‘Microsoft and Linux’ should be a phrase we’re used to hearing by now. Microsoft is a member of not only the Linux Foundation but also the Linux kernel security mailing list (a rather more select community). Microsoft is submitting patches to the Linux kernel “to create a complete virtualisation stack with Linux and Microsoft hypervisor”. And when Microsoft wanted to add container support to Windows, it picked an open-source specification designed originally for Linux rather than the internal Windows-centric implementation it had already written.
Now Azure customers get the same hybrid benefits for Linux support contracts as they do for Windows Server licences; Windows runs Linux binaries; some key Microsoft applications are available on Linux; and new services might be built with Linux. That’s not just the obvious ones like the Azure Kubernetes Service: Microsoft Tunnel — the VPN replacement for iOS and Android apps connecting to corporate resources on-premises through Azure AD — installs as a Docker container on a Linux server.
SEE: Windows 10 Start menu hacks (TechRepublic Premium)
At the recent Azure Open Day, Kubernetes co-founder and Microsoft corporate vice-president Brendan Burns talked about Microsoft having a deep understanding of Linux and contributing to existing open-source projects based on Linux as well as founding new ones like Dapr (Distributed Application Runtime).
“Azure can provide best-in-class support for Linux and container infrastructure and I think this is because we have a deep understanding of what it takes to run Linux in a hyperscale cloud,” said Burns. “We have a deep understanding and engagement in both Linux and container communities. We contribute source code to all of these environments.”
In short, Microsoft ‘hearts’ Linux.
But forget the idea of throwing away the Windows kernel and replacing it with a Linux kernel, because Microsoft’s approach to Linux is far more pragmatic and comprehensive. Although the company is now thoroughly cross-platform, not every application will move to or take advantage of Linux. Instead, Microsoft adopts or supports Linux when the customers are there, or when it wants to take advantage of the ecosystem with open-source projects.
From cancer to cloud
Back in 2008, when Hyper-V was released, SUSE Linux Enterprise Server became the first non-Windows operating system officially supported (and ‘enlightened’ to improve performance) on Hyper-V — two years after Microsoft and Novell signed an agreement to work on interoperability and seven years after then-CEO Steve Ballmer infamously compared Linux licensing to “a cancer that attaches itself in an intellectual property sense to everything it touches”.
Microsoft was no doubt hoping to win over Linux users to the enterprise features in Windows Server, but customer support mattered too. In 2009, Microsoft and Red Hat announced that Microsoft would validate Red Hat Enterprise Linux on Windows Server 2008 and Hyper-V, Red Hat would validate Windows Server guests virtualised on Linux, and the companies would offer joint technical support to enterprise customers using the two operating systems together.
Over time, Linux support at Microsoft became rather more enthusiastic, if no less pragmatic: .NET had to go open source and cross-platform or it was going to lose its customer base; that also meant becoming a modular, agile project built on GitHub with the community, rather than a framework that shipped once every three to five years with a new version of Windows.
Linux workloads on Azure began to outpace Windows Server VMs, both for customer’s own applications and for apps from ISVs. “If you look at the images that we have on Azure Marketplace, sixty percent of them are based on Linux,” Talal Alqinawi, senior director in Azure marketing, told TechRepublic recently. “We support some of the largest enterprise workloads in Azure — like SAP, for example — and they are almost completely run on Linux today.”
As a result, Microsoft began working with distros like Red Hat and Ubuntu to tune the Linux kernel for Azure; and if customers run into bugs in Linux when it’s running on Azure, Microsoft will work on the bug and contribute code to fix problems (or just to make workloads like SAP run better).
Similarly, bringing SQL Server to Linux in 2016 meant that Microsoft could carry on competing with Oracle for database customers who didn’t want to move to Windows Server because they’d invested in containerisation and DevOps. In 2017, Tony Petrossian, then in the Microsoft database systems group, told us: “Apart from all the obvious reasons — that people are using Linux — one of the big motivators for us was that a lot of the container and private cloud technologies are built on Linux infrastructure and we wanted SQL Server to be part of that ecosystem.”
By the time PowerShell became a cross-platform, open-source project in 2018, Jeffrey Snover (creator of PowerShell and then the chief architect for Azure infrastructure) could say quite sincerely: “The company is becoming a cross-OS company; I like to say ‘the sea refuses no river’ and we want to be the company for everybody, no matter what platform you’re using.”
Linux support is important for hybrid cloud with Kubernetes, for edge computing with containers, and for IoT devices that often don’t have the resources to run Windows. Although Windows has become modular over the years, and stripping the GUI out of Nano Server makes it a much smaller image than full Windows Server, a custom Linux build can be smaller still.
When Microsoft started work on Azure Sphere as a secure, updateable IoT platform in 2015, it wasn’t surprising that Azure Sphere OS combined security innovations Microsoft had first used in Windows with a custom Linux kernel rather than an IoT version of Windows. At the time, Azure was already building SONiC, the network OS based on Microsoft’s Switch Abstraction Interface (SAI) specification and Debian.
Microsoft’s buying power meant it could ask network hardware suppliers to support SONiC so that all the network hardware it bought for Azure would run the NOS (which makes SONiC support widespread enough that advanced enterprises can start adopting it themselves). And making it open source and submitting it to the Open Compute Project meant that hardware vendors and other cloud providers like Alibaba and (even before the acquisition) LinkedIn could contribute improvements.
