When Not to Use Docker: Understanding the Limitations of Containers
Docker is a great tool. But Docker containers are not a cure-all. If you really want to understand how Docker is impacting the channel, you have to understand its limitations.
Docker containers have become massively popular over the past several years because they start faster, scale more easily and consume fewer resources than virtual machines.
Things Docker Can’t Do Well
But that doesn’t mean that Docker containers are the perfect solution for every type of workload. Here are examples of things Docker can’t do or can’t do well:
- Run applications as fast as a bare-metal server. Docker containers have less overhead than virtual machines. But Docker does not have zero overhead. The only way to get true bare-metal speed from an application is to run it directly on a bare-metal server, without using containers or virtual machines.
- Provide cross-platform compatibility. An application designed to run in a Docker container on Windows can’t run on Linux, and vice versa. Virtual machines are not subject to this limitation. In highly heterogeneous environments composed of both both Windows and Linux servers, this makes Docker less attractive.
- Run applications with graphical interfaces. Docker was designed as a solution for hosting applications that run on the command line. There are some tricks you can use (such as X11 forwarding) to make it possible to run a a graphical interface inside a Docker container, but this is clunky. (You could also run a Web interface, which is easier to do, but then you have to run a Web server and your interface options will still be limited.) Practically speaking, Docker is not a good solution for applications that require rich interfaces.
- Solve all your security problems. Docker can improve security in some ways by isolating applications from the host system and from each other. Containers also make it easy to break your application into small parts, so that if one part is compromised, the rest is not necessarily affected. Yet Docker also creates new security challenges — such as the difficulty of monitoring so many moving pieces within a dynamic, large-scale Docker environment. Before moving workloads to Docker, you need to evaluate the Docker-specific security risks and make sure you can handle them.
Like cloud computing before it, Docker is a game-changer, for good reason. In many situations, containers offer enormous advantages over older forms of application deployment technology.
But just as the cloud is not the right fit for every type of situation, Docker can’t handle all of your needs.