GETTING STARTED WITH WINDOWS CONTAINERS, DOCKER AND AZURE

GETTING STARTED WITH WINDOWS CONTAINERS, DOCKER AND AZURE Thomas Maurer thomasmaurer.ch @ThomasMaurer Cloud Architect and MVP Samuel Erskine Geekbydayfreakbynight.com @SamErskine MVP and Author

Thomas Maurer Sam Erskine @ThomasMaurer @SamErskine Microsoft MVP, MCT Microsoft MVP, MCT Cloud Architect @ itnetx Author, Trainer & Snr Manager Foodie, Frequent Flyer Gadget Freak

AGENDA Agile DevOps World. Windows Containers Basics

EXPECTATIONS OF CLOUD APPLICATIONS

CURRENT CHALLENGES Customer Pain Scalability (lack of) All or nothing updates Downtime during updates Complicated deployment High 3 rd party license costs Developer Pain Long build times Locked into single technology stack High team coordination/overhead Easy to break the monolith Long release cycles

Rapid Deployment Fast Iterations Service Separation High Availability Reproducibility On Any Cloud Scalability Test at Scale Reduced Costs

WHAT IS A CONTAINER?

WHAT IS A CONTAINER? Application OS Hardware

WHAT IS A CONTAINER? Traditional virtual machines = hardware virtualization VM VM VM

WHAT IS A CONTAINER? Containers = Operating system virtualization Applications Kernel Traditional virtual machines = hardware virtualization VM VM VM

WHAT IS A CONTAINER? Containers = Operating system virtualization CONTAINER CONTAINER CONTAINER Applications Kernel Traditional virtual machines = hardware virtualization VM VM VM

WHAT IS A CONTAINER? Containers = Operating system virtualization CONTAINER CONTAINER CONTAINER Windows Server Containers Maximum speed and density CONTAINER CONTAINER CONTAINER Applications Kernel Traditional virtual machines = hardware virtualization VM VM VM

HOW DO CONTAINERS WORK?

HIGH LEVEL ARCHITECTURE Container Development and Management Toolset Container Runtime

WINDOWS CONTAINERS Host User Mode System Processes Container Management

WINDOWS CONTAINERS Host User Mode System Processes Container Management System Processes

WINDOWS CONTAINERS Host User Mode System Processes Container Management System Processes Application Process(es)

WINDOWS CONTAINERS Host User Mode System Processes Container Management Hyper-V Container System Processes Application Process(es)

WINDOWS CONTAINERS Host User Mode System Processes Container Management Hyper-V Container System Processes Application Process(es) System Processes Application Process(es)

WINDOWS CONTAINERS System Processes Host User Mode Container Management Virtual Machine Specifically Optimized To Run a Container Hyper-V Container System Processes Application Process(es) System Processes Application Process(es)

A QUICK EXAMPLE

STARTUP PERFORMANCE Windows Server Container Under 600 ~1 Milliseconds! Hyper-V Container ~1.75 ~3.3 seconds A virtual A machine virtual machine takes ~5 takes seconds ~3 seconds to over a min HP ProLiant SL250s Gen8, E5-2600, 2 Socket, 8 Core, 128GB RAM, HP SATA SSD

STARTUP PERFORMANCE Windows Server Container Under 600 Milliseconds! Hyper-V Container ~1.75 seconds A virtual machine takes ~3 seconds Windows Server Container ~1 second Hyper-V Container ~3.3 seconds A virtual machine takes ~5 seconds to over a min

DENSITY Windows Server Container First Container ~150MB ~120MB Additional Containers ~75MB Hyper-V Container First Container ~340MB ~555MB Additional Containers ~280MB ~150MB HP ProLiant SL250s Gen8, E5-2600, 2 Socket, 8 Core, 128GB RAM, HP SATA SSD

DENSITY Windows Server Container First Container ~120MB Additional Containers ~75MB Hyper-V Container First Container ~340MB Additional Containers ~150MB Windows Server Container First Container ~150MB Additional Containers ~75MB Hyper-V Container First Container ~555MB Additional Containers ~280MB

HOW DO I CREATE A CONTAINER?

DOCKER CONTAINER MANAGEMENT Registry Registry Host Containers Containers Containers Client Daemon Images Images Images https://msdn.microsoft.com/en-us/virtualization/windowscontainers/docker/configure_docker_daemon

CREATE A CONTAINER docker run -d --name "demo1" microsoft/nanoserver

DOCKER RUN Creates and Starts a New Container Runtime options Name (network name and management name) Interactive or Service Network configuration Resource management Volume mappings Isolation level

DEMO CREATING A CONTAINER

DEVOPS WHY, WHAT & HOW

@samerskine Dev view of Enterprise Operations Ops code platform Ops Rules

@samerskine Ops view of Devs What is code is behind this? Dev house

RESOLVING ISSUES WITHOUT DEVOPS

OUR SHARED DEFINITION DEVOPS Automated Testing Continuous Deployment Continuous Integration Release Management Infrastructure as Code Application Performance Management Configuration Management

ENTERPRISE ADOPTION OF DEVOPS Hey, I need 5 more features by next week Sure lets work on it together

THE NEW DEV, OPS, AND BUSINESS

WHAT IS A CONTAINER IMAGE?

CONTAINER IMAGE Analogous to a VHD and config file to a virtual machine Created by running a container and capturing changes Changes include files and registry Metadata Name, Creation Data, Command To Execute, Dependences Contents

CONTAINER IMAGES

CONTAINER IMAGES Image Contents HKLM HKCU License.txt PerfLogs Program Files HKCR HKU Program Files (x86) Users Windows

CONTAINER IMAGES Image Contents HKLM inetpub SOFTWARE/ mykey mysite.html Image Contents HKLM HKCU License.txt PerfLogs Program Files HKCR HKU Program Files (x86) Users Windows

AUTOMATED IMAGE BUILDING Docker Build and Dockerfiles Method for automated container image build Consumed when running docker build Caches unchanged commands Integrates into Docker Hub Examples IIS FROM microsoft/windowsservercore RUN powershell command Add-WindowsFeature Web-Server Website FROM iis ADD mysite.htm inetpub\mysite.htm

DEMO DOCKER BUILD

IMAGE REGISTRIES What is a registry? Stores container images Images are Pushed into a registry Images are Pulled from a registry Images are Searched for within a registry

IMAGE REGISTRIES Docker Hub and Docker Store Public, Official and Private image repositories Granular access controls with organization support Automated image build support Docker Trusted Registry Enterprise Grade Private Registries Runs on your infrastructure (on-prem or cloud) Active Directory and Role Based Access Controls Docker Registry Open source foundation of Hub and DTR Runs on your infrastructure (on-prem or cloud) as a container https://docs.docker.com/registry and or https://github.com/docker/distribution

CONTAINER INFRASTRUCTURE LAYERING Application Linux Containers Windows Server Containers Hyper-V Containers Deployment Packaging Orchestration Dev Cloud IaaS

Azure Container Registry

WHY: AZURE CONTAINER REGISTRY Keep Your Images Private Stored in Azure with your resources Network-Close Deployed to your targets within the same data center No ingress/egress fees or latency Azure Active Directory Integration Manage registry access using AAD Familiar Open Source CLIs docker login, pull, push

CONTAINER DEVOPS WORKFLOW Container Service Source Code Control (SCC) Build/CI, Integrate, Test CD, Deploy Run, Manage Production environments Service Fabric App Services Batch Azure Container Registry coming soon Inner-Loop Run Monitor and Diagnose Code Validate Debug

Azure Container Service kubernetes DC/OS Swarm

ND (P40) and NCv2 (P100s) Dv3 and Ev3 (with nested virtualization)

Soon Soon Soon Soon

NESTED VIRTUALIZATION Guest VM Nested Virt vcpu Virtualization

NESTED VIRTUALIZATION Windows Guest Linux Guest Hyper-V Isolation vcpu vcpu vcpu Virtualization

WHAT ABOUT

LICENSING https://www.microsoft.com/en-us/cloud-platform/windows-server-pricing

PATCHING AND UPDATES Update Container OS Image Pull updated base image Rebuild containers using dockerfiles 10.0.14393.0

PATCHING AND UPDATES Update Container OS Image Pull updated base image Rebuild containers using dockerfiles KB123456 = new image on Docker Hub 10.0.14393.0 10.0.14393.1

PATCHING AND UPDATES Update Container OS Image Pull updated base image Rebuild containers using dockerfiles FROM windowsservercore RUN powershell command Add-WindowsFeature Web-Server KB123456 = new image on Docker Hub 10.0.14393.0 10.0.14393.1

PATCHING AND UPDATES Update Container OS Image Pull updated base image Rebuild containers using dockerfiles FROM iis ADD mysite.htm inetpub\mysite.htm FROM windowsservercore RUN powershell command Add-WindowsFeature Web-Server KB123456 = new image on Docker Hub 10.0.14393.0 10.0.14393.1

PATCHING AND UPDATES Update as a new layer Download update in container (ala run Windows Update in the container) When container is stopped update is applied as a new layer 10.0.14393.0

PATCHING AND UPDATES Update as a new layer Download update in container (ala run Windows Update in the container) When container is stopped update is applied as a new layer Same Image 10.0.14393.0 10.0.14393.0

RESOURCE CONTROLS CPU Percent of host CPU container can consume Memory Disk Maximum memory container can consume Maximum IO bandwidth on the system drive Maximum IOPs limit on the system drive Network Platform support for egress caps

NETWORKING Fully Manageable with Docker Network creation/enumeration Service Discovery Optimized for Microsoft Cloud Stack Advanced network policy (ACLs, QoS) can be assigned per container endpoint Load Balancing can be handled through the Microsoft Software Load Balancer (Coming Soon) Area of Regular and Continuous Innovation Docker tooling support (Compose) for networking (Limited Support at GA) Integration with other Orchestrators (Kubernetes, Swarm, etc.) Native Overlay network driver Multiple networks (NAT and overlay) per host

STORAGE Container Image Not designed for persistent data Not designed for secrets Volumes Enables storage persistence Enables mapping of storage into containers Read-Only or Read/Write Multiple containers on the same host can access the same location Plug-In Architecture Network Storage Containers access SMB shares Accessed though the containers network

VOLUME MAPPING Container Host

VOLUME MAPPING License.txt PerfLogs Program Files Program Files (x86) Users Windows Container Host ContainerData

STORAGE VOLUME MAPPING EXAMPLE License.txt PerfLogs Program Files Program Files (x86) Users Windows Container Host ContainerData

VOLUME MAPPING License.txt PerfLogs Program Files Program Files (x86) Users Windows License.txt PerfLogs Program Files Program Files (x86) Users Windows data Container Host ContainerData

AUTOMATION AND MANAGEMENT

COMPOSITION AND ORCHESTRATION Applications typically comprised of multiple containers Containers typically hosted across a cluster of nodes Orchestration tooling automates this

COMPOSITION AND ORCHESTRATION Docker Compose Define application as separate containers Manage different containers as a unit Scale parts of application as needed Docker Swarm Aggregate container hosts Supports tagging, affinity/anti-affinity

COMPOSITION AND ORCHESTRATION Azure Service Fabric Microservice and orchestration platform Build applications as containers and/or microservices Available on Windows & Linux Built-in cross-container communication Web based management UI Available On-Prem, Azure or other Clouds

COMPOSITION AND ORCHESTRATION Kubernetes Open source project started by Google Windows support being added though community partnership spear headed by Apprenda

COMPOSITION AND ORCHESTRATION Mesos/Mesosphere + Marathon Aggregates container hosts Web based UI Service Launch and Discovery

MANAGEMENT AND MONITORING TOOLS Docker Datacenter Commercially Supported Docker Engines Compute

MANAGEMENT AND MONITORING TOOLS Docker Datacenter

MICROSOFT OPERATIONS MANAGEMENT SUITE Monitoring Solution for Docker Syslog events Performance metrics Container data

BUILD ONCE, RUN ANYWHERE using System; class Program { static void Main() { } }

APPLICATIONS IN CONTAINER

STATELESS APPLICATIONS Web sites & application workers Batch processing Continuous Integration workflows

