What is the Major Disadvantage of Virtual Machines vs Containers?
Docker is all the rage in the development community. But why? What about virtual machines? Let’s jump right into and explain the major disadvantages of virtual machines vs. containers.
Virtualization vs. Containerization: What’s the Difference?
Virtual machines and containers offer many of the same features. For instance, both sandbox processes and applications from the host operating system (OS) and both help fully utilize PC hardware.
So, what is the difference between virtual machines and containers? The biggest difference is how hypervisors, the application that hosts virtual machines like VMware ESXi, and containers treat hardware segmentation. Virtual machines reserve chunks of hardware while containers share compute resources.
A virtual machine is basically a virtualized computer inside another computer. Because the virtual machine is a mini PC, it requires its own hardware resources. That means a chunk of the ram, CPU and hard drives must be reserved strictly for the virtual machine to operate. On the other hand, containers share hardware resources between them. Each container shares the CPU and ram. Each CPU core may handle multiple threads from different containerized applications.
The difference in hardware segmentation also means virtual machines need more power to operate. A virtual machine needs its own OS and drivers to run. Containers use the host OS and drivers, so containers typically use fewer resources.
Docker vs. Virtual Machine: Performance
Comparing performance between Docker containers vs. virtual machines is tricky as many factors affect the performance of both, and it largely depends on the use case.
Docker containers run natively on the host OS, so other than security and sandboxing restrictions, containers can run at native application speed. Historically, virtual machines suffered performance penalties due to the virtualization of physical components. Modern hypervisors segment and pass hardware directly to virtual machines, though. A modern hypervisor like VMware or Hyper-V can run intensive games at normal speeds.
Despite native application speed, two other performance metrics dictate when containers are better options than virtual machines:
Payload size
Startup speed
Containers use far less storage space and start much faster than virtual machines.
Docker vs. Virtual Machine: Security
Virtual machines are more secure than Docker containers because they run within their own OS. The virtual machine is completely segregated from the host machine.
That isn’t to say that hypervisors aren’t subject to security flaws. The Rowhammer security exploit is a good example because it can pull data from memory directly, grabbing chunks of data from different virtual machines from the host hardware. Nonetheless, exploits that attack the hypervisor or host hardware directly are typically complicated to use. They usually require physical access to the server hardware at some point in the attack chain.
Securing a virtual machine isn’t any different than securing a typical computer. As long as the business's security policies are up-to-snuff, virtual machines are much harder to exploit.
When to Use Containers vs. Virtual Machines
Containers are popular in the development and infrastructure communities because of DevOps. DevOps has a million different definitions, and it largely depends on the needs of the business. The common denominator is that one of the goals of DevOps is to automate the development, deployment and maintenance operations for applications and IT infrastructure.
Containers are easier to duplicate and start compared to virtual machines. For example, starting multiple instances of the same container image in Docker is extremely simple, which allows tools to auto-scale IT infrastructure when demand requires it. If your API is suddenly bombarded with requests, automated tools could quickly start another container hosting your API, adjust the load balancers automatically, and spread API usage over all the new API container instances.
It's possible to do the same thing with virtual machines, but the process takes longer, is prone to more errors, and requires more computing resources.
On the other hand, virtual machines tend to be more stable than Docker containers. Virtual machines are the better option for static mission-critical applications. VMware’s ESX hypervisor is the tried and true choice in the data center for a reason. ESXi, and other hypervisors, are more secure than Docker containers, too.
Ready to learn more?
Are you ready to learn how to deploy ESXi and dip your toes into the virtual machine world? If so, watch Keith Barker’s EXSi deployment tutorial.
On the other hand, if you’re looking for more robust VMware courses, check out CBT Nugget’s VMware online course catalog. There are classes that teach everything from using vSphere to securing virtual machines to managing virtualized networks.
Not a CBT subscriber? Sign up for a one-week no-strings-attached trial to explore these courses and others.
delivered to your inbox.
By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.