vSphere Integrated Containers – The Next Step
VMware has been working on integrating container technology into it’s core products. For this the descision was made to do it in an open-source project. This ofcourse is a different strategy for VMware as everything has been closed source until recently. The open source project has made progess over the last year and we are now getting to the point that it is actually becoming a product that can be used in production by vSphere customers.
During VMworld 2015 VMware announced vSphere Integrated Containers. At the time this was just the project that came out of Project Bonneville; the integration of Docker containers within vSphere. Today VMware announced that it is not only the integration of containers in vSphere, which is now know as vSphere Integrated Containers Engine (VIC Engine), but also a Container Management Portal (Project Admiral) and a Container Registry (project Harbor). This now will be know in as vSphere Integrated Containers and provides vSphere administrators with a full set of tools that can be used to provide containers to developers and container users.
In this post I’ll explain what vSphere Integrated Containers (VIC) is and what the components do that make up VIC.
So as you can see on the marchitecture above, vSphere Integrated Containers consists out of there components :
- VIC Engine
- Container Management Portal (Project Admiral)
- Container Registry (Project Harbor)
vSphere Integrated Container Engine (VIC Engine)
VIC engine is what originally came out of Project Bonneville. It’s the integration of containers with vSphere. VIC engine makes it possible for developers to use containers without knowing how they are deployed on top of the vSphere infrastructure. VIC engine runs containers inside a virtual machine. There is a one-to-one mapping between the container and the virtual machines. So the container does not share the virtual machine and the operating system with other containers.
The diffence is in that the container engine is not running in the same virtual machine as the container. It is centrally organized by the Virtual Containter Host (VCH). This virtual machines is deployed when a VIC engine is initiated. The VCH is placed in a vApp that is also created during the initiation. This combined makes a VIC engine. The VCH hosts the container engine endpoint. As shown in the architecture above it host the Docker endpoint. This provides the Docker API which developers use to deploy containers on. From their point of view there is no difference between running all containers on one virtual machines or using VIC engine.
The advantage for vSphere administrators is that they do not have to change their way of operating vSphere. VIC engine uses the same constructs that are already known within vSphere. So everything works out of the box with other VMware components such as VSAN, NSX, vRealize, etc.
Container Management Portal (Project Admiral)
vSphere Administrators can use the vSphere Web Client to manage the vApp, container virtual machines and VCH deployed by VIC engine. To management of the containers goes throught the Container Management Portal. Developers, vSphere administrators and other users use this portal to operate the containers. The portal comes from an open source project names Project Admiral.
The portal provides users the ability to manage the containers that are run on top of vSphere. In the portal you gives you the following options to manage containers :
- create new container hosts;
- manage quota;
- define templates;
- manage containers.
This takes away the administrative overhead from the vSphere administrators. Basically providing the container users with the option to manage the containers themselves. The users do not see what happens underneath. That’s done by VIC engine.
Container Registry (Project Harbor)
A container registry is used to store container images. If you put an application in a contatiner and want to distribute it, that is done throught images. Images can then be distributed via a registry. The best know container registry is Docker Hub. This is a central repository where everybody can upload and download container images from. However the problem is that it is public to all.
For that reason vSphere Integrated Containers also has a respository. This is also an open source project called Project Harbor. It is forked from the same code with which Docker Hub has been created and is specifically tailored to the needs of Enterprise customers. It can be installed within the network of customer. This keeps the bits adn intellectual property within the customer boundary. Next to that Project Harbor also provides additional features that are needed within the Enterprise, such as:
- Role Based Access Control (RBAC)
- Image replication
- Graphical User Portal
- AD/LDAP support
- RESTful API
This hopefully shows that vSphere Intergrated Containers is a full Enterprise grade solution for running containers in the datacenter. It’s easy to deploy and configure and provides vSphere administrators with the means to facilitate developers in their needs for running containers.
For more information see the vSphere Integrated Containers Github page.