The development of cloud-native applications has become significantly influenced by container technology. Building secure and reliable systems requires a thorough understanding of different virtualization levels and process security.
I always enjoy learning about the history of technology and what came before; if you are like me, you might be curious about the distinctions between virtual machines and containers in terms of technology (VMs) and how they came to be. It's critical to comprehend what containers are and are not because they have emerged as a significant factor in cloud-native development.
People usually grabbed for short hands when describing containers as "lightweight VMs" when they first emerged. However, on the surface, this description made sense because people were switching their workloads from virtual machines to containers. But it hardly cracked the surface regarding how each of those technologies worked.
Virtualization
As with all things in computing using software to build a layer of misdirection over computer hardware, virtualization allows a single computer's physical components to be split up into several virtual computers. The name of the game here is isolation and abstraction.
The transformation of the actual hardware into a shareable form is made feasible through virtualization. Businesses used to typically run one application per server in the days before virtual machines. This meant that these servers would frequently have lots of unused CPU, which was extremely wasteful especially at scale. In an effort to makes more effecient use of hardware virtual machines were created.
Virtual Machines
Virtual Machine Stack
Virtual machine is a software based computer. When reasoning about virtual machines its important to understand the two main components:
Hypervisor
GuestOS
The GuestOS portion is relatively straightforward forward. It's whatever operating system you are trying to run.
Hypervisors are software that manages and coordinates virtual machines running on physical hardware. It manages everything from allocating resources to virtual machine isolation. Ensuring all machines have the required resources and ensuring issues with one virtual machine doesn't impact the other.
There are two classes of hypervisors:
Type 1 or Bare Metal Hypervisors (OpenKVM) run directly on physical hardware, reducing latency and improving overall efficiency.
Type 2 or Host Hypervisors (VirtualBox) which run as an application on top of another host operating system and often incur a performance hit due to the extra abstraction layer.
Since there is a clean separation between processes on the hostOS and the guestOS, the isolation level is superior. The trade-off here is performance and efficiency, but a big step up from running a single process per machine.
Processes
Before we get into containers, I would first like to discuss a little about processes and what they are and how they have been used to power all sorts of containers since 1979.
This post is for paying subscribers only
Sign up now and upgrade your account to read the post and get access to the full library of posts for paying subscribers only.
