Windows Virtualization and Containers: What are the Options?
There are several options for running virtualized workloads on the Microsoft Windows operating system. A smart IT strategy will combine virtualization and containers to achieve an optimal mix for tomorrow’s Windows data center.
April 16, 2021
Virtualization lets you run multiple operating systems (OS) or isolated workloads on the same physical machine, known as a host. The term “windows virtualization” can have two meanings:
Using the Microsoft Windows operating system to host virtualized workloads (which may be either Windows or other operating systems).
Running a virtualized version of Windows on a host (a virtualized Windows operating system could run on Windows or on another operating system).
In this post, I'll focus on the first meaning. Microsoft provides several options for hosting virtualized workloads on the Windows operating system:
Hyper-V on Windows Server - Hyper-V is packaged with Windows Server and provides additional virtualization management capabilities, including migration, replication, and virtual networking.
Hyper-V on Windows 10 - virtualization is freely available on Windows 10 operating system (except for the Home edition). The Hyper-V hypervisor lets you run virtualized operating systems, including Windows, Linux, and FreeBSD, on any Windows machine.
Guarded Fabric and Shielded VMs - a mechanism that protects VMs against a compromised virtualization fabric.
Hyper-V virtual switch - a software-based layer-2 Ethernet switch provided as part of Hyper-V Manager.
Windows containers - Windows 10 provides several ways to natively run containerized workloads, based on Docker or other container engines, on the Windows operating system. Strictly speaking, this is not virtualization, but it is another way to manage isolated workloads on top of the Windows operating system.
Hyper-V on Windows
Hyper-V allows you to run virtual machines, known as guest operating systems, on Windows hosts. Virtualized systems can be used and managed like physical Windows hosts.
Hyper-V has several specific hardware requirements:
64-bit processor with Secondary Address Translation (SLAT) - this technology translates virtual to physical addresses, saving processing time when addressing virtual resources.
VM Monitor Mode Extensions
4 GB or more of RAM
BIOS or UEFI settings have virtualization turned on
These are the minimum hardware requirements to run Hyper-V, but you may need to tailor them to the needs of your specific application. Pre-production load testing can simulate the end-user experience and provide an indicator of whether the system needs more CPU or additional RAM to handle the load. If your application requires additional resources, it is always advisable to add a 20% buffer above the resource level you discovered in testing to accommodate bursts.
To use Hyper-V on a regular desktop or laptop computer, you need a Professional or Enterprise edition of Windows 8.1 or Windows 10.
Windows Server offers three versions of Hyper-V - the free version that does not include a Windows Server guest license and the full Windows Server 2019 Hyper-V Server, including operating system installation and Hyper-V role.
Windows Server 2019 comes in two main editions: Standard and Datacenter. Standard can run up to 2 Windows Server VMs at the same time, while Datacenter can run an unlimited number of VMs. The data center version also supports advanced features such as shielded VMs.
Hyper-V on Windows vs. Hyper-V on Windows Server
Some Hyper-V features work differently on Windows and Windows Server. For example, Quick Create, the virtual machine gallery, and the NAT switch default network are only available on Windows 10.
On the other hand, Windows Server Hyper-V offers live VM migration between hosts, Hyper-V Replicas, a virtual fiber channel, single-root I/O virtualization (SR-IOV) networking, and shared virtual hard disk sharing (.vhdx).
Memory management also differs. The server-based version assumes that only VMs are operating on the server, whereas in regular Windows, memory is managed under the assumption that client machines are running additional software on the host besides the virtualized workloads.
Guarded Fabric and Shielded VMs
Guarded Fabric and Shielded VMs improve security for Hyper-V virtualized workloads.
Shielded VMs are supported on Windows Server 2012 and later. They include:
A virtual Trusted Platform Module (TPM), which creates a secure, tamper-resistant cryptographic processor.
Encryption for data at rest with BitLocker
Security measures to ensure a VM runs only on approved healthy hosts within the management fabric
A Guarded Fabric consists of several elements, including a Host Guardian Service (HGS), a number of shielded VMS, and one or more guarded hosts. When a Hyper-V host creates a shielded VM, both the host and the VM are protected by the Guarded Fabric.
Hyper-V Virtual Switch
Hyper-V Virtual Switch is a layer-2 Ethernet network switch, which is software-based. It is available in Hyper-V Manager after you install the Hyper-V server role.
The switch includes extensible and programmatically-managed capabilities that let you connect VMs to virtual and physical networks. It also provides policy enforcement for isolation, service level agreements (SLAs), and security.
Notable features of the Hyper-V Virtual Switch include traffic shaping, tenant isolation, simplified troubleshooting, and protection against malicious VMs. The switch comes with built-in support for Windows Filtering Platform (WFP) callout drivers and Network Device Interface Specification (NDIS) filter drivers.
Windows Container Options
Containers are an increasingly popular deployment option, commonly used alongside virtualization. Thanks to Windows containers, users can package applications and their related dependencies, meanwhile leveraging virtualized operating systems, thereby accessing completely isolated, fast environments—all on a single system.
Running containers directly on Windows
For deploying apps in containers, Microsoft offers a wide range of platforms and tools. Docker Desktop, for example, uses Windows’ built-in Windows Containers functionality to enable developing, testing, and running containers based on either Windows or Linux directly on Windows 10. You can also use Visual Studio’s container support and Visual Studio Code to develop, test, deploy and publish Windows-based containers. These also include support for Kubernetes, Helm, Docker, and Docker Compose, as well as other technologies.
Once ready, you can publish images to DockerHub or a private container repository or even push/pull images directly from Visual Studio and Visual Studio Code.
Managing Windows containers with Kubernetes using Azure
You can deploy containers on-premises at large scale using Azure Stack with OpenShift or Azure Stack with the Azure Kubernetes Service (AKS) Engine. If you are using Windows Server, you can independently set up Kubernetes.
Azure Kubernetes services sets containers up within Azure VMs and can manage them at any scale, using the Azure Kubernetes Service (AKS), Azure Service Fabric, or any other orchestrator. To run on Azure VMs, your image must either be a customized Windows Server image.
Conclusion
In this article, I reviewed several options for running virtualized workloads on the Microsoft Windows operating system. Microsoft provides its battle-tested hypervisor, Hyper-V, and is innovating with new technologies like Windows Containers, allowing you to natively run containers on Windows as well.
Options abound, and a smart IT strategy will combine virtualization and containers to achieve an optimal mix for tomorrow’s Windows data center.
About the Author
You May Also Like