With the release of Windows Server 2022, Microsoft has added a long list of new features to its latest Windows Server operating system, including containers and containerized applications. In addition, Microsoft introduced many platform improvements with Windows Server 2022 containers that it has classified as improvements in security, management, and Azure integration. As a result, running containers and containerized applications on Windows Server has matured, and there are significant improvements across the board with the platform.
Windows Server 2022 Container Improvements
Microsoft has introduced a wide range of improvements with containers in Windows Server 2022. Let’s detail the following container improvements and see how each one has been implemented with Windows Server 2022.
- Significantly reduced Server Core image size
- Longer support lifecycle
- Scalability improvements with networking
- Efficiency improvements with networking
- gMSA – Domain join no longer required
- IPv6 support
- Virtualized time zone capabilities
- Kubernetes improvements
- Windows Admin Center container improvements
- Azure Migrate App Containerization tool
1. Significantly reduced Server Core image size
One of the key reasons that organizations choose to use modernized applications and architecture is the ease with which containers can be provisioned. This characteristic is directly related to the size of containers compared to virtual machines.
For agility, efficiency, and other reasons, containers must be as lightweight as possible to support modern DevOps processes. The size of the container is directly related to supporting these objectives. Therefore, Microsoft has drastically streamlined the Server Core container image size.
Previously, with Windows Server 2019 RTM, the Server Core image was 3.47 GB uncompressed. Now, with Windows Server 2022 RTM, Server Core is 2.76 GB uncompressed, a 33% reduction in on-disk footprint compared to Windows Server 2019.
Windows Server 2022 features a much smaller Server Core image
2. Longer support lifecycle
With Windows Server 2022 containers, Microsoft is extending the support lifecycle for Windows Server 2022 images. It includes extended support for Server Core, Nano Server, and the new Windows Server container images. Even though containers allow organizations to have an extremely agile and ephemeral environment, it helps to ensure the support from Microsoft is not short-lived. With the new support lifecycle, businesses have the support needed for their modern application developments and lifecycles using specific container images.
3. Scalability improvements with networking
With the release of Windows Server 2022 and the containerized infrastructure it provides, Microsoft has worked on improving the scalability of container networking. In this release, several scalability improvements have been made, including:
- Improved packet forwarding performance across the Hyper-V virtual switches supporting the container deployments
- Port exhaustion issues that existed in previous Windows Server releases with containers have now been resolved
- There is now increased reliability across the Container Networking Interface (CNI) with Kubernetes in Windows Server 2022.
- The host networking service (HNS) control plane has been overhauled and has seen improvements in both Windows Server containers and Kubernetes networking
4. Efficiency improvements with networking
Aside from the scalability and stability improvements with Windows Server 2022 container networking, Microsoft has introduced efficiency improvements regarding routing. Microsoft has introduced Direct Server Return (DSR) asymmetric network load distribution for their Kubernetes implementation. With DSR in load-balanced systems, the request and response traffic can use different network paths to avoid extra unnecessary hops to reduce latency and increase performance and efficiency. These improvements are realized without significant environmental infrastructure changes, helping offset any administrative burden needed.
5. gMSA – Domain join no longer required
A new construct was introduced in Windows Server 2019 called the Group Managed Service Accounts (gMSA). These gMSAs allow containers to provide Active Directory authentication. The gMSA feature is essential as organizations who will be using Windows Server containerized applications will often be integrating web applications with Active Directory Domain Services (AD DS) for authentication, etc.
The Windows Server 2019 implementation of gMSAs required the Windows Server container host to be domain joined to retrieve the gMSA credentials from Active Directory. However, with Windows Server 2022, the gMSAs for containers can be retrieved using a non-domain joined Windows Server container host. In addition, the architecture now includes a portable user identity instead of a host identity. This new architecture allows the retrieval of gMSA credentials using the non-domain joined host. The user identity is saved as a secret in Kubernetes implementations.
The removal of the domain join requirement will alleviate a great deal of complexity and the need for Active Directory Domain Services joins for container hosts with the possibility to still retrieve gMSAs.
