There are
two entirely different concepts here, and let me try to explain ...
Virtual Machines: "VPS" is simply another packaging of this concept, and "VMWare®" made an industry out of it. At
this level of isolation, you are actually able to run "the entire [Linux or Windows] operating system(!)" as though it actually had "an entire physical machine to itself," even though it actually doesn't. Plenty of viable "virtual machine" solutions now exist for any combination of "guest" and "host," and all of them work well.
But: "What do we
actually need to provide, in order to safely run your application [in a shared environment]?" Do you in fact need "actual physical [virtual] reality," or merely "the
illusion thereof?" . . .
Containers: Implementors quickly realized that many real-world situations actually just required
isolation, and they needed to be able to do so
"cheaply." Thus, various technologies were developed by which "isolation" could be achieved
within "a single machine." (Virtual or not.) The kernel implements the facilities, and "container" technology "ties them up in a neat little package and ties a pretty bow around it."
Now, classic "timesharing" techniques could be applied, yet the "container occupants" would never encounter the "timesharing" host. They could "blissfully believe" that they had a machine to themselves, but the underlying host didn't actually have to provide one. The result works, and it is very
efficient and
scalable.
As I have said:
"'Containers' are 'rose-colored glasses.'" They are actually a
context that is imposed upon an otherwise-ordinary "running process" on any particular host computer. This context
restricts what the process is able to perceive concerning: the filesystem, the network, its user-id, and its "root privileges."
(And, so on ...) But, since the whole thing is actually
an illusion, it is "extremely cheap." Versus virtual machines.
"Containers" cannot do what "virtual machines" can do. For example: you cannot use them to run "Windows" on "Linux" nor vice-versa. But if what you actually require is
isolation, they are an excellent solution.
Key Point: "Virtual Machines" are "[virtual]
reality," while "Containers" are "a cleverly-engineered but entirely functional
illusion."
- - -
Docker® is a specific
packaging of "container technology" that is especially designed for quick deployment of "routine situations." Of which there are a great many. Someone out there writes a
Dockerfile and puts all of the messy setup commands into it. You just grab it off the shelf and use it, not caring what exactly it contains.
"Okay, I need a 'PHP server' and a 'MySQL server' and a ..." Without concerning yourself directly as to exactly how they work, you simply focus on "plugging them up." This can be both a good thing and a not-so-good thing, depending on your point of view. (The first implementations of Docker actually used
lxc/lxd as the base, but they have gone their own way since then.) In the right situations, Docker can save a lot of
drudgery. But it's not the only way to do it.
