Blog details

How to easily understand Docker containers

July 27, 2017
After updating Linux container technology developed in the 80’s and making it stable, Docker reintroduced containers to the world in 2013 as a cloud technology, and since then it has been a huge success.
 
The trend has grown so fast that containers are taking over the market and are even replacing virtual machines. But for most companies, Docker containers are still a very new technology that they need to understand, more importantly understand its benefits before to using it.
 
For someone who has always used virtual machines and traditional infrastructures, containers can be a tricky topic that demands to think differently because they always try to understand what a container is through the definition of a virtual machine.
 
To help make it easy to understand, I always use the image of a big house to represent a virtual machine, a building with several apartments to represent containers, and a tenant to represent one application. Keep that in mind, and you’ll see, it will be easy to get the concept of Docker containers.
 
Let’s begin with the example of the house. As the tenant, if I decide to rent a house, I will have access to all the rooms. Most houses come with a minimum of two bedrooms, one kitchen, one bathroom, and a living room. If I live by myself in the house (meaning only one application per virtual machine), then I probably don’t need the second bedroom and all this extra space for which I pay. Then, a part of the space I am renting is unnecessary and a waste of money. Indeed, most virtual machines are bigger than needed in order to absorb temporary peaks of demand, or the possible application expansion. But this extra space is useless most of the time!
 
Moreover, the front door of the house represents the only protection between the outside and my private space. If a stranger gets into my house, he has access to each room and can do anything he wants. Once a threat has penetrated the virtual machine, it has access to the entire application or even many applications and can break them down, including your database.
 
Because of their isolation, containers are a very different concept. Let’s consider one unit apartment as one container, and the building as Docker Host that manages the containers.
Like in most buildings, several sizes of apartments are available. Unlike the house (VM), I can rent only the space that fits my needs best. I don’t need to pay for extra space that I won’t use. Later on, if I need more space I can easily move to another apartment in the same building. With an infrastructure based on containers I don’t need to create a totally new and different infrastructure if my application grows. I only need to create more containers, which takes only a few minutes.
 
Dissimilar to the house, if a stranger breaks in to one of the apartment (one container), he can’t have access to the other tenants’ apartments. In fact, if a threat accesses one container that contains one application or one microservice, he won’t have access to my other applications or microservices as they are separated from each other. It is an additional security measure that containers offer and virtual machines don’t.
 
As you can see, it is difficult to compare a container with a virtual machine as they have a very different and specific approach.
With containers, you start small with the basics first, and build and expand your environment as your needs grow.
With virtual machines, you start big with a large environment, usually more than you need, and you fill it progressively.
 
I hope you now understand that Docker containers are not a light version of virtual machines. They are more focused on your application and allow your environment to expand as your business grows.

Leave a comment