To learn more about Group Managed Service Accounts, look at the official Microsoft documentation here:
6. IPv6 support
IPv6 has certainly been gaining in adoption and use in the enterprise. Organizations see the value in security, scalability, and other characteristics inherent to the IPv6 network stack. IPv6 is typically implemented in a dual-stack implementation allowing businesses to run both IPv4 and IPv6 together.
This dual-stack implementation with IPv6 is supported for L2Bridge-based networks. However, it is also dependent on the Container Network Interface (CNI) used. Note that you need to be running Kubernetes 1.20 or higher to enable IPv6 support in your Kubernetes cluster end-to-end.
7. Virtualized time zone capabilities
Keeping your containerized infrastructure synchronized with a time source is extremely important. Many organizations may require containers to receive their time source from an official or business-sanctioned time source. Containers may also need to be configured for a specific time zone. Previously, containers received their time zone configuration from the Windows Server container host.
Now, with Windows Server 2022 containers, organizations can configure the virtual time zone configuration differently for containers than the Windows Server 2022 container host. In addition, all the time and time zone configurations have been virtualized and instanced for each container. As such, organizations can configure these individually.
8. Kubernetes improvements
Most organizations running containerized workloads are doing so using Kubernetes. Kubernetes is the de facto container orchestration solution predominantly used today. With the release of Windows Server 2022, several new enhancements are related to running Kubernetes with Windows Server 2022. These include:
- Multi-subnet support with Calico – Microsoft has improved the Host Network Service (HNS) to allow the use of restrictive subnets and multiple subnets for each Windows worker node. Prior to the Windows Server 2022 implementation, the HNS restricted container endpoint configurations in Kubernetes to use the prefix length of the underlying subnet. Calico is the first CNI to use this functionality in the Windows Server CNI implementation.
- HostProcess containers – These are a new container type that runs directly on the Windows Server container host. It allows extending the Windows container model with additional management capabilities. With the capabilities provided, you can distribute management operations requiring host access while retaining versioning and deployment methods offered by containers. Cluster hosts no longer need to be individually managed in a sneakernet fashion, logging into each individually. The container DevOps model can be used to manage clusters. It is the preferred method for managing Windows Server Kubernetes nodes.
9. Windows Admin Center container improvements
Since the release of Windows Server 2019, Microsoft has been aggressively adding features to its new hybrid server management platform, Windows Admin Center. Windows Admin Center is the modern way forward for Windows Server management and exposing hybrid Azure features to on-premises resources. It also provides a graphical management interface for managing Windows Server containers.
Note the following enhancements with Windows Admin Center in conjunction with Windows Server 2022 containers:
- You can extract apps and configurations from running servers and then containerize the application
- You can locally validate and work with containers and then push these to the Azure Container Registry
- You can also manage your Windows Server containers using Windows Admin Center and perform basic management functionality, including creating, deleting, and operating registries and images. You can also control your containers and perform basic operations such as starting and stopping them and viewing logs and events from Windows Admin Center.
Windows Admin Center container management
10. Azure Migrate App Containerization tool
What is Azure Migrate App Containerization? It is a solution that allows organizations to manage the migration process of moving existing web applications to the Azure Kubernetes Service (AKS) and do this in a fully controlled way. The service performs the heavy lifting of evaluating existing web servers, creating container images, and pushing those images to the Azure Container Registry.
From there, it creates an Azure Kubernetes Service (AKS) Kubernetes cluster and deploys the containers to the resulting Kubernetes cluster. The Azure Migrate App Containerization tool allows organizations to migrate traditional web applications to containers without the fear of carrying out this process manually.
Selecting applications to containerize using the Azure Migrate App Containerization Tool
Wrapping Up
Microsoft continues to add new container features and capabilities with each new Windows version. The new functionality found in Windows Server 2022 makes it a compelling container platform for modern business-critical applications. As a result, Microsoft’s container platform is beginning to show maturity. In addition, the hybrid features exposed by Windows Admin Center make it easy to integrate on-premises container hosts with Microsoft Azure and hybrid cloud features like Azure Container Registry and the Azure Migrate App Containerization tool.