VMware vSphere Integrated Containers is a comprehensive container solution built on VMware’s industry leading virtualization platform – vSphere, which enables customers to run both modern and traditional workloads in production on their existing Software-Defined Data Center (SDDC) infrastructure today with enterprise-grade networking, storage, security, performance and visibility.
vSphere Integrated Containers is a vSphere feature that allows VI admins to create container hosts that are deeply integrated with vSphere. Once provisioned by the VI admin, developers are able to use the Docker CLI and API to run images in secure Container VMs. This gives developers self-service capabilities while at the same time allowing VI admins to control resource allocation. Since vSphere Integrated Containers uses native vSphere constructs, it allows you to leverage your existing infrastructure, tooling, policies and processes to manage containerized applications.
vSphere Integrated Containers is built on these major open source products:
1. vSphere Integrated Containers Engine – VIC is a container runtime for vSphere that enables the provisioning and management of applications packaged as Docker images into vSphere clusters. With the vSphere Integrated Containers Engine Developers can deploy container images alongside traditional workloads on vSphere clusters. The vSphere Integrated Containers engine gives developers the agility and speed they need, while allowing operations to reuse the tools, processes and people they’ve already invested in.
2. Harbor – is an enterprise-class private container registrythat stores and distributes container images. It extends the Docker Distribution open source project by adding the functionalities that enterprises require, such as security, auditing and identity management.
3. Admiral –is a container management portal. It provides a GUI for DevOps teams to provision and manage containers, and includes the ability to obtain statistics and information about container instances. It provides both Docker compose and a proprietary application definition through templating to combine different containers into an application. It also supports containers scaling in and out. Advanced capabilities, such as approval workflows, are available when integrated with vRealize Automation.
4. Photon OS – is a minimal Linux container host, optimized to run on VMware platforms. It is used throughout the vSphere Integrated Containers product wherever a Linux guest kernel is required. The core SDDC infrastructure subsystems, vSphere, NSX, and vSAN complement vSphere Integrated Containers by extending trusted capabilities such as: Distributed Resource Scheduling (DRS), vMotion, High-Availability (HA), Secure isolation, micro segmentation, and RBAC, vSAN / iSCSI / NFS shared storage and more.
vSphere Integrated Containers is available to all vSphere 6.0 and above Enterprise Plus customers. There is no additional license subscription required to use vSphere Integrated Containers. These components currently support the Docker image format. vSphere Integrated Containers is entirely Open Source and free to use.
vSphere Integrated Containers is designed to solve many of the challenges associated with putting containerized applications into production. It directly uses the clustering, dynamic scheduling, and virtualized infrastructure in vSphere and bypasses the need to maintain discrete Linux VMs as container hosts.
VIC – vSphere Integrated Containers Engine is the core component of this feature, which currently offers a subset of the Docker API. It is designed to specifically address the provisioning of containers into production.
The following sections describe key concepts and components that make this possible.
Virtual Container Host (VCH) is the virtual functional equivalent of a Linux VM running Docker. From a Docker client point of view, the Virtual Container Host looks very similar to a native Docker host. A VCH represents the following elements:
- A clustered pool of resource into which to provision container VMs.
- A single-tenant container namespace.
- An isolated Docker API endpoint.
- Authorization to use and configure pre-approved virtual infrastructure.
- A private network that containers are attached to by default.
A VCH is a multi-functional appliance that you deploy as a vApp in a vCenter Server cluster or as a resource pool on an ESXi host.
VCH Endpoint VM is the VM that runs inside the VCH vApp or resource pool. There is a 1:1 relationship between a VCH and a VCH endpoint VM. The VCH endpoint VM provides the following functions:
- Run the Core services, Docker personality and image resolution services.
- Provide a secure remote Docker API.
- Port mapping and routing – When a container port is mapped to a host port, the Virtual Container Host is responsible for listening on that port and routing traffic to the corresponding container VM.
- Manage the lifecycle of containerVMs, image store, volume store and container state.
- Provide logging and monitoring of its own services and of its containers.
The lifecycle of the VCH endpoint VM is managed by a utility called vic-machine.
Cloud admins and developers can manage and provision container-based applications through the vSphere Integrated Containers management portal – Admiral. Integrated with VMware Identity Access Management, customers are able to provide local and LDAP-based authentication and authorization to their teams and project-level content trust and notary services for container images in their private registries.
To begin working with vSphere Integrating Containers you have to obtain the latest official release of vSphere Integrated Containers, go to the official vSphere Integrated Containers downloads page on vmware.com and download the OVA installer. The OVA installer allows you to deploy all of the vSphere Integrated Containers components.
The installation process involves several steps:
- Download the OVA from VMware web site
- Deploy the OVA, providing configuration information for vSphere Integrated Containers.
- Run the scripts to install the vSphere Client plug-ins on vCenter Server
- Run the command line utility, vic-machine, to deploy and manage virtual container hosts.
For more information about this nice feature of vSphere, go to the product page.
Download white paper for vSphere Integration Containers.
Also check the You-Tube channel of VMware Cloud-Native.