Microsoft, Docker bid to bring Linux-y containers to Windows: What YOU need to know Containers are all the rage with Linux sysadmins these days, and now Microsoft and Docker say they're going to bring that same virtualization-beating goodness to Windows. But just what will that look like and how will it work? First things first. One thing Microsoft's new partnership with Docker won't let you do is take any of …
Seems not the same thing at all?
Docker ---> Local App Management & Isolation , but lighter than VMs
App-V ---> Terminal-based application access (at least that's what I can wring out of the marketdroid talk cunningly buried by the hynpotizing eyes of stockphoto guy.)
Damn! That is a scary looking dude! The eyes!
I hope I can explain better with less maketdroid. In our implementation, App-V is not terminal based. It has a couple of back-end servers that manage and serve the packaged applications either as persistent or streamed applications. These run on the client PC but are effectively stand alone as they hold their own copy of the relevant registry keys and dependent applications etc. We use our existing SCCM infrastructure to provide application streaming/download points so remote sites aren't WAN dependent. It's of most benefit to us when we have multiple apps which are dependent on different versions of a service that cannot co-exist on differing versions. e.g. App1 needs Java 1.6 and App2 needs Java 1.7. This is all centrally managed through AD groups.
Is the functionality similar in Docker, even if the management of the apps is different? Interested to hear what it offers and how it's managed.
"App-V ---> Terminal-based application access (at least that's what I can wring out of the marketdroid talk cunningly buried by the hynpotizing eyes of stockphoto guy.)"
No - App-V is application virtualisation containers. It can run your applications and dependencies independently of other software running under that OS instance - so for instance you can run multiple versions of applications at the same time that would otherwise conflict. And it has very clever streaming technology that can install just the parts of a containerised application that are needed, when you need them whilst the rest of the application continues to download in the background - giving near instant 'install on demand' of virtualised application containers across even a slow network. It is often used as part of VDI, but can also be used as a software packaging and deployment method to standard desktops and servers.
Containers are like VMs, except they are more light weight and so take less memory and start up very fast.
Let's put it this way. Linux (or Solaris) is already designed to run multiple programs at once, so why do we need VMs or containers? It's because there are still shared resources which can cause one app to interfere with another. VMs deal with this by simulating an entire computer, while containers deal with it by providing what appear to be separate copies of just those things which can cause problems. As a trivial example, a container will provide an app with a view of the file system that looks like it has the file system all to itself. What makes this different from a traditional "chroot" is that this sort of thing is duplicated for everything. However unlike a VM, you are not duplicating the entire OS, just changing the OS services.
With VMs you can run different operating systems versions or even completely different operating systems altogether. With containers there is only one OS present. This means that despite the advantages of containers, traditional VMs aren't going to go away completely. The two complement each other rather than being direct replacements.
Unix type operating systems have had container-like features forever. However, containers are not an all or nothing type of thing. They're a matter of degree and the details matter. What makes Linux containers (and Solaris zones) different is all the work they put into tracking down all the details where one process can "see" the presence of another. It involves design changes deep in the innards of the OS kernel so it's not an add-on package.
Docker is not providing containers. Containers are part of the OS itself. What it is doing is providing what I would call a "cloud-lite" layer on top of containers for deploying and managing server applications. I'm calling it "cloud-lite" because proper Docker apps are written like cloud services, but you can run them on your own hardware (although you can run them on a public cloud if you wanted to). If "cloud-lite" doesn't really explain it for you, I'll simply say that the app format is restricted in what it can do so that it can be started up, shut down, and moved around easily.
Windows no doubt has a few container-like features already. However, if they had a full-blown container system they would say so and people would be using it. Keep in mind that containers are not an all or nothing affair. The big question when the next server version comes out is going to be what the limitations of their containerization will be.
Microsoft App-V is something else altogether. It's a means of streaming applications to clients rather than installing them directly. There is a certain amount of redirection involved in this, but it's really a different thing intended for a different and very specialized market. Ignore the AC marketroids.
Docker sits on top of the underlying OS container system. It's the OS kernel which must provide the actual container capabilities for Docker to use. It sounds like what Microsoft is mainly interested in is using the Docker management tools because they don't have anything comparable.
