
Docker on Windows Server 2016 Technical Preview 5 - osks
https://blog.docker.com/2016/04/docker-windows-server-tp5/
======
toyg
The only drawback of the current onslaught of Microsoft activity is the fact
that most "enterprise" businesses and software products are completely
unprepared or unwilling to move in step.

As an integrator, I've barely started seeing Win2012 in production last year,
so it will be another 5 years before I can start playing with these new toys.
Hell, some people are still chugging along with 2003sp2... and I'm talking Big
Business, not some godforsaken countryside school.

~~~
CrLf
And one might argue they are taking the sane approach to the upgrade
treadmill. It's easy to forget technology is supposed to solve real problems
and that there's no economic incentive to use new toys to solve already solved
problems, possibly introducing new issues with less well-known solutions.

The fact businesses are extending the life of systems not because they are
unwilling to invest in upgrades but because they work just fine is a sign that
the industry has reached a good level of maturity. It's a good thing. We
should all be working collectively to solve new problems instead of
reiterating over the same problems again and again.

In the old days of NT4 a 4-year old system would accumulate maintenance costs.
Today, Windows 2003 is 13 years old and still pretty serviceable.

I'd be more worried about businesses accumulating unsustainable technical debt
than accumulating old (but stable) technologies.

~~~
illumin8
Windows 2003 is end of support life and you aren't receiving security patches
unless you're paying Microsoft a huge amount of money for extended support.

One might argue that it's insane to run a 13 year old OS that is not getting
security updates any more at your business.

~~~
CrLf
Windows 2003 is EOL because Microsoft wants to push customers to the latest
version. Customers have been pushing back at this for a while now, but
Microsoft (and other vendors) makes more money selling the new shiny than
extending their products' lifecycle.

In an ideal world, operating systems (server and desktop alike) would already
be on a 5-year release cycle with just yearly incremental upgrades in between
(as much as the vendor can manage in a service-pack model).

Is it insane to run systems without any security updates? Even within the
lifecycle of the product many businesses never even patch after the initial
install. I personally know people that live by this: never patch anything
unless presented with proof that it's necessary to do so (I don't completely
agree with this, but money has been lost catering for low-impact security
updates and people tend to learn a few lessons from it).

Security is more about risk management than being free of vulnerabilities. The
issue isn't going by without security updates, is doing so without assessing
the risk.

~~~
brazzledazzle
Correct me if I'm wrong, but hasn't Microsoft introduced a lot of security
features into the versions since 2003?

------
patates
If this starts utilizing the "Ubuntu on Windows"[0], I think, with minor
modifications, most of the images should already work; which is great. I can't
wait to see how containerization (and tools built for orchestration of those)
will evolve in the coming years to help dev/devops.

[0]: [https://insights.ubuntu.com/2016/03/30/ubuntu-on-windows-
the...](https://insights.ubuntu.com/2016/03/30/ubuntu-on-windows-the-ubuntu-
userspace-for-windows-developers/)

~~~
newjersey
Paul Thurrott quoted a Microsoft person that Ubuntu on Windows is a client
side thing. It may be possible to use it on Windows server but I believe that
is not the meta.

I would say it is easier to just spin up an Ubuntu instance than to use Ubuntu
on Windows on the server. What are some use cases that you're thinking of? Am
I missing something?

~~~
tracker1
There are two parts... there's the Linux Subsystem for Windows, which is the
Linux ABI... Ubuntu for Windows is all the Ubuntu userland running via LSW.
It's probable that this Docker system works with LSW as-is.

~~~
newjersey
My question is why run on Windows? Wouldn't it be better for the host to be
GNU/Linux if you don't need any of the functionality that Windows provides?

I fail to see the benefit of using Windows on the server unless you _need_
Windows. Even Microsoft send to acknowledge that. I must be missing something.

~~~
tracker1
They're probably doing it so that docker containers running in Azure
infrastructure can be a bit lighter than it currently is. That's probably the
main reason. Second, if you are already running windows servers, because you
have software/infrastructure that require it, this allows you to also run
Docker images, and Linux software without the overhead of full virtualization
and/or new hardware.

Beyond this, there are a lot of developers running windows either by choice,
or because they have software requirements themselves that can leverage this.

------
pjmlp
If anything I guess Docker has become Go's killer application, even Microsoft
is giving contributions to it as a means to help Docker run better on Windows.

I look forward if it can help OCaml as well, given their acquisition of
Unikernel Systems.

