Virtualization and Containers

From docwiki
Jump to: navigation, search


Motivation

A Linux system is capable of running a lot of different applications and services at once but it is usually convenient to have systems separated in what they do: A mail server, a web server, a DNS server, a database server, etc.. could all run on the same system. But once you need to e.g. upgrade it you need to upgrade it all at once and this might be complicated in a large environment where you have different dependencies on all of this.

On the other hand: If we use a dedicated server for systems that do not need much CPU power then we are wasting a lot of resources. As a solution to this dilemma virtualization and containers have been invented.

Virtualization vs. Container

Virtualization simulates a complete computer including hardware and the the operating system that runs inside this simulated computer can be built just like a system that runs on real hardware ("bare metal"). You can run a virtual windows system inside one simulated computer and a virtual Linux server in another instance on the same hardware.

In contrast containers are isolated processes inside the same Linux system. They run on the same kernel but the kernel shows them different parts of the file-system, different network interfaces, etc.. Modern Linux kernels have so called cgroups that allow to isolate processes and give them the impression that they run on a their own platform.

Advantages and Disadvantages:

  • Virtualization has a much stricter isolation of systems and allows different kernel to be used or entirely different operating systems to be run. This comes with much more resource use.
  • In contrast containers share the same kernel but thus are much more light weighted and thus make a higher degree of isolation of small processes and tasks economically feaseable.

Security and Redundancy

Beware: Both are not 100% secure: In each case there can be bugs that can allow to break out of a virtual machine or of a container and access the underlying system. Usually security is increased if you can separate processes that where running on the same machine into different virtual machines or at least into their own containers.

Virtual machines can also be made redundant so that they can be moved between physical hardware. For containers one usually runs a lot of small and light weighted containers and automatically starts one if another goes down.

Details

For details see:

Retrieved from "https://mond.at/docwiki/index.php?title=Virtualization_and_Containers&oldid=635"