Are Windows Server containers superior to Hyper-V containers?

Microsoft Windows Server 2016 introduced two types of containers: Windows Server containers that use native operating system-level features and Hyper-V containers that exist at the hypervisor level.

Windows Server containers provide superior performance because they are lighter weight. They are not dependent on a virtualization layer or the various layers of abstraction that come with it. Instead, they share the Windows Server OS kernel.

Hyper-V containers are slower, but offer better security because they don't share kernel components with the server's parent OS. Instead, they use Hyper-V virtual machines to host containers within dedicated namespaces. This means a Hyper-V container is likely to be physically larger than a comparable Windows Server container. Similarly, a Hyper-V container typically will not perform as well as a Windows Server container and may even consume more system resources.

So when should you use Windows Server containers vs. Hyper-V containers? A Windows Server container is best for general-purpose workloads, while a Hyper-V container is suitable for high-security environments. Hyper-V containers are most commonly associated with multi-tenant environments such as a public or private cloud. Windows Server containers could be risky in such environments because a tenant could potentially attempt to hack the kernel to gain access to other containers.