Windows Containers Compared: WinDocks vs Microsoft

WinDocks is an independent port of Docker’s open source to Windows. As a group of former Microsoft engineers we work to enhance the work of software developers, and released the industry’s first port of Docker’s open source for Windows in March of 2016. We’ve since fostered a technical community based on a free Community Edition.

Now that Microsoft has released Windows Server 2016 with container support, many have asked for a detailed review of the differences between WinDocks and Microsoft’s implementation. The following observations are based on a public presentation by Microsoft to a group of SQL Server professionals, and through testing Microsoft’s containers on Windows Server 2016.

Containers for Development and Test:

Windows containers deliver similar benefits as on Linux, so we expect Windows containers to become preferred infrastructure for support of Development, Test, and QA. In the near future containers should lead to growth in Continuous Integration, Continuous Delivery, and DevOps.

WinDocks containers provide speed and efficiency, with each developer using isolated container environments on a shared VM, each instantiated in seconds. The average development team that used up to 20 VMs can use a single VM with containers. A 20:1 reduction in Microsoft Server licenses yields an immediate, significant ROI for WinDocks users (but perhaps not for users of Microsoft containers).

WinDocks vs Microsoft

Built-in: Microsoft’s container support is included in Windows Server 2016, and is an add-on for Windows 10 Professional and Enterprise editions. Both provide customers with a single vendor to contact for support. While container support comes without added cost, they won’t necessarily be free in practical terms (read on for sources of cost).

WinDocks Windows support: WinDocks adds container support to all editions of Windows 8, Windows 10, Windows Server 2012, and Windows Server 2016, providing easy access to developers. Industry surveys indicate that customers plan gradual migration to Windows Server 2016. These surveys indicate that Windows Server 2012 will continue to expand share-of-usage through 2020, with Windows Server 2016 growing gradually during the same period.

SQL Server support: WinDocks was founded to address developer needs for efficient SQL Server environments. Over 80% of organizations test SQLServer only twice monthly. WinDocks released with support for all editions of SQL Server 2008 onward, with automated workflow for SQL Server containers and images. WinDocks utilizes Microsoft’s proven shared DLL architecture, enabling current SQL Server licenses to be used in containers without changes in tooling or process.

Windows Server 2016 was released without effective SQL Server support. Three months following release SQL Server image support is still limited to SQL Server 2014 Express and SQL Server 2016 Express. Other outstanding issues include lack of support for Windows Authentication for SQL Server Management Studio (currently limited to SQL sa authentication), and lack of IP loopback support. In short, Microsoft’s support for SQL Server can only be described as incomplete.

The larger issue that hasn’t been discussed is Microsoft’s undisclosed plans for new SQL Server license terms for future SQL Server container images. The new licensing has not been revealed, but given the reduction in VMs achieved with containers it’s unlikely to be “free.”

Application containers vs Microsoft bloatware: WinDocks containers provide user and process isolation, with a process that “guards” containers and enforces resource limits. The design provides security similar to Microsoft’s Server core containers, for trusted workloads within an enterprise. The design is not intended for untrusted multi-tenant use, which explains why Microsoft offers Hyper-V container support.

WinDocks application containers are significantly lighter-weight than Microsoft’s. Microsoft’s containers are burdened with significant Windows files, with base images that average >9 GB, compared to WinDocks average of 100 MB. Microsoft containers require 20 more additional processes, and 80 MB more RAM than WinDocks containers. A WinDocks .NET with IIS container uses 5 MB of RAM (a 16x differential), so the implications for system sizing are significant. If the average development team runs a mix of SQL Server and .NET, a Microsoft container host will need 2-4X more CPU and RAM than a WinDocks server!

Microsoft’s design also leads to added image maintenance, as Windows updates force images to be rebuilt (each image includes a substantial Windows footprint). The WinDocks design, in contrast, allows the host to be updated independently of the container image.

Image support: in addition to supporting all editions of SQL Server 2008 onward, WinDocks also supports Java with Tomcat and Jetty, Nginx, and Node.js. As we’ve already pointed out, Microsoft lacks image support for most SQL Server releases and editions, and Java with Tomcat.

Legacy application support: one advantage of Microsoft’s design is the ability to support Windows applications that require registry support. WinDocks support for SQL Server images involved significant engineering to support SQL Server use of the Windows registry. Microsoft’s design as better positioned to support a broad range of applications that use the Windows registry.

Container licensing: WinDocks utilizes locally installed .NET and SQL Server instances to support the creation of containers and images. This approach is simple to implement, efficient, and capitalizes on Microsoft’s proven shared DLL architecture. This approach also uses existing host or core based SQL Server licensing. Current SQL Server licenses allow multiple instances on a host, and WinDocks makes multi-instance use fast and practical. For open source images, such as Nginx, Node.js, or Java, WinDocks includes redistributable run time support.

Microsoft’s container support is based on a new design, with each container being a new install of the application, and container images are a new installation package. This explains the rationale within Microsoft for introducing new license terms.

Other issues:Microsoft’s container support is progressing, but at the time of this article lacks support for IP loopback, mount support that isn’t tied to containers, and support for Windows Auth for SQL Server Management Studio.

Conclusions:

WinDocks is simpler to adopt, use, and support, by using existing systems and licensing. Developers can start on Windows 8, Windows 10, Windows Server 2012, or Windows Server 2016, with support for .NET, SQL Server, and Java. The software is in wide use, and developers are averaging a reduction in VM usage of 10:1, with big savings in Microsoft license costs.

Microsoft’s container story is incomplete, offers limited scalability, is a maintenance headache, and has large unanswered questions. Customers contemplating use of Microsoft containers should consider the pending new SQL Server image licenses, the need for more and larger systems, and on-going image maintenance.

Our recommendation is to start your evaluation of Windows containers with WinDocks. WinDocks is available for free in a Community Edition, and commercial use licenses begin at just $99/month. A summary of WinDocks options for getting started is here.