What are the arguments for containers vs virtual machines (VM’s)? Back in March 2016 Mike Coleman (@mikegcoleman) from Docker wrote a blog post titled: Containers Are Not VMs. Mike and I used to be colleagues at VMware EUC working on delivering applications in virtual desktop environments.
As you probably already know Virtual Machines provide a very strong isolation on the host level and don’t share the OS. The primary reason for developers to move to a microservices based architecture is to break up the app stack into smaller pieces, thus providing a more agile environment. In doing so your application services will now be connected thru the network and this opens up a myriad a potential security issues.
Let’s continue Mike’s house (vm) vs. apartment building (Docker host) analogy from this blog post. You can choose to protect your single family house (vm) as much as required and desired and just because your next door neighbor is careless it doesn’t affect you much. Ok, if there’s a fire that might affect you, but rarely.
Read the entire article here, Containers vs Virtual Machines (vms): A Security Perspective
via NeuVectdor.