DockeronWindowsServer2016Friday,August4,20172:26PM

InstallandconfigureDocker,alongwithdeployingandmanagingWindows-basedcontainers,onaWindowsServer2016server.

ThisisashortworkshoptointroduceyoutoWindows-basedcontainers.Inthisworkshop,youwillgainexperienceininstallingandconfiguringDockeronaWindows2016Serverserver.You'llthendeployacoupleofdifferentimagesascontainerstotheserverandexperimentwithmanagingthoseimagesandcontainers.Finally,youwillconfigureAzuretoallowyoutoaccessthosecontainersfromoutsideofyourvirtualnetwork.

WhatYouWillLearnInstallingandConfiguringDockeronWindowsServer2016DownloadingandManagingImagesDeployingandWorkingWithContainersExposingDockerServicesinAzure

IdealAudienceITManagersDevelopersandSoftwareArchitectsConfigurationandChangeManagersDevOpsEngineers

ThisisashortworkshoptointroduceyoutoWindows-basedcontainers.Inthisworkshop,youwillgainexperienceininstallingandconfiguringDockeronaWindowsServer2016server.You'llthendeployacoupleofdifferentimagesascontainerstotheserverandexperimentwithmanagingthoseimagesandcontainers.Finally,youwillconfigureAzuretoallowyoutoaccessthosecontainersfromoutsideofyourvirtualnetwork.

TimeEstimate:2.5hours

Overview

SetupRequirementsThefollowingworkshopwillrequirethatyouuseaRemoteDesktopclientinordertoconnecttoaremotemachine.IfyouareusingaMac,thendownloadtheMicrosoftRemoteDesktopclient.

AdditionalRequirementsForthefollowingworkshop,youwillneedasubscription(trialorpaid)toMicrosoftAzure.Pleaseseethenextpageforhowtocreateatrialsubscription,ifnecessary.

Requirements

AzureWeneedanactiveAzuresubscriptioninordertoperformthisworkshop.Thereareafewwaystoaccomplishthis.IfyoualreadyhaveanactiveAzuresubscription,youcanskiptheremainderofthispage.Otherwise,you'lleitherneedtouseanAzurePassorcreateatrialaccount.Theinstructionsforbotharebelow.

AzurePassIfyou'vebeenprovidedwithavoucher,formallyknownasanAzurePass,thenyoucanusethattocreateasubscription.InordertousetheAzurePass,directyourbrowsertohttps://www.microsoftazurepass.comand,followingtheprompts,usethecodeprovidedtocreateyoursubscription.

TrialSubscriptionDirectyourbrowsertohttps://azure.microsoft.com/en-us/free/andbeginbyclickingonthegreenbuttonthatreadsStartfree.

1. Inthefirstsection,completetheforminitsentirety.Makesureyouuseyourrealemailaddressfortheimportantnotifications.

2. Inthesecondsection,enterarealmobilephonenumbertoreceiveatextverificationnumber.Clicksendmessageandre-typethereceivedcode.

3. Enteravalidcreditcardnumber.NOTE:Youwillnotbecharged.Thisisforverificationofidentityonlyinordertocomplywithfederalregulations.Youraccountstatementmayseeatemporaryholdof$1.00fromMicrosoft,but,again,thisisforverificationonlyandwill"falloff"youraccountwithin2-3bankingdays.

4. AgreetoMicrosoft'sTermsandConditionsandclickSignUp.

Thismaytakeaminuteortwo,butyoushouldseeawelcomescreeninformingyouthatyoursubscriptionisready.LiketheOffice365trialabove,theAzuresubscriptionisgoodforupto$200ofresourcesfor30days.After30days,yoursubscription(andresources)willbesuspendedunlessyouconvertyourtrialsubscriptiontoapaidone.And,shouldyouchoosetodoso,youcanelecttouseadifferentcreditcardthantheoneyoujustentered.

AzureRegistration

Congratulations!You'venowcreatedanOffice365tenant;anAzuretenantandsubscription;and,havelinkedthetwotogether.

