
standard for hosting modern, scalable applications.
This chapter enhances DevOps story using tools
such as Windows Server containers, Hyper-V
containers, Docker, and Kubernetes.
Table of contents
1. Learning outcomes
2. Understanding Application Containers.
3. Containers and Nano Server
4. Windows Server containers versus Hyper-V
containers.
5. Docker and Kubernetes.
6. Working with containers.
1. Learning outcomes
By the end of this lesson, you should be able to:
 Evaluate the use of containers and Nano servers
in Windows Server 2019.
2. Understanding Application
Containers.
Application containers are lightweight, portable, and
isolated environments that allow you to package and
run applications with their dependencies. They
provide a consistent runtime environment, ensuring
that the application runs the same regardless of the
host system. Containers are based on the concept of
operating system-level virtualization.

Below are a few benefits of containers.

Sharing resources:
Containers enable efficient resource sharing by
running multiple isolated instances on a single host
operating system. Each container shares the
underlying host's kernel and operating system
resources, such as CPU, memory, and storage. By
sharing resources, containers reduce resource
duplication and improve overall resource utilization.
In the context of Windows Server 2019, containers
utilize the features of Nano Server, which is a
stripped-down version of the Windows Server
operating system. Nano Server provides a minimal
footprint, reducing the resource requirements for
running containers.

Isolation:
Containerization offers application isolation, ensuring
that each container operates independently of others
on the same host. This isolation prevents conflicts
between applications and allows different versions of
the same application to coexist without interference.
In Windows Server 2019, containers leverage
lightweight virtualization technology, such as Hyper-V
containers or Windows Server containers, to achieve
isolation. Hyper-V containers provide stronger
isolation by utilizing a dedicated kernel instance for
each container, while Windows Server containers
share the host's kernel.

Scalability:
Containers facilitate application scalability by allowing
you to easily replicate and distribute container
instances across multiple hosts. Container
orchestration tools, such as Kubernetes, can manage
the scaling of containers by automatically deploying
additional instances based on resource demands.
With Windows Server 2019, you can leverage
container orchestration platforms to scale your
containerized applications efficiently. These platforms
provide features like automatic load balancing,
horizontal scaling, and self-healing capabilities to
ensure high availability and performance.
Additionally, the lightweight nature of Nano Server
and containers enables quick provisioning and
deployment, reducing the time required to scale your
applications.
3. Containers and Nano Server
Containers and Nano Server in Windows Server
2019 offer a synergistic combination that enhances
the efficiency, portability, and security of application
deployment. Let's explore the relationship between
containers and Nano Server in more detail:

Figure 1: Layers of a Windows container (Krause, 2021)

Nano Server as a container host:

Nano Server is a lightweight edition of the Windows
Server operating system designed specifically for
modern application deployment scenarios, including
containers. It provides a minimal footprint, reducing
the attack surface and resource requirements
compared to the full Windows Server installation.
As a container host, Nano Server serves as the
underlying operating system on which containers are
deployed and run. Its small size and optimized
configuration make it an ideal choice for hosting
containerized applications. Nano Server supports
both Windows Server containers and Hyper-V
containers, offering flexibility based on your isolation
requirements.
Benefits of using Nano Server for containers:
 Reduced footprint: Nano Server has a
significantly smaller footprint compared to the full
Windows Server installation. This smaller size
translates into faster container provisioning,
improved resource utilization, and quicker
deployment times.
 Enhanced security: With a minimized surface
area and limited attack vectors, Nano Server
reduces the potential vulnerabilities and
enhances the security of your containerized
applications. By using Nano Server as the
container host, you isolate the containers from
the underlying host operating system, providing
an additional layer of security.
 Efficient resource utilization: Nano Server's
lightweight nature enables efficient resource
utilization, allowing you to run more containers
on a single host. This improves scalability and
maximizes the utilization of server resources
such as CPU, memory, and storage.
 Improved performance: The reduced overhead of
Nano Server results in improved performance for
containerized applications. By eliminating
unnecessary components and services, Nano
Server focuses on providing the essential
functionality needed to run containers, leading to
faster start up times and more efficient execution.
Compatibility with container orchestration
platforms:
Nano Server is fully compatible with popular
container orchestration platforms like Kubernetes,
Docker Swarm, and Microsoft's own Azure
Kubernetes Service (AKS). This compatibility allows
you to leverage the rich ecosystem of container
management and orchestration tools to deploy, scale,
and manage your containerized applications on Nano
Server.

