With the release of windows Containers last year Microsoft have released an extra feature that added an extra layer of security to Windows Containers called Hyper-V Isolation.
The Hyper-V Isolation adds an extra protection to a Windows Containers by running the Container Inside a virtualization layer similar to a virtual machine which practice turns to the container to a virtual machine.
This added security guarantee that the Container’s kernel Is Isolated from the Container Host.
To run get Hyper-V Isolation to work we need to Install Hyper-V on the Container Host using the cmdlet below:
Add-WindowsFeature Hyper-V
If the Container Host Is a virtual Machine you will need to enable nested Virtualization on the Host before Installing Hyper-V:
How To Enable Nested Virtualization Windows Server 2016 RTM Or Windows 10 1607
To create a Hyper-V Container on a Windows Containers host use the command below:
docker run -it --isolation=hyperv microsoft/nanoserver cmd
It’s important to note that the entire management of Hyper-V Is done by the Windows Containers host and there Is no need to manage the Hyper-V host.