In this blog post, I’ll show you how to create a Windows Hyper-V Container that runs Inside a Hyper-V VM and provide an extra layer of isolation called Hyper-V Containers.
Windows container includes two types of containers:
- Windows Server containers – The Normal Containers created with Docker
- Hyper-V containers – More secure and Isolated using Hyper-V VM
Both types are created, managed, and function the same way and use same container images.
The only difference is the level of isolation created between the container which Hyper-V gives it an extra layer of Isolation.
The Hyper-V Isolation adds an extra protection to a Windows Container by running the Container Inside a virtualization layer similar to a virtual machine.
To get started we need to Install Hyper-V on the Container Host using the cmdlet below:
enable nested Virtualization
If the Container Host Is a virtual Machine you will need to enable nested Virtualization on the Host before Installing Hyper-V using the two cmdlets below:
Set-VMProcessor -VMName 2016rtm -ExposeVirtualizationExtensions $true
Get-VMNetworkAdapter -VMName 2016rtm | Set-VMNetworkAdapter -MacAddressSpoofing On
Once Hyper-V Is installed restart the host.
To create a Windows Container with Hyper-V Isolation run the docker command below:
docker run -it --isolation=hyperv microsoft/nanoserver cmd
It’s important to note that the entire management of Hyper-V Is done by the Windows Containers host and there Is no need to manage the Hyper-V host.