Brian Jackson - Fotolia
How does the operating system relate to container resilience, scalability and vulnerability?
Containers are uniquely dependent on the underlying host OS, and every container on a given system will share the same OS kernel which is usually a version of Linux. Thus, containers present the enterprise with special benefits and vulnerabilities.
Since all containers on a server share the same host OS, there is no need to install an OS in each container (the way that each virtual machine needs a separate OS). This can dramatically reduce the OS license costs for container deployments. It also significantly reduces the computing resources required for each OS iteration -- instead of 10 OS installations for 10 VMs, a similar system with perhaps 30 container instances might only need to allocate CPU, memory and storage for the one host OS.
But every container on the system is also completely dependent on the single OS. If the OS crashes, all of the containers on that system can also be effectively disabled. In addition, a malware attack on the OS (or from a container down into the OS) can propagate to other containers and spread the attack in an uncontrolled manner. This is fundamentally different than the behaviors of VMs which are largely isolated and immune from such dependencies. Heavy access to the single operating system's I/O subsystems can also result in container performance degradation when too many container instances vie for OS attention at the same time.
Container migration options can also be limited. Since container workloads all share the same OS kernel, a container can only be migrated to another system with a compatible OS kernel. For example, a Linux container cannot be migrated to a system running Windows Server. This isn't a big issue when there is plenty of computing capacity across systems all running the same OS. But it can be a problem when the container system's host OS is only a small minority in the environment (such as a handful of containerized SUSE Linux systems running in a primarily Windows Server 2012 data center).
How containers fit into the cloud
Is container technology a right fit for me?
Dig Deeper on Application virtualization
Related Q&A from Stephen J. Bigelow
WET code leaves apps bogged down. Learn how to reduce the challenges brought on by code redundancy by programming based on the DRY principle. Continue Reading
A virtualization layer in an embedded system provides better efficiency for tasks such as network virtualization. Some examples of embedded ... Continue Reading
An embedded hypervisor offers several benefits, such as VM security, system reliability and improved hardware use, and is ideal for admins looking to... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.