Docker containers and virtual machines difference

Our traditional virtual machines need to simulate the entire machine including hardware, each virtual machine needs to have its own operating system, once the virtual machine is turned on, the resources pre-allocated to him will all be occupied, each virtual machine including applications, the necessary binaries and libraries, as well as a complete user operating system.

Container technology is and our host *** enjoy hardware resources and operating system can realize the dynamic allocation of resources.

The container contains the application and all of its dependent packages, but shares the kernel with other containers***. The container runs as a separated process in user space in the host operating system.

Both VMs and containers are above the hardware and the operating system. VMs have a Hypervisor layer, and the Hypervisor is at the heart of the entire VM. It provides a virtual runtime platform for the virtual machine and manages the operating system running the virtual machine. Each virtual machine has its own system and system libraries and applications.

Containers don't have a Hypervisor layer, and each container shares hardware resources and operating systems with the host machine, so the performance loss caused by the Hypervisor doesn't exist on the linux container side.

But virtual machine technology also has its advantages, providing a more isolated environment for applications, and not causing any threat to the host because of application vulnerabilities. There is also support for virtualization across operating systems, for example you can run a windows virtual machine under the linux operating system.

At the virtualization level, while traditional virtualization technologies virtualize hardware resources, container technologies virtualize processes, providing a lighter level of virtualization and isolating processes and resources.

From an architectural point of view, Docker has two fewer layers than virtualization, eliminating the hypervisor layer and the GuestOS layer, using the Docker Engine for scheduling and isolation, and using the host operating system for all applications***, so Docker is lighter than a virtual machine in terms of volume, and is better than virtualization in terms of performance, approaching bare-metal performance.

In terms of application scenarios, Docker and virtualization have their own areas of expertise, and each has its own strengths and weaknesses in software development, testing scenarios, and production operations and maintenance scenarios

docker starts up quickly in seconds. Virtual machines usually take a few minutes to boot.

docker requires fewer resources, docker virtualizes at the operating system level, and docker containers interact with the kernel with little to no performance loss, outperforming virtualization through the Hypervisor layer and the kernel layer.

docker is lighter. The docker architecture uses a single kernel with ****-enabled application libraries that take up very little memory. Docker runs far more images than virtual machines on the same hardware, making it very efficient for system utilization.

Compared to a virtual machine, docker is less isolated, with docker being isolated between processes and virtual machines being isolated at the system level.

Security: docker's security is also weaker. docker's tenant root is the same as the host root, so once a user in a container is elevated from normal user privileges to root privileges, he or she has direct root privileges on the host and can perform unlimited operations. VM tenant root privileges are separate from the host's root VM privileges, and VMs utilize ring-1 hardware isolation such as Intel's VT-d and VT-x, which prevents VMs from breaking out and interacting with each other, whereas containers do not have any form of hardware isolation to date, which makes them vulnerable to attack.

Manageability: Docker's centralized management tools are not yet mature. Various virtualization technologies have mature management tools, such as VMware vCenter, which provides complete virtual machine management capabilities.

High availability and recoverability: docker's high availability support for business is achieved through rapid redeployment. Virtualization has mature, production-proven safeguards for load balancing, high availability, fault tolerance, migration, and data protection, and VMware promises 99.999% availability of virtual machines for business continuity.

Fast creation and deletion: Virtualization creation is at the minute level, Docker container creation is at the second level, and Docker's fast iterative nature saves a lot of time in development, testing, and deployment.

Delivery, deployment: VMs can achieve consistency of environment delivery through mirroring, but image distribution cannot be systematized; Docker records the container build process in the Dockerfile, which allows for rapid distribution and rapid deployment in clusters;