Microsoft plans to add containers to Windows client

Microsoft has been public about its plans to add two types of containers to Windows Server 2016. But so far, company officials haven’t talked about plans to bring container support to Windows client.

winclientcontainerbarcelona.jpg

However, adding containers to Windows 10 looks to be in the cards, as a recent Microsoft job posting makes clear.

From the job post seeking a senior program manager for in Microsoft’s Redmond operating systems engineering team:

“There are a large number of client focused scenarios, currently unannounced, where Containers form the core pivotal technology providing security, isolation and roaming ability. To deliver this, we are creating a new team with a mission to impact client computing in the same revolutionary manner we are changing the datacenter.

“The Senior Program Manager who takes this challenge will own and drive the end-to-end container scenarios across Windows client. This includes driving large cross group initiatives to deliver a complete customer-focused vision. Your stakeholders will include multiple teams within and outside Windows, spanning multiple technologies such as user experience, security, storage, and Networking.”

What would container support in Windows client mean from a security standpoint? Instead of using a virtual machine to run a browser, a user could use a Hyper-V container to isolate the browser from other apps running on the operating system. That could keep attackers from infiltrating other parts of the Windows OS via a browser attack.

Over the past several years, Microsoft Research has investigated ways to make the Windows OS more secure. The ServiceOS project — formerly known as “Gazelle” and “MashupOS” — aimed to tighten security by isolating the browser from the OS. There seems to have been little, if any, work to advance ServiceOS for the past few years, however.

There also was some browser-security work happening inside the company via a project known as XAX. XAX was a browser plug-in meant to allow users to safely run x86-native code as a browser extension, using picoprocesses, a micro-virtualization framework.

Drawbridge, a Microsoft Research project dedicated to creating a new way of using virtualization for application sandboxing, also was focused on using container technology. Drawbridge combined picoprocesses and a library OS.

The Windows Server team didn’t end up using Drawbridge as the base for its container-development work. The Windows Server and Hyper-V container technology that’s built into the current previews of Windows Server 2016 will be available in final form in the second half of 2016 when Windows Server 2016 is released.

I’m hearing Microsoft also is not planning to use any of its previous research technologies as the base of what it’s planning to do around containerization in Windows client. The Windows client container work, which one of my contacts says is codenamed “Barcelona,” has no connections to Drawbridge, XAX or ServiceOS, I’ve heard.

(Note: This isn’t the first time Microsoft has used “Barcelona” as a codename. Back in 2010, there was a Microsoft Barcelona Index Server that I had heard was in development by the SQL Server team.)

I don’t know if Microsoft is looking to make container technology available in Windows 10 during the same time frame (which would mean around the time “Redstone 2” is available). Given the way that job posting is worded, I’m thinking it could be later than that.

I also don’t know if Windows Containers would and could, one day, replace App-V, Microsoft’s application-virtualization technology, which allows apps to run in their own, self-contained virtualization environments on Windows. But it sounds like quite a few users would love to see that come to pass.

I’ve asked Microsoft for comment on its planned timetable and other information regarding its Windows client container plans. If/when I hear back, I will update this post. In the meantime, Microsoft Technical Fellow and Azure Chief Technology Officer Mark Russinovich’s August blog post about Windows and containers makes for good reading.

Credit:  for All About Microsoft