discussing the difference between docker dontainers and virtual machines
TRANSCRIPT
Discussing the difference between Docker containers and Virtual Machines
Bachelor seminar
Steven Grzbielok ■ 12th of August, 2016
About me
Steven Grzbielok• Born in 1994, living in Ratingen• 6th term Information Systems (B.Sc.)• IT-Consultant for MT AG since 2014• Primarly deals with UI-Design
and web development
Agenda
1. What is Docker and what benefits are promised for the usage of Docker?
2.Comparison of an example: VM vs. Docker3.Conclusion: Guidelines
1. What is Docker and what benefits are promised for the usage of Docker?
Motivation
Virtual machines are often called heavyweight and slow.
Is Docker a promising alternative?
What are the differences between both techniques?
Fundamentals
• Virtualization → Dividing a physical computer into several virtual environments
• VM = large files and big processes
• Alternative: Linux containers• Docker: Promised to be lightweight, open,
secure and scalable
Di Liu & Zhao, 2014, p. 475; Bui, 2015, p. 1; Pahl, 2015, pp. 24-25; Docker Inc., 2016h
What is a virtual machine?
Virtualization means the operation of system components in an abstract environment that is
often detached from the hardware and the operating system which is used as a host.
Scalability and portability
Hofer & Fischer, 2008, p. 970
Evolution of VMs
• First virtualization approach from IBM (1960s/1970s) for dividing one physical machine
• First language level approach by Sun to deliver VMs with Java applications
• Microsoft developed virtualization techniques for running Windows even on a Mac
• Popularity was gained through Vmware which developed a simple workstation for the end user
Douglis & Krieger, 2013, p. 6; Ruest & Ruest, 2009, pp. 24–26;
What is a VM?
• Abstract version of a complete computer• Consists of
o A configuration file (amount of RAM, virtual disks)o Hard drive files (virtual version of a physical hard drive)o In-memory file (virtual version of the RAM) → saved when you
e.g. pause the VMo VM state file (saves the state of the VM when pausing or
shutting down)o Other OS specific files like logs
Ruest & Ruest, 2009, pp. 30–31
Virtualization models
Often free and easy to setup→Used for starting a project
More efficient, but harder to setup→Used for productive environments
Ruest & Ruest, 2009, pp. 33
What is a hypervisor?
• Small operating system that exists only for partitioning resources → Virtualizes the hardware
• Isolates VMs and blocks access attempts between the VMs
• Hypervisor type 1: Runs directly on hardware• Hypervisor type 2: Runs on top of a OS
Vogel, Koçogˇlu, & Berger, 2010, pp. 9–11; Ruest & Ruest, 2009, p. 39; Fox, 2012, p. 54
Downsides of VMs
• VM are heavyweight and inefficient compared to a non-virtualized system
• Applications are not easily portable• Slow in IT provisioning
Raj, Chelladhurai, & Singh, 2015, p. 2
Hypervisors
• Software virtualization is often used to start a project
• Hardware virtualization is often used for production environments
Nagy, 2015; Ruest & Ruest, 2009, p. 39;Fox, 2012, p. 54
Hypervisor:● Small OS that only exists to manage
the VMs● Can run insteadof the host OS (type 1)
or on top of the host OS (type 2)
Architecture of container virtualization
• Contains only the needed applications and dependencies
• Container share the same kernel with other containers
• Benefits also from the resource isolation and allocation like VMs
Di Liu & Zhao, 2014, p. 476; Bui, 2015, p. 2
Benefits of containers
• Virtualized hardware is slower than regular ones
• The negative effects can be reduced by sharing the same kernel → containers
• Container encapsulates single service (micro service architecture)
• Container packages all neccessary components• Communication through APIs• Container platforms are e.g. Docker or Rocket
Nagy, 2015
Docker
• Used by famous companies like Ebay, Spotify…• Can only host containers from the same type
as the host OS• Currently only Linux containers on a Linux host• Microsoft is developing the Docker support on
Windows Server 2016 to support Windows containers
Raj, Chelladhurai, & Singh, 2015, p. 2; Bui, 2015, p. 2; Docker Inc., 2016b
Docker engine is driven by LXC
• Linux Containers (LXC): Package to control user spaces
• Essential Feature:Namespaces (implemented on kernel-level) seperate the containers from the host OS
o PID: Process ID namespaceo IPC: Inter Process Communication namespacceo MNT: Mount namespaceo UTS: Unix Timesharing Systemo Networking namespace
Merkel, 2014; Di Liu & Zhao, 2014, p. 476
Other advantages of LXC
• Control groups isolate groups of processes and make it possible to manage the resource allocation between cgroups
• Union file sytem: Copy-on-write creates a copy of the data on modification and changes the current pointer to the right set of data after the process → Especially useful for data that is shared by multiple applications
Pahl, 2015, pp. 26-27; Anderson, 2015, p. 104; Joy, 2015, p. 344; Di Liu & Zhao, 2014, p. 476
Docker Hub: One of the reasons of the rapidly growing community
• Cloud service to upload and share containers• Upload for private or public usage• Easy to „pull“ a container and use it or modify
it• 320 Mio. downloads until beginning of 2015• Prebuilt containers with software such as
Node.js, MongoDB, Wordpress or the Apache web server
E N, Mulerickal, Paul, & Sastri, 2015, p. 697; Haydel et al., 2015, p. 366; Docker Inc., 2016c
2. Comparison of an example: VM vs. Docker Containersa “self-experiment”
Setup of the example
Host OS: Windows 10 Pro (64 Bit)Guest OS: Linux Server (AMD64) 16.04Notebook model: Dell Latitude E5550CPU: Intel Core i5-5300U @ 2,30GHz (Turbo-Boost to 2,90 GHz)RAM: 16 GBVM VirtualBox 5.0.22
RAM: 2GB
CPU: 1 Core
Docker Docker for Windows 1.12.0-rc2-beta16 (build: 4760)
RAM: 2GB
CPU: 1 Core
Installation process
Virtual Machine Docker
• Possible hosts: x86/x64 systems
• Possible guests: Windows (Server), Linux...
• Regular installation process via an executable file
• No Hyper-V support
• Simple and short installation wizard
• Hosts: x64 systems• Possible guests: Linux• Hyper-V has to be
activated!→ Docker activates it if necessary. Restart has to be done to complete the installation
Build: General
Both systems offer the following options:1. Use a prebuilt image/container (and adapt it to
your needs)2. Build your own image/container
1. By hand2. Scripted
Oracle, 2016a; VirtualBoxes, 2016; VirtualBoxImages.com, 2008
Prebuilt images
Virtual Machine Docker
• Prebuilt systems downloadable from Oracle or non-official repositories like VirtualBoxes or VirtualBoxImages
• Should not be used as a production environment (only for testing and development purposes)
• Pull an image from the Docker Hub (e.g. Docker pull ubuntu)
Build your own image
Virtual Machine Docker
• By Hand → Create a new VM, install the OS, install your applications
• Scripted build process with Vagrant and Puppet
• By hand → Pull a basic Linux image and modify it until it fits the requirements
• Scripted build process:– Docker build for the
creation with a Dockerfile
– Docker compose for multi-container applications
– Automated build with Puppet
HashiCorp, 2016a; HashiCorp, 2016b; Heidi, 2013a; Heidi, 2013b; Docker Inc., 2016a ; Docker Inc., 2016f; Docker Inc., 2016g; Mouat, 2016, p. 19
Build your own image
Virtual Machine Docker
• Deployment process:Export VM from host 1 → Import VM to host 2
• Export and import via the GUI of VirtualBox
• Deployment process can take up to one hour (depending on image size and host performance)
• Continuous Integration with a private VirtualBox cloud and the Jenkins VirtualBox plugin
• Docker push to upload the image to the Docker Hub (either private or public repository)→ Afterwards can be pulled from every client
• CI is possible with the integration of Docker, GitHub and Jenkins to automatically push and pull new builds
Oracle, 2010; Oracle, 2012, pp. 5–6; Jenkins-CI, 2013; Docker Inc., 2015; Docker Inc., 2016a
Run: CPU Benchmark¹
Virtual Machine
Goal: Fast execution of the process
Docker(~0,57% slower)
¹ All benchmarks are done with Sysbench for Linux
Run: File IO Benchmark
Virtual Machine Docker(~78,45% faster)
Transfer of a 50GB file
Run: MySQL Benchmark
Virtual Machine Docker(~3,94% slower)
Transactional processes on 1.000.000 test records
Run: Conclusion
• Docker performs much better in the file IO benchmark
• The VM was slightly better when it comes to CPU and database performance → But the difference was very small, it could be influenced by side effects
HowtoForge, 2016
3. Conclusion: Comparison based on Quality Issues
• Architecture of a VM guarantees isolation. Container isolation depends hardly on the used virtualization platform (e.g. Docker)
• Docker manages the communication between containers but the architecture is not 100% safe against unwanted accesses
→ VM is more suitable for processing business critical data
Security
Joy, 2015, p. 343
Performance
• Possible to run more virtual systems on a single server with containers (-->share OS kernel)
• Processing of Docker containers can be up to three times faster but this depends on the hardware that is related to the work that has to be done → CPU processing is nearly the same, hard drive access is much faster in Docker containers
Joy, 2015, pp. 342-345;
Portability
• Docker containers only need around 200MB while a VM needs around 8GB → Better deployment with Docker containers
• Build, push and pull is done within a few seconds or a few minutes with Docker Containers, VMs need up to one hour
• Higher portability due to the better deployment • Standardized host OS for Docker containers• VMs are independend from their host OS• VMs can be configured and used like a regular
computerSeo, Hwang, Moon, Kwon, & Kim, 2014, pp. 108-110; Dua, Raja, & Kakadia, p. 614
Scalability
• Startup of a container needs not much resources and can be done in 10% of the time that a VM needs → Better scalabilty
