It's possible to run a container in a VM using nested virtualization, but this added complexity can lead to problems...
in the virtual environment, such as instance incompatibility.
Containers are a form of virtualization that bear some similarities to traditional hypervisor-based VMs, but they differ in some key respects. The principal difference between containers and VMs is that VMs operate in complete isolation from one another; each VM requires a separate and complete suite of OSes and drivers. This means VMs tend to be large, resource-heavy instances.
By comparison, containers share a common underlying OS kernel, which offers weaker isolation, but results in far smaller, more resource-lean instances that can start and stop faster.
Containers are usually regarded as the more flexible and scalable virtual instance type. Ultimately, container platforms such as Docker provide the native virtualization used by containers.
Running a container in a VM
Hypervisors and container platforms aren't mutually exclusive, and it's entirely possible to run VMs and containers simultaneously on the same host system. Similarly, it's also possible to install a container platform and run a container in a VM instance -- a scenario called nested virtualization. For example, it's entirely possible to install Linux and Docker on a Windows Server Hyper-V VM and run Linux containers in that VM.
But there are always exceptions to every rule, and emerging container platforms such as Docker for Windows are known to pose some potential problems when run in certain VMs, such as Parallels running on a Windows 10 computer or VMware Fusion running on a Mac. These hypervisors virtualize hardware differently than Microsoft Hyper-V, which is used on enterprise-class platforms such as Windows Server 2016, and the resulting differences can lead to intermittent faults that are sometimes difficult to predict.
Although it should be perfectly acceptable to run a container in a VM using enterprise-grade platforms, such as Docker under a Hyper-V VM, it's generally best practice to run the container platform natively on endpoint computer systems, such as PCs. For example, admins could run Docker for Windows natively on the Windows system or Docker for Mac on the Mac system.
If nested virtualization must be used on endpoint computer systems, ensure that nested virtualization is enabled, that you provision adequate system resources to operate the workload, and that you install all the current OS patches and updates. Older processors might be more sensitive to nested virtualization performance than the latest processors, which provide more hardware virtualization capabilities.
Dig Deeper on Application virtualization
Related Q&A from Stephen J. Bigelow
Microsoft Hyper-V on Windows comes with advanced protection schemes, including several virtualization-based security features the company introduced ... Continue Reading
The BitLocker encryption technology continues to evolve from its roots as a Windows Vista feature to protect resources both in the local data center ... Continue Reading
Some enterprises avoid the public cloud due to its multi-tenant nature and data security concerns. Learn what data separation is and how it can keep ... Continue Reading