Process Isolation vs. Hyper-V Isolation

  • 5 minutes

In Docker, images can run in two runtime isolation modes:

  • Process Isolation

  • Hyper-V Isolation

The containers are created, managed, and function in both modes in identical fashion. They are also based on the same images, so a difference doesn't exist in images. The containers only differ in the degree of isolation between the container, the host operating system, and all other containers that are running on that host.

Process Isolation

In the Process Isolation mode, multiple containers run concurrently and share the same kernel with the host, as with each other. This approach is also how Linux containers run and is the more traditional approach. However, this approach has a downside for Windows containers. The base image operating system that is used within the container should match the operating system of the host. You can't run a container that is based on Windows Server 2016 on a Windows Server 2019 host, and you certainly can't run a container based on Windows Server 2019 on a Windows Server 2016 host.

Diagram illustrating Docker Process Isolation.

Hyper-V Isolation

Hyper-V Isolation uses Microsoft Hyper-V to host the containers. This mode offers enhanced security and better compatibility between the host operating system and the container's base image operating system. This mode will run a highly optimized virtual machine that will have its own kernel. The container runs within that virtual machine.

Diagram illustrating Docker Hyper-V Isolation.

With Windows 10 and Windows Server 2019, multiple versions of the operation systems are released (version 1809, 1903, 1909, and so on). With Process Isolation, it's important that you check your operating system version before you download a specific image. Even with Hyper-V isolation, not all combinations are valid. You still can't run a Windows Server 2019 container on a Windows Server 2016 host.

You can run containers in Process Isolation on Windows 10 Pro and Enterprise, but only for development and testing purposes. If you want to run Docker in production, you will always need Windows Server as the host operating system.

For more information, see Windows container version compatibility.

For Business Central, Microsoft provides artifacts for the different versions. When you use the BcContainerHelper (discussed in this module), it can automatically check the version that is best for your operating system.

Keep in mind that Docker containers for Business Central are used for development and testing, but no support is available from Microsoft on running Business Central Docker containers in a production environment.