Understand how Docker works in the VM-based IT world


Docker, a household name in IT, is still far from mainstream adoption, although it has gained a degree of traction in enterprises. With mounting acceptance, your organization can't avoid containers and stick to virtual machines in perpetuity.
Docker, 在IT界一个家喻户晓的名字,尽管他在企业中已经有了一定的牵引力,但距离主流应用还很远。因Docker采用挂载,公司无法避免容器,且应该坚持对虚拟机的使用。

In simplest terms, Docker is a means to package and provision code so that it can move across different parts of an IT platform. While it may seem unclear how Docker works, it's used for various reasons in enterprise IT. Application containerization optimizes hybrid cloud setups and provides a flexible and responsive IT platform.

a means to n.  一种到达 n. 的手段


Does that mean Docker is used for the same purposes as VMs? Yes and no. Docker operates differently, and that informs where it is used.


How Docker works in contrast to VMs

The basic VM holds everything necessary for the workload to run, such as the OS, app server, application and any associated databases. That package can transition onto any platform that supports the VM: VMware VMs operate on any platform that has an ESXi hypervisor; Microsoft VMs work on any platform with Hyper-V.

transition onto 过度到  transition v. n.

基础的虚拟机有运行工作负载所必要的事物,如操作系统,应用服务器,应用和相关数据库。这种打包方式可以过度到任何支持虚拟机的平台上:VMware虚拟机可以在有ESXI管理程序的平台上运行, Microsoft 虚拟机可以在有Hyper-V的平台上运行。

A Docker container works differently. It holds only what the application requires to run above a platform. Docker containers are not used for hardware virtualization or complete application workload hosting. The container, generally, doesn't include the OS, nor do individual containers require an app server -- provided the underlying platform has one installed.

provided 如果... 就 ... 


Containers aren't the pinnacle of virtualization

Docker containers are not as portable as VMs are: Docker images are OS-dependent, and in some cases, the container might require a specific version and patch level of the OS, although hard versioning is a bad coding practice.

Docker容器不似虚拟机那般可以移植: Docker镜像是依赖与操作系统,并且在某些情况下,容器会需要特定版本和补丁等级的操作系统,尽管硬编码是一种糟糕的编码体验。

A long-standing user complaint of Docker was that a poorly written container could pass privileged calls from the container through to the underlying platform. Therefore, if a malicious entity hijacks the container, it could compromise the underlying platform and subsequently bring all Docker images to their knees. Later versions of Docker addressed this security issue.


bring all Docker images to their knees 使所有的Docker镜像瘫痪

However, these points prompt container newcomers to ask how Docker works, if VMs are seemingly more platform-independent and more secure?


Containers are more efficient than VMs

The way in which Docker works gives it both obvious and subtle advantages over server virtualization with VMs.

advantages over server virtualization with VMs 比起虚拟机在服务虚拟化上更有优势


Docker containers require fewer resources, both physical and virtual, than comparable VMs. Because the OS is external and shared among the containers, each instance requires significantly less storage space, whereas each VM needs resources to run its own OS. For every VM that runs on a given platform, Docker can run several containers.


For every VM that runs on a given platform, Docker can run several containers. 感觉这句的意思是一个平台虚拟机只能跑一个但是Docker能跑多个,当感觉我翻译是错的,直接用了google翻译。

The shared OS means that container maintenance can be easier than with VMs -- but this isn't guaranteed. Admins must touch every single VM to implement an OS patch or upgrade, but with Docker environments, they simply update the one underlying shared OS.

Maintenance is not so easy with high version- and patch-level sensitivity. In a VM, each isolated workload has its own OS at whatever version and with whatever patches it needs to function; in containers, the underlying platform can only support one OS. Some organizations embed containers inside of VMs to circumvent this hurdle, but this isn't a best practice for long-term operations: It introduces unnecessary complexity, along with performance issues.

circumvent this hurdle 绕过障碍


Additionally, Docker is used for increased granularity in application deployments. It isn't impossible to operate a microservices environment deployed on VMs, but as storage and resource constraints become apparent, organizations find only regret and a thinner wallet. Docker application containerization enables admins to create, deploy and link small functional pieces of code to provide a composite application that is still lightweight.


How Docker works has advantages over VMs when used for business continuity and disaster recovery efforts. New instances of a Docker container can be provisioned on different parts of the IT platform easily and quickly: A container that normally runs on premises can be shot into a public cloud environment and provisioned, or brought from cold storage to a live environment, more rapidly than a VM.


In some cases, VMs are still the right model. For example, a static application environment where the capability to provision it to new hardware is of paramount importance suits VM-based deployment. VMs won't disappear overnight. Generally speaking, however, Docker is for the DevOps age: It can handle continuous development and delivery, and its microservices focus makes it fit for future application architectures. Combine this with either the Docker support ecosystem -- which is technically complex but competent -- or an orchestration and management tool, like Kubernetes, and Docker is ready for prime time.

