Containers, Virtual Machines

With the advent of virtualization, we’ve seen a number of new technologies emerge over time, each with different strengths and weaknesses. Given the complexity of choosing the right set of tools for your workload, you might find it hard to choose one or more visualization technologies to suit your needs. Some of the most prominent methods of virtualization are containers and virtual machines, each with their own strengths and weaknesses.

To help you understand the appropriate use case for these technologies, let’s have a look at their strengths and weaknesses and understand how either or both may fit into your development lifecycle. In this post, we will compare containers and virtual machines based on four key criteria—application portability, security and isolation, networking and management, and finally, DevOps adoption.

 2016-09-29_-_Jesse_W_-_Containers_vs._Virtual_Machines_Which_Is_a_Better_Fit_for_You.png

Application Portability

One of the main reasons for container adoption is the ability to make applications portable across the pipeline. Containers are much simpler than virtual machines when you need to run many instances of one app. Since containers provide an app with everything it requires to start and run, it can be used across a wide variety of environments, independently of the host OS, without Ops teams having to go through compatibility nightmares. Docker has also developed integrations with AWS and Microsoft Azure, making portability an even more viable option to go from on-premises to the cloud. But it’s a different story when it comes to running apps in production.

Security and Isolation

The ability of containers to share the host system’s OS also means they can have root permission to the host OS, which is a possible vulnerability that can be exploited. VMs on the other hand have always provided isolation from the host OS since they emulate a whole OS and the requirements of an app to run, offering tighter security. This can be fixed by setting up containers to have fewer permissions to mess around with. Another workaround certain users have found is to use containers inside VMs so that they get the benefits of containers with the security of VMs. But this adds to management overhead, and goes against the very purpose of using containers. If security is your prime concern, VMs are still the better bet.

Networking and Management

Today, Docker is used mostly in development, staging and test environments, but not so much to run apps in production. Along with security concerns, another reason for its restricted use is the lack of tools for networking and orchestrating Docker in production. Ops teams would rather not risk running apps on containers for fear of unreliability as they haven’t been around as long as VMs, and are not as stable. VMs, on the other hand, have a mature ecosystem of tools and are trusted to run apps in production. Having said that, Docker has been catching up fast with new tools like Kubernetes, and Docker Datacenter, which are closing the gap between containers and VMs. Companies like Spotify and Amazon have begun using Docker in production environments, but with the help of additional tools.

DevOps Adoption

Agile development methodologies like DevOps go hand in hand with container adoption. The rise of the DevOps culture has made many teams across various companies rush to adopt containers to revamp their app development. Using VMs to run multiple components of the same app causes major performance overheads compared to containers which share the OS with the host system. Containers are the sensible choice for microservices because they allow for quick delivery of new code from developers to the ops team. If that wasn’t enough, containers also can be spun up and terminated more quickly than VMs. Spotify offers various features on their website that requires them to use containers. To keep all of those tiny gears turning, each feature is packed into a container as a microservice, which allows them to quickly fix a feature if it breaks without ruining the experience for 30 million subscribers.

Based on these points, as well as their adoption by various companies, we can see that there’s an inclination towards containers. Using both for various purposes is not a barred option, and in fact, it may be better than just using one of the two. That’s why it’s important to see what your needs and requirements are and see where you can apply VMs and containers. That way, you can make your app development and delivery far more agile than it was before.

  • Jesse White

    Account Principal

    Jesse White is a Account Principal with more than 15 years of technology industry experience across financial services, healthcare, advertising, e-commerce, and IoT verticals. As a 10 year veteran of New York City’s vibrant “Silicon Alley”, he’s intimately familiar with delivering cloud solutions, effective team building, and Agile process adoption. As an early contributor to the Container ecosystem, he plays a foundational role in New York City’s open source community as founder of DockerNYC. Jesse has spent the last 5 years focusing on the intersection of automation, cloud computing, security and DevOps methodologies.

    More Articles by Jesse