What is the difference between docker and virtual machine

The difference between docker and virtual machines: 1. Docker starts quickly at the second level, while virtual machines usually take several minutes to start; 2. Different performance losses, docker requires fewer resources; 3. Different isolation , docker belongs to the isolation between processes, and the isolation is weak, while virtual machines can achieve system-level isolation.

The operating environment of this tutorial: linux7.3 system, docker version 19.03, Dell G3 computer.

What is the difference between docker and virtual machine

Virtual machine: The virtual machine virtualizes the network card, cpu, and memory through the Hypervisor (virtual machine management system, common ones include VMWare workstation, VirtualBox) Wait for the virtual hardware and then build a virtual machine on it. Each virtual machine is an independent operating system and has its own system kernel.

Containers: Containers use namespace to isolate file systems, processes, networks, devices and other resources, and use cgroups to limit permissions and CPU resources. Ultimately, containers do not affect each other and containers cannot affect the host. .

Advantages of docker

Docker programs running on containers directly use the hardware resources of the host machine, so in terms of CPU, memory, and utilization, , Docker will have greater advantages in efficiency

Docker directly uses the system kernel of the host, avoiding the system boot time required when the virtual machine starts and the resource consumption of the operating system running. Using Docker can Starting a large number of containers within a few seconds is something that a virtual machine cannot do. The advantages of quick startup and low resource consumption make Docker a good application scenario in the automatic operation and maintenance system of elastic cloud platforms.

The startup time of the container is seconds, which saves a lot of time in development, testing, and deployment. Another very critical point is that Docker can be deployed and expanded efficiently. Docker containers can run on almost any platform, including virtual machines, physical machines, public clouds, private clouds, personal computers, servers, etc. This compatibility , which allows users to directly migrate an application from one platform to another.

However, the security of virtual machines is better than that of containers. Docker shares resources such as the kernel and file system with the host, and is more likely to affect other containers and hosts.

Difference

##1. Different startup speed

docker starts quickly within seconds. Virtual machines usually take several minutes to start.

2. Different performance losses

Docker requires fewer resources. Docker virtualizes at the operating system level. Docker containers interact with the kernel, and there is almost no performance loss. Performance is better than virtualization through the hypervisor layer and kernel layer.

3. Different system utilization rates

docker is more lightweight. The docker architecture can share a kernel and a shared application library, occupying very little memory. In the same hardware environment, Docker runs far more images than virtual machines, and the system utilization is very high.

4. Different isolation properties

Compared with virtual machines, docker isolation is weaker. Docker belongs to the isolation between processes, and virtual machines can achieve system-level isolation. .

5. Different security

Docker’s security is also weaker. The tenant root of Docker is the same as the host root. Once the user in the container is upgraded from ordinary user rights to root rights, it directly has the root rights of the host and can perform unlimited operations. The virtual machine tenant root permissions are separated from the host's root virtual machine permissions, and the virtual machines utilize ring-1 hardware isolation technology such as Intel's VT-d and VT-x. This isolation technology can prevent virtual machines from breaking through and interacting with each other. interactions, and containers do not yet have any form of hardware isolation, which makes containers vulnerable to attacks.

6. Different manageability

Docker’s centralized management tool is not yet mature. Various virtualization technologies have mature management tools. For example, VMware vCenter provides complete virtual machine management capabilities.

7. Availability and recoverability are different

docker’s high-availability support for business is achieved through rapid redeployment. Virtualization has mature guarantee mechanisms such as load balancing, high availability, fault tolerance, migration and data protection that have been tested in production practice. VMware can promise 99.999% high availability of virtual machines to ensure business continuity.

8. Creation and deletion speeds are different

Virtualization creation takes minutes, while Docker container creation takes seconds. The rapid iteration of Docker determines whether It can save a lot of time in development, testing, and deployment.

9. Delivery and deployment speeds are different

Virtual machines can achieve consistent environment delivery through images, but image distribution cannot be systematic; Docker records this in the Dockerfile The container building process can achieve rapid distribution and rapid deployment in the cluster;

Recommended learning: "

docker video tutorial"

The above is the detailed content of What is the difference between docker and virtual machine. For more information, please follow other related articles on the PHP Chinese website!