What is containerization and how does it work or differ from existing virtual machines?
A virtual machine mimics a complete server. In a typical virtualized server, each VM "guest" includes a complete operating system along with any drivers, binaries or libraries, and then the actual application. Each VM then runs atop a hypervisor, which itself runs on a host operating system and in turn operates the physical server hardware. It's a tried-and-true approach, but it's also easy to see how each iteration of the guest operating system and supporting binaries can cause duplication between VMs; it wastes precious server memory, which limits the number of VMs that each server can support.
The concept of containerization basically allows virtual instances to share a single host operating system and relevant binaries, libraries or drivers. This approach reduces wasted resources because each container only holds the application and related binaries or libraries. Containers use the same host operating system (OS) repeatedly, instead of installing (and paying to license) an OS for each guest VM. This is often referred to as operating system-level virtualization. The role of a hypervisor is instead handled by a containerization engine, like Docker, which installs atop the host operating system.
Since each application's container is free of OS overhead, the container is notably smaller, easier to migrate or download, faster to backup or restore and requires less memory. Containerization allows the server to potentially host far more containers than it could virtual machines. The difference in utilization can be dramatic, and it is possible to fit anywhere from 10 to 100 times the number of container instances on a given server (compared to the number of VM-based application instances).
A containerized environment, such as Docker, works as a series of layers, starting with a base image composed of an OS and application, including Linux, Apache and a custom web application. Updates and modifications can be applied through additional layers to create new images, and then the desired image can be used to launch containers that can also be stopped, migrated and removed as-needed. By isolating containers from each other, containerization can provide security for applications and prevent malware from proliferating across instances.
Cloud app containerization: Is it right for you?
Explore the link between containers and mobile data protection
Create a secure container checklist
Dig Deeper on Application virtualization
Related Q&A from Stephen J. Bigelow
Regression tests and UAT ensure software quality and both require a sizeable investment. Learn when and how to perform each one, and some tips to get... Continue Reading
Learn the meaning of functional vs. nonfunctional requirements in software engineering, with helpful examples. Then, see how to write both and build ... Continue Reading
Just because software passes functional tests doesn't mean it works. Dig into stress, load, endurance and other performance tests, and their ... Continue Reading