Microsoft is casting a wider net and targeting security concerns with its latest container push.
Microsoft, which already said it will make Docker available in the next version of Windows Server, is adding Hyper-V Containers to its stable of offerings around the emerging container technology. The focus on the isolation capabilities of the hypervisor are coupled with the new Nano Server, a lightweight version of Windows Server built for cloud and containers.
Despite Docker's popularity, there are lingering questions about container orchestration and multi-tenancy. And while some see Docker as an alternative to virtualization, Microsoft is offering Hyper-V Containers as an added means to isolate code running in individual containers with the hypervisor and to eliminate any impacts to the host OS.
Previews of the container services will be available later this year and incorporated into the general availability of Windows Server, though Microsoft hasn't said when that will be.
The partnership is a positive one for Microsoft because it opens Windows in more ways to developers who like what Docker containers can do, said Guy Baroan, owner of Baroan Technologies, an IT consulting company in Elmwood Park, N.J., whose customers use Azure and other cloud platforms.
"It's great," Baroan said. "They're contending with people that hate Microsoft in the Linux world and they're trying to do everything they can to be relevant in the Linux space."
It's smart of Microsoft to appeal to several different market segments, with Azure uses likely aimed at startups and open-source-centric IT shops, Windows Server Containers aimed at native cloud apps built on Azure, and Hyper-V Containers targeted at IT shops that are already invested in the hypervisor but want to incorporate container technology, said Jeffrey Hammond, vice president and principal analyst at Forrester Research, Inc., based in Cambridge, Mass.
Al Gillenprogram vice president, IDC
"This is a great example of Microsoft placing multiple bets and seeing where things go," Hammond said. "It's a broad spectrum as opposed to the traditional Microsoft plan of 'this is how we're going to do things and you should do them our way.'"
Nano Server follows an emerging trend, from Red Hat Atomic Host to CoreOS, of small-footprint OSes better suited to containers and platform as a service with more security and better management capabilities, said Al Gillen, a program vice president at IDC in Framingham, Mass.
"We haven't had a thin Windows like this before, so it's fair to say from a Windows perspective this really breaks some new ground," Gillen said.
By including the hypervisor there isn't a need for a shared kernel, which takes away some of the scalability but greatly improves security, Gillen said.
"For a lot of customers this is going to be a more than suitable tradeoff," Gillen said.
In some ways it gives more credence to the VMware approach of containers plus virtual machines as an answer to lingering security concerns around the shared Linux kernel with Docker containers, Gillen said.
While Microsoft's move around isolation is similar to how VMware approaches containers, Microsoft provides an easier migration path for its customer base, Hammond said.
Support for Docker containers took off last year, but more recently a number of vendors have made their own pitches intent on owning the container stack, including Joyent, Red Hat and most recently CoreOS, which partnered with the Google-led Kubernetes.
Hammond cautioned against those approaches because the point of containers is to keep what goes inside consistent, so having to choose between a Docker container and an alternative can be problematic. It makes more sense to do what Microsoft, Amazon and others are doing by competing more on the management layer, he said.
And while the ecosystem around Linux containers is still evolving, Microsoft's relationship with Docker puts it in as good a position as any to capitalize on the emerging market and prove their approach makes practical sense, Baroan said.
"Marketing is one thing, but showing what you actually have and how feasible it is is another," Baroan said. "The good news is they've been working with Docker since last year, so that makes them more suited to have a real solution that would work very well."
Windows Server 2016 firms up Docker container integration