The Difference Between Virtual Machines and Containers

The difference between virtual machines and containers

Virtual machines (VMs) and containers are as similar as they are different. They each have their own unique characteristics and use cases that separate them from each other. However, they are similar in that they can be used either together, or interchangeably, to enhance IT and DevOps efficiency.

Great, all that sounds fine and dandy, but what are virtual machines and containers actually used for? I’m glad you asked.

Virtualization

According to IBM, virtualization is a process whereby software is used to create an abstraction layer over computer hardware that allows the hardware elements of a single computer to be divided into multiple virtual computers. Thus, birthing virtual machines.

VMs traditionally run far more operations than a single container. However, this ability does make them less portable than containers. Here are a few use cases for virtual machines:

  • Isolate risky developments.
  • Have it act as your own sandbox.
  • Run or test a different OS than your current one.
  • Save data from older systems.

Containers on the other hand are smaller and lightweight, which allows them to be moved easily across the different cloud environments. Here are some use cases for containers:

  • Build cloud-native apps.
  • Package microservices.
  • Deploy repetitive jobs and tasks easier.

What makes them different?

Monolithic applications are often refactored into a set of microservices that each have a distinct function and work together to provide the same functionality as the original application. This new architecture has a several advantages:

  • It allows you to scale specific functions separately.
  • It also makes it easier to develop new functionality. As long as a developer works on his “own” container and respects the required API endpoints, there is little risk of breaking the application.

The two main differences between VMs and containers are:

  1. Containers do not contain a complete OS.
  2. The isolation that a container provides is totally different than the isolation provided by a virtual machine.

To understand the latter, we need to understand how a container is created.

History of containers

Linux Namespaces was created in 2002 by Eric W. Biederman, Pavel Emelyanov, Al Viro, and Cyrill Gorcunov. I mention that because containers are talked about as if they are something new and unheard-of, when in reality they’ve been around for a while. It’s a given that the containers we see and use today differ greatly from what we had when they first came out, but the core idea of their purpose remains the same.

Namespaces are one of the main features of the Linux kernel. They make sure that a set of processes “sees” only a specified subset of the resources of the host. A similar project, the Control Group project (cgroups) by Paul Menage and Rohit Seth was added to the Linux kernel in 2008. Cgroups allow you to allocate the resource usage of a collection of processes.

When you combine these two features you have the core components for a container.

Namespaces and cgroups

The diagram below shows how cgroups and namespace slice up a host.

Read More HERE