Learning Library

← Back to Library

VMs vs Containers: Modern Virtualization

8mUnknown ChanneldevopstutorialintermediateWatch on YouTube ↗

Key Points

  • Virtual machines (VMs) use **hardware‑level virtualization** via a hypervisor that creates fully isolated virtual instances of CPU, RAM, storage, and network resources.
  • Containers employ **operating‑system‑level virtualization**, running on a host OS kernel and sharing the underlying OS while isolating applications in separate user‑space environments.
  • Because VMs isolate entire machines, they provide stronger security boundaries, whereas containers achieve lighter‑weight isolation, allowing many more instances per host and faster start‑up times.
  • The rise of microservices, app modernization, and cloud‑native architectures has driven broader adoption of containers, while VMs remain valuable for workloads that need full OS isolation or legacy support.
  • Understanding the trade‑offs between hardware vs. OS virtualization helps architects choose the right tool—VMs for full isolation and compatibility, containers for efficiency and rapid deployment in modern, distributed systems.

Sections

Full Transcript

# VMs vs Containers: Modern Virtualization **Source:** [https://www.youtube.com/watch?v=cjXI-yxqGTI](https://www.youtube.com/watch?v=cjXI-yxqGTI) **Duration:** 00:08:09 ## Summary - Virtual machines (VMs) use **hardware‑level virtualization** via a hypervisor that creates fully isolated virtual instances of CPU, RAM, storage, and network resources. - Containers employ **operating‑system‑level virtualization**, running on a host OS kernel and sharing the underlying OS while isolating applications in separate user‑space environments. - Because VMs isolate entire machines, they provide stronger security boundaries, whereas containers achieve lighter‑weight isolation, allowing many more instances per host and faster start‑up times. - The rise of microservices, app modernization, and cloud‑native architectures has driven broader adoption of containers, while VMs remain valuable for workloads that need full OS isolation or legacy support. - Understanding the trade‑offs between hardware vs. OS virtualization helps architects choose the right tool—VMs for full isolation and compatibility, containers for efficiency and rapid deployment in modern, distributed systems. ## Sections - [00:00:00](https://www.youtube.com/watch?v=cjXI-yxqGTI&t=0s) **Virtual Machines vs Containers Overview** - Nigel introduces the distinction between hardware‑level virtual machines, which rely on a hypervisor, and OS‑level containers, outlining how each fits into modern cloud‑native application design. - [00:03:04](https://www.youtube.com/watch?v=cjXI-yxqGTI&t=184s) **VM vs Container Isolation** - The passage contrasts virtual machines, which emulate fully independent servers, with containers that achieve lightweight process isolation by sharing a single OS kernel while exposing each application only to its necessary resources. - [00:06:14](https://www.youtube.com/watch?v=cjXI-yxqGTI&t=374s) **Combining Containers with Type‑2 VMs** - The speaker describes building portable containers, contrasts Type 1 and Type 2 virtualization, and shows how lightweight Type 2 hypervisors can be combined with containers using tools such as KubeVirt in modern Kubernetes/OpenShift clusters. ## Full Transcript
0:00What's up y'all? 0:01I've got a question for you. 0:03What are virtual machines and containers, 0:06and how do they fit into our modern, 0:08cloud-native way of building and architecting applications? 0:12My name's Nigel 0:13and I'm going to try to answer that question for you in four parts. 0:17First, let's talk about some of the differences between virtual machines and containers. 0:24On one side we've got virtual machines, which I'm going to abbreviate as VMs, 0:28which you may have used because they've been popular for longer. 0:32And then containers over here on this other side, 0:35which may be a bit newer to you 0:38but you've probably seen them if you're working in the spaces of app modernization, 0:43or you're dealing with microservices, 0:45or anything that demands this new way of building and architecting applications. 0:50And I should say that it's not necessarily new, 0:53but it's been that we're dealing with them a lot more lately. 0:56So, the first thing that i want to bring up is the the level at which virtualization happens. 1:04So, these two technologies are different ways of achieving virtualization, 1:10and virtual machines are what's called "hardware virtualization", 1:13because it happens at the hardware level. 1:15So, we're going to start with our hardware down at the bottom, 1:18because these are computers after all. 1:21And what we have on top of our hardware is what's called a "hypervisor". 1:26And our hypervisor is what's responsible for creating these virtualized 1:31instances of each of the components that make up our machines. 1:34We're talking about processors, RAM, storage, network, cards, 1:38all of these things are being virtualized by our hypervisor. 1:42Whereas with containers, 1:44we start, again, with the hardware down at the bottom, 1:47but we build them up a little bit differently 1:49because we have, on top of our hardware, our kernel, 1:52which is what helps our software and hardware talk to each other. 1:56And, on top of our kernel, we have our operating system 2:00and we call it our "Host OS" because it's going to be what's hosting all of our containers. 2:04And then, on top of the operating system, we have each container that's running, 2:09C1, C2, containers ... we can run many dozens of containers in one instance of an operating system. 2:17And that's why this is called "operating system level virtualization", 2:20because it happens at the operating system level, 2:23whereas with our virtual machines we're working at the hardware level. 2:26And this model that I've drawn out is our Type 1 hypervisor, 2:30or we call it like ... "full virtualization", or "full system virtualization". 2:36The second thing that I want to bring up 2:38is about the type of isolation that we're achieving. 