Content deleted Content added
update title |
m Cited a AWS blog that talks in-depth about the security use case with EBS |
||
Line 22:
Operating-system-level virtualization is commonly used in [[virtual machine|virtual hosting]] environments, where it is useful for securely allocating finite hardware resources among a large number of mutually-distrusting users. System administrators may also use it for consolidating server hardware by moving services on separate hosts into containers on the one server.
Other typical scenarios include separating several programs to separate containers for improved security, hardware independence, and added resource management features.<ref>{{Cite web |date=2022-10-20 |title=Secure Bottlerocket deployments on Amazon EKS with KubeArmor {{!}} Containers |url=https://aws.amazon.com/blogs/containers/secure-bottlerocket-deployments-on-amazon-eks-with-kubearmor/ |access-date=2023-06-20 |website=aws.amazon.com |language=en-US}}</ref> The improved security provided by the use of a chroot mechanism, however, is not perfect.<ref>{{Cite book |title=Mastering FreeBSD and OpenBSD security |series=O'Reilly Series |first1=Yanek |last1=Korff |first2=Paco |last2=Hope |first3=Bruce |last3=Potter |publisher=O'Reilly Media, Inc. |year=2005 |isbn=0596006268 |page=59 |url=https://books.google.com/books?id=gqKwaHmXp4YC&pg=PA59 }}</ref> Operating-system-level virtualization implementations capable of [[live migration]] can also be used for dynamic load balancing of containers between nodes in a cluster.
=== Overhead ===
| |||