Docker is a container system, Containerisation's a pretty age-old concept, one that's existed on x86 long before virtualisation was popular. If you've ever set up software within a
chroot jail on a UNIX system, you've used a simple form of containers.
chroot jails's were initially a good way of adding some extra security to services exposed to the network, such as DNS and mail servers. You would have a directory tree containing only the files that were needed to get the service to run, and then even if the service was hacked, all they would have access to was the chrooted directory tree.
Docker took the same concept and ran with it, and thank to advances in the linux kernel allowing wholly separated userspace contexts, called namespaces. Essentially, you can take a bundle of files needed to run one of these services, and run them under a kernel as a wholly separated user with no access to any other files or running processes (although of course a privilege escalation attack against the kernel is still a concern).
Practically, this means you can provide relatively complex applications (esp. those that might require bleeding-edge or outdated files to run) in a single bundle along with completely ringfenced runtime dependencies that will be unaffected by upgrades to the OS. For example, application foo might require a library of libbar.so.4 but your OS might have upgraded to libbar.so.9 a long time ago, and the newer version is not backwards compatible. In this case, you'd package libbar.so.4 into your container and configure foo to use that instead of the OS version.
On the plus side, this means that containerised applications are very unlikely to be broken by OS upgrades (since their files remain untouched within the container), on the downside it means you need to maintain a separate patching methodology for your containers - and there's a high likelihood of bits of certain software used for backwards compatibility reasons to
never receive an update... anyone who's worked in an enterprise environment will be all too aware of the ancient versions of apache, tomcat, weblogic, oracle that are "bundled" with applications and can't be upgraded separately without voiding your $upport contract.