Bold guessing and in-depth analysis of Windows docker principles

Source: Internet
Author: User

Preface: This article was originally published by The Basin in China four public number (No.: Sysinternal). while Windows Docker will not see the demo of the instance until Microsoft builds, it does not prevent us from making bold guesses and in-depth analysis using the public materials we have at hand. For pots and pans, the process of guessing is even more fun than the mystery revealed!

As you know, Docker is a lightweight application solution relative to virtual machines. Like this creative portable printer in the picture, you don't need to encapsulate the functionality in a cumbersome traditional printer. The same is true for Windows Docker, which does not need to encapsulate applications in bulky virtual machines to conserve resources and improve performance.

650) this.width=650; "Src=" https://mmbiz.qlogo.cn/mmbiz/ 7wizliacmoyahebrziyy9rzvguo3bcbticicbhsercigc5ulqnqvyjgbdwk96czkkh3t6ura9oyygzq335ciczo3mg/0?wxfmt=gif "Width=" 356 "height=" "style=" BORDER:0PX;MARGIN-BOTTOM:15PX;HEIGHT:AUTO;WIDTH:356PX; "border=" 0 "hspace=" 0 "vspace=" 0 " Title= ""/>

The basin has published an article on Windows Docker and nano server that you can reply to in the public number Docker6 Read this article (in the public attention:sysinternal).

While Windows Docker will not see the demo of the instance until Microsoft builds, it does not prevent us from making bold guesses and in-depth analysis using the public materials we have at hand. For pots and pans, the process of guessing is even more fun than the mystery revealed!

We can guess from a lot of public information that Windows Docker technology is probably called drawbridge (although Microsoft is not officially confirmed), such as the following public reports. So our goal is to see what this drawbridge is all about.

http://t.cn/RAN9Y9h

Speculation, of course, must also be based on facts. Shu not negative Hu Shi "bold hypothesis, careful verification" of the teachings (this year the basin also graves the tomb of Mr. Hu Shi).

650) this.width=650; "Src=" https://mmbiz.qlogo.cn/mmbiz/ 7wizliacmoyahebrziyy9rzvguo3bcbtic7rrqgvgjricjxyghpiavrfyrpj0k05wmxvwgimiahbkqc1hgvecyj3xva/0?wxfmt=jpeg "Style = "border:0px;margin-bottom:15px;height:auto;width:225px", "width=" 225 "height=" "border=" 0 "hspace=" 0 "vspace=" 0 " Title= ""/>

So what is the argument that the basin is used for careful verification?

Proving the argument

This is a paper published by Microsoft Research on drawbridge, "Rethinking the Library OS from the Top", its PDF document is as follows:

http://research.microsoft.com/apps/pubs/default.aspx?id=141071

Here is the publicly viewable video:

Http://channel9.msdn.com/Shows/Going+Deep/Drawbridge-An-Experimental-Library-Operating-System

The above two data are older, 2011, for the time of Windows 7 for the rationale, but also for desktop applications (such as Excel description), but the basic principle is not too much change.

In theory, desktop apps require more inter-process interaction, such as word may need to call other Office document objects through OLE. The interaction between service-side applications is typically implemented over a network (for example, a virtual machine typically has a complete network stack to support this requirement).

Bold analysis

It is mentioned in the video that a user application such as Excel, whose API call is implemented by user mode Ntdll.dll, is called by Ntdll.dll to invoke the OS kernel related function in kernel mode. The graphical interface, desktop, clipboard, etc. are done through the Windows subsystem in user mode (User32.dll, Gdi32.dll and Kernel32.dll in the example), and Win32k.sys in kernel mode.

650) this.width=650; "Src=" https://mmbiz.qlogo.cn/mmbiz/ 7wizliacmoyahebrziyy9rzvguo3bcbtic8ixxd6zokvxgnsi6qfyiclsw2dz91sghlk7cbzydix8iafmn2kntz6ta/0?wxfmt=png "Width=" 494 "height=" 480 "style=" Border:0px;margin-bottom:15px;height:auto; "/>

The aforementioned PDF document divides traditional OS services into 3 categories: User Services, application services, and hardware services, expressed in different shades of color.

