In this post, I will attempt to cover the fundamentals of Bare Metal Systems, Virtual Systems, and Container Systems. And, the purpose for doing so is to learn about these systems as they stand and also the differences between them, focusing on how they execute programs in their respective environments.
Bare Metal Systems
Let's think of our Bare Metal Systems as desktops and laptops that we use on a daily basis (or even servers in server rooms and data centers). We have the following components:
- the hardware (outer physical layer)
- the OS platform (running inside the hardware)
- the programs running on the OS (as processes)
Programs are stored on the hard drive in the form of executable files (a format understandable by the OS) and loaded into memory via one or more processes. Programs interact with the kernel, which forms a core part of the OS architecture and the hardware. The OS coordinates communication between hardware i.e. CPU, I/O devices, Memory, etc… and the programs.
A more detailed explanation of what programs or executables are, how programs execute, and where an Operating System comes into play, can be found on this Stackoverflow page .
On the other hand, Virtual Systems, with the help of Virtual System controllers like: Virtual Box, VMWare, or a hypervisor  run an operating system on a bare metal system. These systems emulate bare-metal hardware as software abstraction(s) inside which we run the real OS platform. Such systems can be made up of the following layers, and also referred to as a Virtual Machines (VM):
- a software abstraction of the hardware (Virtual Machine)
- the OS platform running inside the software abstraction (guest OS)
- one or more programs running on the guest OS (processes)
It's like running a computer (abstracted as software) inside another computer. And, the rest of the fundamentals from the Bare Metal System applies to this abstraction layer as well. When a process is created inside the Virtual System, then the host OS which runs the Virtual System might also be spawning one or more processes.
Now, looking at Container Systems we can say the following:
- they run on top of OS platforms running inside Bare Metal Systems or Virtual Systems
- containers which allow isolating processes and sharing the kernel between each other (such isolation from other processes and resources are possible in some OSes like say Linux, due to OS kernel features like cgroups and namespaces).
A container creates an OS-like environment, inside which one or more programs can be executed. Each of these executions could result in one or more processes on the host OS. Container Systems are composed of these layers:
- hardware (accessible via kernel features)
- the OS platform (shared kernel)
- one or more programs running inside the container (as processes)
Looking at these enclosures or rounded rectangles within each other, we can already see how it is containers all the way through.
There is an increasing number of distinctions between Bare Metal Systems, Virtual Systems, and Container Systems. While Virtual Systems encapsulate the Operating System inside a thick hardware virtualization, Container Systems do something similar but with a much thinner virtualization layer.
There are a number of pros and cons between these systems when we look at them individually, i.e. portability, performance, resource consumption, time to recreate such systems, maintenance, et al.
Word of Thanks and Stay in Touch
Thank you for your time, feel free to send your queries and comments to theNeomatrix369. Big thanks to my colleagues, our DevOps craftsman Robert Firek and craftsman David Hatanian from Codurance for giving invaluable feedback on my post and steering me in the right direction.
-  Wikipedia page for Hypervisor
-  Stackoverflow page for "How does a program execute? Where does the operating systems come into play ?"
-  Wikipedia page on cgroups
-  Linux main page on namespaces
This article was first published on the Codurance blog.