You are the network administrator for a company that has decided to start using Windows containers. You download the wrong image from Docker. What command allows you to delete an image? A. docker del B. docker rm C. docker kill D. docker dl
You are the network administrator for a company that has decided to start using Windows containers. You want to create a new container. What command should you use? A. docker create B. docker build container C. docker new D. docker build
You are the network administrator for a company that has decided to start using Windows containers. You have built a number of containers. What PowerShell command allows you to view them? A. docker view B. docker see C. View- Container D. Get- Container
You are the network administrator for a company that has decided to start using Windows containers. You have created some images. What command allows you to see your images? A. docker images B. docker info C. docker view D. docker see
You are the administrator for an organization that has started using containers. You need to build and use a Dockerfile. You want to compile and create an image using the Dockerfile. What command do you use? A. Docker run B. Docker rm C. Docker build D. Docker compile
You are the administrator for an organization that has started using containers. You need to build and use a Dockerfile. You want to execute commands within the Dockerfile. What command should you use? A. Docker run B. Docker rm C. Docker build D. Docker compile
You are the network administrator for a company that has decided to start using Windows containers. You want to delete a container. What PowerShell command allows you to do that? A. docker delete B. docker kill container C. Remove- Container D. Delete- docker- Container
You are the administrator for an organization that has started using containers. You need to build a new image using Windows Server Core. What command would you use to get a Windows Server Core image? A. Docker run microsoft/windowsservercore B. docker pull microsoft/windowsservercore C. Docker build microsoft/windowsservercore D. Docker get microsoft/windowsservercore
You have a Windows Server 2022 server named Server1. Server1 has the Web Server (IIS) server role installed. Server1 hosts an ASP.NET Core web app named WebApp1 and the app’s source files. You install Docker on Server1. You want to ensure that you can deploy WebApp1 to an Azure App Service web app from the Azure Container Registry. Which three actions should you perform in sequence? (Choose three.) A. Run the docker push command. B. Run the docker run command. C. Run the docker build command. D. Create a Dockerfile. E. Run the docker pull command.
How do you add another virtual disk to an Azure virtual machine? A. Use the Virtual Hard Disk Wizard. B. Use the Edit Virtual Hard Disk Wizard. C. Choose Disks from the VM options. D. Use the New Virtual Machine Wizard.
In my career, I have had the pleasure to work with a lot of new IT people. One thing that I like to stress to new IT people is that even the IT department has clients. For many corporate employees, they have clients that they are responsible for. For example, salespeople are responsible for working with the customers of the company.
But it’s the same in IT. Our customers are our employees. The better our network works, the more our customers (our end users) can do and the easier we can make their job. One of the tasks that we can set up to help our end users is single sign- on (SSO). SSO allows your users to log into one network and automatically get access to another network. For example, SSO allows our users to log into one network (onsite) and have access to the Azure cloud network without having to enter a new username or password.
Azure Active Directory’s Application Proxy provides secure remote access to web applications that are located on your local onsite network. Because of SSO, users can sign into Azure AD and then they will have access to both cloud- based and onsite applications. This is possible through an external URL or an internal application portal.
Azure AD, along with an Azure Application Proxy, allows users to access onsite web applications from a remote client. Application Proxy uses an Azure Application Proxy service that runs in the cloud and an Application Proxy connector that runs on an onsite server. The process requires that you use Azure AD, the Application Proxy service, and the Application Proxy connector. All three components work together to securely pass the user’s sign- on token from Azure AD to the onsite web application.
Application Proxy was designed to allow Azure users to access onsite web applications. It is designed to work with the following:
■Web applications that use Integrated Windows authentication
■Web applications that use form- based or header-b ased access
■Web APIs that you want to expose to rich applications on different devices
■Applications hosted behind a Remote Desktop Gateway
■Rich client apps that are integrated with the Microsoft Authentication Library (MSAL)
Application Proxy is an excellent option for giving remote users access to internal onsite resources. It allows your users to connect remotely to web applications without the need of a VPN or reverse proxy. It is not intended for internal users on the corporate network. Internal onsite users should already have access to the onsite web applications. If onsite users use Application Proxy, it can cause performance issues, so only remote users who are connected to the Azure network should use it.
Understanding the Azure Relay Service
In today’s fast- moving technology world, one of the issues that we all must face is security and the threat of cyberattacks, ransomware, and all other types of malware. One major factor that we must all consider when building a network is security.
The Azure Relay Service allows you to securely execute services that run in your corporate network to the public cloud. You can configure the Azure Relay Service without opening a port on your firewall or without making intrusive changes to your corporate network infrastructure. The service supports multiple scenarios between onsite services and the applications that run in the cloud or in another onsite environment.
The Azure Relay Service is different from other network technologies such as VPN. You can configure the Azure Relay Service to a single application endpoint on a single machine.
If your IT department decides to install a VPN for all of its users, the IT department has to make sure the network is properly configured for VPN access. Also, anyone who has VPN access can use that access to connect to part of or the entire network.
The Azure Relay Service does not require changing the physical network. You can set up the service to communicate to a single address. Here are the steps that are used in the Azure Relay Service:
Using an outbound port, an on-p remises service can connect to the relay service directly.
The Azure Relay Service creates a bidirectional socket for communication tied to a particular address.
The client can then communicate with the onsite service by sending traffic to the Azure Relay Service targeting that address.
The Azure Relay Service then relays the data to the onsite service through the bidirectional socket dedicated to the client. The client doesn’t need a direct connection to the onsite service.
Exam Essentials
Using Azure Arc
One really nice advantage of Azure is the ability to use, or not use, any of the available services and tools. Most cloud-b ased networks are consumption based. The more services that you use, the more you pay. But for many companies, not all features or services will be needed when setting up your Azure network. This is the category that Azure Arc falls under.
