A Container is a lightweight, standalone package that encapsulates a complete runtime environment including an application and its dependencies (libraries, binaries, and any additional configuration files), increasing an application’s portability, scalability, security, and agility.
Containers are popular with both developers and operators because they offer a straightforward way to deploy and manage applications, regardless of the target environment. They facilitate DevOps and DevSecOps practices by improving handoffs between development and operations teams.
Containers consume resources efficiently, enabling high density and resource utilization. Although containers can be used with almost any application, they’re frequently associated with microservices, in which multiple containers run separate application components or services. The containers that make up an application are typically coordinated and managed using a container orchestration platform, such as Kubernetes.
Containers are created by packaging applications from multiple images from one or more repositories along with any libraries or other application dependencies, eliminating portability and compatibility issues.
Using containers to build applications accelerates the delivery of new functionality and encourages an environment of continuous innovation. Benefits include:
Scalability and high availability. Using Kubernetes, container deployments can automatically be scaled up or down as workload requirement changes, increasing app availability.
Portability. Containers consume fewer resources and are lighter weight than VMs. Containerized applications are infrastructure-agnostic and operate the same regardless of where they are deployed.
Resiliency. A containerized application is isolated and abstracted from the OS and other containers; one container can fail without impacting other running containers.
Containers require changes to the way security policies are implemented and managed. Security should be built into the container lifecycle as much as possible, using a DevSecOps approach. Security teams, working with development and operations teams, adapt existing governance and compliance policies to accommodate new tools and changes to the application lifecycle.
Manual effort slows down development teams. Container automation enables developers to focus on code instead of packaging. Container images are built in layers. With an automated approach to container builds, whenever a layer changes, only that layer has to be updated. For example, if only system libraries need to be updated, only the layer containing the libraries must be rebuilt. Because other layers remain unchanged, the testing and validation burden is reduced, enabling updated containers to be pushed into production faster and more frequently.
Since its introduction in 2013, Docker has been almost synonymous with containers, and it continues to be used to build container images. The Docker environment includes a container runtime as well as container build and image management. Because Docker builds an OCI-standard container image, Docker images will run on any OCI-compliant container runtime.
- Improve application portability across different platforms and configurations, so that code developed on one version of a language compiler or interpreter runs flawlessly on subsequent versions with no revisions required.
- Free developers from having to develop, test, and deploy on the same infrastructure, so that developers who write code on their laptops can be confident that application will run as desired on any other infrastructure, whether on-premises server or a cloud-based VM.
- Facilitate agile development processes such as CI/CD, speeding code acceptance and deployment.
For IT operations
- Improve application security by isolation from other applications in a lightweight fashion.
- Seamless migration of containerized applications across different OS versions, network topologies, or storage configurations, and cloud platforms.
- Improve IT efficiency by enabling multiple application containers to run on a single OS instance. Since containers are often tens of megabytes in size where VMs are often ten or more gigabytes in size, a substantially larger number of containers can run on a single server instance.
Deliver extreme on-demand scalability, by spinning up additional container instances in milliseconds versus minutes to spin up VMs.
Related Solutions and Products
VMware Tanzu Mission Control is a multi-cloud Kubernetes management platform which virtualizes the cloud by delivering a consistent Kubernetes-based platform that enables management, operation, and distribution of applications at scale on any cloud.