Next Generation High Density App Servers Don't Require Scrapping Your Hypervisor
Recently, I sat in a conference session extolling the seemingly endless virtues of Linux Containers. I heard claims that hypervisors were old hat: ancient bloated engines which rely on inefficient replication of a large operating system stack in order to serve up applications. The speaker painted a picture of a future where hundreds of applications are virtualized on each piece of hardware. "What is really needed," glowed the speaker, "is a lightweight, efficient means of serving up application: containers."
Containers are cool, but not a panacea
Containers share the same kernel as the host, so they are not burdened with the extra memory and CPU cycles it costs to replicate a full operating system stack in a hypervisor scenario. Compared to hypervisor-generated virtual machines, containers can be fast and lean. But they are also limited.
Since Linux containers share the same kernel as the host, it is impossible to run Windows. Or FreeBSD. Or NetBSD. Or another version of the Linux kernel. Or another Linux distribution which requires a different kernel. All of those scenarios are best handled by a real hypervisor. And the security aspect of hypervisors is huge, worthy of a separate blog entry of its own. Still, if you need an environment within your organization where many workloads can leverage a single kernel environment, containers can be a viable solution.
However, some of the most vocal container advocates insist that these problems relating to containers are really application problems in disguise. Issues about kernel support and security are the results of improper application design, they claim. When we raise the bar on applications so that they are based solely on access to application servers, then the objections to containers will melt away -- and so will hypervisors, for the most part. Or that's what some of these advocates claim, at least.
The death of the hypervisor is greatly exaggerated
But is there another scenario which could answer the call for highly responsive and lightweight virtual instances which does not use the container solution? Maybe one that can actually leverage the flexibility and security which is part and parcel with most hypervisors?