How does the operating system relate to container resilience, scalability and vulnerability?
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Containers are uniquely dependent on the underlying host OS, and every container on a given system will share the same OS kernel which is usually a version of Linux. Thus, containers present the enterprise with special benefits and vulnerabilities.
Since all containers on a server share the same host OS, there is no need to install an OS in each container (the way that each virtual machine needs a separate OS). This can dramatically reduce the OS license costs for container deployments. It also significantly reduces the computing resources required for each OS iteration -- instead of 10 OS installations for 10 VMs, a similar system with perhaps 30 container instances might only need to allocate CPU, memory and storage for the one host OS.
But every container on the system is also completely dependent on the single OS. If the OS crashes, all of the containers on that system can also be effectively disabled. In addition, a malware attack on the OS (or from a container down into the OS) can propagate to other containers and spread the attack in an uncontrolled manner. This is fundamentally different than the behaviors of VMs which are largely isolated and immune from such dependencies. Heavy access to the single operating system's I/O subsystems can also result in container performance degradation when too many container instances vie for OS attention at the same time.
Container migration options can also be limited. Since container workloads all share the same OS kernel, a container can only be migrated to another system with a compatible OS kernel. For example, a Linux container cannot be migrated to a system running Windows Server. This isn't a big issue when there is plenty of computing capacity across systems all running the same OS. But it can be a problem when the container system's host OS is only a small minority in the environment (such as a handful of containerized SUSE Linux systems running in a primarily Windows Server 2012 data center).
How containers fit into the cloud
Is container technology a right fit for me?
Dig Deeper on Application virtualization
Related Q&A from Stephen J. Bigelow
One size does not fit all when administrators develop a protection policy for specific applications. Learn about the configuration options in System ...continue reading
Set up and operate a VM network using proven strategies to ensure security and performance. With a little planning, virtualization admins can avoid ...continue reading
Virtual switch security is achieved through a number of features. Virtualization admins can create and enforce policies, lock down MAC addresses and ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.