• Docker containers can be scaled up and down 22 times faster than VMs
Seo et al., 2014, p. 109; Joy, 2015, p. 345
Guidelines - When to use Docker, when to use a VM
1. When the number of guest systems and their size should be scalable (e.g. cloud).
2. When the performance of the virtual system is a critical criterion (e.g. in cloud and PaaS scenarios).
3. When continuous integration should be easily used.4. When fast deployment should be established and
portability e.g. for the development team is necessary.5. When you wan to guarantee a standardized host OS for
your virtual system.
When to use Docker?
1. When processing business critical data and you want full isolation wihtout root access on the host system due to the architecture.
2. When the installation and configuration of additional software should be easy even for inexperienced users.
3. When the VM should be independent of its host OS and the virtualization platform.
When to use a VM?
Thanks for your attention!A more specific talk “Boost your APEX deployment with Docker” based on this research will be hold at DOAG2016.
Bibliography (1/4)
Anderson, C. (2015). Docker. IEEE Software, 2015(15), 102–105.
Bui, T. (2015). Analysis of Docker Security. Retrieved from Aalto University School of Science website: http://arxiv.org/pdf/1501.02967v1
Di Liu, & Zhao, L. (2014). The Research and Implementation of Cloud Computing Platform based on Docker. In J. P. Li (Ed.), 2014 11th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP). 19 - 21 Dec. 2014, Chengdu, Sichuan Province, China (pp. 475–478). Piscataway, NJ: IEEE. Retrieved from http://ieeexplore.ieee.org/servlet/opac?punumber=7063853
Docker Inc. Using Puppet. Retrieved from https://docs.docker.com/engine/admin/puppet/
Docker Inc. (2015). Building a Continuous Integration Pipeline with Docker.
Docker Inc. (2016a). Build your own images. Retrieved from https://docs.docker.com/engine/tutorials/dockerimages/
Docker Inc. (2016b). Docker and Microsoft: Build, Ship, Run with Docker and Microsoft. Retrieved from https://www.docker.com/microsoft
Docker Inc. (2016c). Docker Hub. Retrieved from https://hub.docker.com/explore/
Docker Inc. (2016d). Getting Started with Docker for Windows. Retrieved from https://docs.docker.com/docker-for-windows/
Docker Inc. (2016e). Overview of Docker Compose. Retrieved from https://docs.docker.com/compose/overview/
Docker Inc. (2016f). pull. Retrieved from https://docs.docker.com/engine/reference/commandline/pull/
Docker Inc. (2016g). Ubuntu: OFFICIAL REPOSITORY. Retrieved from https://hub.docker.com/_/ubuntu/
Docker Inc. (2016h). What is Docker?: Understand how Docker works and how you can use it. Retrieved from https://www.docker.com/what-docker
Douglis, F., & Krieger, O. (2013). Virtualization. IEEE Internet Computing, 17(2), 6–9. doi:10.1109/MIC.2013.42
Bibliography (2/4)
Dua, R., Raja, A. R., & Kakadia, D. Virtualization vs Containerization to Support PaaS. In 2014 IEEE International Conference on Cloud Engineering (IC2E) (pp. 610–614). doi:10.1109/IC2E.2014.41
E N, P., Mulerickal, J. P. Fr., Paul, B., & Sastri, Y. (2015). Evaluation of Docker containers based on hardware utilization. In 2015 International Conference on Control Communication & Computing India (ICCC) (pp. 697–700). IEEE. doi:10.1109/ICCC.2015.7432984
Fox, D. (2012). Hypervisor. Datenschutz und Datensicherheit - DuD, 36(1), 54. doi:10.1007/s11623-012-0012-y
Github. (2016). akopytov/sysbench. Retrieved from https://github.com/akopytov/sysbench/
HashiCorp. Vagrant Documentation. Retrieved from https://www.vagrantup.com/docs/
HashiCorp. Why Vagrant? Retrieved from https://www.vagrantup.com/docs/why-vagrant/
Haydel, N., Madey, G., Gesing, S., Dakkak, A., Garcia de Gonzalo, S., Taylor, I., & Hwu, W.-m. W. (2015). Enhancing the Usability and Utilization of Accelerated Architectures via Docker. In O. Rana & R. Buyya (Eds.), 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing. UCC 2015 : proceedings : 7-10 December 2015, Limassol, Cyprus (pp. 361–367). Los Alamitos, California: IEEE Computer Society, Conference Publishing Services.
Heidi, E. (2013a). A beginners guide to Vagrant - getting your portable development environment, part 1. Retrieved from http://www.erikaheidi.com/blog/a-begginers-guide-to-vagrant-getting-your-portable-development-e
Heidi, E. (2013b). A beginners guide to Vagrant part 2 - Provisioning and Puppet. Retrieved from http://www.erikaheidi.com/blog/a-beginners-guide-to-vagrant-part-2-provisioning-and-puppet
Hofer, P., & Fischer, P. (2008). Lexikon der Informatik (15th ed.): Springer.
HowtoForge. How To Benchmark Your System (CPU, File IO, MySQL) with sysbench. Retrieved from https://www.howtoforge.com/how-to-benchmark-your-system-cpu-file-io-mysql-with-sysbench
Jenkins-CI. (2013). VirtualBox Plugin. Retrieved from https://wiki.jenkins-ci.org/display/JENKINS/VirtualBox+Plugin
Bibliography (3/4)
Joy, A. M. Prof. (2015). Performance Comparison Between Linux Containers and Virtual Machines. In IEEE (Ed.), International Conference on Advances in Computer Engineering and Applications (ICACEA), 2015. 19 - 20 March 2015, Ghaziabad, India ; conference proceeding (pp. 342–346). Piscataway, NJ: IEEE.
Merkel, D. (2014). Docker: Lightweight Linux Containers for Consistent Development and Deployment. Retrieved from http://dl.acm.org/citation.cfm?id=2600241
Mouat, A. (2016). Using docker: Developing and deploying software with containers (First edition). Beijing, Boston, Farnham: O´Reily.
Nagy, G. (2015). Operating System Containers vs. Application Containers. Retrieved from https://blog.risingstack.com/operating-system-containers-vs-application-containers/
Oracle. Pre-Built Developer VMs. Retrieved from http://www.oracle.com/technetwork/community/developer-vm/index.html
Oracle. Welcome to VirtualBox.org. Retrieved from https://www.virtualbox.org
Oracle. (2010). Manual. Retrieved from https://www.virtualbox.org/manual/ch01.html
Oracle. (2012). Oracle VM VirtualBox Image SampleApp v107 Deployment Guide. Retrieved from http://www.oracle.com/technetwork/middleware/bi/downloads/sampleapp107-vbimage-deployguide-453583.pdf
Pahl, C. (2015). Containerization and the PaaS Cloud. IEEE Cloud Computing, 2(3), 24–31. doi:10.1109/MCC.2015.51
Raj, P., Chelladhurai, J. S., & Singh, V. (2015). Learning Docker: Optimize the power of Docker to run your applications quickly and easily. Community experience distelled. Birmingham, Mumbai: Packt Publishing.
Ruest, D., & Ruest, N. (2009). Virtualization: A beginner's guide ; [get details on the virtualization solutions from Citrix, Microsoft, and VMware ; set up virtual servers, machines, desktops, and applications ; follow an easy, five-step deployment plan ; secure, back up, and tune your virtual computing environment]. Network professional's library. New York: McGraw Hill.
Bibliography (4/4)
Seo, K.-T., Hwang, H.-S., Moon, I.-Y., Kwon, O.-Y., & Kim, B.-J. (2014). Performance Comparison Analysis of Linux Container and Virtual Machine for Building Cloud. In : Advanced Science and Technology Letters, Networking and Communication 2014 (pp. 105–111). Science & Engineering Research Support soCiety. doi:10.14257/astl.2014.66.25
VirtualBoxes. (2016). VirtualBoxes. Retrieved from https://virtualboxes.org/images/
VirtualBoxImages.com. (2008). VirtualBox Images. Retrieved from https://virtualboximages.com/
Vogel, R., Koçogˇlu, T., & Berger, T. (2010). Desktopvirtualisierung: Definitionen, Architekturen, Business-Nutzen (1. Aufl.). s.l.: Vieweg+Teubner (GWV). Retrieved from http://gbv.eblib.com/patron/FullRecord.aspx?p=752014
Copyright
I do not own any of the used images. All rights are owned by Docker Inc. or the University Duisburg-Essen