2:42With our virtual machines we're achieving isolation of machines. 2:46So, if we can imagine at our base layer we have one server that's in a rack somewhere, 2:52but we want to take our resources and split them up so that we're getting much more use out of what we have. 2:58So, we take our hypervisor and we make a "Machine 1", 3:01and we make a "Machine 2", and we make a "Machine 3". 3:04We're creating what looks like separate workstations, separate servers out of one, 3:08we're making our one server look like it's many different machines. 3:12And each machine is relatively independent of each other, 3:15like they don't really know about each other 3:17and we, interacting with them, wouldn't necessarily know that we're even in a virtual machine. 3:22It just appears as if it is another completely different server, machine somewhere else. 3:28Whereas with our containers, we're dealing with process isolation. 3:32So, when we're running applications on our laptops 3:37we have them running in usually the same environment. 3:41They can all see what's running at the same time and talk to each other and share resources and things like that, 3:46but when we're dealing with containers, perhaps for security, 3:48we want to make sure that our applications can only see what's absolutely necessary for them to run and nothing else. 3:54And that's what containers allow us to do, 3:56where they're sharing the same operating system, they're sharing the same kernel, 3:59but it's appearing to each container as if they have their own operating system 4:03and only what's installed in them is the the libraries that are needed, 4:07as well as the scripts, the code, everything that we need to run our applications 4:11and that's it. 4:12And we're able to run all these applications side-by-side and they don't necessarily know about each other. 4:16So, we're dealing with isolation of the process, 4:20as opposed to isolation of the machine. 4:22And the third thing that I want to bring up 4:24is about how these resources are accessed. 4:27So, again, our hypervisor is creating ... 4:29... with our Type 1 hypervisor, we're creating different machines out of our server, 4:33and that's mainly where the interaction is happening. 4:35We're interacting with what we think is hardware, 4:38but that'sbeing managed for us by the hypervisor to what the actual hardware is. 4:42Whereas with containers, 4:44we're using a couple of features, there are more, but I just want to draw your attention to two features 4:48of the Linux kernel that are allowing this illusion of isolation for our processes. 4:53And the first one that I want to bring up are namespaces, 4:56and they're what is allowing the customization 5:00and the appearance that each instance of the container has its own operating system. 5:05And then we have our "cgroups" (control groups), 5:07which are responsible for monitoring and metering our resources 5:11to make sure that we never tax our system with containers, 5:14we're limiting the amount of resources they're accessing, 5:17we're monitoring what it is, and being able to control exactly what it is we're giving each container control of. 5:22So, we have a bit of granular control over the resources that are flowing to our containers. 5:28Whereas in our hypervisor, we're creating ... we have the the isolation of our different machines. 5:36And the last thing that I want to talk about is this difference in portability and flexibility. 5:41So, with our virtual machines we have what I like to think of as infinite flexibility of our hardware, 5:47because we're making a different machine out of our server, 5:50we're saying, "this is how many processors that I want this machine to have", 5:54"this is how much RAM I would like it to have", 5:56and we're able to be flexible about the kind of system that we're building. 6:01Whereas with containers, we have infinite portability, is how I like to think of it, 6:06because we have our container that's being defined in a single file 6:11and this is known to a lot of people as a Docker file. 6:14But we have essentially a few lines of text that are saying exactly how to build our container, 6:20how to run our container, what libraries are necessary, 6:23what steps to take to build our container up. 6:25And we take this one file, we run it on our machine, we can spin up our application. 6:29We store it in a repository somewhere else 6:33and then we're able to run that on different machines. 6:36We can take our one file and be able to make it run pretty much wherever, 6:40there's no hardware limitations, anything like that. 6:42Well, there are some hardware limitations if you built your containers for ARM or x86, 6:49but, aside from that, you have a lot of flexibility 6:52in how you're able to run your containers. 6:55I've been speaking a lot about Type 1 virtualization, about Type 1 hypervisors, 7:03but the truth is there's another type of virtualization called Type 2. 7:07So, in our Type 1, where we're dealing with our hypervisor right on top of our hardware, 7:11our Type 2 deals a little bit higher. 7:13And this is probably the kind of virtualization that you may be used to interacting with daily, 7:18where we're running something like a virtual box or parallels. 7:22So, we can take the flexibility that's offered by our lightweight Type 2 hypervisors, 7:27and the portability that's offered by containers, and run these together. 7:31We see the technologies around virtual machines maturing, like with KubeVirt, 7:35and we're seeing in newer versions of Kubernetes and OpenShift, 7:39that we can run virtual machines and containers not as competing technologies, 7:44but as technologies that can work together depending on our use-cases. 7:48Thank you so much for sticking with us through the video. 7:51If you have any questions please drop us a line below, 7:53and if you want to see more videos like this in the future please like and subscribe to our channel. 7:58And don't forget, 7:59you can grow your skills and earn a badge with IBM CloudLabs, 8:03which are free browser-based, interactive Kubernetes labs.