When Not to Use Docker: Understanding the Limitations of Containers

Run applications as fast as a bare-metal server. Docker containers have less overhead than virtual machines. But Docker does not have zero overhead. The only way to get true bare-metal speed from an application is to run it directly on a bare-metal server, without using containers or virtual machines.

Provide cross-platform compatibility. An application designed to run in a Docker container on Windows can’t run on Linux, and vice versa. Virtual machines are not subject to this limitation. In highly heterogeneous environments composed of both both Windows and Linux servers, this makes Docker less attractive.

Run applications with graphical interfaces. Docker was designed as a solution for hosting applications that run on the command line. There are some tricks you can use (such as X11 forwarding) to make it possible to run a a graphical interface inside a Docker container, but this is clunky. (You could also run a Web interface, which is easier to do, but then you have to run a Web server and your interface options will still be limited.) Practically speaking, Docker is not a good solution for applications that require rich interfaces.

Solve all your security problems. Docker can improve security in some ways by isolating applications from the host system and from each other. Containers also make it easy to break your application into small parts, so that if one part is compromised, the rest is not necessarily affected. Yet Docker also creates new security challenges — such as the difficulty of monitoring so many moving pieces within a dynamic, large-scale Docker environment. Before moving workloads to Docker, you need to evaluate the Docker-specific security risks and make sure you can handle them.