What's the point of using Docker on top of a virtual machine?

Question

New to Docker...Docker is described as an alternative to virtual machines. I've read a bit now and that makes sense. What I don't fully understand is why you would use Docker on top of a virtual machine eg. this is exactly what AWS now offer with beanstalk.

Is it simply because most hosting is VM based, and Docker gives you flexibility so even though it's not replacing the VM, it's still (potentially, depending on use-case) worth using?

Answer 1

The use case which works for us is that you can use the same docker image on top of a real box, virtual machine, different operating systems, etc. and have the same controlled environment.

Even if you only plan to run this on one type of machines (eg on EC2 virtual machines), you still probably develop it on your laptops or desktops, so it may make sense to use it.

And the good part is, that the Docker overhead is very small (or at least that's the idea), so it wouldn't impact the performance even when run on virtual hardware. This is in contrast with "real" virtual machines (no pun intended, but it sounds good :)), which would bring a large overhead in similar scenario.

Answer 2

Everything at Google runs in a Linux container, according to Infrastructure VP Eric Brewer .

But everything at Google doesn't run in a VM.

Yes, KVM is used when a different OS is needed, and the public Compute Platform service (for now) runs Docker inside VMs, perhaps for stronger isolation and control. Otherwise, most of Google's containers run on bare metal. Why add extra overhead?

If you know differently, please correct me.

In the enterprise today, the ratio of VMs to containers may be 99 to 1. How long until it's 30/70 or 20/80?

While Kubernetes and other container orchestration tools may never reach vSphere's polish and ease of use, I wouldn't want to be a virtualization vendor right now.

Answer 3

Any person that come across the containers world for first time, wonders What's the point of using Docker on top of a virtual machine? .. i'm not exceptional.

While this can be a simple to answer, As everyone point, containers simply run inside VM's as currently happens on most cloud providers to ensure isolation of applications . But well known the fact is, moving to the containers doesn't simply provide the security that VM does. Thats the reason container runs on top of Virtual Machine to take advantage of established and verified security provided by hypervisors .

And yes, the improved container security and isolation on Linux has taken to the point that one can use bare metal container services without using VMs for isolation. Good example for such case is IBM's Bluemix cloud service. Bluemix has built a managed container service on the public Bluemix cloud service that runs without VM isolation between applications.

The companies like VMWare , Intel , Hyper .. are working on building lighting-fast VM-based frameworks that implement the Docker API in an attempt to gain the speed of container-based workflow and hypervisor security.

Yet, to retain the agility advantage of containers, multi containers are run within each VM and also the organizations which are more concern about security may use VM to separate containers running at different security levels. For instance banking sectors, containers processing customer account and payment information may be scheduled on separate nodes to those reserved for user facing websites.