satis egitimisatis

Clear Thoughts on Cloudy Subjects

Musings about the Xen Project, Clouds, virtualization, Open Source, and everything else that piques my technical interest.

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that has been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Login
Posted by on in Open Source
  • Font size: Larger Smaller
  • Hits: 37608
  • Print
  • Report this post

Are Containers the Right Answer to the Wrong Question?

Next Generation High Density App Servers Don't Require Scrapping Your Hypervisor

Recently, I sat in a conference session extolling the seemingly endless virtues of Linux Containers.  I heard claims that hypervisors were old hat: ancient bloated engines which rely on inefficient replication of a large operating system stack in order to serve up applications.  The speaker painted a picture of a future where hundreds of applications are virtualized on each piece of hardware.  "What is really needed," glowed the speaker, "is a lightweight, efficient means of serving up application: containers."

Containers are cool, but not a panacea

Containers share the same kernel as the host, so they are not burdened with the extra memory and CPU cycles it costs to replicate a full operating system stack in a hypervisor scenario.  Compared to hypervisor-generated virtual machines, containers can be fast and lean.  But they are also limited.  

Since Linux containers share the same kernel as the host, it is impossible to run Windows.  Or FreeBSD. Or NetBSD.   Or another version of the Linux kernel.  Or another Linux distribution which requires a different kernel.  All of those scenarios are best handled by a real hypervisor.  And the security aspect of hypervisors is huge, worthy of a separate blog entry of its own.  Still, if you need an environment within your organization where many workloads can leverage a single kernel environment, containers can be a viable solution.

However, some of the most vocal container advocates insist that these problems relating to containers are really application problems in disguise.  Issues about kernel support and security are the results of improper application design, they claim.  When we raise the bar on applications so that they are based solely on access to application servers, then the objections to containers will melt away -- and so will hypervisors, for the most part.  Or that's what some of these advocates claim, at least.

The death of the hypervisor is greatly exaggerated

But is there another scenario which could answer the call for highly responsive and lightweight virtual instances which does not use the container solution?  Maybe one that can actually leverage the flexibility and security which is part and parcel with most hypervisors?

Yes, in fact, there is.  And the key is in the very application-centric future which some container advocates believe will cause the hypervisor to become obsolete.

Behold the birth of the Cloud Operating System

Instead of deriding hypervisors for the "bloat" of replicating a full operating system, we can replicate ultra-light application-centric operating systems which are meant to live in a VM.  A number of these lean, mean virtual operating systems have arisen recently, including the Xen Project team's MirageOS and Cloudius Systems' OSv.  These lightweight operating systems, sometimes called "cloud operating systems", lack the expensive drivers needed to talk to hardware -- because they aren't meant to run on hardware.  And they lack multiprocess capabilities because they are not intended to be general timesharing systems, but dedicated application server systems.  As a result, they are very small, very lightweight, and can start up amazingly quickly in a VM environment.  They enable the vision of light and fast application servers, while preserving the superior security and flexibility of true hypervisors.

Don't throw the hypervisor baby out with the dirty application bath water

So if you are intrigued by the vision of masses of small, efficient application VMs packed into a minimum of number of servers, but cringing at the notion of totally retooling your virtualization infrastructure and rethinking your entire security mindset, don't fret.  That vision is achievable while maintaining the flexibility and security that mature hypervisors deliver.  Focus on a streamlined application stack, and the vision of dense, efficient application VMs is achievable -- regardless of whether you are using hypervisors, containers, or both.

Rate this blog entry:
Russ is the evangelist for the Xen Project. An Open Source advocate since 1995, he has been around the Open Source world as a columnist, Internet radio personality, book author, and blogger. He has spoken at over 50 Open Source events and continues to look for conferences to speak about Open Source in general, and Xen in particular (if you have an event in mind, contact him). He first began working with Cloud technologies in 2004. He also has over 20 years experience of software consulting.
  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest Wednesday, 02 July 2014


Citrix supports the open source community via developer support and evangeslism. We have a number of developers and evangelists that participate actively in the open source community in Apache Cloudstack, OpenDaylight, Xen Project and XenServer. We also conduct educational activities via the Build A Cloud events held all over the world.