A container is a sandboxed process running on a host machine that is isolated from all other processes running on that host machine. The isolation leverages kernel namespaces and cgroups, features that have been in linux or a long time. Docker makes these capabilities approachable and easy to use. * A container is a runnable instance of an image. You can create, start, stop, move, or delete a container using the Docker API, or CLI. * A container can be run on local machines, virtual machines, or deployed to the cloud. * A container is portable and can be run on any OS. * A container is isolated from other containers and runs its own software, binaries, configurations, etc.