Virtual Machines vs Containers: Are Containers Replacing Virtual Machines?

container as service vs. VM


Are virtual machine users actually shifting to container technology? Will containers eventually inevitably replace virtual machines?

To definitively answer this question, it’s critical to first comprehend how both technologies affect servers.

Virtual Machines: Just as its name suggests, a virtual machine is a physical hardware abstraction with a complete server hardware stack, from virtualized CPU to virtualized storage, network adapters and BIOS. Of course all these virtualized resources are managed by an operating system, which generally boots faster compared to a standard physical server.

Containers: Containers work on a much smaller scale compared to virtual machines. The abstraction is done on the operating system, contrary to the entire hardware stack abstraction on virtual machines. They consequently utilize fewer resources compared to virtual machines and allow users to pack and run multiple applications on a single server. Of course they may seem like much improved server abstraction technologies, but are they actually an alternative to virtual machines?

Why Containers are Seemingly Overtaking Virtual Machines

Containers are largely considered more effective compared to virtual machines because of their system resource efficiency. While virtual machines literally utilize all the server resources in running even simple processes, containers zero in only on the necessary resources. A small portion of the server resources is dedicated to running and handling a single process and the rest is freed up to handle other applications. This not only boosts system efficiency, but also allows users to make significant savings on costs which would have been spent on paying for additional servers for extensive multiple processes.

Due to the abstraction of the operating system, containers facilitate faster boot up processes compared to virtual machines. A standard virtual machine may take about a minute to boot and verify its resources, while a container achieves this in just a fraction of a second. This makes them particularly ideal for sensitive processes which depend on speed and efficiency.

Contrary to virtual machines, containers allow users to package applications as one-command line, registry stored, singularly-addressable components. Through this feature, app deployment is simplified and made less error-prone compared to virtual machines.

If you purely compared the two just by these factors, you’d probably be convinced that containers are indeed taking over. However, although significant, such advantages are only a drop in the ocean of cloud computing. There are other additional factors which if assessed critically, potentially place virtual machines higher than containers.

Why Virtual Machines May Be Here to Stay

 Security is undoubtedly one of the prime cloud computing concerns. Containers, unfortunately, are significantly disadvantaged to virtual machines when it comes to this. As a Red Hat Senior Security Engineer puts it, “containers simply do not contain”. Their technology is severely vulnerable compared to virtual machines. Take the example of the most prominent container technology, Docker, which primarily utilizes libcontainers. To work with Linux, LCs access 5 namespaces- Shared Memory, Host Name, Mount, Network and Process- but leave out a significant number of vital Linux kernel subsystems. (Including file systems under /sys, Cgroups,  and SELinux)

With such a vulnerability, any user with SuperUser privileges could easily crack an operating system. All a hacker needs to do is crack into an account with such features or configure one to SuperUser standards.

Fortunately, for container users, all is not lost. Although you’ll break a sweat, there ways of getting around such vulnerabilities to secure your system. Among the top remedies is configuring network namespace to connect with particular private intranets only; trigger container processes to only write container specific file systems; mount /sys files as read only, etc. Overall, these measures are intended to configure containers as server applications to secure them.

The fact that many containerized applications are available online introduces another security risk. A significant number of these come embedded with malware which launches immediately after installation, potentially harming your entire system.

The Actual State of Affairs

Since each technology has its own set of advantages and disadvantages, it’s safe to conclude that both are here to stay. Although people are fairly excited about containers, they’ll never fully replace virtual machines particularly because each has distinct purposes. If you’d want to run several applications and consequently need increased flexibility, you’d rather leverage a virtual machine. If, on the other hand, you plan to execute several copies of an application, you’d be better off with containers.

Additionally, if you’re comfortable with getting locked to a single operating system, you should consider using containers. They usually restrict users to specific operating system versions.  If you’d prefer flexibility in terms your operating system, you’d be fine with a virtual machine because of their compatibility with any operating system.

If you are a little bit of both, you’d rather use a hybrid system of both containers and virtual machines. This setup is particularly preferable in most organizations since it grants both containers and virtual machine privileges. The only challenge would be managing both architectures within a single infrastructure. Fortunately, there are solutions like Stratoscale which allow enterprises to efficiently achieve this.

With containers-VM collaborations producing promising results, experts predict that they’ll progressively grow and combine to form a cloud portability nirvana. Containers are therefore not replacing virtual machines, but rather complementing them.

Author: Davis Porter

 Image Courtesy: Master isolated images,