Container Virtualization: what makes it work so well?

Various implementations of container virtualization (including Docker) are filling compute roles once reserved for hypervisor virtualization.

Increasing demand for efficient and secure application portability across environments and operating systems has forced the industry to look for more powerful virtualization designs.
While the hypervisor virtualization model is still used to successfully deploy countless applications across the full range of environments, it does suffer from certain built-in limitations, including…

  • Increased overhead of running a fully installed guest operating system.
  • Inability to freely allocate resources to processes.
  • Significant overhead from calls to the hypervisor from the guest OS can sometimes reduce application performance.

Container virtualization exists largely to address some of these challenges.

What is container virtualization and how does it work differently than hypervisor virtualization?

Container virtualization (often referred as operating system virtualization) is more than just a different kind of hypervisor. Containers use the host operating system as their base, and not the hypervisor. Rather than virtualizing the hardware (which requires full virtualized operating system images for each guest), containers virtualize the OS itself, sharing the host OS kernel and its resources with both the host and other containers. If you want to deepen your understanding of server virtualization and see what are the pros and cons, here’s a full explanation.

container virtualization - designHypervisor vs. Container virtualization design

Containers provide the bare essentials required for any application to run on a host OS. You could think of them as stripped down Virtual Machines running just enough software to deploy an application.
Many applications – like database servers which work best using block storage – require direct access to hardware resources. Getting that access to disks and network devices through a hypervisor’s hardware emulation will often negatively affect their performance. Container virtualization helps by simply bypassing the emulation layer. As you can see in the above image, containers use the same server hardware and an operating system on top of it, but no hypervisor above that.
What, then, provisions a virtual machine and allocates resources for it? What, in other words, plays the role of the hypervisor for translating VM requests to the underlying hardware?
Technically, the Linux kernel itself has no clue that there are containers living upstairs, but containers can nevertheless share kernel resources through features like Namespaces, cgroups, and chroot. These allow containers to isolate processes, fully manage resources, and ensure appropriate security.
Let’s learn some more about those three tools:
Namespaces are a way for Linux systems to

wrap a global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource.

Namespaces, in other words, provide processes with a virtual view of their operating environments. So if your process doesn’t actually require all of the properties of a parent process, and can get by with nothing more than a host name, mount point, network, PID, or its own set of users, then namespaces can get the job done.
If namespaces help processes to get to their environment, chroot can isolate those namespaces from rest of the system and thereby protect against attacks or interference from other containers on the same host. Using namespaces and chroot, you can create a logical container with its own view of the system, but you’ll also need to allocate resources to your new container. This can be done by using cgroups. cgroups (an abbreviation of “control groups”) is a Linux kernel feature that limits, accounts for, and isolates the use of resources like CPU, memory, disk I/O, and network, from of a collection of processes.
It’s these three ingredients that create the magic of container virtualization. The basic architecture is currently used in quite a collection of implementations, the most famous of which is probably Docker.
Now that we’ve got some idea of how they work, let’s review some of the elements that, at least in many scenarios, give the container virtualization its advantage:

  • Containers, compared to hypervisor virtualization, are more likely to be secure as, by design, their applications are logically restricted to their own environment.
  • Containers provide significantly better performance, as they use native, rather than emulated resources.
  • Launching a container is much faster than a virtual machine.
  • Containers offer better control on underlying resources.

After this introduction to the technology’s principles, you might like to try Cloud Academy’s Docker and Container Technologies courses. And feel free to join in by adding your comments below.

Written by

Vineet Badola

Working as a cloud professional for last 6 years in various organizations, I have experience in three of the most popular cloud platforms, AWS IaaS, Microsoft Azure and Pivotal Cloud Foundry PaaS platform.Having around 10 years of IT experience in various roles and I take great interest in learning and sharing my knowledge on newer technologies. Wore many hats as developer, lead, architect in cloud technologies implementation. During Leisure time I enjoy good soothing music, playing TT and sweating out in Gym. I believe sharing knowledge is my way to make this world a better place.

Related Posts

— January 15, 2019

2018 Was a Big Year for Content at Cloud Academy

As Head of Content at Cloud Academy I work closely with our customers and my domain leads to prioritize quarterly content plans that will achieve the best outcomes for our customers.We started 2018 with two content objectives: To show customer teams how to use Cloud Services to solv...

