Beginner’s Guide for Microsoft Hyper-V: What are Hyper-V Containers

Read on:

Most businesses today are looking at running containerized workloads. Containers allow organizations to transition to a more modern microservices approach to running applications, allowing DevOps processes and more agile development. As businesses transition from the more traditional approach of running virtual machines to looking at running containers, it requires different tooling and infrastructure requirements. What about running containers on Hyper-V? Is it possible? Let’s look at Hyper-V containers for beginners and see how you can transition to running containers with Hyper-V.

Protect Your Data with BDRSuite

Cost-Effective Backup Solution for VMs, Servers, Endpoints, Cloud VMs & SaaS applications. Supports On-Premise, Remote, Hybrid and Cloud Backup, including Disaster Recovery, Ransomware Defense & more!

Learn More

What are containers?

Before we look at the technologies specific to Microsoft Hyper-V and containerized workloads, what are containers in general? Containers are much smaller constructs than virtual machines that bundle all the requirements and prerequisites needed for running specific applications instead of a full operating system.

Containers require what’s known as a container runtime. The most popular container runtime used in production environments today is Docker. It allows developers and DevOps engineers to build, share, and run containers in a portable, efficient, and scalable way. Moreover, you can run Docker containers in Windows as well as Linux.

The tiny size of containers makes them much better suited for microservice architectures since they are lightweight, easy to deploy, and already contain the application requirements as part of the container. On the other hand, traditional virtual machines are generally much larger and contain a virtual instance of an entire operating system.

Containers are much smaller because they generally share the container host’s operating system kernel. For example, if the container host is Windows, the container shares the Windows kernel; if it is Linux, the container is built on top of Linux.

Containers still need virtual machines

There is an aspect of containers that presents a notable limitation. If the container host is Windows, you would be unable to run a Linux container on a Windows host and vice versa. However, this is where virtual machines still play a key role in the world of containers and most likely will continue to do so for the foreseeable future.
Virtual machines provide the OS kernel allowing you to run Linux or Windows containers on either platform. Instead of sharing the kernel of the physical host, the containers share the kernel of the host virtual machine.

Containers in the world of Hyper-V

There is no native way in Hyper-V to run containers. For example, when you look in Hyper-V Manager, you will not see the option to create a new container to run on your Hyper-V host. However, Hyper-V hosts can use the functionality of Docker to run containers on Hyper-V hosts.

As mentioned earlier, you can run Docker on Windows Server, the preferred way to host production containers on the Windows platform. To host Docker on Windows Server, install the Containers Feature on the Windows Server and then install Docker.

Image: Installing the Containers feature in Windows Server

After installing the Containers feature, you will reboot. Then, to install Docker, run the following commands on your Windows Server:

Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
Install-Package -Name docker -ProviderName DockerMsftProvider

After this, you can pull a Windows Server 2022 Docker image, like so:

docker pull mcr.microsoft.com/windows/servercore:ltsc2022

Hyper-V isolation

Running Windows containers in the traditional sense offers what is referred to as process isolation. However, Microsoft also has another container isolation mode relevant to Hyper-V, called Hyper-V isolation.

The containers running in both modes function in the exact same way, meaning they are created and managed identically. They also use the same container images. So, you don’t pull down different images for Hyper-V isolation.

Let’s consider the difference between the two modes. Process isolation is the traditional mode for isolating containers from the host and other containers. In this mode, the containers share the same kernel with the container host and each other. Linux containers run in much the same way.

What about Hyper-V isolation? What is it exactly, and why do you use it? Compared to process isolation, the difference with Hyper-V isolation is that each container runs inside a highly optimized virtual machine that gives the container its unique kernel, completely isolated and sharing nothing with the other containers running on the container host.

Using a virtual machine to host the containers provides hardware-level isolation between each container running on the host and the host itself. As you may already guess, the Hyper-V isolation mode offers an additional security layer and enhanced compatibility between the container host and the versions of containers running on the host.

Overview of Hyper-V container isolation architecture

The command to run a Docker container using the Hyper-V isolation mode is the following. Note the isolation parameter:

docker run -it –isolation=hyperv mcr.microsoft.com/windows/servercore:ltsc2022 cmd

Interestingly, Microsoft has defaulted Windows containers on the Windows Server platform to process isolation. Conversely, Windows containers running on Windows 10 & 11 Pro and Enterprise default to running with Hyper-V isolation.

Considerations for running Hyper-V isolation

There are some considerations to make with Hyper-V isolation. While the VMs used in Hyper-V isolation are highly optimized, they add a bit of overhead to running your containers instead of using process isolation. With process isolation, the container runs in the traditional sense with no additional boundary between it and other containers.

There is also mention from Microsoft about memory limitations with Hyper-V isolation as opposed to process isolation. While process isolation is unlimited or only limited by the host’s physical memory, Hyper-V isolation is limited by the memory provisioned in the Hyper-V isolation VM.

Wrapping Up

Combining the functionality of Microsoft Hyper-V with Docker provides an extremely secure way to provision and utilize containers running on Windows’s hosts with an added security layer. Using Hyper-V isolation allows wrapping a Docker container in a special-purpose Hyper-V VM, providing the container with a unique and isolated kernel from other containers and the container host.

Organizations can leverage the Hyper-V resources they already have in production in conjunction with Docker to provision extremely secure containers for running business-critical workloads. While there is an additional overhead to running Hyper-V isolation, the security benefits it brings to modern workloads are well worth the additional requirements needed.

Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.

Rate this post

Beginner’s Guide for Microsoft Hyper-V: What are Hyper-V Containers – Part 19

Read on:

What are containers?

Containers still need virtual machines

Containers in the world of Hyper-V

Hyper-V isolation

Considerations for running Hyper-V isolation

Wrapping Up

About the Author: Brandon Lee

Beginner’s Guide for Microsoft Hyper-V: What are Hyper-V Containers – Part 19

Read on:

What are containers?

Containers still need virtual machines

Containers in the world of Hyper-V

Hyper-V isolation

Considerations for running Hyper-V isolation

Wrapping Up

Share This Story, Choose Your Platform!

About the Author: Brandon Lee

Subscribe for Blog Updates