Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Docker Containers: 9 Fundamental Facts

  • Docker is an open source platform designed to build, distribute and run applications inside a container. A container is a virtual box that packages applications with dependent services and components. In comparison to the traditional virtualization functionalities of hypervisors, Docker containers eliminate the need for a separate guest operating system for every new virtual machine.

    Docker implements a high-level API to provide lightweight containers that run processes in isolation. It works on the kernel’s functionalities to ensure resource (CPU, memory, block I/O, network and more) isolation. Docker automates application deployment inside software-defined containers that provide an additional layer of automation and an abstraction of operating system-level virtualization on Linux.

    A Docker container enables rapid deployment with minimum run-time requirements. It also ensures better management and simplified portability while reducing the resource requirements for deploying new containers. This helps developers and system admins in rapid deployment of an application.

    With all of these benefits, Docker containers are quickly making inroads in today's enterprise environment. Click ahead for the most important things you need to know about Docker containers.

  • Docker container architecture

    The architecture of a Docker container includes a physical machine with a host operating system. On top of the host operating system, a Docker engine is deployed, which helps create a virtual container for hosting applications. Docker engines create isolated containers on which applications can be deployed. Unlike a typical hypervisor solution, Docker eliminates the requirement of creating a separate VM for each application, as well as the requirement of a guest OS for each VM.

    In hypervisor-based application virtualization, a virtualization platform (for example Hyper-V or VMware) is deployed on a physical server with a host OS. On top of the virtualization platform, virtual machines are created, each of which has an independent guest OS. On top of all these layers, the application is deployed. Hosting so many virtual machines, each having an independent guest OS, makes this architecture much more resource-intensive than Docker containers.

  • Container automation

    Docker containers usually provide built-in tools to automate the process of container provisioning by leveraging source code from any existing application container. This takes care of services, dependencies, packaging and more. Docker also provides a broad range of pre-configured Docker images that help organizations in rapid deployment of application containers.

    To accomplish this same set of tasks, any hypervisor solution will require a complex procedure involving cloning applications, along with their dependencies and tools, into an isolated package.

  • Compute resource requirements

    In Docker containers, applications are built directly over Docker engines, eliminating the need for a guest OS. This capability helps reduce overall system requirements such as CPU or RAM for hosting multiple guest operating systems. This also reduces deployment costs by reducing the need for compute resources as per application only. Unlike Docker containers, hypervisor-based applications require an additional guest OS along with the other dependencies for the actual application to run.

  • Process isolation and security

    In Docker containers, each application or container is isolated from others, but they use the same root. This provides the advantage of simplified management, although it also leads to a few disadvantages. For instance, if the root is compromised, the host containers could be at risk. Hypervisor solutions, in contrast, provide more or less complete isolation, depending upon the requirements.

    Docker Inc. is working to address Docker container security issues. The company recently collaborated with industry experts to work with the Center For Internet Security and release security best practices for deploying Docker 1.6 or later technology.

  • Start time

    Containers are directly built on Docker engines; the time taken to start an application only depends on the type of application. The underlying kernel is already running, and lack of an intermediate operating system (a guest OS) reduces the boot time for the container. In hypervisors, the total startup time of the system includes the boot-up time of the guest OS as well as the application.

  • Application shipment

    Docker allows distribution or shipment of applications across different environments in a Dockerized container, with all dependencies bound as a single package. For instance, to move an application from a development environment into testing and then production, the entire container can be packaged and migrated as a single entity; the application remains bound with all the environment configurations. This helps in migrating applications across different departments, between teammates, or through the cloud without any risk of breaking things.

    In hypervisor solutions, packaging and migrating applications with all their dependent services and tools always risks environment breakdown.

  • Hardware compatibility

    With Docker containers, administrators can create an application without having to consider any dependencies on a guest OS. This makes an application lightweight, fast, and less expensive while eliminating potential platform compatibility issues.

    In hypervisor solutions, a dedicated guest OS for each virtual machine makes it more expensive and slow to respond as compared to a Docker container application. Any virtual machine created in a specific hypervisor platform cannot run on other hypervisor platforms.

  • Enterprise features

    Although organizations have started using Docker containers for application virtualization, the technology still lacks some enterprise-level virtualization features such as granular access controls, container migration, logging, and backup restore. Most hypervisor platforms support such enterprise-class features. When an organization is looking to deploy virtualized applications in a production environment, a hypervisor solution is recommended for the simple fact that Docker-based solutions lack in offering enterprise-class features.

  • Vendors

    Many vendors now offer containerization products and services. Since 2013, Docker, Inc., the commercial entity that manages the Docker open source project, has dominated the market for virtualization containers. Other vendors recently stepping into the market include Canonical with LXD and CoreOS with Rocket.

Recommended Reading: