Containers vs VMs? What differs?

Containers vs VMs? What differs?

Published
November 22, 2022
Author
Chandra Wijaya
Tags
Tech

Bare Metals

VMs and Containers are the most common infrastructure types used nowadays. However before they all began its era, the granddaddy of these is Bare Metal. Bare Metal is basically a physical computer act as servers. You can imagine this as a computer in your house, with a different shape of course. Once upon a time, all servers are Bare Metals.
A bare metal server is a single tenant physical server that is dedicated to a single user or organization and often used in situations where high performance, low latency, and/or specialized hardware is required, such as in high-performance computing, gaming, and big data analytics.
Since bare metal servers are isolated in physical way, this gives us benefits of:

Noisy neighbor problem

This occures when one tenant's performance is impacted because of another tenant's activities. Bare metal shares nothing in terms of computing resources so this problem won't happen. Software applications will get absolute highest performance of the hardware.
 
Bare Metals Servers are not experiencing Noisy Neighbor Problem
Bare Metals Servers are not experiencing Noisy Neighbor Problem

Security

In a bare metal environment, the security measures are implemented on the physical level. This means that the security perimeter is defined by the physical boundaries of the server, and access to the server can be controlled through physical security measures such as locked server rooms, security cameras, and biometric authentication. Bare metal servers can also be secured through traditional security measures such as firewalls, intrusion detection and prevention systems, and security information and event management (SIEM) systems. This allows organizations to monitor and protect their servers against potential threats.
However, bare metal also comes with downsides. Imagine if you have a computer to run Adobe Photoshop for example, than you need Corel Draw but because of your current computer performance is already at its peak, the only choice is to add another computer to run Corel Draw.
But before you are able to do it, first you might buy the peripherals itself, then install the OS, what about the license? And after some complicated steps, you get to install your Corel Draw software. However, running a single software on a highend computer might be overkill and too much. This simple example describes the disadvantages of bare metals.
When it comes to provisioning and managing bare metal servers, it can be more complex than virtualized environments. Traditional bare metal servers require manual provisioning, OS installation and configuring, and ongoing maintenance. It short, it is expensive, hard to maintain, hard to scale and take a lot of stuffs to do.

Virtual Machines

Bare metal disadvantages need to be handled, right? Computer experts start to think about how we can make use of the computer power in more efficient way. Then it comes the era of Virtual Machines.
Virtualization is the process of creating a virtual version of a computing resource, usually a hardware platform, operating system, or storage device. With the existence of virtualization, we can run mulitple virtual machines on a single bare metal servers. The magic of this is a special piece of software called Hypervisor.
 
Virtual Machines Stacks
Virtual Machines Stacks
Hypervisor will create an abstraction layer between the hardware and the OS. In VMs, the hardware specification is virtualized. Meaning, you will have your own spec in it, such as CPU cores, memory and storage.
Some will tell you about Bare Metal Hypervisor. To compare with the image above, Bare Metal Hypervisor does not rely on the Host OS, which means you can imagine that the orange part is not there. This type of Hypervisor will take full control of the hardware resulting better performance but it also comes with more expensive price.
With VMs, we can get a more cheaper way to run multiple computers while these computers can be controlled according to our needs. Also VMs are easier to scale. Because we can define our own specification, as long as the server itself has the capability to provide our needs, we can have as high specification as possible. Nowadays, servers to provide VMs are very powerful with hundreds of CPU cores and terrabytes of memory / storages.
Contrast to bare metals where everything is isolated in physical form, VMs have potential of having noisy neighbor problems because the host server's hardwares are shared. No matter how good the hypervisor function is, it still needs resources and time to think and do its job sharing the hardwares.
Also in term of security, Meltdown and Spectre are most known vulnerabilities in modern processors able to be virtualized. Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.
And Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets.

