VMs and containers have disadvantages that can make workload creation and management a difficult process. Micro VMs provide admins with the best characteristics of both.
Essentially, a micro VM is a container architecture that provides VM isolation for each instance. Ideally, this enables admins to deploy a large number of micro VMs quickly and efficiently, while ensuring the logical isolation and security of each instance. Consider typical VMs and containers. Each has their own drawbacks, but when combined, offset those disadvantages and boost the benefits when integrated into workloads.
VMs provide isolation but consume large amounts of resources
VMs run on an underlying hypervisor and provide exceptional logical isolation. VMs don't share each other's memory space and aren't even aware of the presence of other VMs on a host server. Each VM can support its own guest OS, enabling a virtualized server to run many different OS types and versions.
However, VMs can be large, resource-intensive virtual constructs that can take several minutes to deploy. Most servers can host only a handful of VMs. Each VM needs its own OS, and this can result in unnecessary duplication of resources. For example, 10 VMs running Windows Server workloads would need 10 Windows Server licenses, such as Windows Server 2019. So, VMs can be costly to deploy.
Containers are small but susceptible to malicious attacks
By comparison, containers are small virtual constructs that run atop a container engine, such as Docker, and require relatively little compute resources. This enables many -- perhaps hundreds of -- containers to deploy in a matter of seconds and coexist on the same server.
A big part of this efficiency is the use of a common OS -- every container shares the same OS kernel -- which is usually some version of Linux. Containers include all of the dependencies needed to operate, enabling a container to easily deploy across many host systems. However, the common OS poses potential security and stability risks. Any security or functional flaw in the OS will potentially affect all of the containers running on that OS.
Micro VMs offer both isolation and security
Micro VMs promise the best of both worlds. A micro VM environment starts with standard server hardware, and runs a host OS, such as Linux, to supply the KVM needed for micro VMs. A micro VM engine, such as Firecracker, runs atop the OS, acting as the hypervisor -- or engine -- that supplies an API, network, storage and management tools needed to operate each micro VM.
Once running, the micro VM engine will create completely isolated virtual instances that can run a guest OS and a container-type workload. The instances are small, isolated and admins can quickly create them in large volumes.
Dig Deeper on Server virtualization infrastructure and architecture
Related Q&A from Stephen J. Bigelow
Learn how load balancing in the cloud differs from a traditional network traffic distribution, and explore services available from AWS, Google and ... Continue Reading
Access management is critical to securing the cloud. Understand the differences between AWS IAM roles and users to properly restrict access to AWS ... Continue Reading
Containers have rapidly come into focus as a popular option for deploying applications, but they have limitations and are fundamentally different ... Continue Reading