Azure Arc is an Azure service that may greatly help your company, especially if your company creates and uses applications that you build internally. For any organization that develops their own software or services, Azure Arc can be a great feature. It allows a company of any size to easily secure, develop, and operate infrastructure, apps, and Azure services from anywhere. Azure Arc helps you extend the Azure platform so that you can build applications and services with the flexibility to run across datacenters, at the edge, and in multicloud environments. This allows your developers to build cloud- based applications with a consistent development, operations, and security model.
If your organization uses developers and you would like more information about using Azure Arc, please feel free to check out Microsoft’s website:
In this chapter, you learned about Windows containers. Windows containers are brand-n ew technology to Windows Server 2022 or some versions of Windows 10/11. You learned how to install, configure, and maintain your Windows containers. We also discussed the components needed to work with containers.
I then showed you some exercises for configuring Windows Server 2022 containers and how to download and work with image files. These image files can be used to create Windows and Hyper- V containers.
I also showed you how to build and configure Azure virtual machines. Setting up a virtual network can be less expensive and an easy way for a company of any size to quickly and easily build an entire network in the cloud.
Finally, I explained various services and roles that you can use to help secure and access your virtual network and your onsite network.
Exam Essentials
Understand Windows containers. Windows containers work a lot like virtual machines except that when you build a virtual machine, you need all of the services that make that VM run properly. Windows containers are fast operating system builds that allow you to run applications in their own environment.
Know the PowerShell commands used for containers. The Microsoft exams are going to focus on PowerShell commands. Make sure you know the PowerShell commands that are used for Docker and containers.
Understand Docker technology. Understand that Docker is the technology that is used to manage and maintain Windows containers. There are preset images on Docker that you can pull down and run. Microsoft also has preset Docker images that you can use and manipulate.
Know the different docker switches. Know how docker switches are used. Know that you run docker switches in PowerShell or at an elevated command prompt.
Understand virtual networks and virtual hard disks. Virtual networks and hard disks are the two most tested topics. You definitely should know the types of virtual networks available (external, internal only, and private virtual network) as well as all types of virtual hard disks (dynamically expanding, fixed size, differential, and physical or pass- through). You should be able to apply the correct one when needed. Be familiar with the Edit Virtual Hard Disk Wizard, which is a good source for exam questions.
One nice advantage of using Docker is that you can go to Docker’s website and look at the different images that are available. There are images for operating systems, applications, and software.
But what if you can’t find an image that you need? Well, then you can build your own images using Dockerfiles. When you install Docker, the Docker engine includes tools that the IT department can use to create Dockerfiles. Dockerfiles are just text files that are manually created, and they are compiled and turned into an image file.
If your organization decides that they want to build their own Dockerfiles, then they will get some benefits while doing just that. Some of the advantages of building your own Dockerfiles are as follows:
■You can store images as code.
■You can re-c reate images rapidly that can then be used for maintenance and upgrade cycles.
■You can customize your Dockerfiles to reflect your organization’s needs.
The Docker installation includes components that you can use to create your own Dockerfiles. These two Docker components are the Docker engine and the compiler (docker build command).
If you have ever built INI files or even a host file, then you understand how building a file can work. As with many programming codes or INI files, you can use the pound sign (#) to show comments in the file. This is very useful.
Many years ago, before I got into networking, I was a programmer. One thing that most programmers hate is when you look at someone else’s coding and you have no idea what they were doing. When a coder takes the time to put in comments so that anyone can follow
them and work on the code, it makes following that coder a thousand times easier. This is what the comments in the Dockerfile do. Use the pound sign (#) for making comments and state exactly why each line is included so that someone following you understands what the code is doing, or if someone is trying to learn what you do.
Let’s take a look at an example of a Dockerfile:
# Sample Dockerfile for WillPanek # We will be using Windows Server Core as our base image.
FROM microsoft/windowsservercore # Uses dism.exe to install the DNS role.
RUN dism.exe /online /enable-f eature /all /featurename: : DNS- Server-F ull- Role /NoRestart
# Sets a command or process that will run each time a container is run from the new image. CMD [ “cmd” ]
Let’s break down some of the different sections that you can configure. Table 12.4 shows some of the configuration settings that you can use.
TABLE 12.4 Dockerfile commands
Add This setting will copy new files, directories or remote file URLs from a source (<src>) location to the filesystem of the image destination <dest>.
CMD This setting specifies the default commands that will be executed when deploying the container image.
Copy This setting will copy new files or directories from a source (<src>) location to the filesystem of the image destination <dest>.
Escape This setting is used to escape characters in a line and to escape a newline. Nor-
mally the Escape command is followed by the character that will represent a new line. For example: escape=\. This means that when a \ (backslash) is in the file, it will represent a new line.
ENV This setting allows you to add an environmental variable.
Expose This setting tells Docker that the container is listening on the specified network ports during runtime.
From This setting shows the location of the container image that will be used during the image creation process.
Label This setting adds metadata to an image.
Onbuild This setting allows you to set a trigger that gets executed when the image is used as the base for another build.
CommandDescription
Run
This setting specifies what commands are to be run in the Dockerfile process. These commands can include software installation and file, directory, and environment creation.
User
This setting allows you to set up a user’s account that will be used during the runtime.
Volume
This setting allows you to create a mount point and externally mounted volumes from host systems or other containers.
Workdir
This setting allows you to set the working directory that will be used during the runtime.
Understanding Hyper- V Containers
So far in this chapter we have discussed Windows containers, but now we are going to look at Hyper- V containers. As I stated earlier, Windows containers share the system’s kernel between all containers and the host. Hyper- V containers are different because each Hyper-V container uses its own instance of the Windows kernel. Since Hyper- V containers use their own instance of the Windows kernel, you can use different versions of Windows between the host system and the image version.