With Nano Server as the container host, you can

benefit from the advanced features of container
orchestration platforms, including automatic load
balancing, service discovery, health monitoring, and
scaling capabilities. This combination empowers you
to build scalable and resilient application
architectures using containers and Nano Server.
4. Windows Server containers
versus Hyper-V containers.
When working with containers in Windows Server
2019, you have two options for containerization:
Windows Server containers and Hyper-V containers.
Let's explore the differences between these two
container types:

Windows Server containers:

Windows Server containers are a type of
containerization technology that provides lightweight,
isolated environments for running applications. They
share the host operating system's kernel and
operating system resources, which results in efficient
resource utilization and fast container start up times.

Key features of Windows Server containers

include:
 Process-level isolation: Windows Server
containers offer process-level isolation, where
each container runs as a separate process on
the host operating system. This isolation ensures
that applications within the containers do not
interfere with each other.
 Shared kernel with the host: Windows Server
containers share the host operating system's
kernel, which allows them to be lightweight and
have low resource overhead. However, this also
means that any vulnerabilities or issues in the
kernel may affect all containers running on the
host.
  Rapid container start up: Windows Server
containers have fast start up times because they
do not require a separate operating system
instance. Instead, they leverage the host
operating system's kernel, libraries, and binaries,
resulting in quick provisioning and deployment.
 Limited isolation: While Windows Server
containers provide isolation at the process level,
they do not provide complete isolation from the
host operating system. This means that there
may be potential security risks if an attacker
gains access to the host operating system.

Hyper-V containers:
Hyper-V containers, on the other hand, offer a higher
level of isolation by utilizing a lightweight virtual
machine (VM) for each container. These containers
run on a separate instance of the Windows Server
operating system within a Hyper-V VM.

Key features of Hyper-V containers include:

 Enhanced isolation: Hyper-V containers provide
stronger isolation compared to Windows Server
containers. Each container runs within its own
Hyper-V VM, which means that the container has
its own dedicated kernel instance. This isolation
adds an extra layer of security and ensures that
containers are fully isolated from each other and
the host operating system.
 Separation from the host operating system:
Hyper-V containers are decoupled from the host
 operating system and have their own separate
instance of Windows Server. This separation
ensures that any vulnerabilities or issues in the
host operating system do not directly impact the
containers.
 Slightly slower start up times: Since Hyper-V
containers require the creation of a lightweight
VM for each container, the start up times may be
slightly slower compared to Windows Server
containers. However, this additional overhead is
justified by the increased isolation and security.
 Flexibility in host operating system versions:
Hyper-V containers allow you to run containers
with different versions of the Windows Server
operating system. This flexibility is useful when
you have applications that require specific
versions of the operating system or when you
want to isolate containers with different security
or compatibility requirements.
5. Docker and Kubernetes.
Docker and Kubernetes are two popular technologies
used in the containerization and orchestration of
applications. Let's explore each of them in more
detail:
1. Linux containers:
Linux containers, also known as LXC (Linux
Containers), are a lightweight virtualization
technology that provides operating system-level
virtualization. Linux containers utilize features such
as cgroups and namespaces to isolate processes, file
systems, and network resources.

2. Docker Hub
Docker, initially built on top of Linux containers, is an
open-source platform that simplifies the creation,
deployment, and management of containers. It
provides a user-friendly interface and tooling to
package applications and their dependencies into
container images, which can then be deployed and
run consistently across different environments.
Docker allows you to build, ship, and run applications
within containers, providing benefits such as
reproducibility, portability, and scalability. It has a
large ecosystem of container images available on
Docker Hub (https://hub.docker.com/), making it easy
to leverage existing images or share your own with
the community.
Figure 2: Docker Hub (Krause, 2021)

3. Hyper-V containers:
Hyper-V containers, introduced by Microsoft,
combine the benefits of containerization with the
isolation of virtual machines. They utilize the Hyper-V
hypervisor to run containers within lightweight virtual
machines, providing an additional layer of isolation
and security.
Hyper-V containers are suitable for scenarios where
stronger isolation is required, or when running
containers with different operating system versions or
configurations. Each Hyper-V container runs its own
instance of the Windows Server operating system,
allowing greater separation from the host operating
system and other containers.
With Hyper-V containers, you can leverage the same
container management tools and workflows as with
Windows Server containers, ensuring compatibility
and ease of use.

