Photon and Containers

A fairly new buzzword came to town last year: containers. But what are Containers?

In its most basic sense, a container is a way to isolate and control applications and their dependencies, such as registry keys, application settings, and descriptors. Multiple containers can operate on the same virtualized operating system, but each container is logically segmented, and settings/modifications in one container do not affect any other container.

Container Sandbox

Within a container, the abstract layer where all data writes are performed while the container is running is known as the container sandbox. This is where all OS modifications, registry changes, and any applications are installed. All other parts of the container remain untouched.

Container Application Image

The container application image is the static portion of the application and any changes that were made within the sandbox layer. Any modifications in the sandbox can either be saved as a new container image or discarded while the original container image remains.

Base Container

A base container is the container’s minimalist operating system layer that the container application image and sandbox run on top of. Upper-layer container changes and modifications can be added or removed, depending on an application’s needs. The base container can be thought of as like a house you build with Lego blocks. You can build any type of house you desire, but you always start with the same base as your foundation.

Container Repository

When a container image has been built and completed, it is saved as a reusable container image within a local repository. Additionally, container images can be uploaded to public repositories and shared with whoever you like. A great example of a public repository where users share images is the Docker Hub.

Namespace Isolation

Namespace isolation is the term used to describe the secret sauce of how container software hides files so that every other container believes it is the only application running on the OS. Each container has its own individual namespace, and all registry changes, application installs, processes, and other file modifications are prevented from being seen by other containers.

Resource Governance

To prevent one or more containers from laying claim to the lion’s share of finite server resources such as memory, network, and CPU, resource governance techniques are used to enforce maximum limitations. So, not only are containers separated at the OS level, which is shared, but at the shared server resource level as well.


This year at VMworld VMware annouced VMware vSphere Integrated Containers running with  Photon. Photon OS is intended to invite collaboration around running containerized applications in a virtualized environment. The VMware Photon Platform is designed for DevOps teams planning to build out large pools of commodity computing capacity that solely run cloud-native applications. DevOps teams will have a choice of open container orchestration frameworks including Docker Swarm, Kubernetes, Mesos and Cloud Foundry to run on the platform. VMware vSphere Integrated Containers will enable IT teams to support any application, including containerized applications, on a common infrastructure. Photon OS is a technology preview of a minimal Linux container host. It is designed to have a small footprint and boot extremely quickly on VMware platforms.


When you boil it down and understand the basic terminology, you begin to see that containers are essentially server virtualization, only at the OS layer. Each container is given the perception that it is the only thing running on a clean and untouched operating system.

Yet, in reality, there likely are dozens, hundreds, or even thousands of containers, each piggybacking off of the same operating system. The container system reduces resource needs and simplifies many development processes.

Now that you understand the power of containers, you’ll be ready as the concept pop ups more and more frequently in IT meetings and around the water cooler.

Comments Off on Photon and Containers



  • Archives

  • Skype

    Call MindJudo - Laurens van Gunst klik hier voor direct contact via Skype!
  • Facebook

  • Follow me on Twitter

  • Contact info

    Mobile: +31615259234