Virtualization has changed the face of modern computing, improving system utilization, decoupling applications...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
from the underlying hardware, and enhancing workload mobility and protection. But hypervisors and virtual machines are just one approach to virtual workload deployment. Container virtualization is quickly emerging as an efficient and reliable alternative to traditional virtualization, providing new features and new concerns for data center professionals.
The difference between a container versus a VM is primarily in the location of the virtualization layer and the way that operating system resources are used.
VMs rely on a hypervisor which is normally installed atop the actual bare-metal system hardware. This has led to hypervisors being perceived as OSes in their own right. Once the hypervisor layer is installed, VM instances can be provisioned from the system's available computing resources. Each VM can then receive its own unique operating system and workload (application).
Container vs. VM: The main difference is structure
Often, the first VM is the host VM used for system management workloads such as Microsoft System Center. Subsequent VMs may contain other enterprise workloads such as database, ERP, CRM, email server, media server, web server or other business applications. VMs are fully isolated from one another -- no VM is aware of, or relies on, the presence of another VM on the same system -- and malware, application crashes and other problems impact only the affected VM. VMs can be migrated from one virtualized system to another without regard for the system's hardware or operating systems.
Is the container vs. VM debate over?
Some users are converging containers and VMs to take advantage of the performance containers provide and the security that VMs offer. By packaging a container within a VM, you're getting another abstraction layer, which improves security by preventing a kernel breakout from affecting multiple containers.
The container environment is arranged differently. With containers, a host operating system is installed on the system first, and then a container layer -- such as LXC or libcontainer -- is installed atop the host OS which is usually a Linux variant. Once the container layer is installed, container instances can be provisioned from the system's available computing resources and enterprise applications can be deployed within the containers. However, every containerized application shares the same underlying operating system -- the single host OS.
Container vs. VM: Containers are resource efficient but can present problems
Containers are regarded as more resource-efficient than VMs because the additional resources needed for each OS is eliminated -- the resulting instances are smaller and faster to create or migrate. This means a single system can potentially host far more containers than VMs. Cloud providers are particularly enthusiastic about containers because far more container instances can be deployed across the same hardware investment. However, the single OS presents a single point of failure for all of the containers that use it. For example, a malware attack or crash of the host OS can disable or impact all of the containers. In addition, containers are easy to migrate, but can only be migrated to other servers with compatible operating system kernels -- potentially limiting migration options.
From a practical perspective, a container and a VM can coexist in the same data center environment, so the two technologies are considered complementary -- expanding the available tool set of today's application architects and data center administrators in order to provide unique advantages for the most compatible workloads.
Docker leading the way with container technology
Making the case for container virtualization
How containers fit into the cloud picture
Prove your application container IQ
Dig Deeper on Application virtualization
Related Q&A from Stephen J. Bigelow
VMware VIC security features, like isolation and user authentication, can improve enterprise container security so long as proper configuration and ...continue reading
VSphere Integrated Containers uses a combination of VIC engine, Project Harbor, Project Admiral and Photon OS to handle container provisioning, ...continue reading
OpenStack scheduled numerous hypervisors for deprecation in 2014's OpenStack Icehouse, but no others are scheduled for future releases, up to and ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.