Brian Jackson - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Weighing the pros and cons of application containers

There are several potential advantages to using containers, but don't jump right in without considering the potential challenges it can introduce.

One of the big trends that's going on in the world of virtualization right now is containerization. Containerization makes it possible to virtualize applications rather than virtualizing operating systems (as is done with virtual servers).

Those who wish to containerize their applications have a number of different choices. Docker is probably the best known container platform, but other vendors such as Citrix also support containers. Even Microsoft is getting into the container game in the next Windows Server release.

The reason why containers have become so popular is because they offer benefits that cannot be matched by virtual servers. Like any other technology, however, application containers have their good and bad points. While there are definite advantages to using containers, there are also some negative aspects that must be considered. Obviously these issues vary from one vendor's solution to another, but there are some general pros and cons that seem to apply to most container platforms.

In order to understand the benefits that are provided by application containers, you must have a general understanding of how containers work. Containers essentially provide isolation boundaries for applications. If a single server (or VM) were running multiple applications, then those applications share the operating system resources. If someone were to hack an application, the hack could potentially be used to take control of other applications running on the same server, and possibly even the server operating system.

It isn't just security breaches that are a concern to administrators. If an application were to consume an excessive amount of CPU resources, or if a buggy application were to have a memory leak, then the application's use of resources would likely impact any other applications running on the server.

The way that administrators commonly avoid such problems today is through the use of server virtualization. By hosting each application within its own VM, the administrator creates an isolation boundary between applications. This approach works well, but it does have its drawbacks. Running each application on a separate VM can lead to VM sprawl. Furthermore, because each VM has its own operating system, VM sprawl can lead to high licensing costs (for operating systems, antivirus applications, backup applications, etc.) and inefficient use of hardware resources.

Containers create an isolation boundary at the application level. This means that multiple applications can reside on a single operating system without those applications being able to interfere with one another.

The benefits provided by application containers are relatively straightforward. Since you no longer need to create a separate VM for each application, there are fewer VMs to manage. Furthermore, hardware resources are used more efficiently because there is no need to run a separate OS for each application, and because hardware resources are being used more efficiently there might also be a performance gain.

Depending on which containerization solution you are using, containers might also make applications portable. This portability means that VM lifecycle management and application lifecycle management can be handled separately, which can make life easier.

Of course, application containers also have their disadvantage. The disadvantage that seems to be mentioned most often is the difficulty in setting up and managing containers. There are numerous documented cases of Windows administrators becoming frustrated or confused when trying to set up Docker containers because Docker is a Linux-based solution. However, Docker can have a significant learning curve even for those with Linux experience.

In spite of the learning curve, the biggest disadvantage to using containers might be security. Containers are designed to keep applications isolated from one another, but remember that containerized applications running on a server share a common operating system. As such, the operating system (or the containerization engine) can become a vulnerability. What happens for instance, if a hacker were to launch a denial of service attack against the server's operating system? That attack could lead to an outage of multiple applications. Similarly, what happens if the operating system crashes due to a kernel-level failure?

There might also be issues with some older applications. At one time, developers built applications with the assumption that the application would have root level access to the operating system. If such an application were to be containerized, it might fail to work, or it might put the server's operating system at risk. The actual outcome depends heavily on the product that is being used. Some containerization products can handle such applications, but others cannot without risking security.

As you can see, application containers have their advantages and disadvantages. Over time, containers will likely become more secure and easier to use, just as server virtualization also improved as it matured.

Next Steps

Is Docker resurrecting containers in time to kill VMs?

Containers and VMs can work together

Containers bring new levels of efficiency

Docker container technology leading the way in cloud

Are containers right for your business?

Do application containers ease cloud management?

Dig Deeper on Application virtualization