6 September, 2022 Susan Mowbray 0 Comments 5 categories

Containers versus VMs

Hardware virtualization has enabled the possibility of running multiple isolated OS instances at the same time on physical hardware. As containers abstract the OS by virtualizing it, this enables several applications to be run using the same OS while still being isolated from each other. VMs, on the other hand, contain the full OS and files and essentially only abstract the hardware layer, whereas containers abstract the OS layer and contain your application files as well as configuration files and dependencies. Containers are much smaller in size and utilize fewer resources.

A hypervisor is the software, firmware, and hardware that enables VMs to be created and run. It is the layer that resides between the physical hardware and the software-implemented VM. New machines have virtualization instruction sets built into the processes and specialized hardware to enable VMs to run just as well as physical hardware and leverage physical hardware resources as native services.

The following diagram depicts the relationship between VMs and containers:

Figure 11.1 – VMs versus containers

It should be noted that hypervisors are formed at different levels of integration from systems. As you will note from the preceding diagram, there is a hypervisor layer present just above the hardware/infrastructure layer—this is referred to as a type 1 hypervisor (also known as a bare-metal hypervisor) as it has direct access to hardware. There is another type of hypervisor referred to as type 2 (also known as a host OS hypervisor); this runs much like an application within the OS, and this is the technology that Docker uses.

It can become confusing to distinguish between containers and VMs, so to help you better understand their differences, we have identified some key concepts to be aware of, as outlined next.

Isolation

VMs provide the most complete and secure isolation solution to isolate all other VMs and even the host OS from each other. This is the best mechanism for security when you have shared infrastructure and are looking to isolate applications or services from competing companies that are on the same server or cluster.

Containers, in comparison to VMs, provide a much lighter-weight isolation mechanism. They don’t provide as strong a security boundary from the host and other containers as a VM does.

Takeaway

When choosing a solution that requires the most secure method of isolation, it is best to go with VMs.

OS

VMs run the entire OS, including the kernel. This will obviously be a moreresource-intensive approach as the OS requires system resources such as memory, central processing unit (CPU), and storage.

Containers, by comparison, require far fewer system resources to run applications. They do this by only running the customized user-mode portion of OSs that contain only services that are essential for running your application.

Takeaway When choosing a solution that requires better utilization of system resources, you can’t go wrong with containers. In fact, your resources will go much further than with a VM.

Category: Deploy from a template, Exams of Microsoft AZ-104, Fault domain versus update domain, Microsoft AZ-104 Certification Exams, PowerShell scripts

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts