I have been developing and maintaining some windows on windows Docker containers that run ASP.NET core applications on Windows 2016 (using Docker EE) for some time now. I was planning on turning over all ongoing updates/maintenance to server administrators, but I have hit a problem. When I started I believe I was using SAC builds, but now none of the SAC (or LTS for that matter) builds pull on Windows 2016, and though I have spent a good deal of time googling, this whole thing seems to be a big cluster. With docker on Linux, I would just use any LTS distro and apply updates when building the container. Does Microsoft have a clear plan on doing the same? It seems like they are missing the point of docker. I want to run a windows on windows container in windows server 2016, and I want to make sure when I recreate it that I am getting the latest security updates.
https://devblogs.microsoft.com/dotnet/net-core-container-images-now-published-to-microsoft-container-registry/
This page talks about the big changes made in Docker images recently and specifically says the following:
.NET Core images for Nano Server 2016 are still available on Docker Hub and MCR and will not be deleted. You can continue to use them but they are not supported and will not get new updates. If you need to do this and previously used manifest tags, like 1.1-sdk, you can now use the following MCR tags (Docker Hub variants are similar)
Does this mean the new tags listed get updates? I would assume they would tag it with LTS instead of SAC2016 to better convey the notion that they are continuing to update.
This page seems to be really helpful, but none of the images listed pull on windows server 2016:
https://andrewlock.net/exploring-the-net-core-mcr-docker-files-runtime-vs-aspnet-vs-sdk/
This is what I get when I attempt to pull any of the images:
1709: Pulling from windows/nanoserver
no matching manifest for unknown in the manifest list entries
To clarify, I can currently run all my applications using such images as these:
mcr.microsoft.com/dotnet/core/runtime 2.2-nanoserver-sac2016 4a3bbafea836 3 months ago 1.27GB
mcr.microsoft.com/dotnet/core/sdk 2.2-nanoserver-sac2016 9773d80bdd64 3 months ago 2.62GB
I am looking for clarity on support of these images, or a clearer direction to migrate.
Right now, for LTS, the image you want to pull is: mcr.microsoft.com/dotnet/core/aspnet:2.1. Since 2.1 is the LTS release of ASP.NET Core. The underlying server reference doesn't matter, honestly, and all the .NET Core images are multi-arch, so the right underlying images are pulled automatically (linux for linux host, Windows for Windows host, and AMD64, x86, ARM, etc.).
The OS of the image (aside from being the right architecture and platform) is really kind of meaningless. It's mostly a translation layer. Images aren't VMs, the OS is on the host, and that's where your security patches and such apply. As long as your host is patched up, you're good.
UPDATE
This has apparently led to some pedantic arguments in the comments, so let me be a little more clear. What I'm talking about here is best described via this graphic from the Docker site:
Whereas a VM has a copy of the OS on each instance, containers utilize a shared host OS. The OS base image is basically a proxy. It provides the API, but everything at an OS-level happens on the host OS, not in the container.
As such, yes, the OS base image matters to a certain extent. You can't target a Linux base image and deploy to Windows Server. You'd have issues targeting Windows Server 2019 and deploying to 2016, as well. However, assuming that the OS base image is remotely compatible with the host OS, then everything above and beyond that is meaningless.
Specifically to the discussion of patches and LTS versions, you don't need to care, because again, what's actually running is components of the host OS, not anything from the image itself. You can actually see this if you open Task Manager on the host OS. You'll see duplicate system-level processes tied to each running container. Even though the container shows running processes as well, it is these host-level processes that are actually doing the work, and therefore, it is only important that they are patched and supported. If everything is good on your host, you need not worry about the containers, at least for the OS part of things.
https://github.com/docker/for-win/issues/3761
I was working around Mar 12 when all the docker pulls stopped working because of the changes MS did. So I am sure I saw this page before, but on rereading the entire thing again, I see this comment:
docker pull mcr.microsoft.com/windows/servercore:ltsc2016
That seems like a reasonable tag name for long term support. Lo and behold it works. I am currently theorizing that nanoserver is only for the latest and greatest, and am thinking of opening an issue on github to see if someone will answer that definitively.
I think one of the comments on that page from the github maintainer settles the debate in the Chris Pratt's answer. I think mis-information floating around about security is dangerous, so I am reposting here to help future souls who stumble on this question:
Yes, when running with process-isolation, the version must match the Windows kernel version you're running on. Unlike Linux, the Windows kernel does not have a stable API, so container images running on Windows must have libraries that match the kernel on which they will be running to make it work (which is also why those images are a lot bigger than Linux images).
Vulnerable libraries in a docker container DO matter. You cannot rely on the host OS being up to date to protect you.
Further Research
Still researching this, so adding my updates for your benefit as I find them:
Article about Migrating
https://www.altaro.com/hyper-v/nano-server-no-longer-supported-for-infrastructure/
TLDR - Move to servercore
Server 2016 14393 Tags on Docker Hub
The main docker hub nano server page does not list any 14393 tags, but visiting the full tags list at the bottom of the page shows many. I was able to pull mcr.microsoft.com/windows/nanoserver:10.0.14393.1066 and it is only 1GB instead of 14GB for server core
Related
I have written a JavaFX app running on Windows 10 machine in the office which has problems showing (painting/rendering) certain embedded controls such as a Pane with PdfBox when I connect to it with Remote Desktop for Mac. It shows only a black screen in the app instead of the pdf document.
