Sunday, November 1, 2015

Docker: Differences between Container and Full VM

A virtual machine (VM) is an emulation of a particular computer system. Virtual machines operate based on the computer architecture and functions of a real or hypothetical computer, and their implementations may involve specialized hardware, software, or a combination of both.

In this article, we will examine the differences between a Docker Container and a Full VM  (see Note 1).

Docker Container


Docker is a facility for creating encapsulated computer environments, each encapsulated computer environment is called a container.[2,7]

Starting up a Docker container is lightning fast because:
Each container shares the host computer's copy of the kernel.
  • However, each with its own running copy of Linux
  • This means there's no hypervisor, and no extended bootup

In contrast, Virtual Machines implantation in KVM, VirtualBox or VMware is different.


Terminology

  • Host OS vs Guest OS
    • Host OS
      • is the original OS installed on a computer
    • Guest OS
      • is installed in a virtual machine or disk partition in addition to the host or main OS
        • In a virtualization, a guest OS can be different from the host OS
        • In disk partitioning, a guest OS must be the same as the host OS
  • Hypervisor (or virtual machine monitor)
    • is a piece of computer software, firmware or hardware that creates and runs virtual machines.
    • A computer on which a hypervisor is running one or more virtual machines is defined as a host machine
    • Each virtual machine is called a guest machine.
  • Docker Container
    • A encapsulated computer environment created by Docker
    • Docker on Linux platforms
      • Building on top of facilities provided by the Linux kernel (primarily cgroups and namespaces)
      • Unlike a virtual machine, does not require or include a separate operating system
    • Docker on non-Linux platforms 
  • Docker daemon
    • is the persistent process that manages containers. 
      • Docker uses the same binary for both the daemon and client.
    • uses Linux-specific kernel features


Container vs Full VM


A full virtualized system gets its own set of resources allocated to it, and does minimal sharing. You get more isolation, but it is much heavier (requires more resources).  With Docker container you get less isolation, but they are more lightweight and require less resources. So you could easily run 1000's on a host, and it doesn't even blink.[1]

Basically, a Docker container (see Note 1) and a full VM have different fundamental goals
  • VM is to fully emulate a foreign environment
    • Hypervisor in a full VM implementation is required to translate commands between Guest OS and Host OS
    • Each VM requires a full copy of the OS, the application being run and any supporting libraries
    • If you need to simultaneously run different operating systems (like Windows, OS/X or BSD), or run programs compiled for other operating systems: You need to do a full Virtual Machines implantation.
      • In contrast, the container OS (or, more accurately, the kernel) must be the same as the host OS and is shared between container and host (see Note 1).
  • Container is to make applications portable and self-contained
    • Each container shares the host computer's copy of the kernel. 
      • This means there's no hypervisor and no extended bootup.
    • The container engine is responsible for starting and stopping containers in a similar way to the hypervisor on a VM. 
      • However, processes running inside containers are equivalent to native processes on the host and do not incur the overheads associated with hypervisor execution.

Notes

  1. In this article, we only focus on Docker implementations on Linux platforms. In other words, our discussions here exclude non-Linux platforms (i.e, Windows, Mac OS X, etc.).[2]
    • Because the Docker daemon uses Linux-specific kernel features, you can’t run Docker natively in either Windows or Mac OS X.
    • Docker on non-Linux platforms uses a Linux virtual machine to run the containers.

Photo Credit

References

  1. How is Docker different from a normal virtual machine? (Stackoverflow)
  2. Newbie's Overview of Docker
  3. Supported Installation (Docker)
  4. EXTERIOR: Using Dual-VM Based External Shell for Guest-OS Introspection, Configuration, and Recovery
  5. Comparing Virtual Machines and Linux Containers Performance
  6. An Updated Performance Comparison of Virtual Machines and Linux Containers
  7. Security and Isolation Implementation in Docker Containers

No comments: