After spending alot of time trying to understand and grapsping the concepts of Containers and Microservices I decided I wanted to share the understanding I have, hopefully it will enlighten others as well. Also this is going to be from a Microsoft perspective and how the new features in Windows Server 2016 fit into this ecosystem of Microservices and Containers.
Traditional systems
So before we dive into the new stuff, we have to talk about how the old stuff works and how the new stuff fits into this way of delivery services. So if we look on tradisional services they are often Monolithic based, which means that most components are interwoven.
So in terms of a simple eCommerece website we have all the different compoents which makes up the site installed on the same server. It simple to manage and if we need to scale we hve to provision another virtual machine and configure the load balancer as well. This approach has some downsides to it.
- Troubleshooting, even thou we can easily isolate a server (its basically removing it from the load balancing pool) a monolithic system might have quite complex coding which might make it hard to troubleshoot and debug
- Difficult to scale, even thou it is simple to provision a virtual machine it takes time to configure it, and another things is that components to scale independently. For instance we might see an uprising on user which are browsing our catalog but not actually buying stuff, so even if we just need more resources to the inventory component all our services will be scale when settting up a virtual machine.
- Security risk, since all services run on the same server it might make the code more unsecure and it might expose more information to attackers which can compromise the server.
So to handle this issues, more and more are moving towards using microservices architecture, which basically means that we split out all these components into their own entity, which can mean a virtual machine for instance. This gives us the flexibility that we can scale out components individually and that we can easier troubleshoot and debug, and also do updated to a system, instead of updating the entire system we can update each component seperatly.
Microservices to a certain degree
Now the downside to this approach is the added overhead to have each service run inside its own virtual machine (Since all of the services needs to have its own guest operating system installed, and since Windows Server is a multi purpose virtual machine there are alot of services / components which are not required in order to deliver the service, so Microsoft has a new deployment model here called Nano Server!
Nano Server
So if we compare it to a tradisional server (Standard or datacenter)
Its a “headless” OS, 64-bits only, no UI and is going to be the foundation for web services moving forward for Micrrosoft. Nano Server can be used on the hypervisor level and in the virtual machine layer. Nano Server provides a smaller footprint and less overhead and with less required patching it will also limit the attack surface and make services more robust as well. This will fix some of the issues with microservices delivery in Windows Server 2016 since the services can for instance be deployed in their own Nano Server VM.
So still if I have Nano Server on the Hyper-V host I can still setup a virtual machine using the full Windows Server deployment. Now using Nano Server in the entire stack I will limit alot of the overhead, but I still need to provision the virtual machines in order to scale out my architecture. So what else can we do? Enter Containers!
Now the simplest way to describe Containers is saying “Operating system virtualization” yeah Operating system virtualization. Which is different from tradisional virtualization which is “machine virtualization”
So we have a set of hardware components which are virtualized and pre-defined with a set of resources like CPU, Memory and disk, and in there we have to install a guest OS.
Containers
While Container on the other hand is a way to split up an operating system into seperate entities on the SAME hardware, so each container is running on the same underlying operating system but each container has its own (filesystem, registry, networking stack)
Each Container can run its own service, and since its NOT a virtual machine we have even LESS overhead that regular virtual machines. Having containers allow us to easily scale out each component seperatly. Need more resources to a specific component ? Spin up a new Container!
Containers provisioned on top of a physical host or within a virtual machine, so if we now look back to the visio drawning we can see that we have addresses the issues.
We now can have virtual machines which can host many containers, for instnace they can have all the same service containers on the same virtual machine or have all the different services on the same virtual machines for instance. But now we have addressed the issue which are having the ability to scale up a dedicated instance of a service, with a limited amount of virtual machines.
Now what’s missing here to make this picture more complete? Right… Some network features which would make it easier. Since we have multiple instances of each service and we are going to have more east/west traffic this will make us more dependant on a load balancing feature, also more east-west traffic makes us a bit more “blind” in terms of malicious traffic as well.
So Microsoft has done alot in terms of networking. First of since there are more and more networking features becoming “virtualized” therefore Microsoft needed to rewamp their existing networking stack NDIS (Which is pretty general purpose) therefore they introduced PacketDirect which will allow for higher troughput, lower resource overhead, lower latency and is aimed for pure datacenter networking 40/100GB
Also Microsoft Introduced a Software Load Balancing virtualized feature in 2016 which operates at layer 3 and 4, also they introduced a distributed firewall feature which works at a vSwitch level, which allows us to specify ACLs on the 5-tuple, IP, PORT and Protocol even on the same subnet. So by implementing these features, we can easier leverage Containers, Microservices architecture, implement security and load balancing capabilities between the different tiers.
So hopefully this post gave you bit more of an understanding of Nano Server, Containers, the approach to Microservices and some of the new networking capabilities available in Windows Server 2016.