Read more
  • Amazon Web Services
  • Cloud Computing
  • Google Cloud Platform
  • microsoft azure
— December 21, 2018

2019 Cloud Computing Predictions

2018 was a banner year in cloud computing, with Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) all continuing to launch new and innovative services. We also saw growth among enterprises in the adoption of methodologies supporting the move toward cloud-native...

Read more
  • 2019 Predictions
  • Cloud Computing
Albert Qian
— August 28, 2018

Introducing Assessment Cycles

Today, cloud technology platforms and best practices around them move faster than ever, resulting in a paradigm shift for how organizations onboard and train their employees. While assessing employee skills on an annual basis might have sufficed a decade ago, the reality is that organiz...

Read more
  • Cloud Computing
  • Product Feature
  • Skill Profiles
— July 31, 2018

Cloud Skills: Transforming Your Teams with Technology and Data

How building Cloud Academy helped us understand the challenges of transforming large teams, and how data and planning can help with your cloud transformation.When we started Cloud Academy a few years ago, our founding team knew that cloud was going to be a revolution for the IT indu...

Read more
  • Cloud Computing
  • Skill Profiles
— June 26, 2018

Disadvantages of Cloud Computing

If you want to deliver digital services of any kind, you’ll need to compute resources including CPU, memory, storage, and network connectivity. Which resources you choose for your delivery, cloud-based or local, is up to you. But you’ll definitely want to do your homework first.Cloud ...

Read more
  • AWS
  • Azure
  • Cloud Computing
  • Google Cloud
Albert Qian
— May 23, 2018

Announcing Skill Profiles Beta

Now that you’ve decided to invest in the cloud, one of your chief concerns might be maximizing your investment. With little time to align resources with your vision, how do you objectively know the capabilities of your teams?By partnering with hundreds of enterprise organizations, we’...

Read more
  • Cloud Computing
  • Product Feature
  • Skill Profiles
— April 5, 2018

A New Paradigm for Cloud Training is Needed (and Other Insights We Can Democratize)

It’s no secret that cloud, its supporting technologies, and the capabilities it unlocks is disrupting IT. Whether you’re cloud-first, multi-cloud, or migrating workload by workload, every step up the ever-changing cloud capability curve depends on your people, your technology, and your ...

Read more
  • Cloud Computing
— March 29, 2018

What is Chaos Engineering? Failure Becomes Reliability

In the IT world, failure is inevitable. A server might go down, an app may fail, etc. Does your team know what to do during a major outage? Do you know what instances may cause a larger systems failure? Chaos engineering, or chaos as a service, will help you fail responsibly.It almo...

Read more
  • Cloud Computing
  • DevOps
— November 22, 2017

AWS re:Invent 2017: Themes and Tools Shaping Cloud Computing in 2018

As the sixth annual re:Invent approaches, it’s a good time to look back at how the industry has progressed over the past year. How have last year’s trends held up, and what new trends are on the horizon? Where is AWS investing with its products and services? How are enterprises respondi...

Read more
  • AWS
  • Cloud Adoption
  • Cloud Computing
  • reInvent17
— October 27, 2017

Cloud Academy at Cloud Expo Santa Clara, Oct 31 – Nov 2

71% of IT decision-makers believe that a lack of cloud expertise in their organizations has resulted in lost revenue.1 That’s why building a culture of cloud—and the common language and skills to support cloud-first—is so important for companies who want to stay ahead of the transfo...

Read more
  • Cloud Computing
  • Events
— October 24, 2017

Product News: Announcing Cloud Academy Exams, Improved Filtering, Navigation, and More

At Cloud Academy, we’re obsessed with creating value for the organizations who trust us as the single source for the learning, practice, and collaboration that enables a culture of cloud.Today, we’re excited to announce the general availability of several new features in our Content L...

Read more
  • Cloud Computing
— August 29, 2017

On ‘the public understanding of encryption’ Tweet by Paul Johnston

Some of the questions by journalists about encryption prove they don't get it. Politicians don't seem to get it either (most of them). In fact, outside technology, there are some ridiculous notions of what encryption means. Over and over again, the same rubbish around encryption gets re...

Read more
  • Cloud Computing