Is it a good idea to containerize legacy applications today?

For three years now, IT teams have experimented with Windows Docker Containers on WS2016 and WS2019. We all like the promise of portability and scalability that comes with containerizing applications. We’re excited by the potential solution that Windows containers offer on WS2016 and WS2019. 

Containers are the “software du jour.” At VirtaMove we recommend that Windows shops educate themselves and experiment with Windows containers. Several recent positive developments have come about, including the general availability of Kubernetes on Google’s GCP, the development of “Containers as a Service,” and in the Linux world, the launch of OpenShift from Redhat.  

We think it’s important to understand the process of containerization, security implications, as well the performance overheads that come with containers. The Key Question: Is it a good idea to containerize Windows Server applications today?

Still early days for containerization

While Windows container technology is evolving quickly, running containers on Windows Servers today can still be daunting. Have a look at the compatibility matrix here and you’ll get an idea of the complexity involved. For example, Host OS versions, Core OS container versions, and Hyper-V all need to be managed manually. 

As of today, Docker Containers on Windows remain somewhat experimental and are available only on the latest WS2016 and WS2019 releases. Containers may not support all app features; there are user interface limitations, for instance. You also need to consider implications on performance, security, Active Directory (AD), and the use of antivirus (AV) software. 

VirtaMove has proven that legacy Linux workloads can run on WS2019 (see a demo here). We’ve also shown that legacy Windows Server applications can be containerized on both WS2016 and WS2019.

Think about performance

Consider performance overheads. Multiple layers of software are needed to run apps in a container. Containers need a Host OS or a hypervisor. The Host and Core Windows OS components share the Host kernel (you’ll need to make sure they are compatible). Ensuring compatibility can be complex. There are at least four major releases out today. Core OS components bring additional overheads. If you run under a Hypervisor, the Azure container runs its apps on OS kernel components inside the Azure container.

For both the Host and Hypervisor scenarios, you’ll need orchestration: usually Docker or Kubernetes, or now Linux OpenShift. Orchestration might rely on Linux components, in which case you’ll probably need a Linux server. 

Finally, there is the app overhead. A new cloud app might be built as a microservice. In the case of monolithic legacy apps, the current production state of the app needs to be installed into the WS2016/WS2019 Windows container (VirtaMove can do that, but it is non-trivial). For example, WS2003 and WS2008 apps still need to be reconfigured to run on the WS2016 or WS2019 Core OS. You’ll likely need to address deprecated app features and OS reconfiguration. You’ll also likely need to harden the stack with antivirus or container security software, then implement authentication and user access control, given security issues discovered around both Kubernetes and Docker.

Figure 1: Host Server Container

containerize legacy applications

Sorting out performance bottlenecks across stack components can be an additional challenge. How do you patch the stack? All components need to be managed individually – the VM, the Host OS, the Core OS, Docker, the app, Kubernetes, Linux components, the AV and AD software. Compatibility must be maintained. At VirtaMove, we’ve developed an easy way to install app patches into a Windows container.

To date, there is no easy rollback to a native OS install. Relying on the container as a destination mean overheads, but the app can be updated. 

The bottom line

Container projects on Windows Server are experimental even in large enterprises. Nonetheless, VirtaMove has proven that containerizing Legacy Windows Legacy apps can help with scalability and load balancing. 

So, is containerizing Windows Server applications a good idea? Containers make good sense for new cloud app development or on mature Linux platforms. OpenShift is promising for Linux projects. New code can be architected to leverage APIs, containerization, application virtualization, or microservices

However, using containers for legacy applications can be difficult. You may need some help with reconfiguration, performance, and management overheads.

How about an automated, stateful, native re-install into a container

Consider an automated, stateful re-install of legacy apps on a modern server or on to a Core Container OS.

At VirtaMove, we use our proprietary lightweight containers for isolation and testing on a Host server. They provide full support for all legacy app UIs. However, there is no permanent reliance on the VirtaMove container: the container can be removed at the end of app modernization. The legacy application can run natively on the modern Host Windows OS or it can be installed into a Core OS in a Windows container. Native re-installs allow you to manage legacy apps using a conventional change management process.

Benefits of an automated, stateful re-install include:

  • Closing known security exposures on old Windows 2000, WS2003, and WS2008 servers and better security from modern Windows Defender versions on WS2016 and WS2019.
  • Eliminating WannaCry, NotPetya, and Vault 7 malware risks. New hardware closes Spectre and Meltdown exposures. Apps will run natively on a supported OS.
  • Hardware performance improvements. New servers scale and run faster. You’ll get more work done with your existing apps.
  • Stateful re-installs allow apps to be split and installed on separate servers or into separate containers. You can reconfigure where apps run.
  • Software components, such as IIS and SQL, can be upgraded and modernized on new servers. Modernized components run faster, are more secure, and provide advanced features.
  • Application clutter is reduced when unnecessary apps are eliminated, and you can run apps on modern datacenter VMs or on the cloud. It also reduces OS patch and container management and lets you manage servers with standard DevOps tools.
  • The life of legacy apps can be extended. New, modern features can be developed. You’re not forced into costly app re-development simply because you want to run apps on modern Host servers.

Years of research have given us deep insights into Windows containerization. VirtaMove eliminates the need for install scripts, developers, or app owners to learn and re-install apps on a Host OS or Windows Container OS. Our tools automate the stateful installation of Windows 2000, WS2003, and WS2008 applications on new virtual machines and servers running WS2012, WS2016, and WS2019 and Windows and Linux containers. E-mail or call us if you want a demo or to learn more.