SANTA CLARA, CALIF. -- IT pros have grappled with the question of when to use containers and when to use virtual...
machines. For now at least, the answer is both.
Both virtual machines (VMs) and containers are forms of virtualization that allow multiple applications to make use of the same hardware, but they both have very different technical characteristics, advantages and disadvantages, as attendees learned here this week at Container World.
From an ease-of-use and automation standpoint, containers appear to have the leg up.
"Hands down, containers are much simpler," said James Bottomley, formerly CTO at server virtualization provider Odin, and a Linux kernel maintainer. "Problems with orchestration are just much more difficult with VMs."
Yet, there are times when VMs give you the control and security that you need, said Brenden Burns, senior staff engineer at Google, and the lead engineer on Kubernetes, Google's open source cluster manager for Docker containers. "Kernel tuning requires VMs," he said.
Overall, Google has done just fine without using VMs for its internal systems, he said, instead relying on containers and Borg, its internally developed container management system and the predecessor to Kubernetes. Only with the release of Google Compute Engine, the company's infrastructure as a service offering, has Google had to wade into the world of server virtualization.
In some cases, there's a strong incentive to use containers and VMs simultaneously, as part of the same system. Netflix, for instance, runs its entire infrastructure on VM-based Amazon Web Services, but layers containers on top for two reasons: to standardize the developer experience, and remove operational overhead, said Tim Bozarth, platform engineering manager at Netflix.
"Developers say, 'I want to have to specify what it means to run a process -- not think about how it fits into a one-size-fits-most VM,'" Bozarth said, resulting in "invisible infrastructure."
Standardizing on application containers as the packaging format also achieves consistent development and cloud deployment from the developer laptop all the way to production.
Meanwhile, ops teams don't want to manage clusters themselves.
"That is absolutely undifferentiated heavy lifting," Bozarth said. With containers, they can defer to cluster management systems to manage resource allocation and workload placement.
Together, those two benefits that Netflix derives from containers "is enough justification for us to go in and make this low-level change to our infrastructure," he said. That's before Netflix derives any sort of operational performance benefit from containers, thanks to their superior density.
"We pay Amazon a lot of money," he said. "It'd be nice to save a little bit -- but that's not the primary concern."
Another consideration is what kind of container to run -- application containers a la Docker, or operating system or machine containers such as Solaris Zones or FreeBSD Jails. Application containers generally contain just a single process, and are a great fit for stateless microservices-based applications. System containers, meanwhile, boot the entire OS and are often used to run stateful applications such as databases, said Dustin Kirkland, a member of the product and strategy team for Ubuntu, Canonical's Linux distro.
Whichever format an organization favors, it's a myth that containers will replace VMs, said Alex Polvi, CEO at CoreOS, maker of the Rocket container format and a Kubernetes-based container management system.
"That would be like saying that Puppet will replace VMs -- they're different things altogether," he said.
In the end, don't think about the technologies in a vacuum— think about your design goals, suggested Lachlan Evenson, team lead for cloud platform engineering at Lithium Technologies, which makes social collaboration software.
"It comes down to what problem you are trying to solve. If there's no problem, don't move it."
Alex Barrett is editor in chief of Modern Infrastructure. Contact her at email@example.com.
How containers fit in the cloud picture
Docking still leading the container charge