Also, the Windows host system needs to have the Microsoft Hyper-V role installed. Windows Server 2022 and Windows 10/11 Professional and Enterprise (Anniversary Editions) both allow you to create containers in Hyper- V.
The one nice feature is that both container types, Windows containers and Hyper-V containers, are created, managed, and function the exact same way. The only difference is that the Hyper-V containers have better isolation from the kernel.
When you are working with Hyper- V containers in Docker, the settings are identical to managing Windows Server containers. The one difference that you want to include in the Hyper-V container is using the – – isolation=hyperv parameter. The following is an example of the docker command with the Hyper- V parameters: docker run – it – – isolation=hyperv microsoft/nanoserver cmd
Managing Container Networking
A feature included with building containers is the ability to access the servers and data within the container the same way you would on a normal network server or Hyper-V server. Once you have installed Docker, there will be two networks that are created automatically. You can see these networks by typing docker network ls in PowerShell (see Figure 12.13) or at an elevated command prompt.
FIGURE 12.13 Docker network
If you would like to get even more details about a specific network (see Figure 12.14), after you run the docker network ls command, grab the Network ID number. Then type the following PowerShell command followed by the Network ID number (my Network ID is 3cb894810795):
Docker network inspect 3cb894810795
FIGURE 12.14 More Docker network details
One nice thing about working with networks within containers is that these two networks are always available to you even when you choose only one to be part of your container. You can specify which network you want your container to run on by using the — Network flag.
When you create a container, the host network adds the container onto the host’s network stack. There are very few reasons you would even need to manage or manipulate the container’s network. The only network that you may need to work with is the bridge network. The Docker default bridge is created as soon as you install the Docker engine. It creates your bridge network, and its name is bridge.
Open a PowerShell window with administrative rights.
Type docker info at the PowerShell prompt. You should only have one container at this time.
Next we need see what images are in our repository. To do this, type docker images in the PowerShell window. This will show you your Docker images (see Figure 12.10).
FIGURE 12.10 Docker images
4. We need the Image ID from the Nano Server or Server Core that we downloaded in Exercise 12.2. The Image ID for my Nano Server is d9bccb9d4cac. We will use this ID to turn the image into a container. Type the following at a PowerShell prompt (your Image ID will be different) and press Enter (see Figure 12.11):
docker run d9bccb9d4cac
FIGURE 12.11 Docker run command
5. Type docker info at the PowerShell prompt. You should now have two containers instead of just one (see Figure 12.12).
EXERCISE 12.3
6. Close PowerShell.
Tagging an Image
You can change the tags associated with the images. Many administrators use tag names as version names so that they can keep track of the various images on their machine.
Having tags that you create allows you to easily access the images later by their tag names. To tag an image, you use the -t parameter. So to tag an image as WillPanekImage, you’d use the following:
docker build – t WillPanekImage
Uninstall an Operating System Image
One of the maintenance issues that many IT administrators must deal with is hard drive space. As you are downloading and using images, there may be a time when you need to remove images from your server that are no longer being used.
If you continue to download and use multiple images files, make sure that every once in a while you look at all of your images and delete any that are no longer valid or no longer in use.
Exercise 12.4 will show you how to remove an image file from your host system. To complete this exercise, make sure that you have completed the earlier exercises in this chapter.
EXERCISE 12.4
Uninstalling an Image
Open a PowerShell window with administrative rights.
Type docker images and get the ID number of the Nano Server image.
Type docker rmd9bccb9d4cac (replace d9bccb9d4cac with your ID number).
So now that you have installed Docker on your Windows Server 2022 system, let’s take a look at how to install and configure containers.
In Exercise 12.2, you’ll learn how to make sure your Docker service is started. I will then show you how to install a base operating system image onto your host and how to create Windows Server containers.
There are dozens of premade Docker images. You can look at all of the various Docker components at the Docker Store. Go to https://store .docker.com to see all the available Docker downloads (including premade images).
EXERCISE 12.2
Installing a Base Operating System
Open the Services MMC by clicking Start ➢ Windows Administrative Tools ➢ Services.
Scroll down until you see Docker. Make sure that the Docker Service has started (see Figure 12.5). If it hasn’t started, right- click Docker and choose Start.
FIGURE 12.5 Checking that Docker Service has started
EXERCISE 12.2
3. Close Services.
4. Open PowerShell with administrative privileges by clicking Start and right- clicking Windows PowerShell, then choosing More ➪ Run As Administrator.
5. Now we are going to see if any containers are running. To do this, type docker info in PowerShell and press Enter. You will see a report (see Figure 12.6) that will show you if you have any containers running.
6. So now we are going to install a container image for either Microsoft Nano Server or Windows Server Core from the online package repository. To begin, type one of the following commands into PowerShell (choose the command for the operating system that you want):
7. After your container is installed, restart the Docker service. Type the following command into PowerShell: Restart- Service docker
8. Now let’s take a look at your Docker information again by typing docker info at the PowerShell prompt. As you can see, we now have an image that we didn’t have before (see Figure 12.7).
FIGURE 12.7 Checking Docker information
9. To see all the images that you have on your system, at the PowerShell prompt type docker images (see Figure 12.8).
FIGURE 12.8 Docker images
10. So now that you have seen how to grab a base image from docker, let’s create a Windows Server container with Nano Server installed. At the PowerShell prompt, type the following command:
docker run microsoft/dotnet- samples:dotnetapp- nanoserver
11. If the installation worked properly, you should see what looks like to be a small alien on your screen (see Figure 12.9). Type docker info at the PowerShell prompt and you will see that you now have a container. You will also notice that you have two images now: the one you downloaded earlier and the one you just downloaded.
When I talk about setting up containers and you are getting ready to start using containers, there is one major requirement that we need to consider. The operating system on the host machine must be the same operating system that is used in the Windows container. . If you install a different operating system in the Windows container, the container may load but you will most likely start to see errors, and there is no guarantee that you’ll be able to use all the container’s functionalities.
So, it is very important to make sure that the version of Windows Server 2022 that you install onto the host system is the same version that you run in the Windows container. One nice advantage to using Windows is that you can check what version of Windows you are using. To do so, enter the system’s Registry (Regedit.exe) and search for the following Registry key (see Figure 12.1):
The host operating system that you are going to run will determine what operating systems you can run in the Windows Server container or Hyper-V container. Not all operating systems are available depending on the host OS image. Table 12.1 shows you all of the supported configurations for each host operating system.
TABLE 12.1 Supported base images
Host operating system
Windows Server container
Hyper- V container
Windows Server 2022 with Desktop
Server Core/Nano Server
Server Core/Nano Server
Windows Server 2022 Core
Server Core/Nano Server
Server Core/Nano Server
Nano Server
Nano Server
Server Core/Nano Server
Windows 10/11 (Pro/Enterprise)
Not Available
Server Core/Nano Server
Installing Docker
So the first step in setting up our Windows containers is to install Docker. Docker is the software package that allows you to create and manipulate containers and images.
Docker is the software package that you install and the Docker daemon is the application that you use to do your configuration and management. After you install Docker, the Docker daemon is automatically installed and configured with default settings.
Docker is a third- party application that Microsoft has started using for containers. The Docker application consists of a Docker engine and a Docker client (Docker daemon). So the first thing that we need to do is install Docker. To begin, download and install the Docker application. Another item that needs to be completed when installing and using Docker is making sure that all of the current Microsoft updates have been installed.
In Exercise 12.1, you’ll learn how to download and install Docker. I will also show you how to get your Windows updates. The steps in this exercise install Docker to a Windows Server 2022 (with GUI) Datacenter operating system, but this installation can be done on a Nano Server or a server with no GUI.
EXERCISE 12.1
Installing Docker
Open an elevated command prompt by clicking the Start button and right-c licking on Windows PowerShell ➢ More ➢ Run As Administrator.
At the PowerShell prompt, type Sconfig. This will bring up the Server Configuration menu (see Figure 12.2). Choose option 6 by entering 6 and pressing the Enter key to update Windows Server 2022.
FIGURE 12.2 Server Configuration screen
3. A screen should appear asking if you want to install All Updates or Recommended Updates only. Choose A for All Updates and press Enter. If there are any updates available, click A for installing all updates and press Enter. The updates will be downloaded and installed.
4. If there were no updates, go to step 6. After all updates have been installed, choose option 13 to restart the server. You’ll see a message asking if you are sure you want to reboot. Click Yes.
5. Log in and restart PowerShell with administrative rights.
6. At the PowerShell prompt, type the following command and press Enter to download the Docker software:
Install- Module – Name DockerMsftProvider -R epository PSGallery – Force
7. If you get a message that the NuGet provider needs to be installed (see Figure 12.3), choose Y and press Enter. If this message doesn’t appear, go to step 9.
FIGURE 12.3 Install NuGet
EXERCISE 12.1 (continued)
8. If you needed to install NuGet, then reenter the following command:
Install- Module – Name DockerMsftProvider – Repository PSGallery – Force
9. Now that we have downloaded Docker, it’s time to install it. At the PowerShell prompt, type the following command (see Figure 12.4) and press Enter.
Install- Package – Name docker – ProviderName DockerMsftProvider
10. A message will appear stating that the package is not trusted and asking if you want to install software from DockerDefault. Click Y and press Enter.
11. Now that Docker is installed, let’s check for updates again and then reboot. Type Sconfig and choose option 6. Click A for All Updates. If there are any updates, click A for installing All Updates.
12. After the updates complete, you will return to the Server Configuration screen. Choose option 13. Click Yes to reboot.
13. Log into the server.
Docker is now downloaded and installed onto the Windows Server 2022 machine. The next step is to work with Docker to install and configure containers.
When using Docker, there are some switches that you can use. Table 12.2 shows some of the Docker switches and what each switch does. You’ll use these commands to manage Windows or Linux containers using the Docker daemon. These commands can be run in PowerShell or at an elevated command prompt.
Table 12.2 is just a partial list of Docker commands. To see a more complete list, go to Microsoft’s website at https://docs.docker.com/ engine/reference/run. In the left- hand window, the entire list is under Engine (Docker) CLI.
Introduction to Containers627
TABLE 12.2
Docker PowerShell and command- line commands
Command
Description
docker attach
This command allows you to attach to a running container.
docker build
Using this command allows you to build an image from a Docker file.
docker checkpoint
You can use this command to manage a Docker checkpoint.
docker commit
This command allows you to debug and build a new image.
docker container
This command allows you to manage containers.
docker cp
Using this command allows you to copy files and folders between the container and the local computer system.
docker create
This command gives you the ability to create a new container.
docker deploy
You can use this command to create and modify a stack.
docker diff
This command allows you to view changes to files or directories in the container’s filesystem.
docker events
This command allows you to see a server’s events in real time.
docker exec
You can use this command to run a new command in an existing container.
docker image
This command (along with its options) allows you to manage your images.
docker info
Using this command allows you to view system information of the Docker installation.
docker kill
This command allows you to terminate running containers.
docker login
You can use this command to log into the Docker registry of a server.
docker pause
This command allows you to pause all processes within a container.
docker port
Use this command to view the port mappings for a container.
docker ps
This command allows you to view all the containers.
docker pull
You can use this command to pull an image from a registry.
