Solution Architect | Head of BizDev at Greg Solutions
Real User
2020-12-06T17:28:43Z
Dec 6, 2020
Mainly, VMs are more "heavy" way (in terms of size, startup time and support), while containers are more "lightweight" and modern technology. But VMs could handle some scenarios that containers could not support. Also, VMs are theoretically more secured, because they provide a lower layer of isolation (hypervisor level). But you could implement a proper level of security with both approaches.
Mainly, in 99% of cases, I would recommend using containers instead of VMs.
Search for a product comparison in Container Security
If you are talking about the difference between VM in the sense of Virtual Machines (e.g. Guest Machines) vs Containers (Docker, OpenShift, etc) then there are multiple differences.
VM is a virtual machine which means OS, CPU/Disk resources, it's a "heavier" configuration than a container but in some cases uses the same security and IT guidelines as BareMetal servers and in other cases require a dedicated security approach.
Containers take VM to the next evolution, not only it abstract the physical requirements to virtual resources (the way VM operates) but it enables deeper virtualization of environments (OS + Resources + Apps + support environments, etc.) to a container unit managed by a master unit with separation of environments for operation and security concerns, containers also complement advanced application configurations such as Microservices.
Leading VM vendors now support VM and containers on the same virtual system.
Security-wise the challenges differ:
In VM
1. There is a need to support East-West Traffic in the virtual switch
2. Micro-Segmentation should be utilized since Macro-Segmentation (VLAN) is usually unscalable or simply can't support the security requirement of a highly virtualized environment.
In Containers
1. Inter and Intra Container threat analysis and security governance is required.
2. Nano-level segmentation (container level) is required.
Container Security ensures the protection of software containers from threats and vulnerabilities. By securing the containerization process, organizations can maintain robust, scalable, and reliable application performance.
Container Security focuses on the challenges of securing containerized environments. It involves various strategies such as vulnerability scanning, access controls, and runtime protection. Solutions in this space cater to identifying and mitigating risks specific to...
Mainly, VMs are more "heavy" way (in terms of size, startup time and support), while containers are more "lightweight" and modern technology. But VMs could handle some scenarios that containers could not support. Also, VMs are theoretically more secured, because they provide a lower layer of isolation (hypervisor level). But you could implement a proper level of security with both approaches.
Mainly, in 99% of cases, I would recommend using containers instead of VMs.
Hi Rony,
If you are talking about the difference between VM in the sense of Virtual Machines (e.g. Guest Machines) vs Containers (Docker, OpenShift, etc) then there are multiple differences.
VM is a virtual machine which means OS, CPU/Disk resources, it's a "heavier" configuration than a container but in some cases uses the same security and IT guidelines as BareMetal servers and in other cases require a dedicated security approach.
Containers take VM to the next evolution, not only it abstract the physical requirements to virtual resources (the way VM operates) but it enables deeper virtualization of environments (OS + Resources + Apps + support environments, etc.) to a container unit managed by a master unit with separation of environments for operation and security concerns, containers also complement advanced application configurations such as Microservices.
Leading VM vendors now support VM and containers on the same virtual system.
Security-wise the challenges differ:
In VM
1. There is a need to support East-West Traffic in the virtual switch
2. Micro-Segmentation should be utilized since Macro-Segmentation (VLAN) is usually unscalable or simply can't support the security requirement of a highly virtualized environment.
In Containers
1. Inter and Intra Container threat analysis and security governance is required.
2. Nano-level segmentation (container level) is required.
https://docs.microsoft.com/en-... - here is a simple 1 pager that describes it.