Containers vs. VMs: What’s the difference?

Containers have rapidly come into focus as an option for deploying applications, but they have limitations and are fundamentally different from VMs.

Virtualization has changed the face of modern computing, improving system utilization, decoupling applications from the underlying hardware, and enhancing workload mobility and protection. But hypervisors and virtual machines are just one approach to virtual workload deployment. Container virtualization is quickly emerging as an efficient and reliable alternative to traditional virtualization, providing new features and new concerns for data center professionals.

The difference between containers vs. VMs is primarily in the location of the virtualization layer and the way that operating system resources are used.

VMs rely on a hypervisor which is normally installed atop the actual “bare metal” system hardware. This has led to hypervisors being perceived as operating systems in their own right. Once the hypervisor layer is installed, VM instances can be provisioned from the system’s available computing resources. Each VM can then receive its own unique operating system and workload (application).

Often, the first VM is the host VM used for system management workloads such as Microsoft System Center. Subsequent VMs may contain other enterprise workloads such as database, ERP, CRM, email server, media server, web server or other business applications. VMs are fully isolated from one another – no VM is aware of (or relies on) the presence of another VM on the same system – and malware, application crashes and other problems impact only the affected VM. VMs can be migrated from one virtualized system to another without regard for the system’s hardware or operating systems.

The container environment is arranged differently. With containers, a host operating system is installed on the system first, and then a container layer (such as LXC or libcontainer) is installed atop the host OS which is usually a Linux variant. Once the container layer is installed, container instances can be provisioned from the system’s available computing resources and enterprise applications can be deployed within the containers. However, every containerized application shares the same underlying operating system (the single host OS).

Containers are regarded as more resource-efficient than VMs because the additional resources needed for each OS is eliminated – the resulting instances are smaller and faster to create or migrate. This means a single system can potentially host far more containers than VMs. Cloud providers are particularly enthusiastic about containers because far more container instances can be deployed across the same hardware investment. However, the single OS presents a single point of failure for all of the containers that use it. For example, a malware attack or crash of the host OS can disable or impact all of the containers. In addition, containers are easy to migrate, but can only be migrated to other servers with compatible operating system kernels (potentially limiting migration options).

From a practical perspective, containers and VMs can coexist in the same data center environment, so the two technologies are considered complementary – expanding the available toolset of today’s application architects and data center administrators in order to provide unique advantages for the most compatible workloads.