What does Docker provide if not virtualization?

No readers like this yet.
Open field

Opensource.com

Let me start by saying this is absolutely not a Docker bashing article. I actually love Docker, and I think it is an outstanding piece of software that will have great success. But I have to confess, I’m not sure that it deserves the virtualization moniker that so many in the industry are hanging on it.

Now before you start rounding up a virtual posse to excoriate me in the comments section for blasphemy, or heresy, hear me out.

First of all, I think, it is important to realize that often times in technology, especially leading edge technologies, it can be difficult for everyone to agree on a common definition of most any word. This is especially true in the cloud and virtualization vernacular. Generally speaking, for me, and for the context of this discussion, virtualization refers to the abstraction of a service(s) provided by an entity so that it can be consumed in a manner consistent with what the consuming entity expects, regardless of the characteristics of the entity providing the service. Or to say it in another manner: virtualization is the act of isolating the consumers of a service from the providers of a service in such a way so that each can maintain their native manner of interaction. This abstraction can be through simulation, emulation, translation, or another means, but the key function is making something, appear as something else, so it can be used.

For example, a hypervisor allows multiple discrete operating systems to consume a single physical server by abstracting the services provided by the server (CPU, Memory, Disk, etc) in such a way, that each operating system is oblivious to the true underlying characteristics of the server. It is that key functionality, of abstracting services, that Docker is lacking that stops me from bestowing the title of virtualization to it.

Many of you may very well be thinking right now, "Docker does provide virtualization to applications. It virtualizes the operating system for them." My response is to submit, respectfully, that Docker doesn’t actually abstract or virtualize anything. It is a software package that manages several, normally discrete, Linux features, in a manner so that they all work cooperatively to provide a given functionality. Docker, unlike say a Hypervisor, doesn’t isolate away or abstract services to a consumer. Docker, not so simply, serves as a conductor to orchestrate all the various services together and have them work cooperatively. It is even valid to go so far as to say that Docker isn’t a required component of providing the service that the application consumes.

Now having said that, I should add that even though I feel like I’m a fairly advanced administrator, I could not even imagine taking on the tasks that Docker performs in manual process. It is simply too daunting of a task, due to the plethora of dependencies, lack of understanding all of the features being used, and lack of robustness in the management tools. To those that would offer "Just write a script," I would respond with "Why, when Docker does it for us?"

Docker really is, in my opinion, a great piece of software. I will confess that I haven’t reviewed the code, I’m not a developer. My job, if you will indulge an oversimplification, is to make things work. Docker does that, and it seems to do so in a very efficient, logical, and productive manner. I am very excited about the future of Docker and how the functionality (or services) that it orchestrates will impact not only development, but also operations and engineering teams within an organization.

User profile image.
Thomas Crowe is the Senior Architect for IT Modernization, and Red Hat OpenStack Platform (RHOSP) within Red Hat's Services and Solutions Management group. With 20 years crafting and refining complex IT infrastructures across every major Unix operating system, Thomas has the depth, breadth, and background to drive efficient IT modernization, and cloud enablement efforts.

7 Comments

Docker, and more generally... containers... do provide virtualization.

I'm a long-time OpenVZ user which is a much older form of containers on Linux dating back to 2005. Originally OpenVZ used the term VE for "virtual environment". It wasn't virtualizing hardware and wasn't a virtual machine but it was virtualizing the environment because your VE could be any one from a reasonable selection of Linux distributions. Then they switched from VE to VPS which is short for Virtual Private Server. I guess VPS tries to emphasize the fact that the VPS has private accounts and runs mostly server applications rather than a desktop. Then container became the preferred term.

All throughout those perhaps marketing-oriented name changes the way a container worked hadn't really changed. A container is a set of grouped processes that are isolated from other processes running on a single kernel... with the ability to set resource limits that apply to them. In OpenVZ's case the isolation was complete enough that each container could have their own accounts/users including root... its own network stack and virtualized pid space. So rather than Hardware Virtualization, containers are OS-level Virtualization.

In the case of KVM, all virtual machines running on a host are just another process running on a single kernel... so the way I look at it, KVM is a type 1.5 hypervisor. Sure, what runs in each process under that same kernel can be a different operating system.

Containers are still virtualization.

I completely agree with you that containers are a form of virtualization. Docker however does not equal containers. Docker simply orchestrates the already existing Linux features and functionality to simplify creating containers. Docker is a orchestration, not virtualization, utility. This is clouded somewhat by the creation and subsequent usage of libcontainer, that replaces Docker's use of LXC utilities. But the fact remains that everything that Docker "does" can be done manually, outside of Docker.

In reply to by Scott Dowdle

Docker doesn't provide virtualization. LXC does that. The frame of reference we should be using is that Docker is a standardized packaging system for LXC. It's pretty simple, really.

Supposedly with Docker 0.9 they have created their own library (libcontainer) and lxc is just one of their several optional options... but I guess it depends on what you consider LXC to be... kernel functionality... OR a user side library and some related tools.

In reply to by Art C. (not verified)

it's "discrete", not "discreet"

Maybe we should use the term "Soft" (or Software Defined) virtualisation for facilities like Docker, Solaris Containers and AIX WPARs, and "Hard" Virtualisation for Hypervisor based hardware virtualisation ?

Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License.