Chapter 16: Virtualization – VMs, Containers & Serverless

For software architects, virtualization is essential for deployment, especially when utilizing cloud infrastructure, and for performing application testing in accessible environments. Virtual machines function by executing simulated computers on a single physical host, providing isolation by virtualizing the underlying hardware under the supervision of a specialized operating system called a hypervisor. Hypervisors come in two main types: Type 1, or bare-metal, which runs directly on hardware often used in data centers; and Type 2, or hosted, which runs atop a host operating system, frequently employed on development machines to test incompatible applications or replicate production environments. VMs rely on large, entire VM images containing the operating system and services, which results in transfer and boot times measured in minutes and introduces performance overhead due to the required sharing and isolation mechanisms. In contrast, containers improve efficiency by virtualizing only the operating system kernel, sharing the underlying kernel via a container runtime engine. This architectural choice dramatically reduces image size—as the operating system does not need to be transferred—and slashes startup times down to milliseconds. Container images are constructed using efficient layers, ensuring that when a component is updated, only the revised layer needs to be moved into production, a process often defined by scripts treated as version-controlled code. For robust orchestration and efficient inter-service communication, related containers can be grouped into Pods within systems like Kubernetes, guaranteeing they are allocated together on the same physical node and can share resources. Leveraging the rapid instantiation speeds of containers, the serverless architecture (or Function-as-a-Service, FaaS) dynamically allocates and deallocates container instances for every individual request, relieving developers of resource management responsibilities, though this approach mandates that all services running in these containers must be stateless.