Containers vs. Virtual Machines an Unbiased Comparison
Note: Republished from http://www.experts-exchange.com/articles/18440/A-comparison-of-Container-vs-Virtual-Machine.html
Virtual Machine and Containers are both techniques for virtualization and in many scenario either can be used. Though Virtual Machine and Container are similar in many ways, they both have there own space and can coexist in the same ecosystem.
Virtual Machines utilize a concept called “Virtualization” to utilize resources on a machine to create one or virtual machines running its own operating systems. The primary machine is often referred as “Host” and virtual machines as “Guest”. These virtual machines are created by the virtualization software like VirtualBox or Vmware by intercepting access to certain hardware components and certain features from the host machine.
Containers utilize operating-system-level virtualization method. It requires OS kernel support which allows multiple isolated user space instances sharing host operating system resources. These instances are often called containers. LXC provides container support for Linux and very recently Microsoft announces container support for Windows ecosystem via Windows Server Containers. Docker is an open platform to build, ship, and run distributed applications as containers.
Though Virtual Machine and Containers are both virtualization techniques they differ significantly both technically and ideologically.
VMs replicate the OS kernels for each guest and often require hardware support from host machine. In container environments, guests are isolated like virtual machines using more lightweight mechanisms around Linux processes instead.
Virtual Machine
Container
- Image Source: http://www.docker.com
As you can see in the above diagram the guest OS ships with each VMs making it cumbersome and hard to transport. With containers, Docker Engine runs as a Linux process and manages all the containers which are light weight as they only contains application and its dependencies.
Now let’s see how VMs and containers stand against each other:
| Areas/Scope | VM | Container |
|---|---|---|
| History | VMs are around for quick some time and are very mature and well proven. There are probably thousands of datacenters already using VMs | Though containers are there for at least a decade they are not very well adopted until last year when Docker gained tremendous popularity. |
| Providers | Vmware vSphere, VirtualBox, Xen, Hyper-V, KVM | LXC, LXD, CGManager, Docker, Windows Server Containers |
| Portability | VMs are based on emulating virtual hardware which means they’re fat in terms of system requirements. Also a typical VM size is several GBs | Containers, on the other hand, are based on shared operating systems. They are much skinner and more efficient than hypervisors. Typical containers size is few MB. |
| Limitation | VMs are based on emulating virtual hardware which means they’re fat in terms of system requirements. Also a typical VM size is several GBs | Containers, on the other hand, are based on shared operating systems. They are much skinner and more efficient than hypervisors. Typical containers size is few MB. |
| Limitation | VMs are pretty much standard for virtualization for a very long time and has been maturated to eliminate several limitations but to be able to reap the full benefit of VM requires virtualization support from processors. Also the memory and resource overhead for VM is huge making it unusable for scenario where resource utilization is already high | Container requires support from host operating system for instance Docker currently only support Linux. Even for Linux different distro will have different container support. Support for Windows is still in incubation.Another limitation with containers is you cannot mix and match different OS like Windows on Mac or Linux on Windows. |
| Support | Pretty much all operating systems | Linux at this point, Window support is still in incubation |
| Security | VM is a much matured technology and is very secure. Since there is a total isolation between VMs it’s very hard if not impossible to hack into VMs between the same hosts. | Container isolation is at the file system level and hence is more prone to security holes. Also it is not tested in production environments yet. |