However, containers aren't a single "thing". I've been following the progress of containerization in Linux, and there are a lot of pieces involved which were implemented gradually over the years. Each addition meant that more container capabilities became available. There are still new capabilities going in even today.
I'm getting the impression from the vagueness of Microsoft's hand waving that their container system isn't all that mature yet. That is, I suspect that if your application starts poking around in the innards of Windows it will find that it's not as completely isolated from other applications as users might have hoped. As a result, you may be limited in what you can do with it on Windows without running into problems.
It is quite likely that Microsoft suddenly realized that containers are now the hot new thing and that they've missed the boat yet again. They were so busy patting themselves on the back on how well Hyper-V was doing that they didn't see that hyper-visors were becoming passe in many applications. They now need to throw something vaguely container shaped out there in order to make it look like they're still in the game when it comes to servers. I won't be surprised though if this first release of their own container system isn't all that useful. It may be several release cycles before it's really all "there".
One problem that isn't about to go away on its own is that Windows 10 doesn't have it. Development is going to be real fun if you can't do any development and testing without either running Windows Server in a VM, or else connected to a remote machine.
If you're using Ubuntu 14.04, then Docker is in the Software Centre and you can install it with a couple of mouse clicks. If you want to try it out or become familiar with it, the best way right now is probably to install Linux.
"It sounds like what Microsoft is mainly interested in is using the Docker management tools because they don't have anything comparable."
App-V + SCCM already significantly exceed the capabilities of Docker as far as I can see - and App-V is a far more mature technology that has been around a lot longer.. Microsoft are probably just adding Docker as another option as it won't cost them much if anything.
...but a Linux version, of which MS has now also got a Windows version?
If so, then everything is really cool until you realise you do want some apps to be able to talk to other apps. So you put in rules allowing certain bubbles to talk to other bubbles. Before you know it you have Microsoft asking if they can take a copy of your config because they've never seen one as complicated - yet working - before.
Lazy downvoting because I mentioned Microsoft without the obligotory "sucks" after it?
AppV can run local, or stream sandboxed applications which from reading this article sounds just like what Docker does. Perhaps the article needs a bit more beefing up with detail for those of us who haven't embraced *nix yet? Rather than downvoting me, how about you post a comment explaining the difference and benefit(s), and then we can all upvote you?
In a begrudging way, you have to admire this attempt. MS typically engages in catch-ups like this by adding yet more layers to their products, and sometimes somehow gets them to work after a fashion. This contrasts with Linux's ability to strip down for purposes such as running containers, which really is a far easier achievement. I know which I'd prefer if I could think of a use case for containers, which I suspect is more limited than the hype would suggest, but from a application vendor's point of view, I suppose it sounds attractive.
It's fun to sit and watch two camps arguing over Windows copying Linux and noting how oblivious/blinkered the Linux camp are to the fact that containers are a Sun invention and have been around for years. So exactly who is copying who?
Just accept that it makes sense to build other peoples good ideas into your own products.
Well, one of the WinNT features from the early days is the POSIX and OS2 subsystems (the latter being removed finally). The mechanism is already there. MS could add a full on Linux subsystem to run existing Dockers. That might save Windows Server as an OS in the cloud era.
Disclaimer - I'm really not a fan of the above as I think its sub-optimal, just mentioning it is possible.
"Well, one of the WinNT features from the early days is the POSIX and OS2 subsystems (the latter being removed finally). The mechanism is already there. MS could add a full on Linux subsystem to run existing Dockers."
1) The POSIX support wasn't actually POSIX compliant.
2) Containers are totally different in their scope, design and application.
> Or at least PCs not infected with SecureBoot
fuck me, not this FUD again. SecureBoot is a UEFI feature, not an MS technology. In order to get Windows certification, you must be able to switch it off.
The only MS-based devices where you cannot switch it off are SurfaceRT tablets and big fucking deal, you can't install linux on an iPad either.
Stop it. Just stop it. It's gone beyond stupid and way into the realm of deliberate lies now.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
