Containers or VMs: What's Better for Microservices?
Today more and more companies are resorting to using microservice architecture on their projects. One of the benefits of this approach is its independent deployment which means that each individual component can be deployed independently. This allows you to release new features quickly and with less risk. But as you choose to deploy microservices, you will also need to choose between containers and virtual machines. Let’s have a look at each and see the principles of their operation to better understand all potential pros and cons.
VMs and containers: an overview
Both containers and virtual machines eliminate the need for a physical server. This method allows for more efficient use of computing resources in terms of both energy consumption and cost. In addition, the use of either containers or virtual machines allows you to isolate the application and its dependencies into a standalone unit that can work anywhere.
A virtual machine is a system that behaves like a computer and is capable of running applications and operating systems. To start a VM, a hypervisor is used. The hypervisor manages resources and their separation between different operating systems isolates running operating systems from each other, and can also ensure their interaction.
Virtual machine architecture
As for the containers, it is a form of OS virtualization that kind of abstracts the “user space” and contains all the dependencies required to execute the software applications. Containers provide isolation on the OS level
The main difference between a Virtual Machine and a container is that each virtual machine uses its own operating system. In fact, many container environments use VMs as the server’s operating system and do not work directly on equipment, especially when working with containers in the cloud. There are several factors that we can use to compare VMs and containers - let’s have a look at each.
You can reduce server and license costs by using containers. Unlike a virtual machine, where the OS and the necessary virtual equipment are emulated, the container contains only the application and the required minimum of system libraries. Therefore, containers are more lightweight and you can fit more containers on one physical server. In comparison, a virtual machine takes up much more system resources such as RAM and processor cycles.
If you decide to run each microservice on a separate VM, then you will have to buy a license for each machine. It is possible to run several microservices on one VM, but this will negate the main advantage of microservices - isolation. This, in turn, may lead to the problem of conflicts between the libraries and components. Containers offer OS-level isolation which means that a single operating system can support multiple containers with separate environments.
Speed of Deployment and Execution
Containers are created faster than VMs due to the absence of a hypervisor because the latter needs to do a lot of configurational decisions at the start — the guest OS for running the application, amount of storage space needed. Container images are stored in a repository from where they can be pulled as required through a few quick commands. Thus, the startup time for Docker containers ranges from a few milliseconds to a couple of seconds which makes it much swifter than a VM. Also, аny modifications to a VM snapshot can take significant time to regenerate and to validate that they behave as expected. Since virtual machines include an operating system, their size can be several gigabytes while the size of containers is calculated in megabytes.
Containerization provides the isolation of processes. That means the system can be decomposed into levels and the internal processes become inaccessible for microservices that are responsible for external communications. If the compromise occurs on the external circuit of the application, the attackers will still not be able to penetrate deeper into the system into its lower-level services. But be careful when downloading images, they can compromise host security. One can crack the operating system if the client (user or application) of the container has root privileges.
While hypervisors are considered a safer option than containers, this does not mean that there are no security issues with them. For example, hackers can theoretically take malicious control over a hypervisor. This process is known as hyperjacking and is more difficult to identify. This is because these malicious programs can intercept OS operations (for example, entering a password), and the antivirus software may not notice them because the malicious code runs under the OS.
Winner: VMs (but have their issues).
For containers, memory is not allocated rigidly but is managed by the base OS. Therefore, the number of client modules that can interact simultaneously with the software is higher than for VM. For VM, the interaction is more complicated and the number of the clients that are simultaneously launched to it becomes smaller since the memory is rigidly allocated to the VM resources.
Nevertheless, with all the abovementioned advantages, container virtualization has its disadvantages. The process of packaging more resources in the container than required by application leads to the increased size of the image and the container. As well this will lead to the problem of quality assurance in case of the increasing the number of containers, including issues with distribution workload
Considering all the advantages and disadvantages of the two approaches, containers are a better option for microservices, since they are more suitable for a scalable and flexible architecture. Also, containers are better in terms of continuous delivery. But remember to take extra care of safety and consider all pros and cons before adopting an approach of choice.
Alexandra IvanovaView all articles by this author.