[potamic]

> Fly runs apps (and databases) close to users, by taking Docker images and transmogrifying them into Firecracker micro-vms, running on our hardware around the world.

Any reason you run the apps on micro-vms? Why not directly on a container runtime?

[href]

A container runtime would not provide proper isolation. The VMs run on bare metal along with the VMs of other users.

See https://fly.io/blog/sandboxing-and-workload-isolation/

[potamic]

Thank you. That was a great post.

[alexchamberlain]

From https://fly.io/docs/reference/architecture/,

> MicroVMs provide strong hardware-virtualization-based security and workload isolation, this allows us to safely run applications from different customers on shared hardware.