Welcome to Kenny-s Blog

containerization (container-based virtualization)

Containerization — also called container-based virtualization and application containerization — is an OS-level virtualization method for deploying and running distributed applications without launching an entire VM for each application. Instead, multiple isolated systems, called containers, are run on a single control host and access a single kernel.

Download this free guide

The virtual desktop migration—VDI vs. DaaS

Are you migrating towards a virtual desktop? Not sure whether or not you should host it in your data center (VDI) or in the cloud? Let our editors help. Compare and contrast VDI and DaaS pros, cons and use cases in this complimentary 17-page guide.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

Because containers share the same OS kernel as the host, containers can be more efficient than VMs, which require separate OS instances.

Containers hold the components necessary to run the desired software, such as files, environment variables and libraries. The host OS also constrains the container’s access to physical resources — such as CPU and memory — so a single container cannot consume all of a host’s physical resources.

Advantages of containerization

Containerization gained prominence with the open source Docker, which developed a method to give containers better portability — allowing them to be moved among any system that shares the host OS type without requiring code changes. With Docker containers, there are no guest OS environment variables or library dependencies to manage.

Proponents of containerization point to gains in efficiency for memory, CPU and storage as key benefits of this approach, compared with traditional virtualization. Because containers do not have the overhead required by VMs — separate OS instances — it is possible to support many more containers on the same infrastructure. As such, containerization improves performance because there is just one OS taking care of hardware calls.

A major factor in the interest in containers is they can be created much faster than hypervisor-based instances. This makes for a much more agile environment and facilitates new approaches, such as microservices and continuous integration and delivery.

Containers vs. VMs
VMs take up more space because they need a guest operating system to run. Containers don’t consume as much space because each container shares the host’s operating system.

Disadvantages of containerization

A potential drawback of containerization is lack of isolation from the host OS. Because containers share a host OS, security threats have easier access to the entire system when compared with hypervisor-based virtualization. One approach to addressing this security concern has been to create containers from within an OS running on a VM. This approach ensures if a security breach occurs at the container level, the attacker can only gain access to that VM’s OS, not other VMs or the physical host.

Another minor disadvantage of containerization is each container must use the same OS as the base OS, whereas hypervisor instances can each run unique OSes. For example, a container created on a Linux-based host could not run an instance of the Windows Server operating system or applications designed to run on Windows Server.

Implementation

In addition to Docker, CoreOS released a streamlined alternative, called Rocket. And Canonical, developers of the Ubuntu Linux-based OS, announced the LXD containerization engine for Ubuntu, which will also be integrated with OpenStack. Microsoft also partnered with Docker to create Windows Server containers and Hyper-V containers.

Have something to add? Share it in the comments.

Your email address will not be published. Required fields are marked *