Allow Process Isolation Windows Containers without Hyper-V in Windows 10

[BretFisher]

Tell us about your request
For years we've had the ability to run Windows Containers on Windows 10 in "Process Isolation" mode, which doesn't use a full Hyper-V VM like the original Docker support in Windows 10 required. This is fantastic and has lots of benefits, but there are two main hurdles I find in adoption with students and consulting clients:

1. There's not a clear way in settings for how to make this the default mode for starting Windows Containers
2. There's no way to start Docker Desktop without it telling you it must have Hyper-V installed, then exiting

Number 2 has the compound effect of not letting you even start Docker unless you have VT Extensions enabled in the BIOS, or enabling Nested Virtualization in a VM. I don't believe these technologies are required in a pure Windows Container Process Isolation mode environment. I recently ran into a company doing fully remote work with VDI (virtual remote desktops), but didn't have the ability to use Nested Virt in those Windows 10 VMs, and therefore, can't use Docker Desktop for their Windows Container work.

I also have worked with orgs that aren't allowed to run any VM locally without a full security audit of the solution, and only "approved" VM's can be run. They were mostly a Windows shop, currently evaluating Windows Containers. Providing this option for VM-less containers could provide those types of orgs a path forward, without hacks, or long dealys around security approvals.

Which service(s) is this request for?
Docker Desktop for Windows

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
Provide an easy path for Docker Desktop users to use Windows Containers in Process Isolation Mode without needing Hyper-V, VT Extensions, Nested Virtualization

Are you currently working around the issue?
Here's a walkthrough of installing the docker binaries on Windows 10 directly without Hyper-V for Windows Containers in Process Isolation. I've not tried it yet, but this convinces me this is possible.

[BretFisher]

This is somewhat related to my other Windows Container issue #150, which focuses on highlighting the option for Linux and Windows Containers and helping educate the user on their choices and current configuration.

[anupamhaldkar]

Even I have experienced this issue most of the time.

[alanturing88]

Hello everyone,

I am also highly interested in this feature. In our company we want to use devices with Windows 10 IOT Enterprise and cannot use Hyper-V. I tought I need to hande the microservices as Windows Services and IIS configuration.
But I found the blog post above and now I try to make things work with docker. But I also think its an hack and would love to hear from you, that in future it is possible to install Docker without such a workaround.

[asterisk360-admin]

Docker desktop doesn't work with proxmox vms too.

[slonopotamus]

There's no way to start Docker Desktop without it telling you it must have Hyper-V installed, then exiting

This statement is false. I successfully use Docker Desktop inside VirtualBox that doesn't support Hyper-V nested virtualization. I cannot say that process of switching to Windows containers is easy though.

[thejohnfreeman]

This is the error message I see from Docker Desktop 4.0.0 installed on Windows 10 Pro 20H2, when I try to switch to Windows containers while Hyper-V is disabled.

[slonopotamus]

A video that shows the whole process from Docker Desktop install to running it in Windows Containers mode on a machine that doesn't have SLAT (Second Level Address Translation) so cannot run Hyper-V: https://www.youtube.com/watch?v=n8z6MpbvDPM

[thejohnfreeman]

@slonopotamus "installed" Docker Desktop 4.0.0, but upon restart, it pops a dialog saying this:

Does that mean it actually installed Docker Desktop 3.6.0, or that it might be running in a mode as if it were 3.6.0? Did 3.6.0 not have the Hyper-V feature check yet?

[slonopotamus]

1. This dialog lies. Docker 4.0.0 (and 4.0.1) still works on 17763. You can see that if you click RMB on Docker Desktop tray icon and "About Docker Desktop" there
2. You can do absolutely the same procedure with Docker Desktop 3.6.x, Docker Desktop 3.5.x and possibly older (I just didn't try them). The key for switching to Windows Containers when you don't have working Hyper-V is to prevent Docker Desktop from closing by avoiding clicking on its popup windows until you use "Switch to Windows Containers" tray icon menu.
3. There's nothing special about Windows 17763, I have successfully did the same trick on 20H2

[thejohnfreeman]

I understand that worked on your machine. It did not work on my machine. Who can explain that? What you are calling "the trick" is what I have been doing since the beginning.

[MoctezumaDev]

Is there any news regarding this? I work using Unity3d and for some reason the licens activation doensn't work with Hyper-V active so I'm force to run without Hyper-V active. So far I have been able to do it by using Docker-CE from Moby but I'm not able to work by using the current version of Docker Desktop.