Sergey Galushko - Fotolia
One of the primary advantages to application containers over virtual machines is the improved consolidation through the reduction of overhead. As an emulation of a physical device, each virtual machine runs its own copy of an operating system -- called the guest OS. In this case, overhead refers to the CPU, memory and disk resources associated with running multiple copies of an operating system on the same physical server. However, since containers on the same physical server all share the same operating system kernel -- the host OS -- you don't need to run multiple copies of the operating system on the same physical server. This reduces the CPU, memory and disk resources that would otherwise be used by multiple copies of the same guest OS.
But, even if containers may reduce overhead and improve consolidation, do application containers on the same host compete with each other for the physical resources? The quick answer is they shouldn't, but that it falls on the server or systems administrator to make sure they only deploy apps the underlying hardware can support. Let's use Linux containers as an example, but the underlying theory applies to other container platforms.
Within the Linux kernel, the cgroups (control groups) feature allows an administrator to isolate, limit and prioritize resources for certain processes. Linux containers rely on the cgroups feature to isolate and limit the resource access of containers. Therefore, applications within containers only have access to the resources you allocate. If all application containers on a host are properly sized and restricted to only the resources they need -- based on application needs -- no application should be starved at the expense of another.
Administrators looking to run multiple containers on the same server should calculate whether the physical host has enough resources to support the sum of the resources required by all application containers on the host. Then, by limiting each container's access to only the resources it needs, you should be able to avoid any performance problems associated with resource contention.
However, it's important to remember the isolation containers offer isn't as strong as the isolation that VMs provide. This is why some container platforms host containers within VMs to provide an additional level of isolation and better control.
Weighing the pros and cons of containers
The container technology showdown looms
Docker doesn't want to replace VMs
Dig Deeper on Introduction to virtualization and how-tos
Related Q&A from Nick Martin
Both vSphere Metro Storage Cluster and VMware Site Recovery Manager will help your organization limit downtime, but they work in very different ways. Continue Reading