We just raised a $30M Series A: Read our story
2020-06-08T10:20:00Z

Container vs VM: What are the main differences?

37

Hi security professionals,

Both Containers and Virtual Machines are software technologies that run in a virtualized environment. What are the differences between the two?

Are there unique security challenges associated with each technology? 

ITCS user
Guest
33 Answers

author avatar
Top 5LeaderboardReal User

Mainly, VMs are more "heavy" way (in terms of size, startup time and support), while containers are more "lightweight" and modern technology. But VMs could handle some scenarios that containers could not support. Also, VMs are theoretically more secured, because they provide a lower layer of isolation (hypervisor level). But you could implement a proper level of security with both approaches.


Mainly, in 99% of cases, I would recommend using containers instead of VMs.

2020-12-06T17:28:43Z
author avatar
User

Hi Rony,


If you are talking about the difference between VM in the sense of Virtual Machines (e.g. Guest Machines) vs Containers (Docker, OpenShift, etc) then there are multiple differences. 


VM is a virtual machine which means OS, CPU/Disk resources, it's a "heavier" configuration than a container but in some cases uses the same security and IT guidelines as BareMetal servers and in other cases require a dedicated security approach.


Containers take VM to the next evolution, not only it abstract the physical requirements to virtual resources (the way VM operates) but it enables deeper virtualization of environments (OS + Resources + Apps + support environments, etc.) to a container unit managed by a master unit with separation of environments for operation and security concerns, containers also complement advanced application configurations such as Microservices.


Leading VM vendors now support VM and containers on the same virtual system.


Security-wise the challenges differ:


In VM


1. There is a need to support East-West Traffic in the virtual switch


2. Micro-Segmentation should be utilized since Macro-Segmentation (VLAN) is usually unscalable or simply can't support the security requirement of a highly virtualized environment.


In Containers


1. Inter and Intra Container threat analysis and security governance is required.


2. Nano-level segmentation (container level) is required.  

2021-12-01T15:59:00Z
author avatar
Real User

https://docs.microsoft.com/en-... - here is a simple 1 pager that describes it.

2020-06-09T00:18:55Z
Find out what your peers are saying about Palo Alto Networks, Snyk, Aqua Security and others in Container Security. Updated: November 2021.
554,586 professionals have used our research since 2012.