650) this.width=650; "Src=" https://mmbiz.qlogo.cn/mmbiz/ 7wizliacmoyahebrziyy9rzvguo3bcbtic4jyhyz2qmhwvntnx1uutssjjdq66ys9cunopf1zs5g8yxaiowyibplg/0?wxfmt=png "Style=" Border:0px;margin-bottom:15px;height:auto; "/>

The video mentions the concept of a library OS, which is equivalent to "wrapping" a thin layer of "skins" into each process. The essence is to give the two important kernel mode components mentioned above Win32k.sys and OS kernel provide a separate copy of the user mode, where the corresponding Win32k.sys user-mode copy is called Win32k.dll, and the OS kernel user-mode copy is called Ntum (NT Kernel User Mode). Each Docker process has its own independent library OS, interacting with the Secmon (Secure Monitor) and the host OS kernel. This is probably the origin of its code name "drawbridge".

650) this.width=650; "Src=" https://mmbiz.qlogo.cn/mmbiz/ 7wizliacmoyahebrziyy9rzvguo3bcbtickdxw764l18tx8ku8xztic6g0qsalk4vh1sbysqdkxul2icukizpibxdaq/0?wxfmt=png "width= "472" height= "435" style= "Border:0px;margin-bottom:15px;height:auto;"/>

Unlike Linux docker, most Windows processes have a graphical interface, so in order to manage it, we can use the RDP service in Secmon, which is referenced in the video. In this case, multiple Windows Docker containers can share graphical resources on the host through the RDP service. Of course I believe that the vast majority of Microsoft IT operations staff will increasingly like to use PowerShell to control the application.

650) this.width=650; "Src=" https://mmbiz.qlogo.cn/mmbiz/ 7wizliacmoyahebrziyy9rzvguo3bcbticfnm4dcjzdggjbicmtec03h8sia9bchqrx62ahzfj2q5lepbgjpayyibmg/0?wxfmt=png "width= "505" height= "272" style= "Border:0px;margin-bottom:15px;height:auto;"/>

As mentioned in the PDF document, the Library OS requires minimal code churn and only consumes about 2 person-years on Windows 7 projects. This is a good thing, the smaller the code changes, the more stable it means.

The PDF also mentions comparisons between drawbridge and virtual machines, as well as traditional process patterns. Visible drawbridge the overhead associated with the traditional process is very low, and can be almost negligible.

650) this.width=650; "Src=" https://mmbiz.qlogo.cn/mmbiz/ 7wizliacmoyahebrziyy9rzvguo3bcbticjeknlabauvpef4xlzib6sewcvvefehwlm1xmpwpsyoq205ibv2mhgvsa/0?wxfmt=png "Style=" Border:0px;margin-bottom:15px;height:auto; "/>

Basin in the previous document also mentions the comparison of Docker and other application encapsulation modes:

650) this.width=650; "Src=" https://mmbiz.qlogo.cn/mmbiz/ 7wizliacmoyymaujvpov7wzqxrvvynskr8g9dxt6pmliaic8okiaga2xo8uwib00jqiaoldbyezuiaer9wdnz6szruww/0 "style=" border:0 px;margin-bottom:15px;height:auto;width:393px, "width=" 393 "height=" "border=" 0 "hspace=" 0 "vspace=" 0 "title=" "/ >

What's with Hyper-V container?

To be honest, there is nothing fierce in the basin hand, only to guess it is a container that integrates Hyper-V virtualization and drawbridge technology. may be more suitable for production environments. Since it is an optional deployment model, Hyper-V container is bound to support virtualization in virtualization (a good mouthful) in order to be suitable for running on Azure and other hypervisor.

Everything has to wait for a live demonstration at the build conference. After the build conference, Sihui the first time to serve the latest in-depth analysis.

This article deals with the internal principles of Windows, welcome to the public number to reply to course 2 view Huang Teacher's fine courses "Windows performance optimization and blue screen diagnostics" (need to pay attention to the public number:sysinternal ).

Finally, please allow the basin to be a bit, yesterday spent 200 yuan from the Internet to buy a foldable steel computer desk.

650) this.width=650; "Src=" https://mmbiz.qlogo.cn/mmbiz/ 7wizliacmoyahebrziyy9rzvguo3bcbticqk0remyudctevibv9kinkmtsq6ai6qibj4oyicpr6a9tag1kjgv1eb88g/0?wxfmt=jpeg "Style = "border:0px;margin-bottom:15px;height:auto;width:225px", "width=" 225 "height=" "border=" 0 "hspace=" 0 "vspace=" 0 " Title= ""/>

This article is from the "China to four basin" blog, please be sure to keep this source http://markwin.blog.51cto.com/148406/1636364

Bold guessing and in-depth analysis of Windows docker principles

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.