ObjectiveThefirstobjectiveisforyoutobecomefamiliarwithconnectingtoandnavigatingtheAzureportal.Thiswillnotbeadifficultexercise,butwillnonethelessdemonstratehowtoworkwithintheAzureuserinterface.

AzurePortalBasicsLet'sstartbyconnectingtotheAzureportalandbecomingfamiliarwithnavigation.

1. Openabrowserandnavigatetohttp://www.azure.com.

2. Inthetop-rightcornerofyourscreen,youwillseethemenuoptionPORTAL.Clickonit.

3. Ifyouhavenotalready,youwillberequiredtoauthenticate.

4. Afterauthenticationissuccessful,youwillbedirectedtoyourDashboard.Thedashboardisconfigurablebyadding,removingandresizingtiles.Additionally,youcanhavemultipledashboardsdependingonyourpreferences.Youcouldhavedifferentdashboardsforresourcesdedicatedtodifferentfunctions,linesofbusiness,orforoperations.

5. Ontheleftwillbeyourprimarynavigationalmenu.Youshouldseealistoffavoritedservicesonthemenuwithdescriptions.(NOTE:Thenumberofoptionslistedinyourmenumaydifferfromthatofothersdependingonthenumberofservicesyouhaveselectedasafavorite.)Ifallyouseeareicons(nodescriptions)onyourmenu,yourmenuiscurrentlycollapsed.Clickthe"hamburger" toexpandit.

6. Prettyclosetothetopofyourmenu,youshouldseeResourceGroups .Clickthisoption.

7. UponclickingtheResourceGroupsmenuitem,abladewillopenrevealinganycreatedresourcegroups.InordertocreateresourcesinAzure,youmustassign/placeitinaresourcegroup.

Thisiswherewewillgetstartedcreatingourresources.

Whilethisintroductionwasn'ttootechnical,itissufficientforgettingustoapointwherewecanbeginthespecificsintheworkshop.Ifyou'dliketolookaroundabitmore,clickafewoftheotheroptionsinthemainmenu.Then,whenyouareready,canyouproceedtothenextstep.

ExploringAzure

ObjectiveNowthatwe'veexploredtheAzureportalabit,let'sgetstartedwithcreatingsomeresources.OurprimaryresourcewillbeavirtualmachineonwhichweinstallDocker.Oncewecreatethevirtualmachine,we'llseethatsomeadditionalresourcesarecreatedforus.

CreateaResourceGroupAsstatedonthepreviouspage,inordertocreateresources,weneedaResourceGrouptoplacethemin.

1. Ifyouarenottherealready,goaheadandclickontheResourceGroups intheAzurePortaltoopentheResourceGroupsblade.

2. AtthetopoftheResourceGroupsblade,clickonAdd .Thiswillopenapanelthatasksforsomebasicconfigurationsettings.

3. Completetheconfigurationsettingswiththefollowing:

Resourcegroupname:azworkshops_docker_win_demoSubscription:<chooseyoursubscription>Resourcegrouplocation:<chooseyourlocation>

4. <Optional>CheckPintodashboardatthebottomofthepanel.

5. ClickCreate.

6. Itshouldonlytakeasecondfortheresourcegrouptobecreated.Onceyouclickcreate,theconfigurationpanelclosesandreturnsyoutothelistofavailableresourcegroups.Yourrecentlycreatedgroupmaynotbevisibleinthelist.ClickingonRefresh atthetopoftheResourceGroupsbladeshoulddisplayyournewresourcegroup.

NOTE:Whenyoucreatearesourcegroup,youarepromptedtochoosealocation.Additionally,asyoucreateindividualresources,youwillalsobepromptedtochooselocations.Thelocationofresourcegroupsandtheirresourcescanbedifferent.Thisisbecauseresourcegroupsstoremetadatadescribingtheircontainedresources;and,duetosometypesofcompliancethatyourcompanymayadhereto,youmayneedtostorethatmetadatainadifferentlocationthantheresourcesthemselves.Forexample,ifyouareaUS-basedcompany,youmaychoosetokeepthemetadatastate-sidewhilecreatingresourcesinforeignregionstoreducelatencyfortheend-user.

CreateaVirtualMachine

CreateaVirtualMachineNowthatwehaveanavailableresourcegroup,let'screatetheactualWindowsserver.

