✦ For everyone, free.

Practical knowledge for real and everyday life

Home

1.2.3.2 VM Execution Portability

A focused guide to VM Execution Portability, connecting core concepts with practical Docker and container operations.

VM execution portability is the ability to run a Docker container, unmodified, inside a virtual machine — whether that virtual machine is a cloud provider's instance, an on-premises hypervisor guest, or a local development VM — with the same behavior the container would have on bare metal.

Containers Inside Virtual Machines

A virtual machine provides its own virtualized kernel and hardware, and Docker runs inside it exactly as it would on a physical server: the Docker engine talks to the VM's kernel, and containers share that kernel the same way they would share a bare-metal host's kernel.

docker run -d --name myapp myapp:1.0

This command behaves identically whether issued inside a cloud VM instance, an on-premises virtualized server, or a physical machine, because from Docker's perspective a VM's kernel is simply the kernel it is running on.

Why This Matters for Cloud Deployment

Most cloud infrastructure is itself built on virtual machines. Treating VM execution as a first-class, fully portable target means an image built and tested locally can be deployed to cloud VM-based infrastructure with the same confidence as deploying to a physical server.

docker pull registry.example.com/myapp:1.0
docker run -d -p 80:8080 registry.example.com/myapp:1.0
Resource Constraints Inside a VM

A virtual machine's CPU, memory, and disk are typically a subset of the underlying physical host's resources, allocated specifically to that VM. Containers running inside it are bound by those VM-level limits, which is worth accounting for separately from the limits that might be applied to the container itself.

docker run --memory=512m --cpus=1 myapp:1.0
Networking Considerations

Because a VM has its own virtualized network interface, container networking inside a VM depends on how that VM's network is configured — port mappings exposed by Docker still need to be reachable through whatever network rules govern the VM itself, such as a cloud provider's firewall or security group.

docker run -p 0.0.0.0:8080:8080 myapp:1.0
Multiple VMs Running the Same Image

Because the image itself does not depend on any characteristic specific to one VM, the same image can be deployed across a fleet of VMs — for horizontal scaling, redundancy, or rolling updates — with each VM running an identical container.

for host in vm1 vm2 vm3; do
  ssh "$host" docker run -d myapp:1.0
done
Why VM Portability Matters

Since the large majority of production infrastructure runs on virtual machines rather than bare metal, VM execution portability is, in practice, the most common real-world test of whether a containerized application is truly portable.

Related content