------
terom
What about licensing? Does the docker image manifest include machine-readable
licensing metadata required for automated licence compliance verification?

~~~
dsp1234
The main windows server 2016 page has pretty clear guidance on this[0]:

\---

OSEs/Hyper-V containers

DataCenter: Unlimited

Standard: 2

\----

Windows Server containers

Datacenter: Unlimited

Standard: Unlimited

\---

[0] - [https://www.microsoft.com/en-us/server-
cloud/products/window...](https://www.microsoft.com/en-us/server-
cloud/products/windows-server-2016/)

~~~
terom
What about running Docker containers on desktop/laptop machines during
development? It's a major part of the Docker usecase.

Trying to keep track of Windows licensing compliance across multiple versions
and deployment models is confusing enough as it is. Different sources will
give different answers to the same questions when interpreting licensing
scenarios, and you can never know unless you get audited (?)

~~~
dsp1234
_Different sources will give different answers to the same questions when
interpreting licensing scenarios_

1.) Containers are not available on desktop SKUs. So there is no licensing
consideration for Windows 10. If they later add containers to Windows 10, then
they'll release licensing rules at that time.

2.) If you are running a server OS for your desktop, then the licensing is
pretty clear. Hyper-v VM containers follow the same rules as normal hyper-v
VMs (1 physical + 2 virtual for standard then each additional VM requires a
license, unlimited for datacenter). For Windows Server Containers (which are
not hyper-v based), it's even easier, it's unlimited regardless of edition.

3.) As always, the host OS must be licensed fully in order to have the
appropriate rights (2016 is moving to core licensing, with a minimum of 8 core
licenses per processor, and a minimum of 2 processors).

All in all, it's one of the easier features to understand the licensing for
since it doesn't directly deal with CALs or internal/external usage rights.

~~~
riskable
Contrast that with the license considerations running Docker on Ubuntu:

1.) Containers are available on both desktops and servers because they're
fundamentally the same OS (but with different sets of packages installed by
default).

2.) As always, the server and desktop versions of Ubuntu available for
unlimited use with _zero licensing costs_. Completely free.

I'd also like to add that the "base" Windows Server container image is 9.3
gigabytes while the base Ubuntu container image is 120 _megabytes_. Put it all
together and you wind up with vastly greater costs to run Docker containers on
Windows.

Having said that, if your application only runs on Windows then putting inside
a container might not be a bad idea.

~~~
dsp1234
1.) and 2.), ok. As pointed out, Windows Server containers don't have any
additional licensing costs above and beyond the base host OS license.
Presumably, if you already paid that cost, then you feel that it's reasonable
to do so.

As for the size, I have the feeling that people that are going to run windows
containers as a herd are going to opt for the nano image which is 793.3 MB.
Still about 6.5 times larger than the ubuntu container image you mention, but
11.5 times smaller than the servercore container image. Particularly since the
nano image is focused towards individual roles (IIS, dns, etc) which work well
with the 1 task per container philosophy.

All in all, I'm not sure what the value is in comparing the two solutions
(that isn't already covered in the Linux vs Windows threads). You can't run
Linux containers on Windows, and you can't run Windows containers on Linux
(without running an actual virtualized workload). So it seems pretty clear
that you choose Windows if you have Windows servers to containerize, and Linux
if you have Linux servers to containerize.

------
moogly
Any word on this trickling down to Windows 10 too? It'd be unfortunate if you
had to run VM-based docker on regular development machines IMO. Probably
better to just run Windows Server on those machines in that case.

~~~
SteveLas
See above for Windows Container support (Nano Server) in the current insiders
program. However, also note, this is very early, and the experience is a
little rough as we stitch together all the moving parts that are coming
together for what we believe will be a great local development experience of
containerized apps, targeting Linux and Windows workloads.

------
antoncohen
One of the claimed benefits of Docker is that developers build and test the
same images that are run in production. It seems like multi-platform support
negates that.

Multi-platform seems like a good direction to go in, so it might be a
worthwhile tradeoff.

~~~
SteveLas
The target of Multi-Platform support is to allow workloads to target different
platforms, but not as a single container can run on both. Consider the
scenario: Web Front End built with Node.js, targeting Linux ASP.NET Web API,
built with NET Core, targeting Nano Server (Windows) Redis Cache, used for the
WebAPI, run as a Linux Container. When you spin up these containers, you
should be able to say docker-compose up, and docker, Mesos, ... know how to
route the containers to the appropriate hosts. Steve

