Over the past couple of years, hypervisor-based virtualization has become a major trend in virtualization. It's...
not hard to understand why; it is flexible and allows you to install nearly any operating system. If you don't need many different operating systems running simultaneously, container-based virtualization is a good alternative and offers virtualization performance benefits.
The basic idea of container-based virtualization is to run a kernel, with several different virtual machines installed on top of it. In contrast to hypervisor-based virtualization, a virtual machine is not a complete operating system instance, but rather a partial instance of the operating system that works in a smart way with the virtualization layer in the host operating system kernel. Container-based virtualization is used mostly in Linux environments, and the two most important current products are the commercial Parallels Virtuozzo and the open source OpenVZ project.
Hypervisor virtualization vs. container-based virtaulization
The best way to understand container-based virtualization is to compare it with hypervisor-based virtualization. In hypervisor virtualization, a thin base layer is used to redirect all instructions coming from virtual machines to the underlying hardware layer. This base layer is a thin kernel with virtualization features onboard. In VMware ESX Server and Citrix Systems' XenServer, this is a Linux kernel, whereas Windows Hyper-V uses a Microsoft kernel for this purpose.
On top of the hypervisor, virtual machines (VMs) are created. In this model, a VM is a completely installed Os. In this model, the big challenge is to access hardware without virtualizing all drivers for the hardware beforehand. Techniques such as paravirtualization offer a way to do so. In full virtualization, however, all hardware must be virtualized first so that it can be assigned to a VM. The VM will run a complete copy of the operating system, as well as the application to be virtualized.
Container-based virtualization (which is also referred to as operating system virtualization) uses a different approach. The standard host operating system is at the base. When using Parallels Virtuozzo virtualization, this can be a Windows host as well as a Linux host. On top of that is the virtualization layer, which indeed runs as an application within the operating system. This virtualization layer offers a proprietary file system and kernel service abstraction layer, which ensure isolation of resources among all virtual machines, which are referred to as "containers." The virtualization layer makes sure that each container appears as a standalone server.
The big difference between OS-level virtualization and hypervisor-based virtualization is that container-based virtualization doesn't use complete virtual machines. Hence there isn't the overhead of running a completely installed operating system. With partial virtualization, the container runs as a well-isolated application within the host operating system. The virtualization layer ensures that it doesn't interfere with other containers and the container is represented as a virtual machine by itself. The advantage of this approach is that there is no need to duplicate functionality, such as hardware calls. There is just one operating system to take care of hardware access.
Container-based virtualization also avoids the traditional performance problems related to hardware access by means of driver virtualization. There is one disadvantage, though: When using containers, you don't have the flexibility to virtualize different operating systems. On the other hand, why would you want complex support for full hypervisor-based virtualization of a complete operating system when all you need is other instances of the same operating system that you already run as the host operating system?
The benefits of container-based virtualization
Compared with hypervisor-based virtualization, container-based virtualization offers a completely different approach to virtualization. Instead of virtualizing with a system in which there is a complete operating system installation, container-based virtualization isolates containers work from within a single OS. In cases where only one operating system is needed, the main benefits of container-based virtualization are that it doesn't duplicate functionality and improves performance.
About the author:
Sander van Vugt is an independent trainer and consultant living in the Netherlands. Van Vugt is an expert in Linux high availability, virtualization and performance and has completed several projects that implement all three. He is also the writer of various Linux-related books, such as Beginning the Linux Command Line, Beginning Ubuntu Server Administration and Pro Ubuntu Server Administration.