

Docker : An Interview With Solomon Hykes - philwhln
http://www.activestate.com/blog/2013/06/solomon-hykes-explains-docker

======
ivan_ah
Ah OK, now I get it. It's what you would want from a VM (isolation & reuse)
without all the data duplication of the VM image files, and the memory
requirements associated with provisioning and running many VMs.

The copy-on-write aspect is very neat.

~~~
philwhln
That's right. It's closer to the software layer than the infrastructure layer,
so there's a lot more flexibility. You could essentially run a few machines on
bare metal and use Docker as the virtualization layer. Just need an OS that
supports LXC and you're good to go.

------
porker
Does Docker work in the same way as Solaris/Illumos zones, or FreeBSD Jails
(or Verio's equivalent [1])? Docker appears to add portability, but no
security.

I ask as virtualising this way (thinking about secure shared hosting) is of
interest to me, vs multiple VMs, and I'm curious about the advantages and
disadvantages of each.

[1]
[http://support.verio.com/files/pdf/FreeBSD_VPS_v3_Technical_...](http://support.verio.com/files/pdf/FreeBSD_VPS_v3_Technical_Overview-
ED3.pdf)

~~~
philwhln
Docker is built on-top of Linux Containers (LXC). These provide a secure
isolated environment within Linux.

[http://www.activestate.com/blog/2011/11/security-cloud-
stack...](http://www.activestate.com/blog/2011/11/security-cloud-stackato-and-
lxc)

~~~
porker
Thanks philwhln, I'd understood that much :) I guess I'm asking: What would be
the selling point of using Docker (LXC) over Jails/Zones?

~~~
philwhln
You can run the full-stack inside a container. eg. run Red Hat or CentOS
inside Ubuntu. The process inside LXC / Docker is unaware it's inside a
container. You can have 100 processes all think they're binding to a given
port, which simplifies things within the container. This is why docker images
work so well: they can be fired up and use the same configuration no matter
how many instances you create. LXC = jail on steroids.

------
jabbernotty
I'm not entirely clear on this yet, but it sounds like it could be very useful
for load-testing a particular service I'm working on. Testing the service
requires a series of directories to be present for each client. It sounds like
this docker+busybox combination could be used for this.

~~~
philwhln
+1 Sounds like a good use-case. You'd be able to fire up lots of clients very
quickly.

