When comparing Container vs Type 1 Hypervisor, the Slant community recommends Type 1 Hypervisor for most people. In the question“What are the best approaches to OS virtualization?” Type 1 Hypervisor is ranked 3rd while Container is ranked 4th. The most important reason people chose Type 1 Hypervisor is:
Hypervisors can emulate hardware separately for each host allowing them to run multiple operating systems.
Ranked in these QuestionsQuestion Ranking
Pros
Pro High portability
The whole stack can be easily packed and moved.
Pro Fast startup times enable a highly flexible infrastructure
New containers can be quickly spun up based on changing need.
Pro High density
Two to six times more virtual environments can be created via containers as compared to hypervisors for the same hardware cost since containers don't need to emulate hardware and repeating OS elements for each guest OS.
Pro Dynamic resource allocation
Containers can be assigned, for example, more memory during runtime.
Pro Can run multiple operating systems
Hypervisors can emulate hardware separately for each host allowing them to run multiple operating systems.
Cons
Con Security concerns
Since containers are run using shared resources, if any container is compromised, the host is compromised as well.
Many of the security concerns can be alleviated by running containers within hypervisors.
Con Limited to one kernel and OS
All containers on a host will have the same kernel and OS.
Con Considerable overhead
Depending on the host hypervisor may take up anywhere from 3% of the hosts memory and cpu resources up to 35%.
Low density, performance, scalability. While some issues are mitigated with new hardware features such as VT-D, the overhead is considerable.
In certain specialized cases many of these issues can be sidestepped via the use of unikernels. Unikernels are specialized, lightweight operating systems for hypervisors. They are built to run only the necessary processes with only the necessary parts of necessary libraries in order to vastly increase performance. They reduce the memory footprint, the need for disk space and computational burden. Additionally they further reduce the attack surface.