The same issue arises when it comes to the reach of a container OS failure. A given application might require anywhere from a handful of containers, which are pieces of a program or individual microservices, to as many as 500, said Muscarella.
So if 100 containers shared a single OS kernel and the OS were to fail, all 100 containers would be compromised. However, if a VM supporting a few containers were compromised, a much smaller number would be affected; other VMs running different containers would remain operational.
Muscarella estimated, however, that there’s a 10% to 15% performance tax with VMs, given their many software dependencies, which can get costly when running them in a public cloud infrastructure.
“In the cloud, you get more useful capacity out of each of your servers with containers and you get more portability from server to server,” he said.
Containerized Apps on VMs
The process of updating container-based applications is lean, according to Muscarella.
“Rather than the traditional method of creating multiple versions of an app, which can quickly fall out of sync, you simply kill and replace individual containers as needed,” he said. “This approach avoids configuration drift.”
“Drift,” he explained, refers to discrepancies between primary and secondary software infrastructure configurations that can cause disaster recovery processes to fail.
A few initiatives are bringing VMs and containers closer together. For example, hypervisors supporting container APIs have emerged that allow a container to run inside a VM to simplify management, said Muscarella.
A VM’s dedicated OS can support a container engine, such as the well-known Docker container development platform, and run an array of containers within the VM instance; in effect, collapsing the two infrastructures.
Operating a container within a VM also brings the VM’s process isolation and security benefits to the containers and limits the vulnerability scope if a problem occurs, Muscarella said.
Muscarella explained that the Prism management system for the Nutanix hyperconverged datacenter environments enables IT to see both VMs and clusters of Kubernetes-managed containers from a single console. Kubernetes is the widely adopted open-source orchestration system for automating the deployment, scaling and management of containerized applications.
Also, the Cloud Native Computing Foundation’s KubeVirt open sandbox technology provides a unified VM-container platform for development teams that wish to run Kubernetes and containers but also must support VMs. There developers can build, modify and deploy applications using a common, shared environment. They can also containerize VMs that are candidates to work in the cloud-native model.
"Containers will become de facto,” Muscarella said.
“IT ops typically purchase apps as software that comes as an installer that you set up as a VM. Less common but becoming more so is distributing software as a container package that you just run anywhere."