Get started Bring yourself up to speed with our introductory content.

Container vs. VM: What's the difference?

Containers have rapidly come into focus as an option for deploying applications, but they have limitations and are fundamentally different from VMs.

Virtualization has changed the face of modern computing, improving system utilization, decoupling applications...

from the underlying hardware, and enhancing workload mobility and protection. But hypervisors and virtual machines are just one approach to virtual workload deployment. Container virtualization is quickly emerging as an efficient and reliable alternative to traditional virtualization, providing new features and new concerns for data center professionals.

The difference between a container versus a VM is primarily in the location of the virtualization layer and the way that operating system resources are used.

VMs rely on a hypervisor which is normally installed atop the actual bare-metal system hardware. This has led to hypervisors being perceived as OSes in their own right. Once the hypervisor layer is installed, VM instances can be provisioned from the system's available computing resources. Each VM can then receive its own unique operating system and workload (application).

Container vs. VM: The main difference is structure

Often, the first VM is the host VM used for system management workloads such as Microsoft System Center. Subsequent VMs may contain other enterprise workloads such as database, ERP, CRM, email server, media server, web server or other business applications. VMs are fully isolated from one another -- no VM is aware of, or relies on, the presence of another VM on the same system -- and malware, application crashes and other problems impact only the affected VM. VMs can be migrated from one virtualized system to another without regard for the system's hardware or operating systems.

Is the container vs. VM debate over?

Some users are converging containers and VMs to take advantage of the performance containers provide and the security that VMs offer. By packaging a container within a VM, you're getting another abstraction layer, which improves security by preventing a kernel breakout from affecting multiple containers.

The container environment is arranged differently. With containers, a host operating system is installed on the system first, and then a container layer -- such as LXC or libcontainer -- is installed atop the host OS which is usually a Linux variant. Once the container layer is installed, container instances can be provisioned from the system's available computing resources and enterprise applications can be deployed within the containers. However, every containerized application shares the same underlying operating system -- the single host OS.

Container vs. VM: Containers are resource efficient but can present problems

Containers are regarded as more resource-efficient than VMs because the additional resources needed for each OS is eliminated -- the resulting instances are smaller and faster to create or migrate. This means a single system can potentially host far more containers than VMs. Cloud providers are particularly enthusiastic about containers because far more container instances can be deployed across the same hardware investment. However, the single OS presents a single point of failure for all of the containers that use it. For example, a malware attack or crash of the host OS can disable or impact all of the containers. In addition, containers are easy to migrate, but can only be migrated to other servers with compatible operating system kernels -- potentially limiting migration options.

Compare containers and virtual machines
VMs take up more space than containers because they need a guest operating system to run. Each container shares the host's operating system. Some users deploy containers within VMs to improve container security.

From a practical perspective, a container and a VM can coexist in the same data center environment, so the two technologies are considered complementary -- expanding the available tool set of today's application architects and data center administrators in order to provide unique advantages for the most compatible workloads.

Next Steps

Docker leading the way with container technology

Making the case for container virtualization

How containers fit into the cloud picture

Prove your application container IQ 

This was last published in January 2017

Dig Deeper on Application virtualization

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Do the benefits of containers vs. VMs outweigh the risks?