Tag: Container

Azure Hybrid Cloud Architectures

How to create Azure Hybrid Cloud Architectures

Hybrid Cloud is important for many companies out there since hybrid cloud will be an end state for many customers and not just an in-between state until they have moved everything into the cloud. But how do we leverage all the hybrid cloud offerings of Microsoft Azure, and how do we build Azure hybrid cloud architectures? That is what we addressed with many new hybrid cloud architectures in the Azure Architecture Center. There you can find Architecture diagrams, reference architectures, example scenarios, and solutions for common hybrid cloud workloads.

These architectures focus on my different topics like:

Azure Hybrid Cloud Architectures

Here are some of the examples we have added to the Azure Architecture Center. You can find more Azure hybrid cloud architectures here.

Hybrid Security Monitoring using Azure Security Center and Azure Sentinel

This reference architecture illustrates how to use Azure Security Center and Azure Sentinel to monitor the security configuration and telemetry of on-premises and Azure operating system workloads. This includes Azure Stack.

Hybrid Security Monitoring using Azure Security Center and Azure Sentinel

Hybrid Security Monitoring using Azure Security Center and Azure Sentinel

You can find the full Hybrid Security Monitoring using Azure Security Center and Azure Sentinel architecture here.



Run Azure Container Instances from the Docker CLI

Run Azure Container Instances from the Docker CLI

Earlier Docker announced the partnership with Microsoft to bring support to run Azure Container Instances (ACI) from the Docker CLI. Yesterday, Docker announced and released the first Docker Desktop Edge version (2.3.2), which allows you to try out that new feature. Azure Container Instances (ACI) allow you to run Docker containers on-demand in a managed, serverless Azure environment. Azure Container Instances is a solution for any scenario that can operate in isolated containers, without orchestration.

Run Azure Container Instances from the Docker CLI

To be able to run ACI containers using the Docker CLI, Docker expanded the existing docker context command to support ACI as a new backend. To start using this new feature you will need to run Docker Desktop Edge version 2.3.2 and an Azure subscription. You can create a free Azure account with 12 months of free services, $200 credit, and over 25 services which are always free.

Docker Desktop Azure ACI Integration

Docker Desktop Azure ACI Integration

Now you can start your Docker CLI and login to Azure:

docker login azure

After you are logged in, you will need to create a new ACI context. You can simply use “docker context create aci” command and add your Azure subscription and Resource Group, or the CLI will provide you with an Interactive experience.

docker context create aci myazure

With “docker context ls” you can see the added ACI context.

docker context ls
Docker Desktop CLI create Azure Container Instance ACI Context Integration

Docker Desktop CLI create Azure Container Instance ACI Context Integration

Now you can switch to the newly added ACI context.

docker context use myazure

Now you can start running containers directly on Azure Container Instance using the Docker CLI.

docker run -d -p 80:80 mycontainer

You can also see the running containers using docker ps.

docker ps
Run Azure Container Instances from the Docker CLI

Run Azure Container Instances from the Docker CLI

This will also show you the public IP address of your running container to access it. In my example I used a demo container, however, you can also use your own container which you pushed to a container registry like Docker Hub.

You can also run multi-container applications using Docker Compose. You can find an example for that here.

Try Azure Container Instances from the Docker CLI

This new experience is now available as part of Docker Desktop Edge 2.3.2 . To get started, simply download the latest Edge release or update if you are already on Desktop Edge and create a free Azure account with 12 months of free services, $200 credit, and over 25 services which are always free.

Conclusion

I hope this gives you a short overview of how you can use the Docker CLI to directly run Docker containers in Azure Container Instances (ACI). If you have any questions, feel free to leave a comment.

There are also many other great examples like running Docker Linux containers on Windows, using the Windows Subsystem for Linux 2 (WSL 2).



How to Install a Windows Server Container Host

How to Install a Windows Server Container Host

In this blog post, I want to quickly guide you through how you can install a Windows Server Container Host running Docker. This guide will help you set up, install, and run Windows Containers on Windows Server. In my example, I will install a container host on a Windows Server, version 2004, which is a Semi-Annual Channel (SAC) release. Windows Server SAC releases are released twice a year and are optimized for containers. In the Windows Server, version 2004 release, the team continued improving fundamentals for the core container platform such as performance and reliability.

If you want to learn more about the differences of Windows Server Semi-Annual Channel (SAC) vs. Long-Term Servicing Channel (LTSC), check out my blog post.

Requirements

  • A virtual or physical server running Windows Server 2016 or higher (Also including Semi-Annual Channel (SAC) releases. In my blog post, I will use the latest available releases and run the latest Windows Server SAC release, which offers the latest enhancements on the container host.
  • You can also use the Windows Server 2019 LTSC version

Set up and install the Windows Server Container Host

Since I am using the latest SAC release of Windows Server, the server is available as Windows Server Core only. This means I am going to use a tool called “sconfig” to set up my server for the first time. Of course, you can also use existing methods like unattend.xml files or PowerShell scripts to set up your server.

