How Containers stack up against VMs
By Tim Clark
Attention VMware investors: Containers will not kill the virtual machine (anytime soon).
That’s good news too for EMC, which owns an estimated 80% of its VMware spinoff. At least in the short-term, even Docker with its $95 million in VC cash is no match against the VM giants such as Microsoft, Citrix and VMware/EMC.
Basically, as my FactPoint partner Larry Gordon says, the Containers vs. VMs question is still a big lab experiment right now. We have containers running on bare metal, sometimes alongside VMs on the same hardware, and we have containers running inside VMs. Many options are being discussed.
We have no best practices yet, just experimentation. Containers may be “another weapon in the arsenal of cloud developers,” as analyst David Linthicum says, but not many developers are trained on using this firearm. Nonetheless, here’s a preliminary analysis (valid until about four months in October) on how VMs and containers stack up:
Security: The advantage lies clearly with VMs, in part because of their longevity and broad usage. A May 2015 study by DockerOps.com found that over 30% of official (i.e., vetted) images in the repository Docker Hub contain high-priority security vulnerabilities. For images contributed by outsiders, the rate was 40%. Other aspects of container security (isolation of containers from each other) improve on VMs, but containers have a way to go to reach security maturity. Add IT World’s view: “It takes sweat [manual labor] to secure containers,” and you get clear Advantage: VMs.
Speed:(boot-up time): Milliseconds vs. minutes? Advantage: Containers.
Mixed environments: [Correction, see below*] Containers don't need to run on the same host operating system. VMs need an operating sytstem in each VM. Advantage: Containers
Utilization: Server utilization on physical servers drove the VM market, but “VMs take up a lot of system resources,” writes Steven J. Vaughn-Nichols in IT World in April 2015.”What this means in practice is you can put two or three times as many applications on a single server than you can with VMs.” So if apps-per-box is the metric, Advantage: Containers.
Maturity: Although the container concept is old, the current generation is not yet in production. VMs are. Advantage: VMs.
Cost: Due to VM licensing fees (hey, they gotta make money somehow), some companies may use containers as a tool to pack more applications onto a paid-for virtual machine (See comment here). Since the container business model remains hazy, Advantage: Containers.
Training: Container users are largely learning through hands-on experience, which is partly why containers today live in labs, not production environments. Still developer enthusiasm for Docker has led the company to launch training courses, much as Cloudera trains for Hadoop. That can’t counter the production experience of legions of VM experts. Advantage: VMs.
Manageability: There’s confusion here. Management tools for VMs are mature, and VMware is making a play to manage containers with its VM tools because container management tools are scarce. Still, for Aptible, which hosts sensitive health data in the cloud with similar containers for different clients, “Containers allow significantly easier management compared to…virtual machines.” Advantage: Even.
Scope: As VMware architect Scott S. Lowe writes in Virtual Machines Vs. Containers: A Matter Of Scope, “If you want run multiple copies of a single app, say MySQL, you use a container. If you want the flexibility of running multiple applications, you use a virtual machine. “ Advantage: Even
Finally, as John Katsaros of Internet Research Group notes, enterprises have spent hundreds of millions of worthwhile dollars on virtual machines and earned significant benefits. They’re not likely to walk away from their VM investments any time soon, but they’ll experiment with containers.
Where’s the advantage?
*Correction: Reader Ben Grissinger catches an error in the original version of this story, corrected above. Here's what he wrote:
"I have to differ with your matrix, specifically under mixed environments:
"Containers are entirely more portable than VMs and they do not require that they run on similar HOST OS's – advantage Containers, not VM's
"Also you do not mention Container properties such as they are more agile and lightweight, or that the constructs for image management as it relates to Docker are far superior over any VM solution today
"Have you ever tried moving full sized VMs around the net or tried to run an AWS ami image with your app on google cloud or azure or Openstack. The effort and time to make such a transition using VMs in a hybrid environment is significant. Containers can be ported across the hybrid with ease and much faster that VMs"
Thank you, Ben, for the correction,