http://containerz.blogspot.com/2015/03/virtualization-vs-containerization.html

Virtualization vs. Containerization

 
Containers provide isolated runtime environments for applications: the entire user space environment is exclusively presented to the container, and any changes to it do not impact other containers' environments. To provide this isolation, a combination of OS-based mechanisms is used: Linux name spaces are used for isolation and scoping mechanism. File system mounts define what files are accessible to the container. cgroups define resource consumption of containers. Still all containers share the same OS kernel which can realize memory footprint efficiencies when identical libraries are used by multiple containers.

With system virtualization, the hypervisor provides a full virtual machine to a guest: the entire OS image including the kernel is now dedicated to the virtual machine. CPU virtualization is used to provide each guest with an exclusive view of a full system environment, and these mechanisms also ensure isolation from other guests. Hypervisor-based management of virtual CPUs, memory and I/O devices is used to define resource consumption of guests.

Which one is better?

As always, it depends on your needs. If you just want to have a number of separate instances to run applications, a container environment often provides greater efficiency, both in managing the application environment, starting the application instances, and in resource consumption. Simple modification and deployment of application environments has been a design principle of container solutions like Docker and is entirely in the DevOps spirit (guess you just have been waiting for more buzzwords).

If you want to have best isolation of environments and come from a server virtualization perspective, then system virtualization may be more relevant: Noisy neighbours are much less of an issue than with containers. While many of the container folks currently focus on improving container isolation, virtual machine isolation is still superior. Coming from physical servers, virtual servers are a natural step, and an existing ecosystem around server management can often be applied to virtual servers, too.

On z systems, Linux has good scalability (to run containers), but z is the platform with an extremely efficient virtualization technology (to run virtual servers), and it is inherent in the entire system architecture. Without having measured it, combining the technologies is probably less painful on z Systems than on other platforms.

There is a third way: both.
Combining system virtualization with containers can be done in multiple ways:

1. A Virtual Machine in a Container

Docker has quite some flexibility on where containers are deployed. One option (called "execution driver") is to use KVM images. This allows to use all the DevOps methods of Docker and combine it with best isolation available, at the cost of having to start up entire Operating System instances when starting containers -- meaning startup time and footprint. Memory efficiencies can only be realized through Kernel Samepage Merging (KSM) -- less effective and efficient, but it's a start.

2. A Container in a Virtual Machine

Conversely, you can run a virtual machine and start a container inside. The VM would not be controlled by Docker, but by existing virtualization management infrastructure. Once the OS instance is up, starting a container would then be done using Docker, and no special setup has to be performed for running containers. Again, containers would have strong isolation since the next container runs in another virtual system; footprint-wise, efficiencies would only be possible through memory deduplication techniques by the hypervisor.

2b. Multiple Containers in a Virtual Machine

This is a variation of running Docker in a VM, suitable for multi-tenancy environments. Here, the assumption is that strongest isolation is only required between containers of different tenants, and straight Linux container isolation is good enough between several containers of the same tenant. Advantages are lower number of virtual machines to run, best isolation between tenants, and enjoying all the efficiencies of vanilla Docker setups.

To summarize: it depends.

 
 

virtualization-vs-containerization的更多相关文章

  1. [WPF]WPF Data Virtualization和UI Virtualization

    这篇博客将介绍WPF中的虚拟化技术. 1. Data Virtualization 通常情况下我们说数据虚拟化是指数据源没有完全加载,仅加载当前需要显示的数据呈现给用户.这种场景会让我们想到数据分页显 ...

  2. Geneve: Generic Network Virtualization Encapsulation

    Earlier this year, VMware, Microsoft, Red Hat and Intel published an IETF draft on Generic Network V ...

  3. [Virtualization][SDN] VXLAN到底是什么 [转]

    写在转发之前: 几个月以前,在北大机房和燕园大厦直接拉了一根光钎.两端彼此为校园内公网IP.为了方便连接彼此机房,我做个一个VPN server在燕园的边界,北大机房使用client拨回.两个物理机房 ...

  4. Virtualization API之libvirt

    The virtualization API 之开源 libvirt探究 By Ruiy: libvirt supports Hypervisors(注,相关的hypervisors项目的权威网站已经 ...