Policy
Result
no
This setting will not automatically restart the container. This is the default setting for a container.
on- failure [:max- retries]
This setting will restart the container only if the container has a non- zero exit status. Also, you have the ability to limit the number of restart retries that the Docker daemon will attempt.
always
This setting will always restart the container. When the setting is set to always, Docker will try to restart the container indefinitely. The container will also always start on daemon startup.
unless- stopped
This setting will always restart the container unless the container was stopped before the restart.
TABLE 12.2 Docker PowerShell and command- line commands (Continued)
Command
Description
docker push
This command allows you to push an image to a registry.
docker rename
This command allows you to rename a container.
docker restart
Using this command allows you to restart a container.
docker rm
You can use this command to remove a container.
docker run
Using this command (along with the options), you can add to or override the image settings set by a developer.
docker save
This command allows you to save images to an archive.
docker search
This command allows you to search the Docker Hub for images.
docker start
This command allows you to start a stopped container.
docker stop
This command allows you to stop a running container.
docker update
You can use this command to update the configuration of a container.
docker version
This command allows you to view the Docker version information.
After Docker is installed, you may want to configure the Docker daemon to specify how Docker will start and stop after a system restart or when the system needs to reboot. If you want to set a restart policy, use the – restart flag with the Docker run command.
Windows containers are independent and isolated environments that run an operating system. These isolated environments allow you to place an application into its own container, thus not affecting any other applications or containers.
Think of containers as virtual environments that are used to run independent applications. They load much faster than virtual machines, and you can run as many containers as needed for all of the applications that you run.
One of the nice advantages of using Windows containers is that the containers can be managed the same way you manage an operating system. A container works the same way as a newly installed physical or virtual machine. So, once you know how to configure these containers, management is much easier than configuring a physical machine.
There are two different types of Windows containers:
Windows Server Containers This container allows you to isolate applications so they can run in their own space and not affect other applications. The question that you may be asking is, why not use a virtual machine? Well, the advantage of Windows Server containers is that they are already prebuilt and you don’t need all the other services that a virtual machine would need to run. So Windows containers are smaller, faster, and more efficient when isolating applications. In a Windows Server container, the kernel is shared between all the different Windows containers.
Hyper- V Containers Hyper- V containers and Windows containers work the same way. The difference between the two is that Hyper- V containers run within a virtual machine and the Windows containers don’t need to run in a Hyper- V environment. In a Hyper- V container, the container host’s kernel is not shared between the other Hyper-V containers.
Container Terminology
As with any new technology, it is important to understand the terminology that goes along with that new technology. The first thing that you may have noticed is that a container works a lot like a virtual machine. Just like a virtual machine, the container has a running operating system within the container.
The container, which has a filesystem, can also be accessed through the network the same way you access a virtual machine. The advantage is that a container is a more efficient operating system. But to truly understand how containers work, you need to understand all of the components that allow containers to function properly:
Container Host This component can be on a physical or virtual machine, and it’s the component that is configured with the Windows container feature. So the Windows container sits on top of the container host.
Container OS Image This component provides the operating system to the container. Containers are made up of multiple images that are stacked on top of each other.
Container Image This is the component that contains all the layers of the container. So the container image contains the operating system, the application, and all the services required to make that application function properly.
Container Registry This component is the heart and brain of the container. The container images are kept within the container’s registry. The advantage of doing containers this way is that you can download other registries to automatically add other applications or services quickly.
Docker Daemon This is the component that runs the Docker application. The Docker daemon is automatically installed after you complete the installation of the Docker application.
Dockerfile This component is used to create the container images. The advantage of using the Dockerfile is that you can automate how containers are created. Dockerfiles are batches of instructions (within a text file) and commands that are called on when an image is assembled.
Docker Hub Repositories This component is a location where all of your images are stored. By having a central location for stored images, the images can be used among coworkers and customers, or for the entire IT community. There are Docker hub repositories on the Internet where you can grab and use images for your organization.
Install and Configure Server Containers
So now that we have talked about the different components of a container, it’s time to look at installing containers on your Windows Server 2022 system. When it comes to Microsoft, it doesn’t matter if we are installing containers on a GUI- based system or non- GUI- based system. We are going to install the components needed by using Windows PowerShell.
But before we can look at installing and using containers, I need to show you what is required on the Windows Server 2022 system. So, the first step in using containers is looking at what we need on our network and computers for containers to run properly.
Requirements
Now that you have decided to work with containers, you must make sure that your network meets the minimum requirements to install and work with Windows containers:
■The Windows container feature is available on Windows Server 2022, Windows Server (Semi- Annual Channel), Windows Server 2019, Windows Server 2016, and Windows 10 Professional and Enterprise Editions (version 1607 and later).
■The Hyper- V role must be installed before running Hyper-V isolation.
■Windows Server Container hosts must have Windows installed to C:. This restriction does not apply if only Hyper- V isolated containers will be deployed.
Here are the requirements if you are going to be running virtualization with containers:
■For systems running the Hyper- V containers, the Hyper- V role must be installed on the system.
■If you are going to run a Windows container host from a Hyper-V virtual machine (and also hosting Hyper- V containers), you will need to enable nested virtualization. Nested virtualization also has some requirements:
■Operating system that allows nested virtualization (Windows Server 2022).
■Minimum of 4 GB of RAM available to the virtualized Hyper- V host.
■The processor needs to use Intel VT- x (this is only available for Intel processors).
■Two virtual processors for the container host VM.
What is the default TCP port for iSCSI? A. 3260 B. 1433 C. 21 D. 3389
You have a Windows Server 2022 Hyper- V host named Jupiter. You want to deploy several shielded virtual machines on Jupiter. You deploy a Host Guardian on a new server. You need to view the process of the shielded virtual machines installation. What should you run to see the progress of the shielded VM? A. Get- ShieldedVMProvisioningStatus cmdlet B. Diskpart command C. Set- VHD cmdlet D. Set- VM cmdlet
You are the administrator of a mid- sized network. You have a Hyper- V host that runs Windows Server 2022. The host contains a virtual machine named Virtual1. Virtual1 has resource metering enabled. You need to use resource metering to track the amount of network traffic that Virtual1 sends to the 10.10.16.0/20 network. Which cmdlet would you run? A. Add- VMNetworkAdapteiAd B. Set- VMNetworkAdapter C. New- VMResourcePool D. Set- VMNetworkAdapterRoutingDomamMapping
You are the administrator for an organization that has started using Hyper- V. You have a Hyper- V host named Server1 that runs Windows Server 2022. Server1 contains a virtual machine named Earth. You need to make sure that you can use nested virtualization on Earth. What should you run on Server1? A. Mount- VHD cmdlet B. Diskpart command C. Set- VMProcessor cmdlet D. Set- VM cmdlet
You need to ensure that VM1 and VM2 can communicate with each other only. The solution must prevent VM1 and VM2 from communicating with Server1. Which cmdlet should you use? A. Set- NetNeighbor B. Remove- VMSwitchTeamMember C. Set- VMSwitch D. Enable- VMSwitchExtension
You are the admin for a mid- sized company. You have a Hyper- V host named Server1 that runs Windows Server 2022. Server1 has a dynamically expanding virtual hard disk (VHD) file that is 950 GB. The VHD currently contains around 450 GB of free space. You want to reduce the amount of disk space used by the VHD. What command should you run? A. Mount- VHD cmdlet B. Diskpart command C. Set- VHD cmdlet D. Optimize- VHD cmdlet
You have a Nano Server named Nano1. Which cmdlet should you use to identify whether the DNS Server role is installed on Nano1? A. Find- ServerPackage B. Get- Package C. Find- Package D. Get- WindowsOptionalFeature
You are working on a Windows Server 2022 Datacenter Server system. You need to view which roles and services are installed on the machine. Which PowerShell cmdlet can you use to see this? A. Get- event B. New- event C. Trace- command D. Get- WindowsFeature
What command would be used to register an iSCSI initiator manually to an iSNS server? A. iscsicli refreshisnsserver server_name B. iscsicli listisnsservers server_name C. iscsicli removeisnsserver server_name D. iscsicli addisnsserver server_name
You are an administrator who has set up two Hyper- V servers named Server1 (Windows Server 2022) and Server2 (Windows Server 2012 R2). Each Hyper- V server has multiple network cards. Each network card is connected to a different TCP/IP subnet. Server1 contains a dedicated migration network. Server2 contains a virtual machine named VM1. You plan to perform a live migration of VM1 to Server1. You need to ensure that Server1 uses all of the available networks to perform the live migration of VM1. What should you run to complete this task? A. Mount- VHD cmdlet B. Diskpart command C. Set- VHD cmdlet D. Set- VMHost cmdlet
Your company has decided to implement a Windows 2022 server. The company IT manager before you always used FAT32 as the system partition. Your company wants to know whether it should move to NTFS. Which of the following are some advantages of NTFS? (Choose all that apply.) A. Security B. Quotas C. Compression D. Encryption
You are the administrator of your network, which consists of two Windows Server 2022 systems. One of the servers is a domain controller, and the other server is a file server for data storage. The hard drive of the file server is starting to fill up. You do not have the ability to install another hard drive, so you decide to limit the amount of space everyone gets on the hard drive. What do you need to implement to solve your problem? A. Disk spacing B. Disk quotas C. Disk hardening D. Disk limitations
A system administrator is trying to determine which filesystem to use for a server that will become a Windows Server 2022 file server and domain controller. The company has the following requirements: ■ The filesystem must allow for file- level security from within Windows 2022 Server. ■ The filesystem must make efficient use of space on large partitions. ■ The domain controller SYSVOL must be stored on the partition. Which of the following filesystems meets these requirements? A. FAT B. FAT32 C. HPFS D. NTFS
You are an IT administrator who manages an environment that runs multiple Windows Server 2022 servers from multiple site locations across the United States. Your Windows Server 2022 machines use iSCSI storage. Other administrators report it is difficult to locate available iSCSI resources on the network. You need to make sure other administrators can easily access iSCSI resources using a centralized repository. What feature should you deploy? A. The iSCSI Target Storage Provider feature B. The Windows Standards- Based Storage Management feature C. The iSCSI Target Server role feature D. The iSNS Server service feature
You are the IT manager for your company. You have been asked to give the Admin group the rights to read, change, and assign permissions to documents in the StormWind Documents folder. The following table shows the current permissions on the StormWind Documents shared folder: Group/User NTFS Shared Sales Read Change Marketing Modify Change R&D Deny Full Control Finance Read Read Admin Change Change What do you need to do to give the Admin group the rights to do their job? (Choose all that apply.) A. Give Sales Full Control to shared permissions. B. Give Full Control to NTFS security. C. Give Admin Full Control to shared permissions. D. Give Finance Modify to NTFS security. E. Give Admin Full Control to NTFS security.
Will, the IT manager for your company, has been asked to give Moe the rights to read and change documents in the StormWind Documents folder. The following table shows the current permissions on the shared folder: Group/User NTFS Shared Sales Read Change Marketing Modify Change R&D Deny Full Control Finance Read Read Tylor Read Change Moe is a member of the Sales and Finance groups. When Moe accesses the StormWind Documents folder, he can read all the files, but the system won’t let him change or delete files. What does Will need to do to give Moe the minimum amount of rights to do his job? A. Give Sales Full Control to shared permissions. B. Give Moe Full Control to NTFS security. C. Give Finance Change to shared permissions. D. Give Finance Modify to NTFS security. E. Give Moe Modify to NTFS security.
