Solution Architect | Head of BizDev at Greg Solutions
Real User
2020-12-06T17:28:43Z
Dec 6, 2020
Mainly, VMs are more "heavy" way (in terms of size, startup time and support), while containers are more "lightweight" and modern technology. But VMs could handle some scenarios that containers could not support. Also, VMs are theoretically more secured, because they provide a lower layer of isolation (hypervisor level). But you could implement a proper level of security with both approaches.
Mainly, in 99% of cases, I would recommend using containers instead of VMs.
Search for a product comparison in Container Security
If you are talking about the difference between VM in the sense of Virtual Machines (e.g. Guest Machines) vs Containers (Docker, OpenShift, etc) then there are multiple differences.
VM is a virtual machine which means OS, CPU/Disk resources, it's a "heavier" configuration than a container but in some cases uses the same security and IT guidelines as BareMetal servers and in other cases require a dedicated security approach.
Containers take VM to the next evolution, not only it abstract the physical requirements to virtual resources (the way VM operates) but it enables deeper virtualization of environments (OS + Resources + Apps + support environments, etc.) to a container unit managed by a master unit with separation of environments for operation and security concerns, containers also complement advanced application configurations such as Microservices.
Leading VM vendors now support VM and containers on the same virtual system.
Security-wise the challenges differ:
In VM
1. There is a need to support East-West Traffic in the virtual switch
2. Micro-Segmentation should be utilized since Macro-Segmentation (VLAN) is usually unscalable or simply can't support the security requirement of a highly virtualized environment.
In Containers
1. Inter and Intra Container threat analysis and security governance is required.
2. Nano-level segmentation (container level) is required.
Container Security plays a significant role in safeguarding applications within containers, ensuring that the data and operations remain protected throughout the lifecycle.
As containers become integral to modern software development, securing these environments is critical. Container Security involves various practices and tools aimed at protecting containerized applications from potential threats. This includes monitoring, vulnerability management, and access control to ensure the integrity...
Mainly, VMs are more "heavy" way (in terms of size, startup time and support), while containers are more "lightweight" and modern technology. But VMs could handle some scenarios that containers could not support. Also, VMs are theoretically more secured, because they provide a lower layer of isolation (hypervisor level). But you could implement a proper level of security with both approaches.
Mainly, in 99% of cases, I would recommend using containers instead of VMs.
Hi Rony,
If you are talking about the difference between VM in the sense of Virtual Machines (e.g. Guest Machines) vs Containers (Docker, OpenShift, etc) then there are multiple differences.
VM is a virtual machine which means OS, CPU/Disk resources, it's a "heavier" configuration than a container but in some cases uses the same security and IT guidelines as BareMetal servers and in other cases require a dedicated security approach.
Containers take VM to the next evolution, not only it abstract the physical requirements to virtual resources (the way VM operates) but it enables deeper virtualization of environments (OS + Resources + Apps + support environments, etc.) to a container unit managed by a master unit with separation of environments for operation and security concerns, containers also complement advanced application configurations such as Microservices.
Leading VM vendors now support VM and containers on the same virtual system.
Security-wise the challenges differ:
In VM
1. There is a need to support East-West Traffic in the virtual switch
2. Micro-Segmentation should be utilized since Macro-Segmentation (VLAN) is usually unscalable or simply can't support the security requirement of a highly virtualized environment.
In Containers
1. Inter and Intra Container threat analysis and security governance is required.
2. Nano-level segmentation (container level) is required.
https://docs.microsoft.com/en-... - here is a simple 1 pager that describes it.