Docker Support in CBFS Connect 2022

CBFS Connect 2022 adds support for creating virtual drives in Docker containers running on Windows in Process Isolation mode.

Isolation Modes and Windows Containers

Docker containers on Windows run in two isolation modes: process isolation and Hyper-V. These isolation modes are similar in that containers do not share resources with one another, but they differ in how much interaction the containers have with the host kernel.

Process isolation containers share their kernel with the host system, and allows for the isolation boundary to be pierced upon a user request. Process isolation is enabled by setting docker run --isolation=process.

Containers running in Hyper-V isolation mode do not share a kernel with the host, the isolation boundary cannot be pierced, so Hyper-V isolation mode is not supported. If your run command is similar to docker run --isolation=hyperv, you are using an unsupported mode.

The CBFS Connect drivers are installed only on the host, and therefore containers running in Hyper-V isolation are incompatible with CBFS Connect since the kernel drivers cannot be shared between the container and the host.

CFBS Connect and Containers

CBFS Connect supports creation of virtual drives both in the container and on the host using any data source, including remote files, dynamic content or database records. The mount points for these virtual drives can be a drive letter, an NTFS folder, or a UNC share (see the "Mounting Points" general topic in the documentation for your preferred language edition).

An application running in the container can create a drive accessible only in that container. The virtual drive can then be shared for network access and be accessible from the host or other containers. An application that runs on the host can create mounting points accessible on the host or in a specific container. In all cases, it is the kernel-mode driver in the host that controls and manages the virtual drive, but the Silo mechanism, used by Windows and Docker to provide in-process isolation of containers, prevents access to the virtual drive from unintended environments (the host and other containers).

We appreciate your feedback. If you have any questions, comments, or suggestions about this article please contact our support team at