For security reasons, you have decided that you must convert the system partition on your removable drive from the FAT32 filesystem to NTFS. Which of the following steps must you take in order to convert the filesystem? (Choose two.) A. Run the command CONVERT /FS:NTFS from the command prompt. B. Rerun Windows Server 2022 Setup, and choose to convert the partition to NTFS during the reinstallation. C. Boot Windows Server 2022 Setup from the installation CD-R OM, and choose Rebuild File System. D. Reboot the computer.
You are the administrator of your network, which consists of two Windows Server 2022 systems. One of the servers is a domain controller, and the other server is a file server for data storage. The hard drive of the file server is starting to fill up. You do not have the ability to install another hard drive, so you decide to shrink the data on the file server. What do you need to implement to solve your problem? A. Disk spacing B. Disk compression C. Disk hardening D. Disk limitations
You are the administrator of a large organization. Four weeks ago you have built a new Windows Server 2022 Datacenter Server. You can’t remember all of the roles and features that you previously installed. You need to view which roles and features are installed on the machine. Which PowerShell cmdlet can you use to see this? A. Get- event B. New- event C. Trace- command D. Get- WindowsFeature
What is the default TCP port for RDP? A. 3260 B. 1433 C. 21 D. 3389
As stated throughout this book, PowerShell is a command- line shell and scripting tool. BranchCache has many different PowerShell cmdlets that allow you to configure and maintain the BranchCache feature. Table 11.5 shows just some of the different PowerShell cmdlets for BranchCache.
TABLE 11.5 PowerShell cmdlets for BranchCache
Add- BCDataCacheExtension
Increases the amount of cache storage space that is available on a hosted cache server by adding a new cache file
Clear- BCCache
Deletes all data in all data and hash files
Disable- BC
Disables the BranchCache service
Disable- BCDowngrading
Disables downgrading so that client computers that are running Windows 10 do not request Windows 7/8 specific versions of content information from content servers
Enable- BCDistributed
Enables BranchCache and configures a computer to operate in distributed cache mode
Enable- BCHostedClient
Configures BranchCache to operate in hosted cache client mode
Enable- BCHostedServer
Configures BranchCache to operate in hosted cache server mode
Enable- BCLocal
Enables the BranchCache service in local caching mode
Export- BCCachePackage
Exports a cache package
Export- BCSecretKey
Exports a secret key to a file
Get- BCClientConfiguration Gets the current BranchCache client computer settings Get- BCContentServer Gets the current BranchCache content server settings Configuration Get- BCDataCache Gets the BranchCache data cache Get- BCStatus Gets a set of objects that provide BranchCache status and configuration information Import- BCCachePackage Imports a cache package into BranchCache Import- BCSecretKey Imports the cryptographic key that BranchCache uses for generating segment secrets Set- BCAuthentication Specifies the BranchCache computer authentication mode
Cmdlet
Description
Set- BCCache
Modifies the cache file configuration
Set- BCSecretKey
Sets the cryptographic key used in the generation of segment secrets
Enhanced Features in Windows Server 2022 BranchCache
Microsoft continues to improve on many of the features of Windows Server, and BranchCache is no different. Microsoft has improved BranchCache in Windows Server 2022 and Windows 10/11. The following list includes some of the enhanced features:
Office sizes and the number of branch offices are not limited. Windows Server 2022 BranchCache allows any number of offices along with any number of users once you deploy hosted cache mode with multiple hosted cache servers.
There are no requirements for a Group Policy Object (GPO) for each office location, streamlining deployment. All that is required to deploy BranchCache is a single GPO that contains a small number of settings.
Client computer configuration is easy. You have the ability to configure their clients through the use of a GPO. If this is done, client configuration will automatically be configured through the GPO, and if a client can’t find a hosted cache server, the client will automatically self- configure as a hosted cache mode client.
BranchCache is deeply integrated with the Windows file server. BranchCache is automatically integrated with Windows file server technology. Because of this, the process of finding duplicate pieces in independent files is greatly improved.
Duplicate content is stored and downloaded only once. BranchCache stores only one instance of the content on a hosted cache server or content server, and because of this, you get greater disk storage savings. Since client computers at the remote offices download only one instance of any content, your network saves on additional WAN bandwidth.
Small changes to large files produce bandwidth savings. One advantage of BranchCache is the file server chunking system that helps divide files and web pages into smaller parts. Now when a file is changed, only the part of that file that has been changed gets replicated. This allows BranchCache to use lower bandwidth requirements.
Offline content creation improves performance. When BranchCache is deployed as content or file servers, the data is calculated offline before a client even has the chance to request it. Because of this, the systems get faster performance and bandwidth.
Cache encryption is enabled automatically. BranchCache stores its cached data as encrypted data. This guarantees data security without the need to encrypt the entire drive.
Summary
In this chapter, I discussed file servers and how they can be effective on your network. I also discussed sharing folders for users to access, and then I discussed how to publish those shared folders to Active Directory.
You learned about NTFS security versus shared folder permissions and how to limit users’ hard drive space by setting up disk quotas. The chapter also covered the Encrypting File System (EFS) and how users can encrypt and compress files.
I also discussed how configuring file and storage solutions can be highly effective within your organization. You now have a better understanding of how Windows Server 2022 can provide you with extended functionality for effectively controlling corporate data.
I talked about Data Deduplication and how it can help protect your corporate data and also provide a backup solution.
This chapter took you through the use of many server tools and utilities such as DFS and encryption. Distributed File System allows you to set up a tree structure of virtual directories that lets users connect to a shared folder anywhere throughout the entire network.
You also learned about EFS and how to use Cipher to modify or configure EFS in a command window. Cipher is the best way to change encrypted directories and files.
