VMs and containers have disadvantages that can make workload creation and management a difficult process. Micro VMs provide admins with the best characteristics of both.
Essentially, a micro VM is a container architecture that provides VM isolation for each instance. Ideally, this enables admins to deploy a large number of micro VMs quickly and efficiently, while ensuring the logical isolation and security of each instance. Consider typical VMs and containers. Each has their own drawbacks, but when combined, offset those disadvantages and boost the benefits when integrated into workloads.
VMs provide isolation but consume large amounts of resources
VMs run on an underlying hypervisor and provide exceptional logical isolation. VMs don't share each other's memory space and aren't even aware of the presence of other VMs on a host server. Each VM can support its own guest OS, enabling a virtualized server to run many different OS types and versions.
However, VMs can be large, resource-intensive virtual constructs that can take several minutes to deploy. Most servers can host only a handful of VMs. Each VM needs its own OS, and this can result in unnecessary duplication of resources. For example, 10 VMs running Windows Server workloads would need 10 Windows Server licenses, such as Windows Server 2019. So, VMs can be costly to deploy.
Containers are small but susceptible to malicious attacks
By comparison, containers are small virtual constructs that run atop a container engine, such as Docker, and require relatively little compute resources. This enables many -- perhaps hundreds of -- containers to deploy in a matter of seconds and coexist on the same server.
A big part of this efficiency is the use of a common OS -- every container shares the same OS kernel -- which is usually some version of Linux. Containers include all of the dependencies needed to operate, enabling a container to easily deploy across many host systems. However, the common OS poses potential security and stability risks. Any security or functional flaw in the OS will potentially affect all of the containers running on that OS.
Micro VMs offer both isolation and security
Micro VMs promise the best of both worlds. A micro VM environment starts with standard server hardware, and runs a host OS, such as Linux, to supply the KVM needed for micro VMs. A micro VM engine, such as Firecracker, runs atop the OS, acting as the hypervisor -- or engine -- that supplies an API, network, storage and management tools needed to operate each micro VM.
Once running, the micro VM engine will create completely isolated virtual instances that can run a guest OS and a container-type workload. The instances are small, isolated and admins can quickly create them in large volumes.
Dig Deeper on Containers and virtualization
Related Q&A from Stephen J. Bigelow
Some enterprises avoid the public cloud due to its multi-tenant nature and data security concerns. Learn what data separation is and how it can keep ... Continue Reading
There are advantages and disadvantages to using NAS or object storage for unstructured data. Find out what to consider when it comes to scalability, ... Continue Reading
Knowing hardware maximums and VM limits ensures you don't overload the system. Learn hypervisor scalability limits for Hyper-V, vSphere, ESXi and ... Continue Reading