4. Docker Trusted Registry:

Docker Trusted Registry (DTR) is an enterprise-
grade container registry solution provided by Docker.
It enables organizations to securely store, manage,
and distribute container images within their own
private infrastructure.
DTR offers features such as image signing,
vulnerability scanning, access controls, and image
promotion policies. It provides enhanced security and
compliance capabilities, allowing organizations to
enforce policies and ensure the integrity of container
images.
By using Docker Trusted Registry, organizations can
have greater control over their container images,
maintain versioning, and facilitate collaboration
among development teams while ensuring secure
and reliable image distribution.

Figure 3: Docker Trusted Registry (Krause, 2021)

5. Kubernetes:
Kubernetes is an open-source container
orchestration platform originally developed by
Google. It provides a robust and scalable solution for
automating the deployment, scaling, and
management of containerized applications.
Kubernetes allows you to define and manage
application workloads, networking, and storage
requirements through declarative configuration files.
It automates tasks such as container scheduling,
scaling, load balancing, and self-healing, ensuring
high availability and efficient resource utilization.
Kubernetes introduces the concept of pods, which
are groups of one or more containers that share
network and storage resources. It also provides a rich
set of features for service discovery, load balancing,
rolling updates, and rolling deployments.
With Kubernetes, you can create and manage
containerized applications across multiple nodes, on-
premises or in the cloud, and take advantage of its
extensive ecosystem of tools and integrations.
6. Working with containers.
When working with containers, there are several
steps involved, from setting up the necessary
infrastructure to running and managing containers.
Let's go through the key steps:
1. Installing the role and feature:
Before working with containers in Windows Server
2019, you need to install the necessary role and
feature called "Containers." Here's a high-level
overview of the installation process:
 Open Server Manager and select "Manage" >
"Add Roles and Features."
 In the "Add Roles and Features Wizard," select
the appropriate server.
 On the "Server Roles" page, select "Containers"
and click "Next."
 Continue with the installation, selecting the
appropriate options, until you reach the
"Confirmation" page.
 Review the installation selections and click
"Install" to begin the installation process.
 Once the installation is complete, you can
proceed with configuring and working with
containers.
 2. Installing Docker for Windows:
Docker for Windows is a popular choice for working
with containers on Windows Server 2019. Here's a
general overview of the installation process:
 Download the Docker for Windows installer from
the Docker website.
 Run the installer and follow the on-screen
instructions.
 During the installation, you may need to enable
Hyper-V and Windows containers features if they
are not already enabled.
 Once the installation is complete, Docker for
Windows will be ready to use.
 3. Docker commands:
Docker provides a command-line interface (CLI) for
interacting with containers. Here are a few essential
Docker commands:
 docker run: This command is used to create and
start a new container from a specified image.
 docker images: Lists all the available container
images on your system.
 docker ps: Lists the running containers.
 docker stop: Stops a running container.
 docker start: Starts a stopped container.
 docker rm: Removes a container.
 docker pull: Downloads a container image from a
registry.
These are just a few examples of the numerous
Docker commands available. You can explore the
Docker documentation for a comprehensive list of
commands and their usage.

4. Downloading a container image:

Before running a container, you need to download
the required container image from a registry. Docker
Hub is a popular public registry that hosts a wide
range of container images. Here's the general
process for downloading an image:
 Open a terminal or command prompt.
 Use the docker pull command followed by the
image name and tag to download the image. For
example: docker pull nginx:latest.
 Docker will download the image from the registry
and store it locally on your system.

5. Running a container:
Once you have the necessary container image, you
can run a container based on that image. Here's a
basic workflow for running a container:
 Open a terminal or command prompt.
 Use the docker run command followed by the
image name to start a container. For example:
docker run nginx.
 Docker will create and start a new container
based on the specified image.
 You can use additional flags and options with the
docker run command to customize the container's
 behavior, such as specifying port mappings,
environment variables, or volume mounts.

After running a container, you can access it through

the specified ports or interact with it using additional
Docker commands, such as docker exec to execute
commands within the running container.

VM vs Container
https://www.youtube.com/watch?v=cjXI-yxqGTI
References
Krause, J., 2021. Mastering Windows Server 2019: The Complete Guide for System Administrators to
Install, Manage and Deploy New Capabilities with Windows Server 20192021. 3rd ed. BIRMINGHAM
- MUMBAI: Packt Publishing.

Mikhailenko, V., 2021. VMware Workstation Tutorial. [Online]

Available at: https://www.youtube.com/watch?v=2KrzgeB6qEI
[Accessed 17 July 2023].