• What are Containers?

Containers are an isolated, resource controlled, and portable runtime environment which runs on a host machine or virtual machine. An application or process which runs in a container is packaged with all the required dependencies and configuration files; It's given the illusion that there are no other processes running outside of its container. https://docs.microsoft.com/en-us/virtualization/windowscontainers/about/index#what-are-containers Containers: Docker, Windows and Trends by Mark Russinovich CTO, Microsoft Azure https://azure.microsoft.com/en-us/blog/containers-docker-windows-and-trends/

Usage examples: JDox- To quickly delpoy demo enviroment. Application Developers * Siemens To increase Dev speed Ziess Next Games AR app

Any OS, Any App, Any Language, Anywhere

• What is Container orchestration?
  • Manage and maintain at large scale.
  • Azure offers two container orchestrators: Azure Container Service (AKS) and Service Fabric.
  • Azure container registry *Azure Container Instances (ACI) *CPU and memory pay per second *offers elastic bursting

Windows Containers:

https://docs.microsoft.com/en-us/virtualization/windowscontainers/quick-start/quick-start-windows-server Windows Server Containers- Operate in user mode and share everything with the host computer, including the operating system kernel and the system memory. Hyper-V Containers- Provide an additional level of isolation by using the hypervisor to create a separate copy of the operating system kernel for each container. hostile multi-tenent applications, can decide to revert or swap to server container at runtime. Stripped down VM with stripped down Windows.

Docker: What is Docker?

• Docker is the vessel by which container images are packaged and delivered. https://www.docker.com/resources/what-container Dockerd.exe- The Docker engine, also referred to as a service or daemon, which runs in the background on the Windows computer. Docker.exe- The Docker client, a command shell that you use to create and manage containers. Dockerfiles-Script files containing instructions for thr creation of container images. Docker Hub- A cloud-based registry that enables Docker users to link to image and code repositories, as well as build and store their own images.
  • SaaS offering (repository) over 80,000 available containers Docker Cloud- A cloud based service you can use to deploy your containerized applications.

• The Windows container feature is only available on Windows Server 2016 (Core and with Desktop Experience), Windows 10 Professional and Enterprise (Anniversary Edition) and later.

• The Hyper-V role must be installed before running Hyper-V Containers Windows Server Container hosts must have Windows installed to c:. This restriction does not apply if only Hyper-V Containers will be deployed. #If container host is a VM, you first must configure the following: Set-VMprocessor -VMName SVR02 -ExposeVirtualizationExtensions

• Provide 4 GB min of RAM #Disable Dynamic Memory Set-VMMemory -VmName SVR02 -StartupBytes 4GB ` -DynamicMemoryEnabled $false

• Assign 2 Virtual Processors Set-VMProcessor -VMName SVR02 -Count 2

• Enable MAC Address spoofing Set-VMNetworkAdapter -VMName SVR02 -name "Ethernet2" -MacAddressSpoofing

• If container host is a Nano Server, use the -containers paramater: new-nanoserverimage -deploymenttype guest -edition datacenter -mediapath D:\ -targetpath C:\Nano\nano1.vhdx -computername nano1 -domainname contoso -compute -containers

• note: The Following steps will enable the Container Feature. #Install the DockerMsftProvider module: Install-module -Name dockermsftprovider -Repository psgallery -Force

• Download and Install Docker: Install-package -Name docker -providername dockermsftprovider -verbose

• Restart the computer: restart-computer -force

• Launch administrative CMD Docker --help

• Verify system is up to date with sconfig

Getting Started with Windows Containers Pt 3 https://docs.docker.com/engine/reference/run/#foreground https://hub.docker.com https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/system-requirements docker run -it microsoft/windowsservercore cmd #If tag is not specified latest will be applied docker tag imagename:tag #Exit will stop this container because it was launched in interactive mode. #Ctrl+PQ will let me disconnect from the container altho it is still running. Crtl + PQ #to view running containers docker ps or docker container ls docker stop docker ps docker ps -a to view all containers docker start docker ps

#To name a container docker run -it --name svr01 microsoft/nanoserver cmd docker ps docker stop svr01 docker rm svr01 (-F) will force to remove if container is running /docker container rm svr01 docker ps docker ps -a

docker run -d microsoft/nanoserver ping -t 8.8.8.8

docker exec -it cmd hostname exit docker ps #Inspect will provide. jason info about container docker inspect #Let's compare Server containers to Hyper-v containers docker run -d --name svr01 microsoft/nanoserver ping -t 8.8.8.8 docker run -d --name svr02 microsoft/nanoserver ping -t 8.8.8.8 #On Container host run Get- Process ping #To create a Hyper-V container use docker run -d --name svr03 --isolation=hyperv microsoft/nanoserver ping -t 8.8.8.8 #On Container host run Get- Process ping

