March 29, 2017

One of Docker containers’s most significant advantages over virtual machines is that containers can run on bare metal—or close to it. But should you run your containerized apps on bare metal?

Bare Metal vs. Virtual Host: That is the Question

When you’re setting up Docker, there are two ways to host your container environment: on a bare-metal server or inside a virtual machine, which is itself hosted in a bare-metal server.The advantages of the former approach include:

  • Better performance. When your apps run on bare metal, there is no emulation layer slowing down the app performance.
  • Access to special hardware. Bare-metal support means your containerized apps can access special hardware devices on the host. As noted above, you can sometimes get this access when running a virtual machine, but it tends to be more difficult.
  • Your apps remain portable. Containers running on bare metal are portable between different hosts in a way that non-containerized bare-metal apps are not. In this respect, bare-metal containers give you the best of both worlds: the performance advantage of bare-metal apps with the portability traditionally available only from virtual machines.

But before you go starting all of your containers on bare metal, consider the following potential drawbacks of this arrangement:

  • There is still some performance loss. It is most accurate to say that containers running on a bare-metal server are close to bare metal, but do not run directly on bare metal. That’s because there are some extra layers required to support the containerized apps—such as the Docker daemon and overlay networks. The performance advantage lost to these resources is minimal. But it still means that containers have some performance “gotchas,” as IBM puts it. They don’t run quite as well as true bare-metal apps.
  • There is less isolation. With virtual machines, you get a very heavy layer of isolation between the guest environment and the host server. If you take away the virtualization layer, you lose that separation. This doesn’t mean that running containers on bare metal is inherently insecure or could cause instability. It probably won’t. But if you’re an isolation fanatic, then you’ll like the extra isolation you get by hosting Docker inside a virtual machine.
  • You lose some portability. Moving a virtual machine from one host server to another is trivially easy. Moving your Docker environment from one host to another may not be. Unless you install Docker inside a virtual machine, you won’t be able to take your Dockerized apps from a Linux host to a Windows host. Plus, you’ll have to install Docker on a new server before you can port your container environment to it. Installing Docker is usually not difficult, but it’s still an extra step that you would not need to take if you host your containers inside a virtual machine.

The bottom line: As with most things in IT—and in life—there are advantages and disadvantages to both approaches to hosting Docker containers. You get to decide which solution—bare metal or virtual machines—is best for you.

Christopher Tozzi

Christopher Tozzi has covered technology and business news for nearly a decade, specializing in open source, containers, big data, networking and security. He is currently Senior Editor and DevOps Analyst with and