VMs and containers have disadvantages that can make workload creation and management a difficult process. Micro VMs provide admins with the best characteristics of both.
Essentially, a micro VM is a container architecture that provides VM isolation for each instance. Ideally, this enables admins to deploy a large number of micro VMs quickly and efficiently, while ensuring the logical isolation and security of each instance. Consider typical VMs and containers. Each has their own drawbacks, but when combined, offset those disadvantages and boost the benefits when integrated into workloads.
VMs provide isolation but consume large amounts of resources
VMs run on an underlying hypervisor and provide exceptional logical isolation. VMs don't share each other's memory space and aren't even aware of the presence of other VMs on a host server. Each VM can support its own guest OS, enabling a virtualized server to run many different OS types and versions.
However, VMs can be large, resource-intensive virtual constructs that can take several minutes to deploy. Most servers can host only a handful of VMs. Each VM needs its own OS, and this can result in unnecessary duplication of resources. For example, 10 VMs running Windows Server workloads would need 10 Windows Server licenses, such as Windows Server 2019. So, VMs can be costly to deploy.
Containers are small but susceptible to malicious attacks
By comparison, containers are small virtual constructs that run atop a container engine, such as Docker, and require relatively little compute resources. This enables many -- perhaps hundreds of -- containers to deploy in a matter of seconds and coexist on the same server.
A big part of this efficiency is the use of a common OS -- every container shares the same OS kernel -- which is usually some version of Linux. Containers include all of the dependencies needed to operate, enabling a container to easily deploy across many host systems. However, the common OS poses potential security and stability risks. Any security or functional flaw in the OS will potentially affect all of the containers running on that OS.
Micro VMs offer both isolation and security
Micro VMs promise the best of both worlds. A micro VM environment starts with standard server hardware, and runs a host OS, such as Linux, to supply the KVM needed for micro VMs. A micro VM engine, such as Firecracker, runs atop the OS, acting as the hypervisor -- or engine -- that supplies an API, network, storage and management tools needed to operate each micro VM.
Once running, the micro VM engine will create completely isolated virtual instances that can run a guest OS and a container-type workload. The instances are small, isolated and admins can quickly create them in large volumes.
Dig Deeper on Server virtualization infrastructure and architecture
Related Q&A from Stephen J. Bigelow
VMware vCC enables organizations to move workloads, such as VMs, templates and vApps, between clouds by extending the data center, synchronizing ... Continue Reading
IT professionals should learn how they can enable Windows Defender Device Guard to take advantage of the numerous security features it offers for ... Continue Reading
Full virtualization and paravirtualization both enable hardware resource abstraction, but the two technologies differ when it comes to isolation ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.