  5. this computer does not support Intel Virtualization Technology (VT-x) .Haxm can'not be installed

    this computer does not support Intel Virtualization Technology (VT-x) .Haxm can'not be installed 本机不 ...

  6. 【转】How to Start Intel Hardware-assisted Virtualization (hypervisor) on Linux to Speed-up Intel Android x86 Emulator

    [转]How to Start Intel Hardware-assisted Virtualization (hypervisor) on Linux to Speed-up Intel Andro ...

  7. Connecting Docker for Cloud Services using SDN and Network Virtualization

     Abstract The explosive scale of container CPUs needs highly efficient network virtualization Chal ...

  8. RH133读书笔记(10)-Lab 10 Exploring Virtualization

    Lab 10 Exploring Virtualization Goal: To explore the Xen virtualization environment and the creation ...

  9. <Mastering KVM Virtualization>:第一章 了解Linux虚拟化

    本章为读者提供了Linux虚拟化中流行技术的深刻见解,以及相较于其他同类技术的优势特点.本书共有14章,囊括了KVM虚拟化中的各个方面,从KVM的内部构造开始,并包括了诸如软件定义网络(SDN),性能 ...

随机推荐

  1. Oracle建表插数据等等

    Oracle的表的管理: 表名和列的命名规则,详见 数据库命名规范 . 必须以字母开头 . 长度不能超过30个字符 . 不能使用Oracle的保留字 . 只能使用如下字符 column_name-Z, ...

  2. 轻松搭建自己的Linux发行版本

    许多人想要搭建自己的Linux发行版本,可能是觉得有趣,也可能是为了学习更多的Linux知识,或者因为他们有很正式的问题要解决.但是秘密是:自己搭建完美的发行版本不是很困难的一件事.事实上,我们收集了 ...

  3. 虚拟主机 (Virtual Host)

    虚拟主机 (Virtual Host) 是在同一台机器搭建属于不同域名或者基于不同 IP 的多个网站服务的技术. 可以为运行在同一物理机器上的各个网站指配不同的 IP 和端口, 也可让多个网站拥有不同 ...

  4. App集成支付宝

    转自:http://www.cnblogs.com/qianxudetianxia/archive/2012/04/04/2432406.html 手机的在线支付,被认为是2012年最看好的功能,我个 ...

  5. nginx 健康检查和负载均衡机制分析

    nginx 是优秀的反向代理服务器,这里主要讲它的健康检查和负载均衡机制,以及这种机制带来的问题.所谓健康检查,就是当后端出现问题(具体什么叫出现问题,依赖 于具体实现,各个实现定义不一样),不再往这 ...

  6. [POJ1477]Box of Bricks

    Time Limit: 1000MS   Memory Limit: 10000K Total Submissions: 19503   Accepted: 7871 Description Litt ...

  7. bzoj2946 [Poi2000]公共串(SA,SAM)

    [题意] 多串求LCS.   [思路]   主要是想找一下SAM的优越感 :) velui good 后缀数组划分height需要注意不少细节 <_<,然后不停debug   [代码]   ...

  8. 全面产品管理-从细微处认识"用户体验"

    转载: 让我以一个故事开始本文,我觉得这个故事能概括大多数人听到“用户体验”这个术语时的想法. 我经常访问的一个财经网站给我发了一封电子邮件,请求我点击里面的一个链接,对一些信息进行审核.所以我就点了 ...

  9. npm 国内镜像资源 --转载

    npm 是node.js 环境下的包管理器,非常强大智能. 生活这这片神奇的土地上,各种奇葩手段屡见不鲜啊. 为什么要换源? npm 官方站点 http://www.npmjs.org/ 并没有被墙, ...

  10. poj1149--PIGS(最大流)

    题意: 有m个猪圈 每个猪圈有不同数量的猪 [0, 1000]有n个顾客 每个顾客需要Bi头猪 有Ai个钥匙 能打开Ai个不同的猪圈顾客按顺序来买猪 只能买他有钥匙的猪 买完之后 这几个猪圈的猪可以相 ...