[bitfolk] Container vs Virtual Machines

Top Page

Reply to this message
Author: Samuel Bächler
Date:  
To: users@lists.bitfolk.com
Subject: [bitfolk] Container vs Virtual Machines
Hi All,

On https://boeser.ch/files/sys-arch.svg I published our sketches on
different system architectures. On the various sketches you see
node-1, node-2, node-A and node-B. In all sketches node-1 and 2 are
always considered to be containers (lxc-1, lxc-2). node-A and B are in
some sketches containers (LXC-A, LXC-B) and VMs in others (VM-A,
VM-B).

We have in mind two different admins for the red and the white parts
in the sketches. Obviously red admin has more power than white admin.

It is our primary goal to achieve a good trade off between strong
isolation/security and performance.

We consider the advantages of virtual machines as follows:

- a VMM (Xen, KVM) is considered to be more secure than a random linux
  distribution that hosts containerization (LXD, Docker)
- isolation between virtual machines is stronger compared to
  containers
- probably better support to run other OS (e.g. Windows, BSD etc.)

We consider the advantages of containers as follows:

- efficient in both resources and performance since kernel is shared
- faster startup then VMs
- "build once run everywhere"

Are there any reports you know of about how performance is reduced in
a VMM setup compared to a container setup? Or, do you have some
experience yourself?

Do you have any other thoughts when looking at the sketches?

Regards,
Sam