Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

VSphere Integrated Containers v3.0

569 views

Published on

VSphere Integrated Containers v3.0

Published in: Technology
  • Be the first to comment

VSphere Integrated Containers v3.0

  1. 1. Containers Technology
  2. 2. Traditional to Cloud Native Application Stacks 2 Microservices CONFIDENTIAL
  3. 3. Hardware OS Kernel OS File system Userspace Container Appprocess Appprocess Appprocess Appprocess Appprocess Container Appprocess Appprocess Introduction To Linux Containers OS-level Isolation •  Isolation at individual kernel subsystem level (e.g. filesystem, process table, etc) •  User-level process (LXC, libcontainer) orchestrates these subsystems to create a container Existed for Many Years Solaris Zones, FreeBSD Jails, OpenVZ Why? •  Process isolation •  Reproducible environment •  Enables management at scale 3CONFIDENTIAL
  4. 4. Containers Help You Iterate Quickly DEV TEST PROD Drive Business Agility 4CONFIDENTIAL
  5. 5. But I’m a vSphere Admin, Why Do I Care about Containers?
  6. 6. Because There Are Still Many Challenges with Containers 6 CONTAINERS IN DEVELOPMENT CONTAINERS IN PRODUCTION THE “LEARNING CLIFF” Source: https://twitter.com/mfdii/status/697532387240996864 High Availability Security Disaster Recovery Monitoring Diagnosis Repeatable Deployments Portability Accounting Docker Docker @cloudnativeapps #vmwcna CONFIDENTIAL
  7. 7. Physical Hardware Linux Container Engine CCC Container Deployment On Bare Metal Linux Container Engine CCC 7CONFIDENTIAL
  8. 8. Linux Container Engine CCC VM vSphere Basic Approach Container Deployment In VMs •  Prediction of VM size during creation / Resizing to meet demand •  Restricted visibility when troubleshooting •  Inability to reclaim unused resources 8CONFIDENTIAL
  9. 9. Linux Container Engine CCC VM Linux Kernel Linux Kernel Linux Kernel vSphere Virtual Container Host Introducing The vSphere Integrated Containers Engine 9CONFIDENTIAL
  10. 10. Full Visibility Proven Security Mature Ecosystem Developer Portable Fast Light Security Visibility Management IT vSphere Linux Kernel Linux Kernel Linux Kernel CCC VM Virtual Container Host 10CONFIDENTIAL
  11. 11. Photon OS - Secure Container Runtime Container Optimized Linux OS Docker, Rocket and Garden (Pivotal) support Minimal footprint to run containers vSphere and Photon Platform Integration Boots in 6 sec. Hypervisor-optimized container runtime Updates from VMware Enterprise support Security and update patches from VMware Open Source GPL v2 License 1.0 released June 2016 CONFIDENTIAL 11
  12. 12. Virtual Container Host Endpoint VM vSphere Integrated Containers Engine – In Detail Linux Kernel Container VM Traditional App Guest OS Traditional App Guest OS Container VMContainer VM Traditional App Guest OS Container VM Virtual Container Host Endpoint VM Linux Kernel Container VM Container VMContainer VM Container VM vSphere Administrator Creates a Virtual Container Host Developer connects and issues a Docker run command Developer connects and issues a Docker run command 12CONFIDENTIAL
  13. 13. CONFIDENTIAL 13 Screenshots of vSphere Integrated Containers in vCenter
  14. 14. CONFIDENTIAL 14 Screenshots of vSphere Integrated Containers in vCenter
  15. 15. CONFIDENTIAL 15 Screenshots of vSphere Integrated Containers in vCenter
  16. 16. CONFIDENTIAL 16 Screenshots of vSphere Integrated Containers in vCenter
  17. 17. CONFIDENTIAL 17 Screenshots of vSphere Integrated Containers in vCenter
  18. 18. What Developers Want Light What IT Ops Needs Data Persistence Rich SLAsPortable Fast Consistent Management VM, vSphere Distributed Switch, NSX vVols, VSAN vSphere DRS, I/O Controls vCenter Server •  Run Standard Containers Formats and integrated with Developer Tools •  Common APIs for Orchestration •  Container in Seconds •  Isolation and Multi-Tenancy •  Network Provisioning and Configuration •  Choice of Storage and Guarantee of Services •  Align SLAs per Workload •  Manage with Existing Tool Sets Open container formats + orchestration APIs Instant Clone, fast boot Photon OS VMware Validation and Differentiation – Giving the Best of Both World (Developers and IT Ops) Network & Security 18 @cloudnativeapps #vmwcna CONFIDENTIAL
  19. 19. VCENTER SERVER PORTABLE + FAST + LIGHT NSX vSAN VCH 1 VCH 2 CONSISTENT MGMT + RICH SLAS VM VM VM VM VM VM VM VM C-VM C-VM C-VM C-VM C-VM C-VM C-VM C-VM C-VM C-VM Container VMLinux KernelVM Traditional VM NETWORK + SECURITY DATA PERSISTENCE C-VM C-VM C-VM C-VM C-VM C-VM C-VM C-VM C-VM CONTAINER ENDPOINT CONTAINER ENDPOINT vSphere Integrated Containers Engine 19CONFIDENTIAL
  20. 20. VCENTER SERVER PORTABLE + FAST + LIGHT NSX vSAN VCH 1 VCH 2 CONSISTENT MGMT + RICH SLAS VM VM VM VM VM VM VM VM REGISTRY C-VM C-VM C-VM C-VM C-VM C-VM C-VM C-VM C-VM C-VM Container VMLinux KernelVM Traditional VM NETWORK + SECURITY DATA PERSISTENCE C-VM C-VM C-VM C-VM C-VM C-VM C-VM C-VM C-VM CONTAINER ENDPOINT CONTAINER ENDPOINT vSphere Integrated Containers – Enterprise Registry 20CONFIDENTIAL
