Containers vs Hypervisors
Ever since the introduction of CaaS and subsequent extensive adoption by enterprises, there has been a debate regarding containers vs. hypervisors. While some view containers as a revolution that is gradually phasing out hypervisors, others believe that the latter technology is here to stay and cannot be replaced by containers. So, what is the truth? Are containers an improvement of hypervisors? What are the merits and demerits of both?
To get answers, we need to define each technology separately and comprehend its benefits and weaknesses:
Since hypervisor is a form of virtualization, it’s important to first define virtualization before digging further into the details on hypervisors.
Virtualization was introduced to primarily optimize hardware utilization by overlaying one operating system on another. Each of the systems consequently shares hardware resources to support underlying processes.
Hypervisors based virtualization tries to achieve the same goals through a different strategy- instead of simply sharing the underlying hardware resources, hypervisors emulate them on top of existing virtual and physical hardware. An operating system is then created to manage these resources, hence making it OS agnostic. In other words, with a windows system based hypervisor running on underlying physical hardware, you can create another system running on virtual resources and install Linux on it. The vice-versa could also be implemented.
The base operating system achieves this by modifying underlying physical hardware resources to fit the processing requirements of the guest operating system. Hypervisors manage the process by controlling the amount of resources allocated to guest operating systems. Since they sit between the actual physical hardware and guest operating systems, hypervisors are also referred to as virtual machine monitors or VVMS.
First, hypervisors are a favorite to enterprises which need to leverage idle resources by fully utilizing them. Imagine an organization using a physical server with 1G INC card, 8 core processor and 10GB RAM to support an ftp server for its agents and an internal website. Of course such resources would be excessive for these processes, which require smaller servers with less capabilities. As a result, the hardware resources are underutilized and remain idle for a significant amount of time.
The most effectual method solving such a problem is adopting several hypervisors to virtualize the physical resources and dedicate them accordingly. A fraction of hypervisors are dedicated to support the ftp server and internal website, with the rest being freed up for other processes- hence optimizing resource utilization.
Secondly, the installation of both host and guest operating systems in hypervisors is easy and doesn’t require extensive expertise. Some hypervisors however, like Xeon, do not run on host operating systems, but rather on bare metal. They only utilize host operating systems as control interfaces. Others like QEMU achieve platform level virtualization by simulating different machine architectures, contrary to hypervisors like Virtualbox, which don’t employ this strategy.
Finally, they are incredibly secure compared to containers and can manage additional operating systems- which of course require more resources.
Although simulations are intended to optimize resource utilization, hypervisors largely slow down their servers. It occurs due to several CPU and memory managers within the guest and host operating systems. The best way to boost performance in such cases is through paravirtualized hardware, where a new driver and virtual device is built for the guest.
Hypervisors also fail in providing for complete process isolation. As a result, all VM resources are directed to a single process. They are therefore unsuitable for extensive app testing, a process which requires individual process isolation to prevent the transmission of bugs to other processes.
Although both are forms of virtualization, hypervisors virtualize on a hardware level while containers achieve this on an operating system level- by sharing the base operating system’s kernel. They further abstract VMs to facilitate isolation of resources to support different processes concurrently. You can, for instance, run Arch in one container and Dubian in another at the same time without interfering with each other.
Since containers sit on the same operating system kernel, they are lighter and smaller compared to hypervisors. A base operating system can therefore support containers more efficiently and effectively than hypervisors. This means that they can run on lower spec hardware than hypervisors, which often require extensive, high performance supporting hardware.
By isolating application environments, containers achieve better resource utilization than hypervisors. Each application uses its own set of resources without affecting the overall performance of the server. They are therefore ideal for enterprises which concurrently run multiple processes on single servers.
Although they are widely considered as a revolution to cloud computing, containers have their own set of drawbacks. First, they can only run on namespace and cgroups, both of which are Linux kernel features. That makes them incompatible with other operating systems like Windows and Mac OS. Due to this huge disadvantage, both Windows and Mac OS are reportedly developing systems of integrating containers within their servers.
Secondly, containers are less secure and more vulnerable compared to hypervisors. By accessing only a couple of namespaces through libcontainers and leaving out the rest of the kernel subsystems, containers make it easy for hackers to crack through their operating systems.
Since both containers and hypervisors have their set of benefits and drawbacks, the most sustainable architectures include both systems in their framework. By leveraging both according to their features and application suitability, you stand to benefit more compared to an organization that focuses on just one of them. Containers are therefore not replacing hypervisors, but rather complementing their capabilities.
Author: Davis Porter
Image Courtesy: twobee, freedigitalphotos.net