containerization (container-based virtualization)

This definition is part of our Essential Guide: An IT pro's survival guide for multicloud computing

Containerization -- also called container-based virtualization and application containerization -- is an OS-level virtualization method for deploying and running distributed applications without launching an entire VM for each application. Instead, multiple isolated systems, called containers, are run on a single control host and access a single kernel.

Because containers share the same OS kernel as the host, containers can be more efficient than VMs, which require separate OS instances.

Containers hold the components necessary to run the desired software, such as files, environment variables and libraries. The host OS also constrains the container's access to physical resources -- such as CPU and memory -- so a single container cannot consume all of a host's physical resources.

Advantages of containerization

Containerization gained prominence with the open source Docker, which developed a method to give containers better portability -- allowing them to be moved among any system that shares the host OS type without requiring code changes. With Docker containers, there are no guest OS environment variables or library dependencies to manage.

Proponents of containerization point to gains in efficiency for memory, CPU and storage as key benefits of this approach, compared with traditional virtualization. Because containers do not have the overhead required by VMs -- separate OS instances -- it is possible to support many more containers on the same infrastructure. As such, containerization improves performance because there is just one OS taking care of hardware calls.

A major factor in the interest in containers is they can be created much faster than hypervisor-based instances. This makes for a much more agile environment and facilitates new approaches, such as microservices and continuous integration and delivery.

Containers vs. VMs
VMs take up more space because they need a guest operating system to run. Containers don't consume as much space because each container shares the host's operating system.

Disadvantages of containerization

A potential drawback of containerization is lack of isolation from the host OS. Because containers share a host OS, security threats have easier access to the entire system when compared with hypervisor-based virtualization. One approach to addressing this security concern has been to create containers from within an OS running on a VM. This approach ensures if a security breach occurs at the container level, the attacker can only gain access to that VM's OS, not other VMs or the physical host.

Another minor disadvantage of containerization is each container must use the same OS as the base OS, whereas hypervisor instances can each run unique OSes. For example, a container created on a Linux-based host could not run an instance of the Windows Server operating system or applications designed to run on Windows Server. 


In addition to Docker, CoreOS released a streamlined alternative, called Rocket. And Canonical, developers of the Ubuntu Linux-based OS, announced the LXD containerization engine for Ubuntu, which will also be integrated with OpenStack. Microsoft also partnered with Docker to create Windows Server containers and Hyper-V containers.

This was last updated in November 2016

Continue Reading About containerization (container-based virtualization)

Join the conversation


Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How has containerization affected your data center?
What's the term "Overhead" means in vitualization?
As i'm a newbie, so please explain? :)
Hi dave20, great question. In this case, overhead refers to the CPU, memory and disk resources associated with running multiple copies of an operating system. For example, since containers on the same physical server all share the same operating system kernel, you don't need to run multiple copies of the operating system on the same physical server. This reduces the CPU, memory and disk resources that would otherwise be used by multiple copies of the operating system.
If multiple containers are run on top of a single Host OS and share the kernel then if I was to run a container app which required a significant amount of resource allocation along with other container apps that do not require as much, will I be exhausting the system or starving my other apps? I am learning about containerization right now, so please help me understand.
Good question, utsa2016. The quick answer is that it depends, and that it falls on the server/virtualization admin to make sure they only deploy apps that the underlying hardware can support. Let me expand. In this case, I'll use Linux containers (LXC) as an example, but the underlying theory applies to other container platforms. Within the Linux kernel, cgroups feature allows an admin to isolate, limit and prioritize resources for certain processes. Linux containers rely on the cgroups feature to isolate and limit the resource access of containers. Therefore, applications within containers only have access to the resources you allocate. If all containers on a host are properly sized and limited (based on application needs), no application should be starved at the expense of another. So, in the case of your application that requires significant resources, you should calculate whether the physical host has enough resources to support the sum of the resources required by all containers on the host. Then, by limiting each container's access to only the resources you need, you should be able to avoid any performance problems associated with resource contention.
I am new to virtualization and containers, i want to know if there is any way to make the containers fail safe. what i mean is that if the server/machine running the Container fails will be able to transfer the container to a different server/machine automatically, such is possible in hypervisor based system(through the management software).


File Extensions and File Formats

Powered by: