Information Technology Reference
In-Depth Information
Some resources are shared in an unbounded manner. For example, if one virtual ma-
chineisgeneratingahugeamountofnetworktraffic,theothervirtualmachinesmaysuffer.
ThisisalsotypicalofdiskI/O.AharddrivecanperformonlysomuchdiskI/Opersecond,
withtheamountbeinglimitedbythebandwidthfromthecomputertothedisk.Wherethere
is a resource shortage such as disk I/O bandwidth, the situation is called
resource conten-
tion
.
Virtual machines are very heavy-weight. They run a full operating system, which re-
quires a lot of disk space. They hold on to all the memory allocated to them, even if it isn't
being used. The underlying OS cannot reallocate this memory to other machines. Because
virtualmachinesrunacompleteoperatingsystem,theoperationalburdenissimilartoafull
machine that needs to be monitored, patched, upgraded, and so on. Also, because a com-
plete operating system is running, each OS is running many background service processes
such as maintenance tasks and service daemons. Those take up resources and add to the
operational burden on the system administration team.
3.2.3 Containers
A
container
is a group of processes running on an operating system that are isolated from
other such groups of processes. Each container has an environment with its own process
name space, network configuration, and other resources. The file system to which the pro-
cesses have access consists of a subdirectory on the host machine. The processes in a par-
ticularcontainerseethatsubdirectoryastheirrootdirectory,andcannotaccessfilesoutside
thatsubdirectory(anditssubdirectories)withoutspecialaccommodationfromthehostma-
chine.Theprocessesallrunonthesameoperatingsystemorkernel.Asaconsequence,you
cannot, for example, have some processes running under Linux and others running under
Windows as you can with virtual machines.
Unlike a virtual machine, which is allocated a large chunk of RAM and disk, containers
consume resources atthesame fine-grained level asprocesses. Thustheyarelesswasteful.
Processes in a container are controlled as a group. If the container is configured to have
a memory limit, the sum total of memory used by all processes in that container cannot ex-
ceed that limit. If the container is allocated a certain amount of disk bandwidth, that limit
is enforced on the processes in the container as a whole. Solaris containers, called Zones,
can be allocated network interfaces and have their network bandwidth regulated to control
bandwidth resource contention. Containers on Linux can assign a different amount of disk
cache to each container so that one container's buffer thrashing will not affect the buffers
of another container.
Processes in a container are isolated in other ways. A container can kill or otherwise in-
teract with only processes in its container. In contrast, processes that are not in containers
Search WWH ::
Custom Search