Windows Server Core

Windows Server Core

With sconfig, you can run all the simple configuration tasks to configure your Windows Server.

Windows Server SCONFIG

Windows Server SCONFIG

After the Windows Server is configured and patched, we can now install Docker, which is required to work with Windows containers. Docker consists of the Docker Engine and the Docker client. You can simply install Docker on Windows Server using the following commands.

Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
Install-Package -Name docker -ProviderName DockerMsftProvider
Install Docker on Windows Server

Install Docker on Windows Server

After these commands, you will need to restart the server.

Restart-Computer -Force

If you want to learn more about installing Docker on Windows Server, check out Microsoft Docs.

Run Windows Container Docker Images on Windows Server

Run Windows Container Docker Images on Windows Server

Now you can start pulling your docker container images to your Windows Server. I will use the latest Windows Container images, which came with Windows Server, version 2004. You can read more about the improved container images here.

docker pull mcr.microsoft.com/windows/servercore:2004 
docker pull mcr.microsoft.com/windows/nanoserver:2004 
docker pull mcr.microsoft.com/windows:2004

You can now use the docker client to manage your containers on your Windows Server, or you can also use the new Windows Admin Center Container extension, which was released a couple of weeks ago.

Manage Windows Server Containers with Windows Admin Center

Manage Windows Server Containers with Windows Admin Center

And yes, if you have a standalone Windows Server Core, you can also directly install Windows Admin Center on your Windows Server Core.

Conclusion

I hope this blog post gives you a great overview of how to install and set up a Windows Server container host. If you have any questions, feel free to leave a comment.



HCSDiag.exe - Hyper-V Host Compute Service Diagnostics Tool

HCSDiag.exe – Hyper-V Host Compute Service Diagnostics Tool

As you know, Hyper-V is not just a server virtualization software anymore. Today, you can find Hyper-V technology across different operating systems, products, and services, like Windows Defender Application Guard, Windows Sandbox, Hyper-V Containers, or many more. Thanks to Ben Armstrong from the Hyper-V team, I found out that there is a tool in Windows to troubleshoot these Hyper-V containers called hcsdiag.exe or Hyper-V Host Compute Service Diagnostics Tool. The Hyper-V Host Compute Service Diagnostics Tool (HCSDiag.exe) is available in Windows 10 and Windows Server 2019 if you have the Hyper-V roles or virtualization features enabled, and can be helpful to troubleshoot Hyper-V containers, virtual machines (VMs), Windows Sandbox, Windows Defender Application Guard, Windows Subsystem for Linux 2 and more.

HCSDiag.exe - Hyper-V Host Compute Service Diagnostics Tool

HCSDiag.exe – Hyper-V Host Compute Service Diagnostics Tool

Let’s have a look at the HCSDiag.exe, which you can find in C:\Windows\System32. It provides you with a couple of different commands and options. However, keep in mind that not all features work with every type of container. Some features are limited to scenarios where the VM is being used under the same user context as the host, where it is all about protecting the host from the guest and not the guest from the host like in the server version of Hyper-V.

To install Hyper-V, check out the following posts:

HCSDiag.exe

hcsdiag <command> [options…]

  • list
    Lists running containers and VMs.
  • exec [-uvm] <id> <command line>
    Executes a process inside the container.
  • console [-uvm] <id> [command line]
    Launches an interactive console inside the container.
  • read [-uvm] <id> <container file> [host file]
    Reads a file from the container and outputs it to standard output or a file.
  • write [-uvm] <id> [host file] <container file>
    Writes from standard input or a host file to a file in the container.
  • kill <id>
    Terminates a running container.
  • share [-uvm] [-readonly] [-asuser] [-port <portnumber>] <id> <host folder> <container folder>
    Shares a host folder into the container.
  • vhd [-uvm] <id> <host vhdx file> <container folder>
    Shares a virtual hard disk file into the container.
  • crash <id>
    Forces a crash of the virtual machine hosting the container (only works for containers hosted in a virtual machine).

I will give you some examples of how you can use hcsdiag.exe to interact with some of the Hyper-V containers. Now again, this focuses mostly on technologies like Windows Sandbox, Docker Hyper-V Containers, WSL 2, and similar features.

You can find more documentation on Hyper-V on Windows Server or Hyper-V on Windows 10 on Microsoft Docs.

List all containers and Hyper-V VMs

With the hcsdiag list command, you can create a list of containers and Hyper-V virtual machines running on the host. Including Windows Sandbox, Windows Subsystem for Linux 2, and Application Guard.

hcsdiag.exe list

hcsdiag.exe list

Connect Console to Hyper-V containers and Windows Sandbox

You can also directly connect to the console of containers or the Windows Sandbox. Remember that it only works for Hyper-V containers where the guest is not protected from the host. Not for containers like Hyper-V VMs, where the guest is also protected from the host. If you need to remote into want console access or run commands against a Hyper-V VM from the host, check out PowerShell Direct for Windows VMs and hvc.exe for Linux VMs.

hcsdiag console connect

hcsdiag console connect

Here is an example where I am connected to a Windows Sandbox container using hcsdiag.exe.

hcsdiag Windows Sandbox

hcsdiag Windows Sandbox

But that also works with Dockers container (Hyper-V containers) running Windows and Linux.

hcsdiag Linux Container

hcsdiag Linux Container

HCSDiag console provides you with an interactive connection to interact with the container.