Microsoft also used a custom Linux kernel for the Azure Open Network Emulator (originally called CrystalNet), a system that runs both containers and VMs to emulate the entire Azure network for testing network changes before they’re made.
The Linux Systems Group at Microsoft also created an internal Linux distribution, CBL-Mariner, designed for IaaS; (it stands for Common Base Linux). It’s used for running the Azure Kubernetes Service on Azure Stack HCI — but again, it’s not a general Linux distribution like Ubuntu.
The same group creates the Linux kernel used for WSL2, the Windows Subsystem for Linux that puts a Linux kernel in Windows so you can run Linux binaries. That’s to make developers’ lives easier, because so many tools and frameworks assume developers are using Linux — and even though Visual Studio Code is available on Linux, Microsoft has spent the past few years working on wooing developers onto Windows.
“We’re really trying to meet developers where they’re at in terms of what they can do,” Andrew Clinick from the Windows developer platform team told TechRepublic. WSL started out as a way of accessing Linux command-line tools, but developers wanted more than that. “So now you can run GUI apps, and you can run, essentially, what you would expect from Linux, so you can run all your workflows,” said Clinick. “We’re trying to provide you a complete solution so that it’s not, ‘oh, I guess I can run some Linux on Windows’. We want to make Windows the best place for you to be able to build any application. WSL is part of that, as Linux integration with Azure. No matter where your code is running, you can create it on Windows and you can utilise it on Windows — and obviously in the cloud.”
At the launch of .NET 5, the Visual Studio team explained the value of WSL 2 for developers in very pragmatic terms. “For a Windows .NET user targeting Linux, WSL 2 lives in a sweet spot between production realism and productivity”. Debugging in a remote Linux environment or container means the code is running where it will run in production, but debugging locally in WSL is faster and more convenient.
Microsoft seems to have taken some convincing to create a Teams client for Linux — the first Microsoft 365 app to come to Linux — instead of telling customers to use the web client. Customers who had staff using Windows, Mac, iOS, Android and Linux could get everyone except the developers and admins working on Linux devices on the same collaboration platform, and over 9,000 requests on User Voice and unofficial Linux clients for Teams showed there was a clear customer demand. The status of the Linux Teams client bounced from ‘working on it’ to ‘declined’ to ‘under review’ to ‘on the backlog’ before it was confirmed.
That back-and-forth is a reminder that Microsoft’s relationship with Linux is a journey: internal developers have become increasingly comfortable working with Linux and playing key roles in open-source communities, but product teams still need to think about business models and resource allocation. Developers and infrastructure are the areas where these decisions seem to be clearest for Microsoft.
Just as organisations want all their staff talking on the same platform, attackers looking for targets as they move around inside a network don’t care if an application server is running Windows or Linux. So bringing the various Defender security tools to Linux is much like bringing them to macOS, iOS and Android to offer customers a comprehensive endpoint solution.
“With Microsoft Defender, we’ve delivered Linux support over the last year or so, we’re completing our work on Android and we have a preview for iOS,” general manager for Microsoft security Andrew Conway told us.
“And then if you look at the Azure Defender components on the Azure platform side, the team has been utilising Azure Arc to extend all of the Azure defender protections, not just across assets in Azure but also assets that would live in hybrid clouds and GCP and AWS, and so on, ” Conway added. “It’s absolutely part of our cross-platform and cross-cloud approach to delivering security for all workloads.”
When the idea of bringing the new Chromium-based Edge browser to Linux first came up, the question for the Edge team was whether the people saying ‘Microsoft should bring Edge to Linux’ wanted to use Edge on Linux or whether they wanted Microsoft to prove something about making Edge cross-platform. While the enthusiasts who were vocal about asking for Edge on Linux are one part of the target audience, developers were a big part of the decision, technical program manager Sean Larkin explained in a session at Ignite this year.
“We know that Linux has a huge market share for CI/CD and automation and browser automation, so we wanted to be able to give you the ability to test on any browser across any system and any platform so that you could have a consistent experience, whether it be your test running, your test failing or having your automation tools working as seamless as possible,” said Larkin.
Hyper-V on Linux?
Hyper-V has been able to virtualise Linux for a long time, and making it work well used to explain Microsoft’s significant contributions to the Linux kernel, because having Hyper-V support in the kernel meant it would be in every Linux distro. But why is Microsoft offering to make Hyper-V run with Linux rather than Windows Server as the host?
Ben Armstrong, one of the veteran Hyper-V developers at Microsoft, gave us a cautious answer: “While we were developing Windows 8, we dedicated resources to take Hyper-V (which until that point in time had been exclusively a Windows Server offering) and bring it over to Windows Client. Enabling Hyper-V on Windows 8 allowed us to implement VBS, VSM, Credential Guard and more in Windows 10 — and more.”
“That is where we are at with the recent Linux kernel contributions to enable Hyper-V to utilize Linux as the root partition. We want to be ready to support this configuration quickly if a business need arises,” Armstrong added.
Microsoft isn’t saying what the business opportunity here might be. But it’s more likely to involve enabling hybrid cloud or Kubernetes support with services like Azure Stack HCI (or even being ready to compete with Apple if it makes another play for the server market using Arm silicon) than throwing away the Windows kernel, where it’s still investing deeply, from security improvements to making low-level changes to optimise the performance of APIs that virtual machines rely on.