Sashkin - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How is containerization different from virtualization?

Containers and virtual machines both allow you to abstract the workload from the underlying hardware, but there are important differences in the two approaches that need to be taken into account.

What is containerization and how does it work or differ from existing virtual machines?

A virtual machine mimics a complete server. In a typical virtualized server, each VM "guest" includes a complete operating system along with any drivers, binaries or libraries, and then the actual application. Each VM then runs atop a hypervisor, which itself runs on a host operating system and in turn operates the physical server hardware. It's a tried-and-true approach, but it's also easy to see how each iteration of the guest operating system and supporting binaries can cause duplication between VMs; it wastes precious server memory, which limits the number of VMs that each server can support.

The concept of containerization basically allows virtual instances to share a single host operating system and relevant binaries, libraries or drivers. This approach reduces wasted resources because each container only holds the application and related binaries or libraries. Containers use the same host operating system (OS) repeatedly, instead of installing (and paying to license) an OS for each guest VM. This is often referred to as operating system-level virtualization. The role of a hypervisor is instead handled by a containerization engine, like Docker, which installs atop the host operating system.

Since each application's container is free of OS overhead, the container is notably smaller, easier to migrate or download, faster to backup or restore and requires less memory. Containerization allows the server to potentially host far more containers than it could virtual machines. The difference in utilization can be dramatic, and it is possible to fit anywhere from 10 to 100 times the number of container instances on a given server (compared to the number of VM-based application instances).

A containerized environment, such as Docker, works as a series of layers, starting with a base image composed of an OS and application, including Linux, Apache and a custom web application. Updates and modifications can be applied through additional layers to create new images, and then the desired image can be used to launch containers that can also be stopped, migrated and removed as-needed. By isolating containers from each other, containerization can provide security for applications and prevent malware from proliferating across instances.

Next Steps

Cloud app containerization: Is it right for you?

Explore the link between containers and mobile data protection

Create a secure container checklist

Dig Deeper on Application virtualization