Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Improved Containerization Features Coming in Windows Server 2022

Microsoft recently announced the first preview of Windows Server 2022, and some of its new features, at Ignite at the beginning of March. In this article, we will look at new container options in the upcoming version of Windows Server.

Microsoft is adding new features to Windows Server 2022 to help organizations accelerate application modernization. Some of the new features are already part of Windows Server releases on the Semi-Annual Channel (SAC).

Smaller Windows Server 20222 container images for faster download and startup times

Microsoft had already announced that Windows Server Core container images are 40% smaller. Additionally, startup times to Windows PowerShell are 30-45% faster. The improvements should apply in any scenario where Windows Server Core container images are used and they will be most beneficial for scaling apps, continuous integration and continuous delivery (CI/CD), and other situations where images are pulled without using a Docker image cache or where faster startup times are required.

Microsoft has been able to reduce Server Core container image sizes by including a smaller set of NGEN images, which are a series of precompiled .NET native images that are generated using a tool called Ngen.exe to improve startup performance. Decreasing image size and maintaining startup performance was the biggest challenge as NGEN was the culprit for increased image size. To achieve its goals for the Windows Server Core base image layer, Microsoft made the following changes:

Included a serviced copy of .NET Framework 4.8.
Removed all NGEN images, except for mscorlib.dll, System.dll and System.Core.dll (32-bit and 64-bit).

In the .NET Framework runtime image layer, the changes are as follows:

Included NGEN assemblies used by Windows PowerShell and ASP.NET only.
Included only NGEN 64-bit assemblies.

Better application compatibility

Windows Server 2019 brought the optional Server Core ‘App Compatibility’ Feature on Demand. It lets applications run in Server Core that would normally require the desktop experience to be installed. Windows Server 2022 will allow organizations to run globally scalable apps with virtualized time zones, and even run apps that depend on Active Directory (AD) without joining the container hosts to the domain.

Group Managed Service Accounts for Active Directory support

Containers can’t be joined to AD, but they can still use AD domain accounts to support authentication. A Windows container can run with a group Managed Service Account (gMSA). gMSAs let multiple computers share an identity without needing to know its password. When a container is configured to run using a gMSA, the container host gets the gMSA password from Active Directory and passes it to the container. The container then uses the gMSA credential when its computer account (SYSTEM) needs to access network resources.

For more information on gMSAs, check out How to Use Group Managed Service Accounts in Windows Server 2012 on Petri. And for more detailed information on configuring Windows containers to run with gMSAs, see Microsoft’s website here.

Virtualized time zones

Microsoft is also adding support for virtualized time zones with Windows containers. In current Windows Server releases, containers use the host’s time zone by default. And the only way to change the time zone of the container instance is to change the time zone of the container host. If you try to change the time zone in the container instance, you’ll get an error. And if you try to change the time zone in the container instance’s registry, it will be ignored when the container instance starts up.

An update in Windows Server 2022 will allow you to set the time zone in container instances using the tzutil command line tool, by setting the virtual registry key, or by specifying the time zone using a Docker/AKS (Azure Kubernetes Service) argument.

Windows Admin Center container tool

The Windows Admin Center (WAC) container extension is now a fully paid-up member of the team and it is available as an out-of-the-box tool. The container tool lets you get Windows and Linux containers up and running quickly. There is also the option to migrate legacy Windows Server ASP.NET, WebDeploy, .NET, and MSI applications to the Azure container registry, allowing you deploy apps in Azure and Azure Stack HCI.

The container tool in WAC lets administrators containerize existing applications by answering a few simple questions. The tool then generates the necessary Docker file with instructions on how to create the container image. Once the Docker file has been generated, you can either run the image locally or push it to an external container registry.

Deploy consistent network policy with Calico across hybrid Kubernetes clusters

Calico is an open-source container networking solution created by Tigera. Kubernetes doesn’t manage network connectivity between containers. Container Networking Interface (CNI) plugins, like Calico, enable full network connectivity between cluster nodes. But full network connectivity between nodes can introduce security risks. Tools like Calico use the Kubernates NetworkPolicy API to apply consistent network policy.

A problem with Windows worker node support in Kubernetes is that Calico, one of the most popular network policy tools, doesn’t support Windows. That is until now. With the release of Calico version 3.16, Windows containers can be deployed and secured in Azure, other cloud providers, and on-premises using the network components in Windows Server and Calico network policy. Furthermore, you can take the containers you deployed in AKS and deploy them in Azure Stack HCI. They will just work, be fully compliant, and can be managed from the cloud using Azure Arc.