Containerization — also called container-based virtualization and application containerization — is an OS-level virtualization method for deploying and running distributed applications without launching an entire VM for each application. Instead, multiple isolated systems, called containers, are run on a single control host and access a single kernel.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Because containers share the same OS kernel as the host, containers can be more efficient than VMs, which require separate OS instances.
Containers hold the components necessary to run the desired software, such as files, environment variables and libraries. The host OS also constrains the container’s access to physical resources — such as CPU and memory — so a single container cannot consume all of a host’s physical resources.
Advantages of containerization
Containerization gained prominence with the open source Docker, which developed a method to give containers better portability — allowing them to be moved among any system that shares the host OS type without requiring code changes. With Docker containers, there are no guest OS environment variables or library dependencies to manage.
Proponents of containerization point to gains in efficiency for memory, CPU and storage as key benefits of this approach, compared with traditional virtualization. Because containers do not have the overhead required by VMs — separate OS instances — it is possible to support many more containers on the same infrastructure. As such, containerization improves performance because there is just one OS taking care of hardware calls.
A major factor in the interest in containers is they can be created much faster than hypervisor-based instances. This makes for a much more agile environment and facilitates new approaches, such as microservices and continuous integration and delivery.
Disadvantages of containerization
A potential drawback of containerization is lack of isolation from the host OS. Because containers share a host OS, security threats have easier access to the entire system when compared with hypervisor-based virtualization. One approach to addressing this security concern has been to create containers from within an OS running on a VM. This approach ensures if a security breach occurs at the container level, the attacker can only gain access to that VM’s OS, not other VMs or the physical host.
Another minor disadvantage of containerization is each container must use the same OS as the base OS, whereas hypervisor instances can each run unique OSes. For example, a container created on a Linux-based host could not run an instance of the Windows Server operating system or applications designed to run on Windows Server.
In addition to Docker, CoreOS released a streamlined alternative, called Rocket. And Canonical, developers of the Ubuntu Linux-based OS, announced the LXD containerization engine for Ubuntu, which will also be integrated with OpenStack. Microsoft also partnered with Docker to create Windows Server containers and Hyper-V containers.