configuration! • Resource consumption (CPU, RAM, disk, network)! • Information integrity and confidentiality (aka, security)! ❏ Why containers as process abstractions of DC-OS? • Provide mechanism for software isolation (via file system namespace)! • Provide defense-in-depth for security! • Better suited for distributed apps! • Containers contain (possibly multiple) restartable processes! • Support for checkpoint/restore, live migration, live OS upgrades, record/replay