Containerization is an O/S level virtualization method for deploying and running distributed applications without spinning up an entire virtual machine for each app. Instead, multiple isolated systems are run on a single control host and access a single kernel. The containers hold the components such as files, environment variables, and libraries necessary to run the desired software. Because resources are shared in this way, containers can be created that place less strain on the overall resources available. For example, if a variation from the standard image is desired, a container can be created that holds only the new library.Proponents of containerization point to gains in efficiency for memory, CPU, and storage as key benefits of this approach compared to traditional virtualization. Because containers do not have the overhead required by VMs, it is possible to support many more containers on the same infrastructure. Portability is also a benefit. As long as server settings are identical across systems, a container can run on any system and in any cloud without requiring code changes. There are no guest O/S environment variables or library dependencies to manage. A potential drawback of containerization is lack of isolation from the core operating system. Because the containers are not abstracted from the host O/S on a virtual machine, security threats have easier access to the entire system.