DOCKER VS VM
DOCKER
Docker is an container based technology which runs each and every application segregated and securely by the use of kernel containerization feature. Docker container creates an partitions on PaaS (Platform as a Service) level not on the basis of OS, or storage level. So, you can have separate container for every application deploy on the same server. Restarting or updating the services in a particular container doesn’t affect the other application present in the other container. This helps to reduce the server scaling for various purposes such as testing and production, by making it avilable to run multiple application’s on the same server.
What is Docker Image?
A docker image is a type of template with instructions to create docker containers. They are created using the build command. Docker image can be created using a read-only template by using the run command. Docker allows you to create and share software using docker images. We can either create a new image as per the requirements or use a ready-made cocker image from the docker hub.
What is Docker container?
Containers are the ready to run instance images of the applications created from docker images. Through Docker API or CLI, we can create or delete the container. Containers are isolated from each other and the host machine on which they are created.
What is Docker Registry?
The docker registry is the place where Docker images are stored. The docker Hub is a public registry that anyone can access and configure Docker to look images on docker hub by default. We can even run a private registry. Docker Trusted Registry (DTR) is included if we use Docker Datacenter (DDC).
How does Docker work?
Docker works on a client-server architecture. It includes the docker client, docker host, and docker registry. The docker client is used for triggering docker commands, docker host is used to running the docker daemon, and docker registry to store docker images.
The docker client communicates to docker daemon using a REST API, which internally supports to build, run, and distribute docker containers. Both the client and daemon can run on the same system or can be connected remotely.
VIRTUALIZATION:
Virtualization is an technology that allows you to use a physical machine’s full capacity by distributing it’s computing resources (i.e. RAM, OS, CPU, Storage Space) among many user’s or environments.
How Virtualization Works?
Software called hypervisors separate the physical resources from the virtual environments. Hypervisors can sit on the top of an operating system. It take your physical resource and divide them up so that virtual environments can use them.
Resources are partitioned as needed from the physical environment to the many virtual environments. Users interact with and run computations within the virtual environment (typically called a guest machine or virtual machine).
DOCKER vs VIRTUALIZATION:
1) Operating System Support
For every virtual machine you create on the physcial server, it has it’s own Guest operating system above the server host operating system. While on the other hand, Docker containers share the host operating system, and that is why they are lightweight.
2) Security
The virtual machine does no share operating system, and there is strong isolation in the host kernel. Hence, they are more secure as compared to Containers. A container have a lot of security risks, and vulnerabilities as the containers have shared host kernel.
Also, since docker resources are shared and not namespaced, an attacker can exploit all the containers in a cluster if he/she gets access to even one container. In a virtual machine, you don’t get direct access to the resources, and hypervisor is there to restrict the usage of resources in a VM.
3) Portability
Docker containers are easily portable because they do not have separate operating systems. A container can be ported to a different OS, and it can start immediately. On the other hand, virtual machines have separate OS, so porting a virtual machine is difficult as compared to containers, and it also takes a lot of time to port a virtual machine because of its size.