  21. 21. Introduction of Harbor : Enterprise-Class Registry An open source enterprise class private registry. Part of VIC, and it also can be used independently. Why does one need a private registry? •  Efficiency –  LAN vs WAN •  Security –  Intellectual property stays in organization –  Access Control 21CONFIDENTIAL
  22. 22. Harbor Key Features •  User management & access control –  RBAC: admin, developer, guest –  AD/LDAP integration •  Policy based image replication •  Web UI •  Audit and logs •  Restful API for integration •  HA with vSAN •  Lightweight and easy deployment 22CONFIDENTIAL
  23. 23. Explaining Harbor Architecture Basic Registry (Docker Distribution) Docker Client Reverse Proxy (Nginx) API Harbor Browser Auth UI DB AD / LDAP Admin Server Log Collector Replication Service Remote Harbor 23CONFIDENTIAL
  24. 24. Role Based Access Control Project Members Images Guest: Developer: Admin: ${Project}/ubuntu:14.04 ${Project}/nginx:1.8, 1.9 ${Project}/golang:1.6.2 ${Project}/redis:3.0 …... dockerpull ... dockerpull/push ... 24CONFIDENTIAL
  25. 25. Image Replication between Registry Instances Project Images Policy Image Project Images Initial replication Image Incremental replication (including image deletion) 25CONFIDENTIAL
  26. 26. Policy of Image Replication (1) – Master Slave •  Image distribution •  Load balancing 26 Master – Slave Docker Client push CONFIDENTIAL
  27. 27. Policy of Image Replication (2) - Hierarchical 27 Hierarchical Docker Client push CONFIDENTIAL
  28. 28. Policy Image Replication (3) – Master Master •  Load Balancing •  Active-Active 28 Master - Master Docker Client push Docker Client push CONFIDENTIAL
  29. 29. Screenshots of Replication GUI CONFIDENTIAL 29
  30. 30. VCENTER SERVER PORTABLE + FAST + LIGHT NSX vSAN VCH 1 VCH 2 CONSISTENT MGMT + RICH SLAS VM VM VM VM VM VM VM VM REGISTRY C-VM C-VM C-VM C-VM C-VM C-VM C-VM C-VM C-VM C-VM Container VMLinux KernelVM Traditional VM NETWORK + SECURITY DATA PERSISTENCE C-VM C-VM C-VM C-VM C-VM C-VM C-VM C-VM C-VM CONTAINER ENDPOINT CONTAINER ENDPOINT CONTAINER MANAGEMENT PORTAL vSphere Integrated Containers – Container Management Portal 31CONFIDENTIAL
  31. 31. Admiral: Container Management Portal •  An open source container management portal •  Part of VIC product, and it also can be used independently with other solutions •  Container management available via both API and UI •  Integration with vRealize platform is also available – accepting beta nominations! 32CONFIDENTIAL
  32. 32. Provisioning of Container Hosts 33 •  Mapping to deployment policies •  Usage of pre-defined resource pools •  Security credentials storage •  Custom properties for affinity rules or any extensibility use cases •  VCH can be added as well CONFIDENTIAL
  33. 33. Resource Pools and Policies 34 •  Resource pools between different teams •  Deployment policies for the consumption of resource pools •  Affinity and anti-affinity policies for deployment CONFIDENTIAL
  34. 34. Container Provisioning from Templates 35 •  Different registries can be used with Project Admiral •  Docker compose import / export support is available •  Containers can be provisioned from images or templates •  vSphere Integrated Containers (VIC) provisioning also supported CONFIDENTIAL
  35. 35. Auto Discovery of Containers 36 •  Visibility of ports and last commands •  Mapping to specific container hosts •  Both container and application views available CONFIDENTIAL
  36. 36. Container Details and Lifecycle Actions 37 •  Visibility into resources – CPU, memory, network •  Information about IP address, image used •  Executed commands on containers with log details CONFIDENTIAL
  37. 37. vRealize Integration with Project Admiral 38 •  Model application using containers as a first-class blueprint object •  Import from Docker compose as a starting point •  Mix containers and VMs in the same blueprint •  Configure networking and security options •  Configure persistent storage •  Specify dynamic placement policies CONFIDENTIAL
  38. 38. CONFIDENTIAL 39
  39. 39. The Best Way To Run Containers On vSphere Run Containers Natively Alongside Existing Workloads Provision containers natively on vSphere with fine grain controls while giving developers the portability, speed and agility they want Combine Portability with Security, Visibility and Management Leverage the core capabilities of vSphere to run containers in production Leverage Your Existing Infrastructure, Scale Easily. Avoid costly and time consuming re-architecture of your infrastructure that results in silos. Scale application deployments instantly. vSphere Integrated Containers CONFIDENTIAL 40
  40. 40. Docker compatible interface Container management portal Enterprise-class Container registry Familiarity of vSphere No new tooling or technologies Full enterprise-grade power of the Software-Defined Data Center vSphere Integrated Containers – Enabling the Best of Both Worlds 41CONFIDENTIAL
  41. 41. Availability Available as Open Source Software http://github.com/vmware/vic-product vSphere Integrated Container as VMware Cloud Native Solutions https://www.vmware.com/solutions/cloudnative.html 42CONFIDENTIAL

×