Exam Essentials
Know storage technologies. Understand how to use the Fibre Channel, iSCSI, and NAS storage technologies. Know how to configure an iSCSI initiator and how to establish a connection to a target. Practice configuring tiered storage and using thin provisioning and trim.
Know how to configure NTFS security. One of the major advantages of using NTFS over FAT32 is access to additional security features. NTFS allows you to put security at the file and folder layers. NTFS security is in effect whether the user is remote or local to the computer with the data.
Know how to configure shared permissions. Shared permissions allow you to determine the access a user will receive when connecting to a shared folder. Shared permissions are allowed only at the folder layer and are in effect only when the user is remote to the computer with the shared data.
Understand how NTFS and shared permissions work together. NTFS and shared permissions are individually additive— you get the highest level of security and permissions within each type. NTFS is always in effect, and it is the only security available locally. Shared permissions are in effect only when connecting remotely to access the shared data. When the two types of permissions meet, the most restrictive set of permissions applies.
Exam Essentials
Know how to configure disk quotas. Disk quotas allow an organization to determine the amount of disk space that users can have on a volume of a server. You can set up disk quotas based on volumes or by users. Each volume must have its own separate set of disk quotas.
Understand data deduplication. Know that data deduplication involves finding and removing duplicate data within the company network without compromising its integrity. Understand that the goal is to store more data in less space by segmenting files into small chunks, identifying duplicate chunks, and maintaining a single copy of each chunk.
Know how to configure DFS. Distributed File System in Windows Server 2022 offers a simplified way for users to access geographically dispersed files. The DFS Namespace service allows you to set up a tree structure of virtual directories that lets users connect to shared folders throughout the entire network.
Understand EFS and Cipher. Users can encrypt their directories and files by using EFS. Understand how Cipher can help you configure or modify an EFS object while in the command prompt.
On a domain controller, open the Group Policy Management Console.
In the Group Policy Management Console, expand the following path: Forest ➢ Domains ➢ Group Policy Objects. Make sure the domain you choose contains the BranchCache Windows 7/Windows 8 client computer accounts that you want to configure.
In the Group Policy Management Console, right- click Group Policy Objects and select New. Name the policy BranchCache Client and click OK. Right- click BranchCache Client and click Edit. The Group Policy Management Editor console opens.
4. In the Group Policy Management Editor console, expand the following path:
Computer Configuration ➢ Policies ➢ Windows Settings ➢ Security Settings ➢ Windows Firewall With Advanced Security ➢ Windows Firewall With Advanced Security – LDAP ➢ Inbound Rules.
5. Right- click Inbound Rules and then click New Rule. The New Inbound Rule Wizard opens.
6. On the Rule Type screen, click Predefined, expand the list of choices, and then click BranchCache – Content Retrieval (Uses HTTP). Click Next.
7. On the Predefined Rules screen, click Next.
8. On the Action screen, ensure that Allow The Connection is selected and then click Finish. You must select Allow The Connection for the BranchCache client to be able to receive traffic on this port.
9. To create the WS- Discovery firewall exception, right- click Inbound Rules and click New Rule. The New Inbound Rule Wizard opens.
10. On the Rule Type screen, click Predefined, expand the list of choices, and then click BranchCache – Peer Discovery (Uses WSD). Click Next.
11. On the Predefined Rules screen, click Next.
12. On the Action screen, ensure that Allow The Connection is selected and then click Finish.
13. In the Group Policy Management Editor console, right- click Outbound Rules and then click New Rule. The New Outbound Rule Wizard opens.
14. On the Rule Type screen, click Predefined, expand the list of choices, and then click BranchCache – Content Retrieval (Uses HTTP). Click Next.
15. On the Predefined Rules screen, click Next.
16. On the Action screen, make sure that Allow The Connection is selected and then click Finish.
17. Create the WS- Discovery firewall exception by right- clicking Outbound Rules and then clicking New Rule. The New Outbound Rule Wizard opens.
18. On the Rule Type screen, click Predefined, expand the list of choices, and then click BranchCache – Peer Discovery (Uses WSD). Click Next.
19. On the Predefined Rules screen, click Next.
20. On the Action screen, make sure that Allow The Connection is selected and then click Finish. Close the Group Policy Management console.
Now that you have looked at the distributed cache mode configuration, let’s take a look at the hosted mode configuration.
Hosted Mode Requirements
To set up a hosted mode BranchCache configuration, you must first set up a Windows Server 2022 hosted cache server at the main and branch offices. You also need to be running Windows 7 or above (except for home versions) at the branch offices.
The Windows client machines download the data from the main cache server, and then the hosted cache servers at the branch offices obtain a copy of the downloaded data for other users to access.
Your network infrastructure must also allow for physical connections between the main office and the branch offices. These connections can be VPNs or some type of WAN links. After these requirements are met, your cache server must obtain a server certificate so that the client computers in the branch offices can positively identify the cache servers.
Exercise 11.17 walks you through the process of installing the BranchCache feature on a Windows Server 2022 machine. To begin this exercise, you must be logged into the Windows Server 2022 machine as an administrator.
EXERCISE 11.17
Installing BranchCache on Windows Server 2022
Open Server Manager by clicking the Server Manager icon or by running server manager.exe.
Select Add Roles And Features.
Click Next in the Before You Begin pane (if shown).
Select role- based or feature- based installation and click Next to continue.
Select the Select A Server From The Server Pool option and click Next.
At the Select Server Roles screen, click Next.
At the Select Features screen, click the check box for BranchCache (see Figure 11.26). Then click Next.
FIGURE 11.26 BranchCache option
8. Check the Restart The Destination Server If Required option and then click Install. If a dialog box appears about restarting, click Yes. The system should restart.
9. After the system restarts, log in as the administrator.