WinDocks released a Windows port of the Docker engine that can run on Windows Server 2012 or Windows Server 2012 r2 as the underlying host. It can run containers with multiple versions of MS SQL Server and supports .NET 2, 3.5 and 4.5.
WinDocks is a port of the Docker engine to Windows and is different from the recently announced Docker on Windows. The official Docker client can be used with WinDocks, which supports a subset of Docker commands. This includes build, create, commit, exec, ps, start and stop.
WinDocks utilizes an open source container project built by Uhuru software as well as their own port of the Docker engine.
The Windows 2012 kernel does not have native support for the isolation requirements that are needed for containers. WinDocks uses Windows Job Objects, which can manage processes as a unit, as the underlying technology for its containers.
A Job Object can be used to control resource usage for a group of processes like process priority and CPU usage. These include Discretionary Access Control Lists (DACL) for file permissions, file system and registry filters for namespace isolation and the Windows Filtering Platform for managing network operations. The Windows Filtering Platform exposes capabilities for network packet processing and filtering.
Isolation in Linux containers, including what is provided by Docker, is achieved via control groups (cgroups). Due to the lack of a similar mechanism in Windows 2012, various things had to be patched together to achieve the features in WinDocks. InfoQ got in touch with WinDocks to know more about any security issues that can arise from this. Ramesh Parameswaran, Founder, WinDocks, responded:
We don't recommend using Windocks in a scenario where each tenant is a different organization. It’s not a 100% process isolation solution, but it takes you a long way there. Container processes in WinDocks have memory and CPU utilization restrictions so a single process cannot jam up the machine.
WinDocks containers are currently limited to .NET and MS SQL Server images. These can be either the base SQL server image packaged with the product or a custom SQL image derived from the base image. To create a custom SQL image, a user can launch a container from the base image, add an MDF file to it and commit the container to a new image, which can then be used to launch the custom container. The primary data files in MS SQL are typically created with the MDF extension.
Remote SQL server databases can also be used by using network mounts. According to Parameswaran, WinDocks will focus next on improving logging functionality and provide integration with Jenkins to make it easy to incorporate in Continuous Integration/Continuous Delivery (CI/CD) pipelines.