Get Docker Engine - Enterprise on Windows Servers

Get Docker Engine - Enterprise on Windows Servers¶

Docker Engine - Enterprise enables native Docker containers on Windows Server. Windows Server 2016 and later versions are supported. The Docker Engine - Enterprise installation package includes everything you need to run Docker on Windows Server. This topic describes pre-install considerations, and how to download and install Docker Engine - Enterprise.

System requirements¶

Windows OS requirements around specific CPU and RAM requirements also need to be met as specified in the Windows Server Requirements. This provides information for specific CPU and memory specs and capabilities (instruction sets like CMPXCHG16b, LAHF/SAHF, and PrefetchW, security: DEP/NX, etc.).

OS Versions:
- Long Term Service Channel (LTSC) - 2016 and 2019 (Core and GUI)
- Semi-annual Channel (SAC) - 1709, 1803 and 1809
RAM: 4GB
Disk space: 32 GB minimum recommendation for Windows. Docker recommends an additional 32 GB of space for base images for ServerCore and NanoServer along with buffer space for workload containers running IIS, SQL Server and .Net apps.

Install Docker Engine - Enterprise¶

To install the Docker Engine - Enterprise on your hosts, Docker provides a OneGet PowerShell Module.

Open an elevated PowerShell command prompt, and type the following commands.

Install-Module DockerMsftProvider -Force
Install-Package Docker -ProviderName DockerMsftProvider -Force

Check if a reboot is required, and if yes, restart your instance.
```
(Install-WindowsFeature Containers).RestartNeeded
```
If the output of this command is Yes, then restart the server with:
```
Restart-Computer
```

Test your Docker Engine - Enterprise installation by running the hello-world container.

docker run hello-world:nanoserver

Unable to find image 'hello-world:nanoserver' locally
nanoserver: Pulling from library/hello-world
bce2fbc256ea: Pull complete
3ac17e2e6106: Pull complete
8cac44e17f16: Pull complete
5e160e4d8db3: Pull complete
Digest: sha256:25eac12ba40f7591969085ab3fb9772e8a4307553c14ea72d0e6f98b2c8ced9d
Status: Downloaded newer image for hello-world:nanoserver

Hello from Docker!
This message shows that your installation appears to be working correctly.

(optional) Make sure you have all required updates¶

Some advanced Docker features, such as swarm mode, require the fixes included in KB4015217 (or a later cumulative patch).

sconfig

Select option 6) Download and Install Updates.

FIPS 140-2 cryptographic module support¶

Federal Information Processing Standards (FIPS) Publication 140-2 is a United States Federal security requirement for cryptographic modules.

With Docker Engine - Enterprise Basic license for versions 18.09 and later, Docker provides FIPS 140-2 support in Windows Server. This includes a FIPS supported cryptographic module. If the Windows implementation already has FIPS support enabled, FIPS is automatically enabled in the Docker engine.

Note

FIPS 140-2 is only supported in the Docker EE engine. UCP and DTR currently do not have support for FIPS 140-2.

To enable FIPS 140-2 compliance on a system that is not in FIPS 140-2 mode, execute the following command in PowerShell:

[System.Environment]::SetEnvironmentVariable("DOCKER_FIPS", "1", "Machine")

FIPS 140-2 mode may also be enabled via the Windows Registry. To update the pertinent registry key, execute the following PowerShell command as an Administrator:

Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy\" -Name "Enabled" -Value "1"

Restart the Docker service by running the following command.

net stop docker
net start docker

To confirm Docker is running with FIPS-140-2 enabled, run the docker info command:

Labels:
 com.docker.security.fips=enabled

Note

If the system has the FIPS-140-2 cryptographic module installed on the operating system, it is possible to disable FIPS-140-2 compliance. To disable FIPS-140-2 in Docker but not the operating system, set the value "DOCKER_FIPS","0" in the [System.Environment].``

Use a script to install Docker Engine - Enterprise¶

Use the following guide if you wanted to install the Docker Engine - Enterprise manually, via a script, or on air-gapped systems.

In a PowerShell command prompt, download the installer archive on a machine that has a connection.
```
# On an online machine, download the zip file.
Invoke-WebRequest -UseBasicParsing -OutFile {{ filename }} {{ download_url }}
```
If you need to download a specific Docker Engine - Enterprise Engine release, all URLs can be found on this JSON index.

Copy the zip file to the machine where you want to install Docker. In a PowerShell command prompt, use the following commands to extract the archive, register, and start the Docker service.

# Stop Docker service
Stop-Service docker

# Extract the archive.
Expand-Archive {{ filename }} -DestinationPath $Env:ProgramFiles -Force

# Clean up the zip file.
Remove-Item -Force {{ filename }}

# Install Docker. This requires rebooting.
$null = Install-WindowsFeature containers

# Add Docker to the path for the current session.
$env:path += ";$env:ProgramFiles\docker"

# Optionally, modify PATH to persist across sessions.
$newPath = "$env:ProgramFiles\docker;" +
[Environment]::GetEnvironmentVariable("PATH",
[EnvironmentVariableTarget]::Machine)

[Environment]::SetEnvironmentVariable("PATH", $newPath,
[EnvironmentVariableTarget]::Machine)

# Register the Docker daemon as a service.
dockerd --register-service

# Start the Docker service.
Start-Service docker

Test your Docker Engine - Enterprise installation by running the hello-world container.

docker container run hello-world:nanoserver

Install a specific version¶

To install a specific version, use the RequiredVersion flag:

Install-Package -Name docker -ProviderName DockerMsftProvider -Force -RequiredVersion 19.03
...
Name                      Version               Source           Summary
----                      -------               ------           -------
Docker                    19.03                 Docker           Contains Docker Engine - Enterprise for use with Windows Server...

Updating the DockerMsftProvider¶

Installing specific Docker EE versions may require an update to previously installed DockerMsftProvider modules. To update:

Update-Module DockerMsftProvider

Then open a new PowerShell session for the update to take effect.

Update Docker Engine - Enterprise¶

To update Docker Engine - Enterprise to the most recent release, specify the -RequiredVersion and -Update flags:

Install-Package -Name docker -ProviderName DockerMsftProvider -RequiredVersion 19.03 -Update -Force

The required version number must match a version available on the JSON index

Uninstall Docker EE¶

Use the following commands to completely remove the Docker Engine - Enterprise from a Windows Server:

Leave any active Docker Swarm.
```
docker swarm leave --force
```

Remove all running and stopped containers.

docker rm -f $(docker ps --all --quiet)

Prune container data.
```
docker system prune --all --volumes
```

Uninstall Docker PowerShell Package and Module.

Uninstall-Package -Name docker -ProviderName DockerMsftProvider
Uninstall-Module -Name DockerMsftProvider

Clean up Windows Networking and file system.

Get-HNSNetwork | Remove-HNSNetwork
Remove-Item -Path "C:\ProgramData\Docker" -Recurse -Force

Preparing a Windows Host for use with UCP¶

To add a Windows Server host to an existing Universal Control Plane cluster please follow the list of `prerequisites and joining instructions.

About Docker Engine - Enterprise containers and Windows Server¶

Looking for information on using Docker Engine - Enterprise containers?

Getting Started with Windows Containers (Lab) provides a tutorial on how to set up and run Windows containers on Windows 10 or Windows Server 2016. It shows you how to use a MusicStore application with Windows containers.

Where to go next¶

Windows Containers on Windows Server is the official Microsoft documentation.

updated: 2023-07-26 11:20

Get Docker EE for Ubuntu

View Previous Section

Universal Control Plane overview