posts

Container Intro

While containers are increasing in popularity right now, containers themselves are not new. They have existed for many years. FreeBSD, Solaris Zones, LXC...there are many incarnations of containerization technology. 

What are Containers? 

Containers are an OS-level virtualization method in which the kernel of an operating system allows for multiple isolated user-space instances, instead of just one. The primary benefits of using containers include limited overhead, increased flexibility and efficient use of storage; the container looks like a regular OS instance from the user's perspective. Changes to the image can be made very quickly and pushed to a repository to share with others for further development and utilization. 

How do Containers and Virtual Machines Differ? 

A container is intended to run a single application. Containers are typically very specific, intended to run MySQL, NGINX, Redis, or some other application. So what happens if you need to run two distinct applications or services in a containerized environment? The recommendation is usually to use two separate containers. The low overhead and quick start-up times make running multiple containers trivial, thus they are typically scoped to a single application. A VM, on the other hand, has a broader range, and can run almost any operating system. As you are likely aware, the VM serves as an extremely firm boundary between OS instances that's enforced by a robust hypervisor, and connects to Enterprise-level storage, network and compute systems in a trusted, well-defined and secure manner. VMs have traditionally lent themselves to running 2nd Platform (Web - App - Database) applications that comprise 99% of the application space today.

Virtual Machines & Containers: better together

Containers provide great application portability, enabling the consistent provisioning of the application across infrastructures. However, applications and data alone are rarely the major barrier to workload mobility. Instead, operational requirements such as performance and capacity management, security, and various management tool integrations can make redeploying workloads to new environments a significant challenge. So while containers help with portability, they’re again only a piece of a bigger puzzle.

Due to the fundamental differences in architecture (namely the ESXi hypervisor used by VMs versus the shared kernel space leveraged by containers), Linux containers will not achieve the same level of isolation and security. Furthermore, the toolsets available in the VM ecosystem are battle-tested and Enterprise-grade, enabling scores of benefits (stability, compliance, integrated operations, etc) that are indispensable to operations and infrastructure teams.

For these reasons, VMware provides the best of both worlds by offering an optimized OS built for containers to run with minimal overhead. By dedicating an extremely lightweight OS to run containerized workloads, we don't have to choose one or the other - we can have both! By taking advantage of memory sharing, a core feature of the ESXi hypervisor, we drastically reduce the OS overhead while enabling the application Flexibility promised by containers.

What is Docker?* 

You may ask - then why is Docker so popular? For a few good reasons, but mainly because Docker created a very easy to use framework for deploying and sharing containers on standard Linux builds.

Docker containers wrap up a piece of software in a complete filesystem that contains everything it needs to run: code, runtime, system tools, system libraries – anything you can install on a server. This guarantees that it will always run the same, regardless of the environment it is running in.

Containers running on a single machine all share the same operating system kernel so they start instantly and make more efficient use of RAM. Images are constructed from layered file systems so they can share common files, making disk usage and image downloads much more efficient. Docker containers are based on open standards allowing containers to run on all major Linux distributions and Microsoft operating systems.

Containers include the application and all of its dependencies, but share the kernel with other containers. They run as an isolated process in userspace on the host operating system.

Docker is a natural fit for microservice-based architectures. 

*For more information on Docker, check out my Docker Intro