What is the difference between a container and a virtual machine?

Both containers and virtual machines (VMs) provide isolation, but they work at different levels of the stack: Virtual Machine: runs on a hypervisor (VMware, VirtualBox, KVM) which virtualizes physical hardware. Each VM has its own full OS kernel, device drivers, and OS files. Resource overhead: typically 1-4GB RAM per VM, minutes to boot, GB of storage per image. Container: runs on the host OS kernel directly. Containers use Linux kernel features (namespaces, cgroups) to isolate processes without a separate kernel. They share the host kernel. Resource overhead: typically 10-100MB RAM per container, seconds to start, MB of storage per image layer. Isolation level: VMs provide stronger isolation (separate kernels, full OS boundary); containers provide process-level isolation — better isolation than bare processes but weaker than VMs. A kernel vulnerability affects all containers on the host. Practical comparison: 10 VMs on a 16GB server might use 10GB just for OS overhead; 100 containers on the same server might use 2GB for base OS layers. Use VMs when you need strong security isolation (multi-tenant), different OS types (Linux + Windows), or legacy applications. Use containers for microservices, modern cloud-native apps, and CI/CD.