BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
While major backup vendors are good at backing up virtual machines (VMs), Docker containers don't depend on a hypervisor. In addition, the Docker container and its various components are separated from the host operating system by the Docker Engine, which runs and secures the virtualized application.
Docker container data backup varies from VM backup because it uses a different architectural structure. Every hypervisor vendor has its own nuances, but a VM generally consists of one or more virtual hard disks (VHDs) and a configuration file. Backup applications protect the configuration file and extract the contents of the VHD.
A container layer sits above the platform image and stores the configuration data (as opposed to the configuration data being kept in a configuration file). The container layer is read/write and acts as the application sandbox.
One factor that makes it difficult to protect the container layer is that there can be multiple container layers. If a set of write operations need to be committed in a way that makes them permanent, the container is converted into a layered image and a new read/write container is created above it. Hence, a single Docker application could contain a platform image, a container and an unknown number of layered images.
The best way to mitigate the challenges of backing up Docker container data is to use a Docker-aware backup application or to write a script. Some Docker-related blogs suggest using a script to copy Docker containers and volumes to a tarball for safe keeping.
Don't expect mass Docker container adoption just yet
Is a Docker data container right for you?
Docker application container engine makes waves
Protect Docker containers in four steps