Additional HCSDiag.exe features and commands

The HCSDiag.exe also provides you with a couple of additional commands you can use. For example, the read command to read a file from the container and output it to the host or as a file to the host.

hcsdiag read

hcsdiag read

You can use the “share” command to share a host folder into the container or use “vhd” to mount a virtual disk file (VHD) file to a container. The hcsdiag kill command terminates a running container.

Conclusion

HCSDiag.exe – Hyper-V Host Compute Service Diagnostics Tool is excellent if you need to troubleshoot these Hyper-V containers, virtual machines (VMs), Windows Sandbox, Windows Defender Application Guard, Windows Subsystem for Linux 2 and more. If you have any questions, feel free to leave a comment.



Windows Server webinar miniseries - Month of Cloud Essentials Speakers

Windows Server webinar miniseries – Month of Cloud Essentials

I want to let you know that in June I will be speaking in the Windows Server webinar miniseries focusing on how you can leverage the power of Azure together with Windows Server. Jeff Woolsey, Pierre Roman, Orin Thomas and I will be speaking about different scenarios using Windows Server in a Hybrid environment.

Join this four-part Windows Server webinar miniseries to learn tips and best practices for bringing the efficiencies and cost savings of Azure to your Windows Server workloads. Each 30-minute session includes demos and a live Q&A with Microsoft technical experts.

The Windows Server webinar miniseries – Month of Cloud Essentials sessions will focus on:

Intro to Windows Server Apps in the Cloud
June 4, 9:00 AM–9:30 AM Pacific Time by Jeff Woolsey 📅
Get an overview and explore resources to help you start running your Windows Server workloads on Azure.

How to Manage Windows Server Roles with Azure Services
June 11, 9:00 AM–9:30 AM Pacific Time by Orin Thomas 📅
Learn best practices to help improve security and scalability for apps by easily migrating Windows Server roles such as Active Directory, Windows File Server, and DNS to Azure.

Create Highly Available Apps with Azure VMs
June 18, 9:00 AM–9:30 AM Pacific Time by Pierre Roman 📅
Find out how to run business-critical Windows Server applications on Azure with consistent security, identity, and management features.

Modernize Windows Server Apps on Azure
June 25, 9:00 AM–9:30 AM Pacific Time by Thomas Maurer 📅
Explore hybrid cloud approaches for connecting your on-premises and multicloud environments to Azure with strategies that include containers.

I am looking forward to seeing you in the Windows Server webinar miniseries – Month of Cloud Essentials. If you miss any of the sessions, watch them on demand. You can register here.

If you have any questions, feel free to leave a comment.



Run Azure PowerShell in a Docker Container Image

Run Azure PowerShell in a Docker Container

Yesterday, the Azure PowerShell team announced the Azure PowerShell Docker Container images. In this post, I want to quickly highlight that announcement and show you how you can download, pull, and run Azure PowerShell in a Docker container image from Microsoft.

But first, let’s talk about why you would want to run an Azure PowerShell in a Docker container. Azure is continuously evolving, and the Azure PowerShell team releases a new version of the Azure PowerShell modules every three weeks. This makes it challenging to maintain a production or development environment up to date and ensuring the smooth execution of scripts. With the Azure PowerShell docker container image, you can quickly run scripts against a specific version of Azure PowerShell.

The team highlights the current scenarios:

  • On the same machine, you can run scripts that are using a different version of Az with no conflicts.
  • You can test a script against a different version of Az with no risks.
  • You can run the latest container image interactively.


Video Microsoft Ignite Live 2019 - Hyper-V Containers

Video Microsoft Ignite Live – Hyper-V and Containers

This is the last set of recordings of Microsoft Ignite Live stage recordings I am going to share. Today I am going to share two videos, in one I had the chance to speak with Craig Wilhite and Vinicius Apolinario about why you should care about containers and how to get started. In the second one, I spoke with Ben Armstrong from the Hyper-V team about some of the great fun bits the team is doing.

Video: Windows Container

A lot has been said about containers recently, but why should you care? Containers are not an “all or nothing” situation and understanding when they can be beneficial is key to a successful implementation. Come and learn from the containers team how you can get started with this technology and some tips and tricks that will help you with your containerization journey!

Video: Hyper-V

Ben Armstrong, Principal Program Manager on the Hyper-V team talks about some of the challenging, interesting, quirky, and just fun changes that have happened in virtualization over the last year.

I hope this gives you a quick look at some of the fun parts the Hyper-V team is doing with containers and Hyper-V. You can check out the following links to get more information:

Microsoft Ignite 2019 was a lot of fun, and you can also watch my session about Hybrid Cloud Management at Microsoft Ignite. If you have any questions, please let me know in the comments.