At VMworld 2016, VMware announced the public beta of vSphere Integrated Containers (VIC).
The last coupe of years the concept of containers gained a lot of traction. With containers, you can run OS-level isolated environments on Linux. Each container contains contains its own network and file subsystem and is capable of running its own applications, within the container. Containers are linked to cloud native applications and provide options to scale out applications very fast. Because it’s very easy and fast to deploy and destroy containers, a container based application (or cloud native application) can be scaled at exactly the right size.
A container can be used using a template which already contains the required application. As you probaly know, Docker is a very popular container management system and used by many people.
To run containers you just need a Linux operating system (and a container management system such as Docker), virtualization is not strictly required. However, you might be facing new challenges when running containers:
- If containers run on a vSphere environment, vSphere administrators cannot not see what’s happening in the container. The vSphere admin just sees a virtual machine.
- You might be facing new security challenges, because containers have limited security features avaiable.
- Patching of the OS might also be a challenge you will be facing.
With VMware Integrated Containers (VIC), VMware provides a solution for these challenges. VIC adds extra functionality to vSphere, which will provide you with new management features for running containers on vSphere. VIC will provide a so called Virtual Container Host (VCH), which will act as a container host including a standard Docker API interface. This virtual container host (which is not actually a host) is capable of running container instances; these instances are actually separate virtual machines containing the best of the container technology as well as virtualization technology. By leveraring instant clone technology and VMware’s Photon OS Linux kernel, new VMs are spinned up very fast.
Your developers will just interact from the standard Docker command line interface or API, while the VCH will translate Docker commands to underlying vSphere technology.
The following pictures illustrates the process of runnig a “docker run” process:
The steps are:
- The VCH receives “docker run” API request
- The VCH will download any new image layers to datastore
- Select container VM IP (so a new VM is created), set up any network mappings for exposed ports
- Use fast boot to create PhotonOS container VM on an available ESX host
- Creates VMDKs representing container image (layers) and volumes, attach to the container VM
- Start the VM
- Container VM executes the “entrypoint” command for the container image
- Handles further API requests (e.g., “docker stop, docker start, docker rm) with corresponding VM life-cycle operations
The advantages of running containers on vSphere with VIC are:
- Run containers alongside your existing workloads;
- Combine portability with security, visibility and managment;
- Leverage your existing infrastructure.
VMware is talking about container technology for a while now. There was already a VIC private beta running, there will now be a public beta available of VMware Integrated Containers. If container technology is running in your company, you surely want to sign up for this beta.