What is a microVM?

A microVM is a lightweight virtual machine designed to provide hardware-level isolation for workloads with minimal resource overhead, distinguishing itself from containers which share the host kernel. Each microVM operates its own Linux kernel within a KVM-enforced boundary, offering a robust isolation model ideal for untrusted or multi-tenant environments, where the shared-kernel model of containers presents security risks. MicroVMs boot in milliseconds with memory overhead in the single-digit MiB range, positioning them between containers and traditional VMs on the isolation and overhead spectrum. Technologies implementing microVMs include Firecracker, Cloud Hypervisor, and QEMU microVM, with orchestration facilitated by Kata Containers on platforms like Kubernetes. MicroVMs are particularly suited for use cases such as AI sandboxes, multi-tenant SaaS platforms, serverless applications, and secure CI/CD build environments, where the need for a strong isolation boundary outweighs the performance drawbacks of containers.