Container Vs VM

With the advent of containers, there is a definite debate of container Vs VMs and which one wins over the other.

But the answer is not definite. It depends on defining the use case.

Why Container? What problem is getting solved?

The commonly touted benefits of containers are efficiency and the speed at which they initiate compared to virtual machines. But what are you giving up in return for speed?

Challenges with Containers:

Security: Shared kernel means bigger attack surface

Management: Still evolving

Container

- Docker container usually is intended to run a single application, i.e. scoped to a single application.

- LXC (initial docker base replaced by new backend engine libcontainer) isn't scoped to an application rather to a linux instance or a windows instance.

- Container is user space abstraction, and shares the OS.

Virtual Machine

- VM is scoped to run applications.

- VM a full machine visualization is scoped to any supported OS

- A VM is an abstraction of physical hardware. VM has a full server hardware stack (virtualized) along with complete OS.

There are pros and cons for each type of virtualized system. If you want full isolation with guaranteed resources, a full VM is the way to go. If you just want to isolate processes from each other and want to run a ton of them on a reasonably sized host, then LXC might be the way to go.

Understanding the scope of these various technologies -- Docker, LXC, and full-machine virtualization -- helps us understand where it makes sense to put them to use. It also helps cloud architects understand that they are each suited to handle certain workloads and use cases.

The best approach, therefore, isn't necessarily to advocate for abandoning VMs. Rather, it's to advocate in favor of -- and design for -- the appropriate use of containers in addition to VMs when appropriate.