What’s the Difference Between Docker and a VM?
Docker and virtual machines (VMs) are two technologies used in application deployment. In the software development lifecycle, deployment prepares the application code to run for your end users. Docker is an open-source platform that developers use to package software into standardized units called containers. The container has both the application code and its environment, including libraries, system tools, and runtime. Using Docker, you can deploy and scale applications on any machine and ensure your code runs consistently. In contrast, a virtual machine is a digital copy of a physical machine. You can have multiple virtual machines with their own individual operating systems running on the same host operating system. Developers configure the virtual machine to create the application’s environment. It’s also possible to run Docker containers on virtual machines.
Virtualization: Docker vs. virtual machine
Virtualization allows the creation of a virtual instance of real-life resources, such as servers and networks. In computing, virtualization allows multiple isolated instances of a virtualized component to operate on the real-life component.
For example, multiple virtual servers could run on a physical server. By sharing real-life resources among multiple virtual instances, they’re better utilized and more cost-effective to run. Virtualization is the basis of a significant amount of application development and deployment.
Virtual machines
As the name suggests, virtual machines (VMs) provide virtualization of an entire machine (server). A virtual machine emulates the hardware components of a physical machine, such as the CPU, memory, network interface card, USB controllers, and sound cards. You can run a guest operating system and multiple applications in the virtual environment.
Virtual machines have made cloud technologies possible, and in Amazon Web Services (AWS), a virtual machine is called an instance. These cloud instances are owned and maintained by AWS and usable via APIs.
Docker
A VM lets you run a virtual machine on any hardware. Docker lets you run an application on any operating system. It uses isolated user-space instances known as containers.
Docker containers have their own file system, dependency structure, processes, and network capabilities. The application has everything it requires inside the container and can run anywhere. Docker container technology uses the underlying host operating system kernel resources directly.
What are the other similarities between Docker and virtual machines?
As virtualization technologies, Docker and virtual machines (VMs) have certain similarities.
Images
Docker containers and virtual machines are both created from images. Each image serves as a blueprint of the virtualized environment. Images allow users to create and share consistent environments without having to configure them each time.
An image specifies all the necessary system resources to run applications. For example, a VM image creates operating system backups while the Docker container image creates an application environment backup.
Versioning
Both Docker container images and virtual machine images can be versioned to track environment configuration changes over time.
Versioning in Docker refers to the ability to track and manage changes to Docker images over time. It allows developers to keep track of different versions of their applications, roll back to previous versions if necessary, and deploy different versions of an application simultaneously.
Similarly, versioning in virtual machines refers to the process of tracking and managing changes to the virtual machine image over time. Virtual machine versioning keeps track of changes—such as updates and patches—to the virtual hardware or operating system configuration.
Portability
Both virtual machines and Docker were designed to address the difficulties of having to develop different application configurations for different types of underlying architectures. Although they take different approaches to the challenges, both Docker and VM images are highly portable across architectures, whether on premises or in the cloud.
Key differences: Docker vs. virtual machine
Both virtual machines (VMs) and Docker address the challenge of running applications across different environments. But they do so for slightly different reasons and with different approaches.
Objective
Virtual machines were originally designed to allow multiple operating systems to run on a single physical machine. The objective is to allow users to create a virtual environment that’s isolated from the underlying hardware. VMs abstract hardware details to make it easier to run applications on different hardware architectures and use hardware resources more efficiently.
Docker, on the other hand, was designed to provide a lightweight and portable way to package and run applications in an isolated and reproducible environment. Docker abstracts operating system details to address the challenge of deploying applications across different environments, such as development, testing, and production. It can be very challenging to manage software environment updates and maintain environment consistency everywhere. This is especially true for organizations that run hundreds of applications or decompose applications into hundreds of microservices. Docker addresses this problem through containerization.
End product
Docker is the name of the open-source container platform that’s owned and operated by the company Docker. There are alternative platforms like Podman, although they’re far less popular; Docker is synonymous with containerization. The container is the artifact, the usable part for the end user.
A virtual machine itself is the usable part for the end user. The technology isn’t associated with a specific brand. You can deploy VMs in on-premises data centers or access them via APIs as a managed cloud service.
Architecture
A virtual machine runs its own kernel and host operating system, along with applications and their dependencies like libraries and other binary files. A hypervisor coordinates between the hardware (host machine or server) and the virtual machine. It allocates the physical hardware resources outlined during instantiation to the virtual machine for its exclusive use. Multiple virtual machines can exist on a single powerful server, managed by a single hypervisor, with hundreds of applications running on each virtual machine.
A Docker container contains only its dependencies. The software Docker Engine powers virtualization in Docker. It provides coordination between running containers and the underlying operating system, whether it’s a physical or virtual machine.
For more advanced virtualization management with Docker, use Kubernetes. For more information, read What's the Difference Between Kubernetes And Docker?
Resource sharing
Both virtual machines and Docker containers use resource multiplexing, or resource sharing between virtualized instances.
Virtual machines request a specific amount of the resource up-front from the hardware and continue to steadily occupy that amount, so long as the virtual machine is running.
Docker containers, on the other hand, use resources on demand. Rather than asking for a specific amount of physical hardware resourcing as virtual machines do, they simply request what they need from the single operating system kernel. Multiple containers share the same operating system. Docker containers direct resource sharing with the kernel leads and may use less system resources compared to a VM.
Security
Because Docker containers share the kernel with the host operating system, for lightweight resource consumption, they’re at risk if there are vulnerabilities in the kernel. However, Docker also provides many advanced security controls.
Conversely, as a VM runs an entire operating system, there’s an added level of isolation when running applications. VMs offer higher security as long as the operating system has strict security measures in place.
When to use: Docker vs virtual machine
Docker containers run on Linux architecture and require Linux kernel-specific features like namespaces and control groups (cgroups). Developers often run the Docker platform on Linux-based virtual machines. Docker packages application code into containers that run anywhere. Environment updates are done only once in the container. You don’t have to update your application environment.
For example, you can spin up an instance in AWS and immediately load it with an Amazon Machine Image (AMI) that comes preconfigured with Docker.
However, if you’re deciding specifically whether to use either a virtual machine (VM) or Docker to deploy applications, it depends on the application’s running requirements.
When to use a virtual machine
It’s best to use a virtual machine if you’re running applications with these requirements:
- Operating system-specific dependencies
- Substantial hardware resource requirements
- A need to set various controls in operating systems
- Legacy applications that no longer run on modern operating systems
- Different operating system requirements with a single underlying physical infrastructure available
When to use Docker
It’s best to use Docker when you’re running applications with these requirements:
- Lightweight resource requirements or a microservice architecture
- A distributed physical infrastructure environment, including cloud-based servers
- Rapid deployment cycles (as Dockerfiles are easier to manage than VM configurations)
- A rapid scalability requirement
Summary of difference: Docker vs. VM
Docker container |
VM |
|
What is it? |
Docker is a software platform to create and run Docker containers. A Docker container is an emulation of a user-space instance, the part of the operating system where user processes run. |
An emulation of a physical machine—including virtualized hardware—running an operating system. |
Virtualization |
Container abstracts operating system details from the application code. |
VM abstracts hardware details from the application code. |
Objective |
Abstract hardware details and increase hardware utilization. |
Improve application environment management and bring consistency across multiple environments. |
Managed by |
The Docker Engine coordinates between the operating system and Docker containers. |
The hypervisor coordinates between the machine’s physical hardware and virtual machines. |
Architecture |
Shares resources with the underlying host kernel. |
Runs its own kernel and operating system. |
Resource sharing |
On-demand. |
A fixed amount, set in a virtual machine image’s configuration requirements. |
How can AWS support your application deployment requirements?
Amazon Web Services (AWS) has a range of services designed specifically for virtual machines (VMs) and Docker management:
- Amazon Elastic Cloud Compute (Amazon EC2) offers more than 600 different types of secure, reliable, and scalable instances. By loading an Amazon Machine Image (AMI) template, you can have a fully specified development, testing, or production environment server ready to go in minutes.
- Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service that makes it easy for you to deploy and scale containerized applications. Customers can configure their container instances to access a private Docker image registry within a virtual private cloud (VPC) or a registry that’s accessible outside the VPC.
- Amazon Elastic Container Registry (Amazon ECR) allows you to easily store, share, and deploy your containers anywhere. Amazon ECR integrates with the Docker command line interface (CLI) to simplify your development and production workflows. For example, you can push your container images to Amazon ECR using the Docker CLI from your development machine. And Amazon container orchestrators can pull them directly for production deployments.
- AWS Fargate is a serverless service that allows you to deploy and manage containers without needing to manage a physical server or virtual machines.
Get started with your application development on AWS by creating an account today.