How does HTB manage the environments it sets for challenge and machines?

I was wondering what happens behind the scenes when a user accesses a challenge.
Is it one container for every challenge? a container for every user that accesses the challenge?

How do you manage the environments in such a way that every environment is isolated (users cannot interfere) and inescapable (malicious code doesn’t leak into HTB servers)?

Is there a specific platform for those kinds of activities?