Containers

Containerization, on the other hand, is a form of virtualization that focuses on packaging and isolating apps and their dependencies in a portable and consistent way. It is considered a light weight form of virtualization.
You may have used Virtual Machines (VMs) because they've been popular for longer. And then containers on the other side which may be a bit newer to you, but you've probably seen them if you're working in the spaces of app modernization, or you're dealing with microservices, or anything that demands this new way of building and architecting applications.
 
Containers Stacks
Containers Stacks
Now, the first main thing to point out the difference with VMs is the level at which the virtualization happens. These two technologies are different ways of achieving virtualization. Instead of using Hypervisor to orchestrate the hardware, containerization using something called container engine. The most popular one is Docker. This engine itself is a piece of software installed on the host OS machine and will take responsibility to run containers.
So you can see now that in VMs the virtualization happens at the hardware level thus it is often called "hardware virtualization" whilst in Containers, this is called "operating system level virtualization" because it takes place at the OS level.
A container will be a lightweight, standalone, and executable software package that includes everything needed to run a piece of software, including the code, runtime, system tools, libraries, and settings. However, unlike virtual machines, containers do not include a full operating system, instead they make use of the host machine's operating system kernel.
Containers of VMs
If you are planning to run multiple containers on your computer or let's say a bare metal, obviously you can. But what if I told you containers can also run on VMs.
Containers in Virtual Machines
Containers in Virtual Machines
So imagine, a bare metal is divided to many VMs, and on that VMs are divided into smaller containers. You can have a lot stuffs running on a single powerful bare metal!
Maximizing servers capacity by combining containers and VMs
Maximizing servers capacity by combining containers and VMs

Worth to mention

VirtualBox
VirtualBox
Talking about virtualization, you might be familiar with tools like VMWare, VirtualBox and Parallels. You probably use it in your daily life to virtualize your computer to many purposes like having another clean workstation, or simply if you're on MacOS and you also want to run Windows on it, the easiest way to do that is with these tools.
But in which level is VirtualBox, VMWare, etc compared to Hypervisor? Most likely, you've never met Hypervisor in your computer with its graphical form right? That brings us to acknowledge that there are types in virtualization.
Hypervisor in VMs is what it is called Type-1 virtualization, which it virtualizes at the hardware level. Well, we've discussed it already, so now there is the second type called Type-2 virtualization. This is where VMWare, VirtualBox, Parallels, etc are on.
Type-2 virtualization lies on a bit higher level than the Type-1, almost similar to the operating system virtualization or container, but not to be mistaken since they do not have the same concept.

What's next?

Containerization is the beginning of next level computing paradigm such as serverless and edge computing. I dare to say, to start your learning into cloud computing, having knowledge of containerization will surely help you to understand the upcoming concepts, architectures and terminologies you would face later on. We could talk about these matters in a different blog post, but few introductions won't hurt.
Serverless is a cloud computing paradigm that allows developers to run their code without having to manage or provision servers. This makes it easier to build and run applications, and can also reduce costs by only paying for the resources used.
And edge computing is a distributed computing paradigm that brings computation and data storage closer to the edge of the network, where data is generated and consumed. This allows for faster and more efficient processing of data, and can be used to improve the performance of IoT and mobile applications.

Summary

A bare-metal server is a single physical machine that runs one or more applications on it, all the applications share the same resources, such as CPU, memory, and storage.
A virtual machine (VM) is like creating multiple virtual computers on a single physical machine. Each virtual computer runs its own operating system and applications, and they are isolated from each other. Each virtual machine has its own set of resources, like CPU, memory and storage.
A container is a way to package an application and its dependencies together and run it in an isolated environment on a single operating system. Instead of creating a whole virtual machine, a container shares the host operating system kernel and runs the application in an isolated environment.
VMs isolation happens at the machine thus sometimes it's called machine isolation while container called process isolation.
So in simpler terms, a bare-metal server is a single computer, a virtual machine is like having multiple computers on a single machine, and a container is like having multiple isolated environments on a single computer.

References