Brian Jackson - Fotolia
How does the operating system relate to container resilience, scalability and vulnerability?
Containers are uniquely dependent on the underlying host OS, and every container on a given system will share the same OS kernel which is usually a version of Linux. Thus, containers present the enterprise with special benefits and vulnerabilities.
Since all containers on a server share the same host OS, there is no need to install an OS in each container (the way that each virtual machine needs a separate OS). This can dramatically reduce the OS license costs for container deployments. It also significantly reduces the computing resources required for each OS iteration -- instead of 10 OS installations for 10 VMs, a similar system with perhaps 30 container instances might only need to allocate CPU, memory and storage for the one host OS.
But every container on the system is also completely dependent on the single OS. If the OS crashes, all of the containers on that system can also be effectively disabled. In addition, a malware attack on the OS (or from a container down into the OS) can propagate to other containers and spread the attack in an uncontrolled manner. This is fundamentally different than the behaviors of VMs which are largely isolated and immune from such dependencies. Heavy access to the single operating system's I/O subsystems can also result in container performance degradation when too many container instances vie for OS attention at the same time.
Container migration options can also be limited. Since container workloads all share the same OS kernel, a container can only be migrated to another system with a compatible OS kernel. For example, a Linux container cannot be migrated to a system running Windows Server. This isn't a big issue when there is plenty of computing capacity across systems all running the same OS. But it can be a problem when the container system's host OS is only a small minority in the environment (such as a handful of containerized SUSE Linux systems running in a primarily Windows Server 2012 data center).
How containers fit into the cloud
Is container technology a right fit for me?
Dig Deeper on Application virtualization
Related Q&A from Stephen J. Bigelow
Containers have rapidly come into focus as a popular option for deploying applications, but they have limitations and are fundamentally different ... Continue Reading
ALM and SDLC both cover much of the same ground, such as development, testing and deployment. Where these lifecycle concepts differ is the scope of ... Continue Reading
Eliciting performance requirements from business end users necessitates a clearly defined scope and the right set of questions. Expert Mary Gorman ... Continue Reading