1. Ifyouarenottherealready,goaheadandnavigatetotheazworkshops_docker_win_demoresourcegroup.

2. Atthetopofthebladeforourgroup,clickonAdd .ThiswilldisplaythebladefortheAzureMarketplaceallowingyoutodeployanumberofdifferentsolutions.

3. WeareinterestedindeployingaWindowsServer2016Datacenterserver.Therefore,intheSearchEverythingbox,typeinWindowsServer2016.Thiswilldisplayacoupleofdifferentversions.ChooseWindowsServer2016Datacenter.

4. Therewillbeanumberofsolutionsavailable,includingonewithcontainersalreadyenabled.Forthepractice,we'llenablecontainersmanually.Therefore,choosetheimageashighlightedintheimagebelow.

5. Thiswilldisplayabladeprovidingmoreinformationabouttheserverwehavechosen.Tocontinuecreatingtheserver,chooseCreate.

6. Wearenowpromptedwithsomeconfigurationoptions.Thereare3sectionsweneedtocompleteandthelastsectionisasummaryofourchosenoptions.

1. Basics

Name:docker-winVMdisktype:SSDUsername:localadminPassword:Pass@word1234Confirmpassword:<sameasabove>Subscription:<chooseyoursubscription>Resourcegroup:Useexisting-azworkshops_docker_win_demoLocation:<choosealocation>AlreadyhaveaWindowsServerlicense?No

2. Size

DS1_V23. Settings

Usemanageddisks:No

Storageaccount:(clickonit&CreateNew)

Name:dockerwindata<randomnumber>(ex.dockerwindata123456)(NOTE:Thisnamemustbegloballyunique,soitcannotalreadybeused.)Performance:PremiumReplication:Locally-redundantstorage(LRS)

Virtualnetwork:<acceptdefault>(e.g.(new)azworkshops_docker_win_demo-vnet)

Subnet:<acceptdefault>(e.g.default(172.16.1.0/24))

PublicIPaddress:<acceptdefault>(e.g.(new)docker-win-ip)

Networksecuritygroup(firewall):<acceptdefault>(e.g.(new)docker-win-nsg)

Extensions:Noextensions

Availabilityset:None

Bootdiagnostics:Enabled

GuestOSdiagnostics:Disabled

Diagnosticsstorageaccount:(clickonit&CreateNew)

Name:dockerwindiags<randomnumber>(ex.dockerwindiags123456)Performance:StandardReplication:Locally-redundantstorage(LRS)

4. Summary(justclickOKtocontinue)

Oncescheduled,itmaytakeaminuteortwoforthemachinetobecreatedbyAzure.Onceithasbeencreated,Azureshouldopenthemachine'sstatusbladeautomatically.

ConnecttotheVirtualMachineOnceyourmachinehasbeencreated,wecanremotelyconnecttoitviaaremotedesktopprotocol(RDP)client.

GetPublicIP1. Ifitisnotalreadyopen,navigatetotheOverviewbladeofyournewlycreatedvirtual

machine.

2. Inthetopsectionoftheblade,intherightcolumn,youshouldseeaPublicIPaddresslisted.

3. CopytheIPaddress.

ConnecttotheMachineviaRemoteDesktopToconnecttothemachineremotely,weneedtodownloadtheRemoteDesktopProtocol(RDP)profile.

1. ClickontheOverview toreturntothegeneralinformationforthead-connectvirtualmachine.

2. IntheActionssection,clickonConnect .ThiswilldownloadtheRDPprofiletoyourmachine.

3. Opentheprofileandacceptanywarnings.

4. Fortheusername,enter\localadmin(withthebackslash).And,forthepassword,enterPass@word1234.ClickOK.

5. Again,acceptanywarnings.

Congratulations.YouhavesuccessfullycreatedandconnectedtoyourremoteWindowsServer2016serverinAzure.YouarenowreadytoinstalltheDockerruntime.

OverviewWehavejustcreatedourWindowsServer2016server.WenowneedtoapplyanyavailablesystemupdatesalongwithinstallingandconfiguringDockertobeginworkingwithcontainers.

InstallUpdatesJustlikeanyotheroperatingsystem,updatesareperiodicallyreleasedtosupportnewfeaturesandpatchanypotentialsecuritythreats.Wewillapplytheupdatesfirst.

1. Ifyouhavenotalready,connecttoyourremoteWindowsServer2016serverandlogin.

2. OpenacommandpromptasanAdministrator,typethefollowingatthecommandprompt:

sconfig

3. Thiswillopenascreenlikethefollowing:

InstallDocker

4. Chooseoption 6 ,then A (twice)todownloadandinstallallupdates.

5. Dependingonthenumberandsizeofavailableupdates,thisprocessmaytakeafewminutesandcouldrequireareboot.Nowwouldbeagoodtimetotakeabreak.

InstallDockerWenowhaveanupdatedWindowsoperatingsystem.WearereadytoinstallDocker.

1. OpenaPowerShellpromptasanAdministratorandtypethefollowing:

Install-PackageProvider-NameNuGet-MinimumVersion2.8.5.201-ForceInstall-Module-NameDockerMsftProvider-ForceInstall-Package-Namedocker-ProviderNameDockerMsftProvider-ForceRestart-Computer-Force

2. ThiswilldownloadtheDockerengineandinstallitasabackgroundservice.

3. Afteryouruntheabovecommands,yourvirtualmachinewillrebootforcingadisconnect.Goaheadandreconnect.

EnsureDockerEngineisRunning1. OpenaPowerShellpromptasanAdministratorandtypethefollowing:

dockerversion

2. Youshouldseesomethingsimilartothefollowing:

Client:Version:17.03.1-ee-3APIversion:1.27Goversion:go1.7.5Gitcommit:3fcee33Built:ThuMar3019:31:222017OS/Arch:windows/amd64

Server:Version:17.03.1-ee-3APIversion:1.27(minimumversion1.24)Goversion:go1.7.5Gitcommit:3fcee33Built:ThuMar3019:31:222017OS/Arch:windows/amd64Experimental:false

3. Becausetheserviceisrunning,wecannowusethe docker commandlaterinthisworkshop.

You'vesuccessfullyinstalledtheDockerengine.

OverviewNowthatwehaveDockerinstalled,weareabletodeployimagesascontainers.Inthisshortstepoftheworkshop,wewilldeployasmallcontainerstotestourDockerengineonWindows.

HelloWorld1. EnsureyouhaveloggedintoyourremoteWindowsServer2016serverandareatthe

prompt.

2. FromthePowerShellprompt,typethefollowing:

dockerrunmicrosoft/dotnet-samples:dotnetapp-nanoserver

3. Youshouldthenseesomethingsimilartothefollowing:

NanoMan

Dotnet-bot:Welcometousing.NETCore!__________________\\........'...........................'..'..................'..'............'..........'..'..'............'..........'..'..'......'....'..'..........'..'.......'..'..................'................'...................................................................................................................................'......................................'..'......................................'..'......................'.............'..'................'..'..................'....................'..........................................................................'...'.'.'.'.'.'................'....'...................'...............................................'.........................'...'.'............................'.'..........................'....'..'...........................'..........................................

**Environment**Platform:.NETCore1.0OS:MicrosoftWindows10.0.14393

OverviewThefinalpartofthisworkshopistoexposeanIIScontaineroutsideofAzure.We'regoingtocreateasimplewebserverandaccessitfromourlocalmachine.

IISWearegoingtodeployabasiccontainerhostingIISandthenexposethesampleIISwebsiteoutsideofAzure.

FromPowerShell,typethefollowing:

dockerrun-d-p80:80microsoft/iis

ThiswilldownloadandrunIISinthebackground.Asstatedearlierinthisworkshop,weoftenrunservicesindetachedmode( -d ).Asnewparameterthatyouseehereismapping,orpublishing( -p ),ports-verysimilartoaNAT,ifyouarefamiliarwiththeconcept.Therearetwoportsspecifiedhereseparatedbyacolon.Thefirstnumberisthehost'sportwhilethesecondnumberisthecontainer'sport.So,inessence,wearemappingthehost'sport80tothecontainer'sport80.Ifourcontainerrunsmultipleservicesoraservicerequiringmultipleports,wecanalsospecifyaportrange.

