Docker is a software that implements the concept of Linux Container, just like VirtualBox is a software that implements the concept of Virtual Machines.

Virtual Machines (VirtualBox) Docker
VirtualBox dockerd
Virtual machine Docker image
A running virtual machine Docker container
VBoxManage docker
Virtual Disk Docker volume


Usually, we create a virtual machine using VirtualBox’s GUI. An alternative is to use Vagrant, which can execute a script program step-by-step to create a virtual machine and install software. We create a Docker image by letting Docker execute a script file named Dockerfile, which installs software to a base image, usually donwloaded from Docker Hub, a Web site hosted on Github.

Usually, we are allowed to run only one instance of a virtual machine on the host computer. We can run/stop/suspend this instance using VirtualBox GUI, the VBoxManager command line tool, or the vagrant command line tool.

Docker allows us to run many instances of an image. Each instance is known as a container, which has a GUID and a name. We can manipulate containers using command line tool docker. For example, docker stop <GUID-or-name> stops a container and docker logs <GUID-or-name> prints logs generated by programs running in the container.

We rarely share virtual machines with other users, until recently, Vagrant makes it easy to upload virtual machines to the Internet and share with other users. Docker supports upload and share images, in a ways similar to how Git manages source code – every docker commit command generates a new image just like that git commit generates a new commit object, where each commit object contains a version of the source code.


A Docker image does not contain a set of virtualized hardware as a virtual machine does; nor does it contain an operating system. Instead, programs in a Docker container are executed by the host operating system using the host hardware.

Then, what is the difference of running programs in Docker containers than on the host computer directly?

A major difference is that each container has its own network port space. For example, consider that there is a process P1 listening on port 5555 in container A, and a process P2 listening on port 5555 in container B. Docker would map the port 5555 of P1 to a real port number of the host, and map 5555 of P2 to another port number of the host.

Another difference is that processes running in a container accesses filesystem through volumes. A volume could be a directory on the host filesystem but given a difference name, with which, processes in a container accesses the host directory.