Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Windows Server

Windows Server Core Container Images Now 40 Percent Smaller

At the beginning of December, Microsoft announced upcoming changes to Windows Server Core container images that would make them 40% smaller. In a post on the .NET Blog, .NET Team Program Manager Richard Lander says that Insider images are 40% smaller than the latest (patched) 1903 images, based on the images in the Windows Server Core insiders Docker repo. Additionally, startup times to Windows PowerShell are 30-45% faster. Lander says that the improvements should apply in any scenario where Windows Server Core container images are used and will be most beneficial for scaling apps, continuous integration and continuous delivery (CI/CD), and other situations where images are pulled without using a Docker image cache or where faster startup times are required.

How Did Microsoft Reduce the Image Size by 40 percent?

Windows Server Core images include a series of pre-compiled .NET native images that are generated using a tool called Ngen.exe to improve startup performance. But the downside is that it also makes image size grow. The current Insider Windows Server Core images now include a significantly smaller set of NGEN images. A larger set of images is included in the .NET Framework runtime images, also based on Server Core, but are also smaller because Microsoft makes sure that there is only one copy of each NGEN image that target ASP.NET and PowerShell performance.

Investigations started at Microsoft a year ago based on the premise that the way the .NET Framework is packaged and installed doesn’t work well with Docker layers. On the back of this research, Microsoft defined three criteria to reduce image sizes.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

  1. There should be a single copy of each file in the .NET Framework, across all container image layers published by Microsoft.
  2. NGEN images that are created by default should align with default use cases.
  3. Maintain startup performance as container image size is reduced.

Decreasing image size and maintaining startup performance was the biggest challenge as NGEN was the culprit for increased image size. To achieve its goals for the Windows Server Core base image layer, Microsoft made the following changes:

  • Included a serviced copy of .NET Framework 4.8.
  • Removed all NGEN images, except for mscorlib.dll, System.dll and System.Core.dll (32-bit and 64-bit).

In the .NET Framework runtime image layer, the changes are as follows:

  • Included NGEN assemblies used by Windows PowerShell and ASP.NET only.
  • Included only NGEN 64-bit assemblies.

The images are currently available for Insiders here at the windows/servercore/insider repo but should be generally available in the windows/servercore repo when Windows 10 20H1 becomes generally available in the first half of 2020. Microsoft says that container images needing best performance for .NET Framework or Windows PowerShell should use the dotnet/framework/runtime repo. While the images are bigger, they offer better performance.


Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: