Computer resources are virtualized using either a hypervisor or a container. In the case of a hypervisor a full operating system is executed on top of a host operating system. That is, a host operating system runs a hypervisor that manages different virtual machines. Each virtual machine may utilize a different operating system.
Container-based virtualization is sometimes referred to as operating system virtualization. Instead of trying to run an entire guest operating system, container virtualization isolates the processes utilizing the host operating system. Each container corresponds to each virtual environment. The operating system provides process isolation between virtual environments and performs resource management. That is, the operating system designates for each process, i.e., each virtual environment or each container, its own filesystem, memory and devices.
Container-based virtualization has advantages when large numbers (e.g., hundreds) of guests or containers are deployed. On the other hand, there are numerous challenges associated with container-based virtualization. For example, one rogue container can consume all memory and crash an entire host and the other containers executing on it. Even if a system does not crash from a rogue container, the rogue container can consume all CPU cycles and thereby starve all other containers. Containers may also result in an underutilized data center. Reallocating resources across a data center can be difficult. Finally, there are challenges in scaling out container resources.