A container image is a lightweight, standalone, executable package of a piece of software that includes everything needed to run it—code, runtime, system tools, system libraries, and settings.
Containers and VMs have similar resource isolation (maybe you can argue that virtualization provides better isolation) and allocation benefits, but function differently because containers do not include the operating system part (or at least not the kernel part of it) and containers are more light, so potentially more portable and efficient.
Docker's website describes in detail the differences between containers and VMs, starting with the architectural difference:
Containers versus VMs
For more details on containers, refer to https://www.docker.com/what-container.
Container technologies have become ubiquitous in the modern data center; their advantages for application packaging are undeniable. Developers are leading the change, adopting container technologies at a rapid rate, and demonstrating their advantages by bringing both new and updated applications to market sooner. One approach in order to solve these challenges could be Containers as a Service (CaaS) to all developers, providing them with better agility but, at the same time, also providing the level of standardization and governance necessary to run containers in production.
So which is best, or why have containers not replaced virtualization yet? There is not a simple answer; for sure, containers are lighter when compared to VMs, but on the other hand, not all applications can run in a container. Put simply, legacy applications will still require VMs, while new applications designed with modern approaches are the ideal candidates to run on containers.
Initially, containers were only possible for Linux-based applications (and some specific lightweight, minimal Linux distributions such as CoreOS and VMware Photon OS were born specifically to support Linux containers) but, starting with Windows Server 2016, Windows applications can also be containerized (of course, with no portability across these two different platforms).
In the vSphere 6.5 release, VMware introduced vSphere Integrated Containers (VIC), a platform to bring containers into an existing vSphere environment in a simple and easy way. With VIC, it is possible to deliver an enterprise container infrastructure that provides not only agility for developers (by using the containers) but also full control for vSphere operations teams, where containers can now be managed with the same concepts and skills as normal VMs, without requiring any changes in processes or tools.
VMware VIC is structured into the following different components:
- VIC Engine: Enterprise container runtime for vSphere that allows developers who are familiar with Docker to develop in containers and deploy them alongside traditional VM-based workloads on vSphere clusters. vSphere admins can manage these workloads through vSphere Web Client in a way that is familiar to them.
- Virtual Container Host (VCH): This is basically a vSphere resource pool used for controlling and consuming some container services, with an isolated Docker API endpoint and a private network. Multiple VCHs can be deployed in an environment, depending on business requirements.
- vSphere Web Client plugin: Administrators interact with VIC through vSphere Web Client, gaining the ability to manage and monitor VIC by means of a plugin. A wizard is available that enables the creation of VCHs.
- Photon OS: This is a small-footprint container runtime for the containers, running on a VM. VIC will run each individual container on a dedicated VM (in order to have the best isolation and security enforcement) with PhonOS on each VM. In order to provide agility during VM provisioning, the new Instant Clone Technology (introduced in vSphere 6) will be used to deliver all VMs very quickly and efficiently.
- VMware Harbor: Enterprise container registry that stores and distributes container images. Harbor extends the Docker distribution open source project by adding the functionalities usually required by an enterprise, such as security, identity, and management.
- VMware Admiral: Management portal that provides a UI for dev teams to provision and manage containers. Cloud administrators can manage container hosts and apply governance to their usage, including capacity quotas, and approval workflows. Advanced capabilities are available when integrated with vRealize Automation.
For more details on the following architecture overview, you can visit the related VMware blog at https://blogs.vmware.com/cloudnative/:
VMware VIC
Using VIC, vSphere administrators can provide a full Docker compatible interface to their developers, using the existing vSphere infrastructure with native capabilities and features, including VMware NSX for security and VMware vSAN for storage. The new version 1.2 (released in September 2017) adds a native Docker container host, from a unified management portal.
Customers with current vSphere Enterprise Plus or vSphere Operations Management Enterprise Plus licenses can download the VIC installation packages below.
Other parts, such as Photon OS, are free and available for everybody. It's also interesting to notice that Photon OS Linux is becoming the platform for the VMware virtual appliance, first with the vCenter Server Virtual Appliance, then with NSX controllers (with NSX-v 6.3.3.), and probably with more in the near future.
For more information, see the following:
