This document discusses vSphere Integrated Containers, a solution from VMware that allows running containers natively on vSphere alongside traditional virtual machines. It provides an overview of key components like the Virtual Container Host, Photon OS, Harbor registry, and Admiral management portal. These components give developers a portable, lightweight container experience while also providing operations teams the visibility, management, and security capabilities of vSphere for containers in production.
3. Hardware
OS Kernel
OS File system
Userspace
Container
Appprocess
Appprocess
Appprocess
Appprocess
Appprocess
Container
Appprocess
Appprocess
Introduction To Linux Containers
OS-level Isolation
• Isolation at individual kernel subsystem level
(e.g. filesystem, process table, etc)
• User-level process (LXC, libcontainer)
orchestrates these subsystems to create a
container
Existed for Many Years
Solaris Zones, FreeBSD Jails, OpenVZ
Why?
• Process isolation
• Reproducible environment
• Enables management at scale
3CONFIDENTIAL
4. Containers Help You Iterate Quickly
DEV TEST PROD
Drive Business Agility
4CONFIDENTIAL
5. But I’m a vSphere Admin, Why
Do I Care about Containers?
6. Because There Are Still Many Challenges with Containers
6
CONTAINERS IN
DEVELOPMENT
CONTAINERS IN
PRODUCTION
THE
“LEARNING
CLIFF”
Source: https://twitter.com/mfdii/status/697532387240996864
High Availability
Security
Disaster Recovery
Monitoring
Diagnosis
Repeatable Deployments
Portability
Accounting
Docker
Docker
@cloudnativeapps #vmwcna
CONFIDENTIAL
10. Full Visibility Proven Security Mature Ecosystem
Developer
Portable
Fast
Light
Security
Visibility
Management
IT
vSphere
Linux
Kernel
Linux
Kernel
Linux
Kernel
CCC
VM
Virtual Container Host
10CONFIDENTIAL
11. Photon OS - Secure Container Runtime
Container Optimized Linux OS
Docker, Rocket and Garden (Pivotal) support
Minimal footprint to run containers
vSphere and Photon Platform Integration
Boots in 6 sec.
Hypervisor-optimized container runtime
Updates from VMware
Enterprise support
Security and update patches from VMware
Open Source
GPL v2 License
1.0 released June 2016
CONFIDENTIAL 11
12. Virtual Container Host
Endpoint VM
vSphere Integrated Containers Engine – In Detail
Linux
Kernel
Container VM
Traditional App
Guest OS
Traditional App
Guest OS
Container VMContainer VM
Traditional App
Guest OS
Container VM
Virtual Container Host
Endpoint VM Linux
Kernel
Container VM
Container VMContainer VM
Container VM
vSphere Administrator Creates a Virtual Container Host
Developer connects and issues a Docker run command
Developer connects and issues a Docker run command
12CONFIDENTIAL
18. What Developers Want
Light
What IT Ops Needs
Data
Persistence
Rich
SLAsPortable Fast
Consistent
Management
VM, vSphere
Distributed
Switch, NSX
vVols,
VSAN
vSphere
DRS, I/O
Controls
vCenter
Server
• Run Standard Containers Formats and integrated with Developer Tools
• Common APIs for Orchestration
• Container in Seconds
• Isolation and Multi-Tenancy
• Network Provisioning and Configuration
• Choice of Storage and Guarantee of Services
• Align SLAs per Workload
• Manage with Existing Tool Sets
Open container
formats +
orchestration APIs
Instant
Clone, fast
boot
Photon
OS
VMware Validation and Differentiation – Giving the Best of Both World (Developers and IT Ops)
Network
& Security
18
@cloudnativeapps #vmwcna
CONFIDENTIAL
19. VCENTER SERVER
PORTABLE +
FAST + LIGHT
NSX
vSAN
VCH 1 VCH 2
CONSISTENT MGMT
+ RICH SLAS
VM
VM
VM
VM
VM
VM
VM
VM
C-VM C-VM C-VM
C-VM C-VM C-VM
C-VM C-VM C-VM
C-VM Container VMLinux KernelVM Traditional VM
NETWORK + SECURITY
DATA PERSISTENCE
C-VM C-VM C-VM
C-VM C-VM C-VM
C-VM C-VM C-VM
CONTAINER ENDPOINT CONTAINER ENDPOINT
vSphere Integrated Containers Engine
19CONFIDENTIAL
20. VCENTER SERVER
PORTABLE +
FAST + LIGHT
NSX
vSAN
VCH 1 VCH 2
CONSISTENT MGMT
+ RICH SLAS
VM
VM
VM
VM
VM
VM
VM
VM
REGISTRY
C-VM C-VM C-VM
C-VM C-VM C-VM
C-VM C-VM C-VM
C-VM Container VMLinux KernelVM Traditional VM
NETWORK + SECURITY
DATA PERSISTENCE
C-VM C-VM C-VM
C-VM C-VM C-VM
C-VM C-VM C-VM
CONTAINER ENDPOINT CONTAINER ENDPOINT
vSphere Integrated Containers – Enterprise Registry
20CONFIDENTIAL
21. Introduction of Harbor : Enterprise-Class Registry
An open source enterprise class private registry.
Part of VIC, and it also can be used independently.
Why does one need a private registry?
• Efficiency
– LAN vs WAN
• Security
– Intellectual property stays in organization
– Access Control
21CONFIDENTIAL
22. Harbor Key Features
• User management & access control
– RBAC: admin, developer, guest
– AD/LDAP integration
• Policy based image replication
• Web UI
• Audit and logs
• Restful API for integration
• HA with vSAN
• Lightweight and easy deployment
22CONFIDENTIAL
23. Explaining Harbor Architecture
Basic Registry
(Docker Distribution)
Docker
Client
Reverse
Proxy
(Nginx)
API
Harbor
Browser
Auth
UI
DB
AD /
LDAP
Admin
Server
Log Collector
Replication
Service
Remote
Harbor
23CONFIDENTIAL
24. Role Based Access Control
Project
Members Images
Guest:
Developer:
Admin:
${Project}/ubuntu:14.04
${Project}/nginx:1.8, 1.9
${Project}/golang:1.6.2
${Project}/redis:3.0
…...
dockerpull ...
dockerpull/push ...
24CONFIDENTIAL
31. VCENTER SERVER
PORTABLE +
FAST + LIGHT
NSX
vSAN
VCH 1 VCH 2
CONSISTENT MGMT
+ RICH SLAS
VM
VM
VM
VM
VM
VM
VM
VM
REGISTRY
C-VM C-VM C-VM
C-VM C-VM C-VM
C-VM C-VM C-VM
C-VM Container VMLinux KernelVM Traditional VM
NETWORK + SECURITY
DATA PERSISTENCE
C-VM C-VM C-VM
C-VM C-VM C-VM
C-VM C-VM C-VM
CONTAINER ENDPOINT CONTAINER ENDPOINT
CONTAINER MANAGEMENT PORTAL
vSphere Integrated Containers – Container Management Portal
31CONFIDENTIAL
32. Admiral: Container Management Portal
• An open source container management portal
• Part of VIC product, and it also can be used independently with other solutions
• Container management available via both API and UI
• Integration with vRealize platform is also available – accepting beta nominations!
32CONFIDENTIAL
33. Provisioning of Container Hosts
33
• Mapping to deployment
policies
• Usage of pre-defined resource
pools
• Security credentials storage
• Custom properties for affinity
rules or any extensibility use
cases
• VCH can be added as well
CONFIDENTIAL
34. Resource Pools and Policies
34
• Resource pools between
different teams
• Deployment policies for the
consumption of resource pools
• Affinity and anti-affinity policies
for deployment
CONFIDENTIAL
35. Container Provisioning from Templates
35
• Different registries can be used
with Project Admiral
• Docker compose import /
export support is available
• Containers can be provisioned
from images or templates
• vSphere Integrated Containers
(VIC) provisioning also
supported
CONFIDENTIAL
36. Auto Discovery of Containers
36
• Visibility of ports and last
commands
• Mapping to specific container
hosts
• Both container and application
views available
CONFIDENTIAL
37. Container Details and Lifecycle Actions
37
• Visibility into resources – CPU,
memory, network
• Information about IP address,
image used
• Executed commands on
containers with log details
CONFIDENTIAL
38. vRealize Integration with Project Admiral
38
• Model application using
containers as a first-class
blueprint object
• Import from Docker compose
as a starting point
• Mix containers and VMs in the
same blueprint
• Configure networking and
security options
• Configure persistent storage
• Specify dynamic placement
policies
CONFIDENTIAL
40. The Best Way To Run Containers On vSphere
Run Containers Natively Alongside Existing Workloads
Provision containers natively on vSphere with fine grain controls while giving developers the
portability, speed and agility they want
Combine Portability with Security, Visibility and Management
Leverage the core capabilities of vSphere to run containers in production
Leverage Your Existing Infrastructure, Scale Easily.
Avoid costly and time consuming re-architecture of your infrastructure that results in silos. Scale
application deployments instantly.
vSphere Integrated Containers
CONFIDENTIAL 40
41. Docker compatible interface
Container management portal
Enterprise-class Container registry
Familiarity of vSphere
No new tooling or technologies
Full enterprise-grade power of
the Software-Defined Data Center
vSphere Integrated Containers – Enabling the Best of
Both Worlds
41CONFIDENTIAL
42. Availability
Available as Open Source Software
http://github.com/vmware/vic-product
vSphere Integrated Container as VMware Cloud Native
Solutions
https://www.vmware.com/solutions/cloudnative.html
42CONFIDENTIAL