top of page

Come Sail Away!

The start of school is often a busy time, but it gave me a bit of time to think about my high-school experience and led me back to thinking about the music I was listening to during high school.

Up until my early teens, I listened to a lot of the music my parents listened to. As my parents were relatively old when I was born, this consisted of a lot of “older” music including artists such as The Kingston Trio (, Mahalia Jackson (, and Johnny Cash (, along with a bit of “more modern” music such as the Beatles - I have both the “Red Album” ( and the “Blue Album” ( on vinyl.

Side note: I absolutely love the Wikipedia description of vinyl, which describes it as:

"... an analog sound storage medium in the form of a flat disc with an inscribed, modulated spiral groove. The groove usually starts near the periphery and ends near the center of the disc. At first, the discs were commonly made from shellac, with earlier records having a fine abrasive filler mixed in. Starting in the 1940s polyvinyl chloride became common, hence the name "vinyl". In the mid-2000s, gradually, records made of any material began to be called vinyl disc records, also known as vinyl records or vinyl for short."

And then it all changed. Around grade 7 (ie, around age 12), I started taking music at school, and was exposed to a lot of “classical” music, which led to my love of Palestrina (, Bach (, and many others. At around the same time, I first heard the Rush ( song “Subdivisions” and then borrowed the album (cassette tape) from my best friend.

That was pretty much it. After that, I started listening to a lot of Rush, then Genesis, Yes, Pink Floyd, Led Zeppelin, and others, including Styx.

Come Sail Away ( is one of their best-known songs, and is a great lead-in to talking about containers.

Wait, what??

I’ve previously commented a bit on cloud computing (, and the idea of a Virtual Machine (, and want to discuss the concept of containers.

Those already familiar with cloud technology are already groaning or face-palming, but for the rest, I’m talking about a tool called “Docker” (, which supports the definition and use of what are called “containers”.

Now that everyone is groaning, what is a container?

As I have previously mentioned, we use a piece of software called a “hypervisor” to define a “virtual machine” within an existing computer (sometimes referred to as “bare metal”). Virtual machines are extremely powerful and flexible, and allow us to define and manage services much more efficiently than would be possible if each service required its own dedicated machine.

The diagram above attempts to illustrate some differences between a “dockerized” solution and a “virtualized” solution. Both require infrastructure, and both require a “main” operating system or hypervisor. That’s where things diverge, though. The virtual machine solution requires dedicated resources to set up the virtual machines, install the operating system(s), install and configure the applications, and deploy. While less expensive than dedicated hardware for each machine, it requires significant capacity (RAM and processing power, for example) as that capacity will be reserved by any running virtual machines, whether they need it or not.

In contrast, a tool like Docker acts in a way similar to a virtual machine hypervisor, but the containers include only those elements essential to the operation of the software in question, and are more analogous to applications – using system resources as they are required. As a result, containers can significantly reduce resource requirements, and can be managed even more efficiently than virtual machines. Needless to say, there are trade-offs with any approach, but I won’t go down that series of rabbit-holes – at least not right now...

From a security perspective, both solutions can be deployed and managed securely. A well-defined and well-managed container will include only those modules it absolutely requires, leaving the minimum “attack surface” exposed. If not well-defined and well-managed, things can get pretty ugly, but the same can be said of applications deployed on virtual or physical machines as well, and there are a lot more of them out there.

As always, it’s most important to understand the environment, the costs, and the risks, then make the best decisions you can. There’s not much point in putting bars on the windows if the door doesn’t close.

Now, I have got a LOT to learn about containers, but the tiny bits I have learned are fascinating, and have also taught me more about operating systems and how they run. For an excellent (though pretty technical) introduction to containers and how they actually work, check out a talk given by Liz Rice ( at a conference a few years ago.

As a first attempt, I set up a virtual machine, installed Docker, and then started trying to understand how to set up containers. My very first container is below:

Now, of course, I’m wondering if I can run a Linux container and run a virtual machine within that... A VM within a container within a VM... How many turtles down?



bottom of page