Understanding a cloud provider’s core benefits and the pace of innovation around the services you are about to use is crucial for your business strategy. When migrating to the cloud, you establish a long-term relationship with the cloud provider, and your business technology will depend on the provider’s security, stability, investment, innovation, and fair pricing model.
Imagine migrating to a cloud provider and, suddenly, the provider changes the pricing model or license, directly influencing your final service offering. Of course, you don’t want that. Right?
Amazon Web Services (AWS) has constantly been reducing service pricing; since 2006, it has reduced prices 107 times. For example, in November 2021, AWS reduced prices by 31% in three Simple Storage Service (S3) storage classes for existing and new customers.
In this chapter, we’ll learn about the pace of innovation around Windows containers on AWS and how AWS Nitro supercharges Windows container performance. Next, we’ll have a high-level overview of all AWS container orchestrators that support Windows and their use cases.
The chapter will cover the following topics:
A lot of people ask me: Marcio, why should I choose AWS to run Windows containers if Microsoft is the one that built and owns the technology? I prefer to let you choose a cloud provider that addresses your needs and requirements based on your due diligence. In this first topic, we’ll learn about the pace of innovation around Windows containers on AWS.
AWS started supporting Windows containers in December 2017. From there, it learned about the technology, hired experts in the subject, and launched over 11 features and services in almost 5 years. The following list contains the most notable launches around Windows containers, with a drastic increase in pace in 2022:
But in fact, it isn’t only about launching new features and services. AWS must ensure that reliable documentation is available and curated to help customers run, manage, and apply best practices when running Windows containers on AWS. To avoid an extensive list of these blogs and whitepapers here, check out the Appendix section of the book for more information.
When choosing a cloud provider to run Windows containers, you will need to consider how close it is to the open source community and how much support you will have, even if it is out of scope. Although the Windows container community is still pretty small compared to Linux communities, and the shortage of experts on the topic is a challenge, both conditions play an essential role when choosing one cloud provider over another.
I can tell from my experience working at AWS that they are customer-obsessed. For example, there was a time I had to jump into a call with AWS cloud support engineers, software development engineers, and the customer to fix a Calico plugin issue in the customer Amazon EKS with Windows node groups. Now, if you think about that for a second, AWS made support engineers, software engineers, and solution architects available to fix an issue in an open source network plugin that AWS didn’t even develop. This demonstrates the commitment and best effort a customer will have if they decide to run Windows containers on AWS. I could spend pages just talking about other cases related to Fluentd, Fluent Bit, Terraform, and more out-of-AWS-scope activities, but I want to ensure we are right on track with what is most essential—the core of the book.
When we think about Windows containers, the last thing that comes to mind is the hardware under the hood that powers the container. However, the combination of the hypervisor, hardware, and software directly affects the network packet flow, network jitter, latency, memory buffer, connections per second, and processing performance within the Windows container.
AWS has built a system called the AWS Nitro System from scratch—a combination of a hypervisor, built-purpose hardware, and software that provides unmatched performance. The AWS Nitro System is divided into five components:
We’ll focus only on the most impactful components for Windows containers: the Nitro Hypervisor and Nitro Cards.
The Nitro Hypervisor is a Kernel-based Virtual Machine (KVM)-based lightweight hypervisor that manages memory and CPU allocations, delivering almost the same performance as a bare-metal instance. The AWS Nitro System offloads most hypervisor execution such as encryption, network, and storage I/O to Nitro Cards, resulting in almost the entire physical CPUs being dedicated to EC2 instances running on the hardware.
Nitro Cards are composed of three different physical cards:
All these benefits, combined with the latest Intel and AMD CPU chipsets available on Amazon EC2 instances, positively affect your Windows container host performance by increasing network packets, CPU cycles, and faster memory access, resulting in better application performance.
Note
I do recommend watching the following deep-dive session on YouTube if you are interested in learning about it in greater detail: AWS re:Invent 2021 - Powering next-gen Amazon EC2: Deep dive on the Nitro System (https://www.youtube.com/watch?v=2uc1vaEsPXU).
On AWS, customers have an AWS container orchestrator variety, each addressing a different customer need. In contrast, you may also be undecided regarding the many options during the architecture phase. Let’s understand what the AWS container orchestrator options for Windows containers in more detail are:
Website: https://aws.amazon.com/ecs/
Website: https://aws.amazon.com/ecs/anywhere/
Website: https://aws.amazon.com/eks/
Website: https://aws.amazon.com/fargate/
With all these options, choosing one AWS orchestrator over another when running Windows containers depends on many factors; let’s explore some of them:
The main point here is that, typically, legacy Windows applications such as intranet/extranet websites, external APIs, and other .NET Framework applications are very predictable and won’t use all the container benefits such as scale-out/in, service meshes, and so on. There are a few exceptions, such as building servers and calculation systems, but in general, legacy Windows applications are very predictable. If you are in doubt about which AWS container orchestrator should be adopted for Windows containers, this is the question you will need to ask yourself:
Do you need in-depth control and flexibility at the expense of simplicity?
Another example is Amazon Elastic Container Registry (ECR) image scanning, which helps identify vulnerabilities in your container images; however, it doesn’t support Windows images. One more example: let’s say you are running AWS App Mesh, which is a service mesh based on Envoy; again, there is no Envoy build for Windows on AWS App Mesh.
As you can see, additional tools may be needed to manage a Windows container cluster, and defining the bare minimum of what you need is fundamental when you don’t have an ocean of options as you do in the Linux world. So, again, this is the question you will need to ask yourself:
Do you need all the container ecosystems surrounding your Windows containers?
I worked with some customers who faced an Amazon EKS and Windows node groups roadblock implementation when working with an open source plugin that didn't work as expected on Windows. Meanwhile, on Linux, it wasn’t a problem. As a result, the customer had three options:
Some customers have enough in-house expertise to overcome the blocker, develop their workaround, and support it. This shows how prepared they are to handle Kubernetes and Windows situations; others will need to step back and re-evaluate their container orchestrator choice and restart. The question you will need to ask yourself is this:
Would you rely on community support or implement a third-party vendor solution in your production workload?
Each one has a different price, case severity, and response time. Check out the following link to learn more: https://aws.amazon.com/premiumsupport/plans/.
When in doubt about which support plan you should buy, ask yourself the following:
How much downtime can my business afford without impacting the business revenue?
This will directly answer which type of support plan you need.
After you have read all these factors, the odds are probably not on the side of Amazon EKS. Kubernetes is a robust, highly scalable orchestrator that supports Windows very well; the drawback is the ecosystem, within which Windows containers aren’t first-class citizens. But, on the other hand, I’ve seen many customers successfully running Windows containers on Amazon EKS; they developed or adjusted all the necessary sidecar containers, purchased third-party plugins, and ran thousands of Windows Pods.
In a nutshell, the right AWS container orchestrator is the one that addresses your needs by taking into consideration all the factors you have learned about.
In this chapter, we learned why customers choose AWS to run Windows containers and the pace of innovation; then, we delved into the AWS Nitro Hypervisor and Nitro Cards and how they directly affect Windows container performance. Finally, we discussed some factors that need to be considered when choosing an AWS container orchestrator for Windows containers.
Until now, we have been setting the stage by understanding Windows container fundamentals. In Chapter 3, Amazon ECS – Overview, we will start the technical deep-dive. First, you will learn Amazon ECS principles, such as container instances, task definitions, and services, which will prepare you for the upcoming chapters.
3.144.252.140