In this series, we will try to sort out confusing topics such as Docker Engine Enterprise Edition (EE) vs. Docker Enterprise, Docker Engine Community Edition (CE) vs. Docker Desktop, dockerd vs. docker vs. containerd vs. runc, and so on.
Latest posts by Swapnil Kambli (see all)

We'll also try to understand the current state of Docker on Windows by demystifying the differences between the Docker experience on Windows and Linux. In today's article, we will begin with launching our first Windows container on Windows Server 2019, and along the way, we will go through some of the current aspects of Docker on Windows.

When Docker first released a containerization product, they started with Linux as a base platform. In 2014, Docker and Microsoft announced partnership to provide a consistent platform to build, ship, and run any application. On Windows Server 2016, Docker and Microsoft came out with container technology that provided a consistent experience across both Linux and Windows Server environments.

In 2017, they released Docker Swarm with the ability to create mixed Windows Server and Linux clusters. In 2018, this release followed with added support for the Semi-Annual Channel (SAC) Windows Server 1709 and 1803 versions. With Windows Server 2019 (the 1809 build), Microsoft managed to bring the containers to Windows on par with containers on Linux systems.

At present, thousands of enterprise customers are widely using Docker on Windows in production environments. However, there's always been a subtle functionality difference between Windows containers and Linux containers. Microsoft Windows Server is closing that gap rapidly with new releases.

Install the Hyper-V feature ^

On Windows platforms, you can run containers in two modes: process isolation and Hyper-V isolation. In process isolation mode, containers share the OS kernel with the host and hence are lightweight and similar to how containers work on Linux systems.

Conversely, in Hyper-V isolation mode, each container runs inside a special minimal virtual machine. Thus, it provides secure kernel-level isolation and enhanced compatibility. You need to enable Hyper-V in the host OS to run containers in Hyper-V isolation mode.

When we install Docker on a Windows server, the default mode of operation is process isolation. And enabling Hyper-V is optional. However, if we need to run Linux containers, enabling Hyper-V is required.

The second factor that determines whether to go for the Hyper-V feature is the OS build. Windows containers need to have the same build version as the version of the container host OS they run on. Container images tagged as 1809 would work on the latest 1809 Windows version builds. However, if we have built container images on a lower version of Windows than the container host OS, we can run these containers with Hyper-V isolation, which requires enabling Hyper-V.

You can install Hyper-V on Windows Server using the PowerShell command below:

Install-WindowsFeature -Name Hyper-V -IncludeManagementTools -Restart

Also, we need to note here that we can switch between process isolation and Hyper-V isolation during runtime using the parameter isolation while spinning up Docker containers.

Container host prerequisites ^

Though this article's scope is for Windows Server 2019 (1809), the steps demonstrated here could also very well apply to other Windows Server builds, including Windows Server version 1803, Windows Server version 1709, and Windows Server 2016.

If you want to use Hyper-V isolation in your container, you need to enable virtualization in the hosting platform. If the container host is running on hardware, you need to enable the hardware virtualization feature, such as Intel VT-x, in BIOS. And if the container host is running from Hyper-V or from a cloud environment, you need to enable nested virtualization in the base platform.

Install the containers feature ^

For containerization to work, you need to install the Windows container feature on the Windows container host. Use the command below to install the containers feature and reboot the computer.

Install-WindowsFeature containers -Restart
Install the Containers feature

Install the Containers feature

Install Docker ^

Docker consists of two major components: the Docker engine and the Docker client. The Docker engine is available in two editions: Docker Engine CE and Docker Engine EE. The Docker Engine CE is a free product. Conversely, the Docker Engine EE requires a license. The diagram below illustrates the architectural difference between the two.

Docker Engine architecture

Docker Engine architecture

From a user-experience perspective, Docker provides two sets of products or packaged bundles: namely, Docker Desktop and Docker Enterprise.

As for Docker Desktop Community/Enterprise, they designed this product set considering developers and a development environment in mind. Docker Desktop provides an installation wizard, a management UI, and several other utilities for improving deployment. Docker Desktop is supported on Windows 10 and Mac. Docker Desktop comes with the Docker Engine CE or EE depending on the product tier we choose.

Docker targets its enterprise product suite toward production environments. This includes the Docker enterprise engine along with its certified plug-ins, well-integrated product line, and trusted repositories. Overall, it aligns with the enterprise requirements for use in a production environment.

In this article, we are going to install Docker Engine EE on Windows Server 2019. To get the full functionality of the EE edition, we need to purchase the EE license from Docker.

The process for installing Docker EE on Windows Server is quite simple with the introduction of the OneGet provider PowerShell Module. As a first step, install the Docker-Microsoft PackageManagement Provider module from the PowerShell Gallery.

Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
Install the Docker package provider

Install the Docker package provider

We can use the commands below to view the installed package provider and the Docker package made available through it.

Get-PackageProvider -ListAvailableget-packagesource -ProviderName DockerMsftProvider
Display the installed package provider

Display the installed package provider

Next, we will use the PackageManagement PowerShell module command Install-Package to install the latest version of Docker.

Install-Package -Name docker -ProviderName DockerMsftProvider
Install the Docker package

Install the Docker package

Docker verification ^

After installing the Docker package and we have our command prompt back, we need to start the Docker service using the command below.

Start-Service Docker

When we run the Docker service for the first time, it creates a virtual switch/interface viewable through our Control Panel pane.

Installed network virtual switch

Installed network virtual switch

Also, we can verify the Docker virtual network creation using the Docker command below. The default name of the bridge or switch in a Windows environment is NAT.

docker network ls
List Docker networks

List Docker networks

This virtual switch lays the foundation of networking for containers to communicate with each other as well as talk with the container host.

Next, we can run the Docker version command to check the details of our deployment setup. We can verify the Docker engine and client version from the command output.

docker version
Check the Docker version

Check the Docker version

And lastly, to confirm the Docker client-engine communication is working fine and installation is complete, run the command docker info. This provides us with system metadata along with the current container stats.

Check system container info

Check system container info

Launch a Windows container on Windows Server 2019 ^

Now that we have completed the installation and verified everything is working smoothly, it's time to run our first Windows container on Docker.

Here we need to consider two factors. First, we can create Windows container images with four container base images: Windows Server Core, Nano Server, Windows, and IoT Core.

When we spin a container from these images, we need to verify the compatibility between the container host OS and the container base image. In other words, containers based on Windows Server Core, Nano Server, or Windows as the base image can run on a Windows 2019 container host. However, a container based on an IoT Core image cannot run on Windows Server 2019. An IoT Core container requires Windows IoT Core as a container host.

Second, to repeat, Windows containers need to match the version of the container host OS. Container images with the 1809 tag work with the latest Windows versions. However, if we have container images built on a lower version of Windows than the container host OS, we can run these containers with Hyper-V isolation

Considering these two factors, let's verify the build version of our container host.

winver
Check the Windows version

Check the Windows version

As the container host build version is 1809, let's try to download a Nano Server image from the Microsoft image/container registry to the local machine.

docker image pull mcr.microsoft.com/windows/nanoserver:1809
Pull a Docker Nano Server image

Pull a Docker Nano Server image

We can verify the locally available image along with its metadata information, such as size, image ID, and creation date.

docker image ls
List locally available images

List locally available images

We can use the downloaded image for baking our application into it and creating a new container. But for simplicity, let's launch a basic container that will run just a simple command inside the OS and exit.

docker container run mcr.microsoft.com/windows/nanoserver:1809 hostname
Create and run a Docker container

Create and run a Docker container

This command created a new container from the Windows Nano Server image, and the container outputted the machine name of the container, a random ID set by Docker. To see more information about the container we created just now, run the command below.

Subscribe to 4sysops newsletter!

docker container ls -a
List Docker container information

List Docker container information

Thus, we have launched a Windows container on Windows Server 2019, considering some of the factors for Docker on Windows. In the next article, we'll discuss Linux containers on Windows (LCOW), LinuxKit, Windows Subsystem for Linux 2 and how to run your first Linux container on Windows Server 2019.

avatar
6 Comments
  1. David 3 years ago

    You're already using a CLI. Just a little more typing and interpreting and you can run the docker engine on its native OS. 

    • Author

      Hi David,
      At present Win containers could only run on Windows Host. Along with the modern windows apps based on .net stack, there are millions of legacy Windows applications that could only be hosted on Windows Host. Apart from this dependency factor, Microsoft Windows enables a unique implementation pattern of hosting both Windows and Linux containers on the same windows host side by side granting access through both win32 and Linux subsystem. I hope this clarifies the importance of docker engine on Windows host.

  2. Kapil M Bhudhia 2 years ago

    Hi Swapnil,

    Thanks for the excellent post. I have this query about Docker EE on Windows Server 2019 – as I understand from what you mention here and from my own personal experience that one cannot run a Linux container on a Windows Server 2019 as easily as you can on Windows 10 (with Docker CE). On Windows 10 (with Docker CE) there is an out of box support for running Linux containers (one just has to switch to Linux containers in the Docker UI) – I really struggle to see as to why was is this out of the box experience missing for Windows Server 2019? 

    Also, what would you suggest if one wishes to run Linux containers in production and the host operating system is constrained to Windows Server 2019? Clearly LCOW is ruled out since it still experimental.

    I am looking forward to your forth coming post about LinuxKit and Linux Subsystem 2 – can one use them in production?

    Thanks and Regards,

    Kapil.

    • Shanta 2 years ago

      Hi Swapnil,

       

      Did you manage to get Linux containers running on Windows Server 2019?

  3. Rajesh 2 years ago

    Hi Swapnil,

    Have experienced problem with NAT network that is used by docker on windows. After installing docker we get vEthernet (nat) created in windows and i guess this is used from NAT network that docker creates. After applying security patch KB4551853 on windows however it look like it breaks the network somewhere and docker container no longer access another host or another container running in same network.

    On vEthernet(nat) if i see the packet received is always coming 0.

    a simple docker application like helloworkd works fine – but one that involves network communication fails. 

    How can this network issue be fixed. Is there a way to remove the default network and create a new one. I am working of Azure VM that are windows 2019 data center and normally updated with latest OS patches.

  4. Himanshu J Zinzuwadia 1 year ago

    Hi Swapnil,

     

    Can you point me to the right direction if I want to run Docker Swarm in the above environment you describe. When I try it I don't get outbound internet connectivity from my containers running in Swarm mode with the overlay network that docker creates when I use Docker Stack deploy command with my docker compose files.

     

    Thanks

     

    Himanshu

Leave a reply to Rajesh Click here to cancel the reply

Please enclose code in pre tags

Your email address will not be published.

*

© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account