Using Containers to Isolate Applications Sharing a Single System
One such technology is containerization. The implementations depend on the particular operating system, for example, Solaris has Zones, whereas FreeBSD has Jails, but the concept is the same. A control container manages the host operating system, along with a multitude of guest containers. Each guest container appears to be a complete operating system instance in its own right, and an application running in a guest container cannot see other applications on the system either in other guest containers or in the control container. The guests do not even share disk space; each guest container can appear to have its own root directory system.
The implementation of the technology is really a single instance of the operating sys-tem, and the illusion of containers is maintained by hiding applications or resources that are outside of the guest container. The advantage of this implementation is very low overhead, so performance comes very close to that of the full system. The disadvantage
is that the single operating system image represents a single point of failure. If the operat-ing system crashes, then all the guests also crash, since they also share the same image. Figure 3.4 illustrates containerization.