#If tag is not specified latest will be applied docker tag imagename:tag

Create custom image (manual) docker run -it microsoft/nanoserver powershell #In PowerShell New-Item -ItemType file -Name demo.txt -Value "Zach wuz here" #Hit Ctrl + PQ docker ps docker stop docker commit <image_name>: docker history <image_name>:

#If tag is not specified latest will be applied docker tag imagename:tag

Create custom image (manual) docker run -it microsoft/nanoserver powershell #In PowerShell New-Item -ItemType file -Name demo.txt -Value "Zach wuz here" #Hit Ctrl + PQ docker ps docker stop docker commit <image_name>: docker history <image_name>:

Configure Docker start-up options https://docs.docker.com/edge/engine/reference/commandline/dockerd/#daemon-configuration-file The .json file does not exist by default but one can be created and saved. The default location of the configuration file on Windows is %programdata%\docker\config\daemon.json. The --config-file flag can be used to specify a non-default location

Create new container images using Dockerfile A Docker image consists of read-only layers each of which represents a Dockerfile instruction. The layers are stacked and each one is a delta of the changes from the previous layer.

Benefits:

• Storing container images as code.
• Rapid and precise recreation of container images for maintenance and upgrade purposes.
• Continuous integration between container images and the development cycle.
• Dockerfile -- a text file containing the instructions needed to create a new container image. These instructions include identification of an existing image to be used as a base, commands to be run during the image creation process, and a command that will run when new instances of the container image are deployed.
• Docker build - the Docker engine command that consumes a Dockerfile, and triggers the image creation process. The build is run by the Docker daemon, not by the CLI. Warning: Do not use your root directory, /, as the PATH as it causes the build to transfer the entire contents of your hard drive to the Docker daemon. Launch administrative PowerShell on th econtiner host and create a directory such as web, I'll put mine ont the root of C.

https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-docker/manage-windows-dockerfile#escape-character

mkdir py
cd py
New-Item -ItemType file -Name Dockerfile
Open Dockerfile with notepad
* customize your Dockerfile
* Save docker file
* run docker build from directory where Dockerfile is stored.
# Show Docker build --help
#look at the tag -t switch
docker build -t sample .

**manage Resource Control**
docker run --help
#Note cpu and memory ucl
docker run -it --memory 1g --cpu percent 30 microsoft/nanoserver

Resource links:
Dockerfile on Windows
https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-docker/manage-windows-dockerfile
Automating Builds and Saving Images
https://docs.microsoft.com/en-us/virtualization/windowscontainers/quick-start/quick-start-images
Dockerfile reference
https://docs.docker.com/engine/reference/builder/
Best practices for writing Dockerfiles
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/

\

docker run -it -v C:\hostfolder:C:\containerfolder microsoft/nanoserver powershell
ls
ls .\containerfolder\
cd .\containerfolder\
New-Item -ItemType file -Name test3.txt -value "Cherokee was here"
ls
#Verify third file on container host
#Exit container with
exit
cls
docker ps
docker ps -a
docker rm <container name or id>
docker ps -a
ls C:\hostfolder\
#Create a Data Volume
Create folder named watersamples
docker run -it -v C:\watersamples:c:\containerfolder microsoft/nanoserver powershell
ls
New-Item -ItemType file -Name 10-23-18 -Value "water report info"
Ctrl+ PQ
#Rerun previous command with up arrow
docker run -it -v C:\watersamples:c:\containerfolder microsoft/nanoserver
ls
ls .\containerfolder\
docker volume ls
docker volume --help
docker ps 
docker ps -q
docker rm -f $(docker ps -q)
cls
docker volume rm watersamples
docker volume ls

nat -- containers attached to a network created with the 'nat' driver will be connected to an internal Hyper-V switch and receive an IP address from the user-specified (--subnet) IP prefix. Port forwarding / mapping from the container host to container endpoints is supported. Multiple NAT networks are supported if you have the Windows 10 Creators Update installed! transparent -- containers attached to a network created with the 'transparent' driver will be directly connected to the physical network through an external Hyper-V switch. IPs from the physical network can be assigned statically (requires user-specified --subnet option) or dynamically using an external DHCP server. Note: Due to the below requirement, connecting your container hosts over a transparent network is not supported on Azure VMs. Requires: When this mode is used in a virtualization scenario (container host is a VM) MAC address spoofing is required. overlay - when the docker engine is running in swarm mode, containers attached to an overlay network can communicate with other containers attached to the same network across multiple container hosts. Each overlay network that is created on a Swarm cluster is created with its own IP subnet, defined by a private IP prefix. The overlay network driver uses VXLAN encapsulation. Can be used with Kubernetes when using suitable network control planes (Flannel or OVN). Requires: Make sure your environment satisfies these required prerequisites for creating overlay networks. Requires: Requires Windows Server 2016 with KB4015217, Windows 10 Creators Update, or a later release. l2bridge - containers attached to a network created with the 'l2bridge' driver will be in the same IP subnet as the container host, and connected to the physical network through an external Hyper-V switch. The IP addresses must be assigned statically from the same prefix as the container host. All container endpoints on the host will have the same MAC address as the host due to Layer-2 address translation (MAC re-write) operation on ingress and egress. Requires: When this mode is used in a virtualization scenario (container host is a VM) MAC address spoofing is required. Requires: Requires Windows Server 2016, Windows 10 Creators Update, or a later release. l2tunnel - Similar to l2bridge, however this driver should only be used in a Microsoft Cloud Stack. Packets coming from a container are sent to the virtualization host where SDN policy is applied. https://docs.docker.com/config/containers/container-networking/ help New-ContainerNetwork

docker network create -d transparent NET02 Get-ContainerNetwork docker network ls docker run -it --network=NET01 microsoft/nanoserver

• Asynchronous manual replication

** Prerequisites** * Hyper-V installed on both Servers * Both servers behind the same firewall * Servers do not have to be part of a cluster * Servers are joined to the same Active Directory Domain Services (AD DS) * Servers use Kerberos based authentication, unencrypted communication.

• Advanced options available:
  • Configure firewall settings if on different networks
  • Traffic encryption is possible with certificate implementation
  • Clusters can be used if Hyper-V Replica Broker role and client access point name are configured
  • Extended Replication if additional replicas are desired

Implement Hyper-V Replica

• Configure Destination Server firewall rules for inbound traffic on destination server Enable-NetFirewallRule -displayname "hyper-v replica http listener (tcp-in)" Enable-NetFirewallRule -displayname "hyper-v replica https listener (tcp-in)"

• On Destination server, rt click VM and select "Enable Replication" Set-VMReplication -replication enabled $true -allowedauthenticationtype kerberos -replicationallowedfromanyserver $true -defaultstorageloaction d:\replicas

• Enable Replication on source Server by rt clicking on the server in Hyper-V manager.

Implement Live Migration, including Shared Nothing Live Migration https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/deploy/set-up-hosts-for-live-migration-without-failover-clustering Live migration migrates memory and system state information whereas Hyper-V Replica uses .vhd (x) files. PowerShell

Enable-VMMigration
Set-VMMigrationnetwork xxx.xxx.xxx.xxx
Set-VMHost -VirtualMachineMigrationAuthenticationType Kerberos
Set-VMHost -VirtualMachineMigrationPerformanceOptionSMBtransport

** Hyper-V Manager**

• In the Action pane, click Hyper-V Settings >>Live Migrations.
• In the Live Migrations pane, check Enable incoming and outgoing live migrations.
• Under Simultaneous live migrations, specify a different number if you don't want to use the default of 2.
• Under Incoming live migrations, if you want to use specific network connections to accept live migration traffic, click Add to type the IP address information. Otherwise, click Use any available network for live migration. Click OK.
• To choose Kerberos and performance options, expand Live Migrations and then select Advanced Features.
• If you have configured constrained delegation, under Authentication protocol, select Kerberos.
• Under Performance options, review the details and choose a different option if it's appropriate for your environment.
• Click OK.
• Select the other server in Hyper-V Manager and repeat the steps. Initiate Failover Move-VM LMTest TestServer02 -IncludeStorage -DestinationStoragePath D:\LMTest

Configure CredSSP or Kerberos authentication protocol https://blogs.technet.microsoft.com/virtualization/2017/02/01/live-migration-via-constrained-delegation-with-kerberos-in-windows-server-2016/ Credentail Security Support Provider (CredSSP) Must be logged on to destination server for successful migration For Kerberos Constrained Delegation must be configured:

• Launch users and computers on domain controller.
• Rt click on both systems > properties > delegation > trust this computer >specify computer
  • Select cifs and Microsoft Virtual System Migration Service