IMAGE2DOCKER Convert WIM/VHD to Dockerfile Written in PowerShell Open Source Discover Find Installed Programs Show Roles & Features IIS Sites & Configurations Common applications SQL, Apache Generate Dockerfile https://github.com/docker/communitytools-image2docker-win

TAKING IT FURTHER Practice your skills, build out infrastructure Deploy frequently Automate everything Plan to centralize configuration and logging Scale it out Deploy more containers to meet demand Test and look for issues that would block scalability Learn orchestration platforms & load balancing techniques

STATEFUL APPLICATIONS Persistent Data Move files out of the container Store on host folder or named volume Runtime State Move out of process Distributed caches Key/value storage Message queues SQL 0MDB

STATEFUL APPLICATIONS Benefits Deploy all applications tiers anywhere Build as many test deployments as you need Continuous integration & unit tests Match customer environment Move your container across hypervisors, datacenters, cloud Challenges Doesn t imply scalability Scale up vs Scale Out Scale out requires coordination & synchronization

GREAT FOR VMS Hosting low level network & identity services DHCP, Domain controllers Leveraging hardware or driver access Print, GPU Depending on Active Directory for configuration No object in AD Group Policy Running desktop applications Remote Desktop & VDI

SOME WINDOWS SERVER NEWS Container-optimized Nano Server with.net Core 2.0 Windows Subsystem for Linux (WSL) on Windows Server Linux Containers on Windows Container Hosts Container Storage Container Orchestration

www.houseoftails.org/support-us www.facebook.com/sthouseoftails info@houseoftails.org Dutch bank IBAN: NL87INGB0006669920 HOUSE OF TAILS 70 dogs!!! Safety, food, water, health, blankets, shade, love, fun $15 = 1 month food Donation box near registration area and participate in the raffle for huge rewards!

BREAKING DOWN LARGER APPLICATIONS Identify seams Iterate Prioritize Decompose

BREAKING DOWN LARGER APPLICATIONS Development Makes development teams faster Decoupled development, less coordination Freedom to use the best tools for the job Shorter builds & faster deployment Operations Deploy faster with automation Reliable and deterministic Clear list of running containers Less risk, less downtime Containers deliver consistency through dev, test, and production

OUR JOURNEY TO NANO SERVER DOCKER CI What is it? Part of the Docker Project For Every Code Submission Compiles the change for both Linux and Windows Uses Jenkins to execute tests against Linux and Windows hosts Windows Server Core Image Azure D3 VM (4 cores, 14GB RAM, 200GB SSD) Takes ~31 min and 21 sec to run Nano Image Early prototype (not checked in yet) Azure D2 VM (2 cores, 7GB, 100GB SSD) Takes ~21min and 39 sec to run Benefit of Nano 30% Reduction in Execution Time! 50% Reduction in Cost

NETWORKING & SERVICE DISCOVERY NAT External: Host IP TCP:80 TCP:80 Internal: 172.16.0.0/12 DNS: 172.16.0.1 musicstore_test sql

DEPLOYMENT SIMPLIFICATION Everywhere

ACTIVE DIRECTORY IDENTITY FOR CONTAINERS Ready for Enterprise Applications No infrastructure changes to Active Directory required Leverages Group Managed Service Accounts Enables containerized applications to authenticate with SQL Server, file shares, and more Simple and Secure Identity specified at container start time Credentials are not stored within the container image No changes required to move across environments i.e. dev, test, prod, cloud

ACTIVE DIRECTORY IDENTITY FOR CONTAINERS 1) Use default accounts for services & tasks (LocalSystem, Network Service) Credential Spec Service: IIS User: LocalSystem Domain\MyWebApp1$ DefaultAccount: Domain\MyWebApp1$ 2) Provide default service account to use when starting container 3) Container connects using service account

SECURE DEPLOYMENT AND AUDITING

DEPLOYING IIS & SQL WITH DOCKER-COMPOSE version: '2' services: musicstore_test: build: context:. dockerfile: Dockerfile.iis ports: - "80:80" sql: image: microsoft/mssql-server-2014-express-windows