Home > Should Your SMB Use Virtualization Containers or VMs?

Should Your SMB Use Virtualization Containers or VMs?

Since the advent of affordable virtualization technology and cloud computing services over a decade ago, IT departments large and small have embraced virtual machines (VMs) as a way to lower costs and increase efficiencies.

In the past year or so, however, the buzz has shifted to virtualization containers. Enterprise-level tech companies are embracing containers because they take up fewer resources than VMs and can simplify and streamline development, testing, and deployment.

It’s clear that for large organizations, economies of scale make containers an attractive solution to IT environment needs. But what about small and mid-size businesses? Are virtualization containers a viable solution for those tech teams, or do VMs make more sense?

Containers vs. VMs

With virtual machines, the operating systems and their applications share hardware resources from a single host server, or from a pool of host servers. Each VM requires its own underlying OS, and the hardware is virtualized. Thus, VMs are a better choice for running apps that require all of the operating system’s resources and functionality.

When using virtualization containers, the OS itself is virtualized, and the workloads share OS resources such as libraries. This significantly reduces the need to reproduce the operating system code, and means that a server can run multiple workloads with a single operating system installation.

Given that one of the biggest practical differences between containers and VMs is whether the OS is local or virtualized, it should come as no surprise that the size of your OS footprint largely determines the benefits you’ll get from each. Essentially, the larger your OS footprint, the more containers will benefit your environment.

Additionally, containers can simplify a host of other processes, thus reducing the IT team resources needed for virtualization management. Containers can:

  • Reduce the size of your snapshot backups
  • Quicken the spinning up of applications because you don’t have to initiate a new OS each time
  • Simplify OS security updates because there are fewer to manage
  • Reduce the amount of code needed to transfer, migrate, or upload workloads

Security Issues in Virtualization Containers

Conventional wisdom has been that VMs are more secure than containers. The logic is that free-flowing network traffic in containers would allow a hacker to access all the workloads running on that server once a container was breached.

Last year, however, saw a deluge of arguments on both sides of the aisle. In Thirteen Ways Containers Are More Secure Than Virtual Machines, Rob Hirschfeld argues that focusing on backdoor hacks into containers, with their thin separating walls, ignores the real issue: “Front door attacks and unpatched vulnerabilities are much more likely than these backdoor hacks. The proliferation of uniquely configured VMs running bloated operating systems with inconsistent security practices is our primary security concern.”

Henrik Rosendahl counters, in Containers vs Virtual Machines: A Security Perspective, that containers, by their very nature, involve open network traffic across services, posing fundamental security risks that must be handled.

What all this means is that, as is the case with any new technology, experts and thought leaders need time to determine the most effective, safest ways to use containers. Right now, it’s not clear whether containers or VMs are inherently the more secure option. What is clear is that there are many, many options for how to structure a virtual environment, and the best choice for you will depend on the specific needs and requirements of your particular organization.

Because VMs have been around longer, they have better-established management and security tools. If your organization is not comfortable with using newer, less tried-and-true security protocols, or has particularly rigorous security needs, containers may not be the best solution.

Are Containers Right for You?

Both containers and VMs have benefits and drawbacks, and the ultimate decision will depend on your SMB’s specific needs, but there are some general rules of thumb:

VMs are a better choice when you need to run multiple applications on servers, or have a wide variety of operating systems to manage.

Containers are a better choice when your biggest priority is maximizing the number of applications running on a minimal number of servers.

For most of us, the ideal setup is likely to include both. With the current state of virtualization technology, the flexibility of VMs and minimal resource requirements of containers work together to provide environments with maximum functionality.

So, should your SMB invest in containers? If your organization is running a large number of instances of the same operating system, and you have the resources to address potential security risks, then we’d recommend you at least look into whether containers are a good fit. They just might save you significant time and money.

TL;DR: Take less than five minutes to watch our on-demand webinar. It compares virtual containers to virtual machines and explains why the choice matters for your organization.