1. Let'smakesurethatIISisrunningsuccessfully.Openawebbrowseronthevirtualserverandtrytonavigateto http://localhost .Oops.Itseemswereceivedanerror.Whatdidwedowrong?Let'sinvestigate.

2. Ifoneisnotalreadyopen,openaPowerShellwindowandtypein dockerps .

3. Youshouldseesomethinglikethefollowing:

CONTAINERIDIMAGECOMMANDCREATEDSTATUSPORTSNAMESc21c24a24027microsoft/iis"C:\\ServiceMonitor..."23secondsagoUp14seconds0.0.0.0:80->80/tcpkickass_raman

DeployinganIISContainer

4. NoticethePortscolumn.Ourexternalportisnotmappedtotheloopbackaddress(e.g.127.0.0.1 or localhost ).Longstoryshort,thisisduetoawayWindowsmapsitsnetworkinterfaces.

5. Weneedtogettheactual,virtualIPaddressofthecontainer.Todothis,typethefollowingatthePowerShellprompt(changethecontaineridtoyourcontainer'sid):

dockerinspect--format'{{.NetworkSettings.Networks.nat.IPAddress}}'c21

7. So,let'susethereturnedIPinsteadofthe localhost toloadourwebsite.InthebrowserchangetheURLto http://<yourcontainer'svirtualIPaddress>:8080 (e.g.http://192.168.150.195).

WindowsFirewallBeforewecanaccesstheIISserverfromoutsideofAzure,weneedtoopentheportinWindowsFirewall.

1. Ontheremoteserver,clicktheStartMenuandbegintypingFirewall.ThisshouldprovideamenuoptionforWindowsFirewallwithAdvancedSecurity.Clickonit.

2. SelectInboundRulesintheleftpaneandclickNewRule...intherightpane.

3. ForRuleType,selectPortandclickNext.

4. OntheProtocolandPortspage,selectTCP,Specificlocalports,andenter80intheinputbox.ClickNext.

5. ForAction,chooseAllowtheconnectionandclickNext.

6. ForProfile,leaveallthreeprofilescheckedandclickNext.

7. Finally,nametheruleAllow-HTTPandclickFinish.

NetworkSecurityGroup(NSG)Nowthatourwebserverisrunning,let'smakeitavailableoutsideofAzure.

WhenwecreatedourWindowsvirtualmachine,weacceptedthedefaults,includingthedefaultsettingsforourNSG.ThedefaultsettingsonlyallowedRDP(port3389)access.WeneedtoaddaruletoourNSGtoallowHTTPtrafficoverport80.

1. Ifyouarenotstillthere,gobacktotheAzureportalandnavigatetothesettingsofyourCentOSvirtualmachine.

2. Intheleftmenu,clickonNetworkinterfaces .

3. ThiswillopentheNetworkInterfacesbladeforyourCentOSvirtualmachine.Clickonthesingular,listedinterface.

4. Intheleftmenu,clickonNetworksecuritygroup .

5. ThiswilllistthecurrentlyactiveNSG.Inourcase,itshouldbetheNSGthatwascreatedwithourvirtualmachine-docker-centos-nsg.ClickontheNSG(NOTE:ClickontheactualNSGlink,NOTonEdit).

6. Intheleftmenu,clickonInboundsecurityroles .

7. Atthetopoftheblade,clickAdd .

8. Enterthefollowingconfiguration:

Name:allow-httpPriority:1010Source:AnyService:HTTPAction:Allow

9. ClickOK.

Thisshouldonlytakeacoupleofseconds.Onceyouseetheruleadded,openanewbrowserandnavigatetotheIPaddressofyourWindowsvirtualmachine,includingtheportnumber.TheIPaddressusedinthisworkshop'sscreenshotsis40.121.223.152(yourIPaddresswillbedifferent).UsingtheaforementionedIPaddress,Iwoulddirectmybrowsertohttp://40.121.223.152/.Doingso,youshouldseetheIISlandingpage.