Build, ship and run any app, anywhere: Under this motto, the open-source container platform (environments) Docker promotes a flexible and resource-efficient alternative to creating hardware components based on virtual machines (VMs). In our Docker tutorial for beginners, we’ll see the differences between the two virtualization techniques and present the open-source Docker project with clear step-by-step instructions.
While traditional hardware virtualization relies on starting multiple guest systems on a common host system, Docker uses containers to run applications as isolated processes on the same system. Container-based virtualization is also known as operating system-level virtualization.
This graph illustrates the main differences in the architectural structure of the two virtualization techniques:
Container: virtualization with minimum overhead
If applications are encapsulated in the context of traditional hardware virtualization, this is done using a hypervisor. It acts as an abstract layer between the host system and the virtual guest systems. Each guest system is implemented as a complete machine with a separate operating system kernel. The hardware resources of the host system (CPU, memory, disk space, available devices) are proportionally allocated by the hypervisor.
With container demon name generator virtualization, however, no complete guest system is simulated. Instead, applications are started in containers. Although they share the same kernel, that of the host system, they function as isolated processes in the User Space.
The great advantage of container-based virtualization is that applications with different requirements can be run independently of each other without the overhead of a separate guest system being accepted. Container technology uses two basic functions of the Linux kernel: control groups (Cgroups) and kernel namespaces.
Cgroups limit access to memory, CPU, and I / O resources, which prevents the resource requirements of one process from affecting other running processes.
Namespaces (namespaces) limit a process and its child processes to a specific section of the underlying system. To encapsulate processes, Docker uses namespaces in five different areas:
Identification System (UTS): In container-based virtualization, UTS namespaces are used to assign containers to their own host and domain names.
Scalability, high availability, and portability
Container technology is not just a resource-efficient alternative to traditional hardware virtualization. The software containers also make it possible to use applications on several platforms and in different infrastructures without having to adapt them specifically to the hardware or software configurations of the different host systems.
Docker uses portable images of container software. Container images contain clean applications, including all libraries, binaries, and configuration files required to execute encapsulated application processes, and therefore only impose minimal requirements on the host system in question. This allows you to move an application container between different Linux, Windows, or macOS systems without additional configuration, provided that the Docker platform has been installed as an abstract layer. Docker is, therefore, the ideal base for the implementation of scalable and highly available software architectures. On production systems, Docker is used by companies like Spotify, Google, eBay or Zalando.