Both containers and virtual machines (VMs) are forms of virtualization, though they are virtualizing at different levels of the stack. VMs enable a server to run several guest OSes, virtualizing the hardware using a hypervisor. Containers do away with a hypervisor and can be run on a single OS on the host machine by adding a lightweight LXC or Docker-based runtime — applications can then run in their own container on top of the OS, virtualizing the OS.
OS Virtualization = Efficiency
The advantage of the container approach is that it consumes less resources, because you don’t need to run multiple OSes (for each VM). This allows the applications to be loaded and updated faster, without the need to install a hypervisor and OS for each instance. On the downside, the container ecosystem is much less mature than the VM world. Even though containers have inherent security advantages, there are also specific risks that need to be carefully addressed. For example, containers are good at isolating applications – allowing them to access resources specific to that container – but what if containers were used to install malicious code to observe activity in connected containers? Because containers are relatively new in production environments, it’s unlikely we have seen the full impact of security.