When I connect using RDP from my Windows 10 machine at home to my Windows 10 machine at work, the app works just fine (the pdf is shown in the app).
I have the same problems using AnyDesk and Teamviewer.
The app only shows PDFs properly using a connection from Windows 10 to Windows 10 with Microsoft RDP.
It might be a JavaFX issue. Similar issues are described here (although not 100% identical):
https://bugs.openjdk.java.net/browse/JDK-8239589
https://bugs.openjdk.java.net/browse/JDK-8229394
However, since I guess Microsoft Remote Desktop for Mac is using the same technology as the Windows Desktop client, I would have expected it to work fine.
I have a Mac Mini M1 running the latest OS (Monterey) at the time of writing this post. I am also using the latest Remote Desktop client for Mac.
This problem is not new and was also present in older releases.
I have tried to play around with screen resolutions, both on Host and Client but nothing good came out of those tests.
Disabled also hardware acceleration in Remote Desktop for Mac preferences but it didn't change anything.
The machine at the office has the following specs (which I cannot change nor update)
Edizione Windows 10 Pro
Versione 20H2
Data installazione: 10/09/2021
Build sistema operativo 19042.1415
Esperienza Windows Feature Experience Pack 120.2212.3920.0
Anyone else who has seen this problem and perhaps resolved it?
Could it be a bug in either PdfBox or Remote Desktop for Mac?
Except for the above issue, the Remote Desktop Client for Mac is working great (not lagging as TeamViewer or AnyDesk) and the user experience is phenomenal.
PS: While this might be considered a programming question (since I wrote the app with JavaFX) but it might be better to post on another forum? If yes, which one? On the other hand, many similar posts (look at the suggested thread on the right) have been upvoted despite not dealing with programming issues.
Thanks.
How do you use PDFBox? I ask because this is not a JavaFX component. If you use a SwingNode for that it might be interesting to try one of my two PDFViewer demos here and see whether the problem persists.
https://github.com/mipastgt/JFXToolsAndDemos#awtimage
The difference is in how I do the rendering and maybe that makes a difference for your use-case too. But of course this is just a wild guess and I can't promise anything.
What is the difference between Docker os image with web server installed with a web server and Docker webserver image ?
For eg Docker image of Ubuntu-16.04 running as container with NginX installed and other container running Nginx as Nginx Docker image?
Whose Performance will be better and stable ?
Usually a container with nginx runs in alpine os . a very lightweight os. While in the other hand you have ubuntu os and nginx.
So , the difference? ... the OS.
If you have good Docker/Unix/shell-scripting skills, a continuous-integration (CI) system, and the willingness to do ongoing maintenance, you might prefer building your own images. You will be in control of the exact version of the software used, and any build options or extensions required, and you will control when it gets security patches. But, this is a harder path to get started with, and if you don't periodically update your custom images they'll never get any sort of bug fixes or security patches at all.
If you're new to this space, you might prefer standard Docker Hub images. They're pre-packaged, usually have "enough" customization options, and are generally fairly good quality. But, if you need some extra customization, you might wind up needing to build a custom image anyways. I've also run into a situation where I've pinned an image to a specific upstream version image:1.2.3, and noticed several months later that image:1.2.7 is out, and the six-month-old Docker Hub image hasn't gotten a critical security fix because it's not getting built any more.
If none of this especially concerns you (and if you don't have a DevOps team at your disposal), I'd suggest just using the prebuilt nginx image and focusing on building and deploying your actual application.
I've been using ArcGIS 10.1 on my MacBook Pro (2011 model) via Boot Camp for a few months. A few days ago, I just installed Parallels 9 in order to use ArcGIS and my Mac programs at the same time and I've run into an issue with the license needing to be repaired. When I try to open ArcMap via Parallels, I get an error message saying something to the effect of "the license is in need of repair". When I installed Parallels 9, I chose to import my Boot Camp so I didn't have to reinstall anything. My guess is that ArcGIS thinks Parallels is a different computer and that's why the license is failing? Any ideas on how to resolve this issue? I can get a hold of another ArcGIS license so if it's a matter of using another license, I should be ok. Thanks.
You can not use ArcGIS on Bootcamp and VM with the same license key (single use license! - concurrenct use license with separat license server of course no problem). The license key is generated with some internal ids of your computer (eg ethernet MAC and other - you can match the ethernet MAC id in Parallels but thats not enough). You have to chose where you want to work with ArcGIS: bootcamp or VM (before licensing). Thats really annoying...
I had the same issue. Extremely annoying since it is without a doubt impossible to run both your BootCamp and VM versions at the same time. I never resolved it with traditional fixer.
If you are a student (hopefully you are) usually the person/department in charge of license distribution understand the need for both (rasters can be very sluggish on the VM side, but not always) when you are really putting the machine to the test.
SO, that is how i ultimately "solved" the issue. However, I believe the route issue to be the MAC address authentication, as I am experiencing the same problem in ArcGIS 10.2 when I tried to copy my VM from my MBP optical drive to my MBP sad - none of my tools are working.
When I first loaded the copied VM (by opening the VM file directly, not through Parallels) I was prompted if I wanted to use the same "......" (can't remember the actual term, but something along the lines of MAC id, or network address, etc.). Unfortunately I said no make a new one - WRONG ANSWER.
I'm trying to get it sorted now - just saved VM file, completely wiped Parallels, reboot, reinstall; and now I'm on the message boards trying to get this install right) [helpful ideal VM settings for ArcGIS specifically: http://maps.uky.edu/support/docs/BP_ArcGIS_on_Macv5.pdf ).
All that being said the first time I had this issue (month of nightmares, and late GIS homework) I had imported my VM from Bootcamp, which seems logical, but at that time (Parallels 8 and ArcGIS 10) it was still a license error I was receiving, but for some unremembered reason I was convinced it was because the VM calls its hard drive the "C" drive which it clearly is not - parallels merely translates this virtual C drive between the 2 OSs and their respective boot drives.
( I have not tried this next part yet) it might be worth trying to install your VM on the Mac side and then use the Windows or Parallels Migration Tool to create a Win migration file and then go to your BootCamp side (IMPORTANT - DEACTIVATE YOUR ESRI LICENSE BEFORE UNINSTALLING ARCGIS - if you don't do then you'll be mired in the "this license has reached its maximum allowable installations" or whatever they say).
If your Bootcamp side still has your ArcGIS, deactivate, then uninstall that version. Then try to import your migration file, but I've lost some of my Windows skills since switching to Mac, so I would do some research on that part. In theory since, your VM version was pointing to (for all intents and purposes) your "C" drive on the Mac side, hopefully the BootCamp install won't get as tripped up by the double installs as the VM did.
Just a thought, I realize as I finish this that you posted in October, so likely you've moved on, but if any of what I said is wrong, or if you found the best way to have it all, I would really appreciate your response.
This question already has answers here:
Is there a IE tester for mac? [closed]
(7 answers)
Closed 10 years ago.
I'm a webmaster that use mac platform to develop. Can someone suggest me the best way to test my website with IExplorer using a Mac? There're some virtualizer such as parallel, crossover, wine and so on, can someone suggest me the best for this purpose?
Or some other workaround is appreciated (i really don't need an entire copy of windows, only to test my websites on IE6 and IE7 using my mac)
First: Look at the question linked to in the comments. If you just need to see what a site looks like, browsershots.org will do the trick. But if you need to fully test and debug, you need Windows. But that can be done too:
Purchase Parallels Desktop
Download free Windows virtual machines directly from Microsoft made specifically for this purpose. You can rename the .exe self-extracting archives .rar instead, and unpack with anything that can extract RAR files
Import the resulting virtual machine image into Parallels, and you're done
Just know that many of the Windows images are huge. You'll need something like 40GB free to download, unpack and convert the Windows Vista and Windows 7 images (once you're done, you can of course toss a bunch of stuff out again)
Edit: Oh, yeah, forgot to mention: The Windows images last about 3 months at a time before they lock down completely, and you have to download a fresh copy. Microsoft obviously isn't giving away fully-fledged Windows copies for free :)
One option is to join MSDN (Microsoft Developer Network subscription) to get access to all Windows versions in all languages etc. You can install those you need in separate Parallels virtual machines (VMWare and virtualbox would work as well).
This allows you to install the exact version some customer happens to have, e.g. certain old Windows Server with certain IE version, etc to replicate the environment for testing and regression testing.
I would say that virtual machine installations are a must so you get the exact complete real thing.
MSDN has different options, "OS only" would be probably enough for this need (I had other needs for Windows development tools as well so got the full MSDN). MSDN has a cost (on the order of $1k/year) but was worth it to get access to everything for development and testing purposes.
PS. The only fun thing was that as a Mac-based UNIX developer I had many versions of Windows and many versions of Linux installed on my MacBook, but only one installation of OSX ;-) Some people also thought it was fun to see a "Mac developer" with "MSDN subscription", but whatever gets the work done, is the way to go.
I've developed some Java applications and wrapped them in exe files, some of them require JDIC files, the apps run on Windows systems, since my PC is all setup for development, it has all the necessary parts, but if a user downloads and runs my apps, they may not work as I thought. So I wonder if there is any place online that I can upload my apps and try to run them in a Windows environment and see if they work in the simulation ?
Frank
Consider using VirtualPC. You can get licensing for free.
Also you can get images from MS site for various versions of Windows to test with - supposedly for browser compatibility but you can use them for other things (which may or may not violate the EULA).
Consider using VMWare Workstation. You can get licensing for free.
You could use Amazon's EC2 instances to get easy access to virtual Windows machines. There is a bit of set up involved, but once you've done that you can spin up new machines easily enough. There are a number of tutorials online.
However, doing it locally with virtual windows instances is going to be even easier. I'd second VMware workstation or player.
You can download trial Windows server images directly from Microsoft for free.