Hi everybody, I am investigating the new Docker for Windows. There are some articles which I red on the internet that are implying that isolation is achieved (in windows) by each docker container running in a separate VirtualMachine. On Linux, Docker would achieve isolation between containers using the Linux features such as namespaces. But how is that done on Windows. I would really appreciate it if someone can help me with this. There is just not enough clear information about it out there and I got a bit stuck. Thank you in advance!

Hello @elenanklv,

I’m pretty new to the docker ecosystem, but from my understanding (and probably over-simplification), Docker for Windows creates a Linux Virtual Machine (running Alpine Linux if I understood correctly) that is run in an Hyper-V VM.

So basically, all docker containers are run on Linux, in a VM. The fact it’s an Hyper-V VM is just a way to get better performance (should be better than running VirtualBox) and the Docker for Windows application simply interacts with this VM to control it, create mounts, handle the network, etc.

If anyone sees errors in my explanation, I would love to know

Thank you for the reply! I really appreciate this clarification !

There are two types of Windows containers… Windows Containers & Hyper-V Containers. Windows Containers work the same way you know Linux based containers work… one or more in a host where the host can be a VM. Hyper-V containers are different though in that they run a single container within a tiny Hyper-V VM.

We interviewed the guy who owns the Windows Container story for Microsoft recently on our podcast if you’re interested in learning not only more about this, but where they are going & helping. I found it fascinating how much an old engineering team like Windows is contributing to an open source project!

http://www.microsoftcloudshow.com/podcast/Episodes/137-windows-containers-are-coming-talking-to-taylor-brown-about-the-container-wave-coming-to-the-microsoft-world

Dear andrewconnell, thank you very much! Thank you for the link and for the information. Everything is really helpful, but still there is one thing that i can’t understand, please can you maybe help me with it. From your explanation and from the article under it seems that if i run docker beta for windows on windows 10 (as i am doing) then each container will run on separate light VM. From the article it seem that for windows there are only those two possibilities: either windows containers or hyper-v containers.

But when i run few containers on windows 10 with docker beta simultaneously, i see on hyper-v only one VM with the name “MobyLinuxVM”. Then how are those containers running on hyper-v each in separate VM, when its just one VM there. I would appreciate it so much if you can please help me with this.

When you install Docker for Windows, that currently lets you run Docker Linux containers. Running Linux containers on Windows 10 is achieved technically by running a minimal Linux VM using Hyper-V. You can run many Linux Docker containers side by side this way, and they all share the same Linux VM, running on Windows.

When you run actual Docker Windows containers (which is not what you do when you install “Docker for Windows”), it’s what @andrewconnell said.

Thank for your quick and clear response!!! It is much appreciated!

Good clarification… my bad… I misunderstood the question.

One thing I can’t seem to find a direct answer for is can we use Windows Containers for Linux images?
And would it be more performant than the Hyper-V approach?