- 1 Securing Containers without the Need for Virtualization Technology
- 2 VMware Hints at Potential Evolution for Container Strategy
- 3 Twistlock Emerges to Strengthen the Security of Containers
- 4 Google's Preemptible Offers Virtual Machine-for-Hire Service on the Cheap
- 5 CoreOS Catching Up to Docker in Containerization Race?
The Benefits of Docker vs. Server Virtualization
Talk about sever virtualization (and that's what we do here) and inevitably the conversation revolves around VMware, Hyper-V and to a lesser extent Xen and KVM as well.
One thing that's long overdue, though, is the inclusion of Docker into the mix.
And if we talk Docker we are talking containerization — something a little different than hypervisor-based server virtualization. But encapsulating an application in a container with an operating environment achieves many of the benefits of loading and application onto a virtual machine: both can be dropped on to any suitable physical machine and run without any worries about dependencies (or anything else).
Of course, the key practical difference between Docker and VMware et al is that Docker is a Linux-based system that makes use of LXC, a userspace interface for the Linux kernel containment features.
The goal of LXC is to create an environment as close as possible to a standard Linux installation but without the need for a separate kernel. As the linuxcontainers.org website puts it: "LXC is often considered as something in the middle between a chroot on steroids and a full-fledged virtual machine."
Because Docker is built on top of LXC, it only works in Linux environments (like RHEL 7 and Ubuntu 14.04 server) and it only runs Linux applications. So you can forget about applications that run on Windows or any other operating system that can happily run on a conventional hypervisor.
Another key difference is that rather than being a self-contained system in its own right, a Docker container shares the Linux kernel it uses with the operating system running the host machine. And it also shares the kernel with other containers that are also running on the host machine. Shared parts of the operating system are read only, while each container has its own mount for writing.
A Closer Look at Containerization's Benefits
So what's the benefit of containerization versus full-blown server virtualization? When would you use one rather than the other?
One of the key benefits of containerization is that you can often pack many more containers on a host machine than you can virtual machines. That stands to reason, because each VM is a self-contained system in its own right, with its own operating system and virtualized hardware and its own unique resources allocated to it. If each VM is 10Gb in size, then 10 VMs will take up 10x10 = 100Gb of resources.
But take a 10Gb container and run ten of them, or even a hundred, and you won't use anything close to 100Gb of resources. That's because of all the sharing going on.
In effect, there's only one operating system (strictly speaking one kernel) shared by all the containers. And there's no virtualized hardware — just a little application and operating environment in a container. And that means you can run far more containers on a host than you could possibly run fully-blown virtual machines.
There's an add-on effect of sharing the kernel and other resources as well, and it's that containers can start up in less than a second. That's not the case with VMs, which require a full virtual system boot and can take many minutes to get going.
And Mark Shuttleworth, the head of Canonical (sponsor of Ubuntu), reiterates that speed as an added bonus. "Canonical underwrites the key kernel and user space work that makes it possible for you to create containers which behave just like VMs — you have root inside them — even if you're just an ordinary non-root user on the system. Much faster and lighter than KVM," he said.
There are other benefits too. You can run Docker containers on AWS and Azure public clouds, for example, and containers are easy to share. That's particularly useful for test and dev teams — one of the most commonly cited potential beneficiaries of Docker.
Containerization Not Yet a Substitute for Full-Blown Server Virtualization
But the good news for VMware and others is that containerization is not a substitute for full-blown hypervisor-based server virtualization — at least not yet.
That's because this virtualization world is surrounded by an extremely sophisticated management infrastructure that allows you to store, spin up and run virtual machines, live migrate them between hosts, create high availability clusters, and so on and so forth. Products like VMware's vCenter, Microsoft's System Center Virtual Machine Manager and other third part management products have many years of evolution under their belts.
There's nothing yet comparable for Docker, although Google, Red Hat, CoreOS, IBM and Microsoft are all working on the open-source Kubernetes Docker management system, which may or may not evolve quickly into something that will meet the more advanced needs of enterprises.
All of which means Docker virtualization technology is definitely worth keeping an eye in for the future, and it's something we will be following with interest in future editions of this column.
Paul Rubens is a technology journalist and contributor to ServerWatch, EnterpriseNetworkingPlanet and EnterpriseMobileToday. He has also covered technology for international newspapers and magazines including The Economist and The Financial Times since 1991.
Read more on "Open Source Software Spotlight" »