Microsoft has made available its fourth technical preview of the forthcoming Windows Server 2016 platform, showcasing for the first time Hyper-V Containers, a technology that Microsoft is providing to support containerised applications with a greater degree of security and isolation.
Windows Server 2016 is the next version of Microsoft's server platform, equating to the server counterpart of Windows 10. However, Windows Server 2016 is not expected to ship until sometime in the second half of next year, at least a year later than the client platform.
Available to download now, Windows Server 2016 Technical Preview 4 delivers a host of updates, the headline features centring on container support and especially the first public preview of Hyper-V Containers.
The move means that Microsoft is set to support two ways of running applications in containers under Windows Server 2016. Windows Server Containers has already debuted in the previous Technical Preview release, while Hyper-V Containers adds a further deployment option that provides increased isolation, according to Microsoft.
Announcing the preview on the firm's Server & Cloud blog, Microsoft said that Hyper-V Containers "isolate applications with the guarantees associated with traditional virtualisation, but with the ease, image format and management model of Windows Server Containers, including the support of Docker Engine".
This means that, although Hyper-V Containers is intended to offer a greater degree of isolation between containers than Windows Server Containers, customers will be able to deploy them using the same method, typically Docker APIs and the Docker client, regardless of which target they choose.
Hyper-V Containers achieves isolation by making use of Microsoft's hypervisor, as its name suggests. According to Microsoft's TechNet description, "Windows Server Containers achieve isolation through namespace and process isolation. Hyper-V Containers encapsulates each container in a lightweight virtual machine."
However, the technology appears to be a kind of hybrid between containers and virtual machines, as detailed in an earlier blog post by Mark Russinovich, chief technology officer for Microsoft Azure.
"To create more isolation, Hyper-V Containers each have their own copy of the Windows kernel and have memory assigned directly to them, a key requirement of strong isolation. We use Hyper-V for CPU, memory and I/O isolation (like network and storage), delivering the same level of isolation found in VMs," Russinovich explained.
"So aren't Hyper-V Containers the same as VMs? Besides the optimisations to the OS that result from it being fully aware that it's in a container and not a physical machine, Hyper-V Containers will be deployed using the magic of Docker and can use the exact same packages that run in Windows Server Containers. Thus, the trade-off of level of isolation versus efficiency/agility is a deploy-time decision, not a development-time decision - one made by the owner of the host."
The reason for supporting two different methods of operating containers is trust. Windows Server Containers are fine for situations where the host operating system and applications are within the same trust boundary, such as a customer's own infrastructure, but for environments such as a multi-tenant public cloud, the isolation provided by Hyper-V Containers may be essential.
Other updates include support for a number of key applications and application frameworks in Windows Server Containers, such as ASP.Net 3.5 and 4.6. Microsoft also said that its stripped-down Nano Server can be deployed as a container host and as a container runtime (the operating system that runs inside the container), providing a lean, efficient installation of Windows Server for cloud-native applications.
Windows Server 2016 Technical Preview 4 also includes updates to Active Directory Domain Services, enhancements to Active Directory Federation Services to support authentication of users via Lightweight Directory Access Protocol directories, and an update to Failover Clustering so that clusters can be upgraded easily without any downtime.
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal