- Enzoic for Active Directory Lite: Find weak passwords in Active Directory - Tue, May 19 2020
- Remote work: RDS vs. VDI vs. VPN - Fri, May 15 2020
- Veeam Backup for Office 365 v4 - Tue, May 12 2020
Most of us are familiar with VMware in the virtual machine (VM) space, as they have been the leader in enterprise-class virtualization for years. In the past couple of years, containers have been the hot topic in the virtualization and cloud space.
Briefly, what are containers? Containers do not contain the full operating system (OS). Rather, they contain only what is needed to make a piece of software run, including libraries and settings. They are much more efficient and lightweight than full VMs.
However, the tooling and experience working with containers so far have been less than desirable. VMware recently announced the general availability (GA) release of vSphere Integrated Containers (VIC) back in April. VMware with VIC has provided a "VM-like" experience in working with Docker containers.
Let's take a closer look at VIC with Docker and get an overview of this containers technology product from VMware.
The beauty of VMware VIC is that it uses the same vSphere software stack, tools, processes, and procedures to deliver containers in the environment as VMs. Thus, organizations already using VMware vSphere do not have to build a separate environment or software stack to deliver containerized applications.
VMware VIC allows using the ESXi instance as a container host directly. The provisioned VIC host provides a simple Docker API gateway to interact and run commands against. Additionally, it presents the containers to vSphere just like VMs. Thus, you are able to use other VMware products in their portfolio along with containers, such as VMware NSX and vSAN. Again, this allows for seamless integration for VIC in the already existing vSphere infrastructure.
You may not have known the following things about VIC:
- All the components are open source: The Harbor, Admiral, and Integrated Containers engines are all available on Github.
- It doesn't require additional licensing: If you already have a vSphere 6.0 and above Enterprise Plus license, you have access to the VIC platform.
- Technical support: Support is already included in your existing vSphere support subscription.
VIC has three components. Let's look at all three pieces and the role each plays in the Integrated Containers platform.
- VIC Engine: This is a Docker remote API-driven engine that provides seamless integration within the VMware vSphere environment. It allows provisioning and management of Docker images as VMs within vSphere.
- vSphere Container Registry: The VMware Harbor enterprise container registry provides a secure, enterprise-class storage and delivery platform for Docker container images. It is ideal for the enterprise environment, as it offers Lightweight Directory Access Protocol (LDAP) integration, role-based access control (RBAC) for security, identity management, and so on.
- Management Portal: Known as VMware Admiral, this component allows development teams to provision and interact with container hosts and manage the containers. This lets them see stats and have provisioning control. Integrating with vRealize Automation can extend provisioning and automation as well.
VMware has provided a simple way to stand up VIC. Using an open virtual appliance (OVA) allows easy provisioning of the container engine. As of this writing, VMware VIC is at version 1.1.1. While we won't cover the details in this post, the setup process to get up and running with containers using the VIC infrastructure involves the following:
- Install Docker Toolbox for Windows
- Create a special bridge portgroup for VIC
- Provision the VIC OVA
- Set up ESXi firewall to allow communication for VIC
- Create a VIC host
- Provision a container
Deploying the appliance is similar to most OVA deploys, including network setup and so forth.
Built on Photon OS ^
Most of the OVA platforms we see coming from VMware today are running on Photon OS, including vCenter Server Appliance 6.5. Similarly, the VIC appliance is built on top of the Photon OS platform, which is purpose-built for containerized applications using container applications such as Docker.
VMware has tweaked the code at the kernel level to be highly optimized for running containers in vSphere. Additionally, the container hosts provisioned using the VIC appliance are built using the Photon OS platform.
The VIC host is deployed as a vApp along with the host VM running Photon OS.
The screen below shows the VICHost1 properties after provisioning using PowerShell. We see the Guest OS details showing the Photon OS running.
Provisioning a container ^
Provisioning a container is an easy process using a few simple Docker commands, which are installable on Windows with the Docker Toolbox. Below, we are pulling down an Ubuntu Docker container from the online registry.
After pulling down the Ubuntu Docker container, we see it provisioned underneath our VICHost1, and it looks like a VM! We can interact with it much the same way.
We can also use the Docker command line to start and attach to the container as shown below. As you see, we can run Linux commands interactively in the container.
Final thoughts ^
VMware VIC with Docker is a great way to consume Docker containers. If you are accustomed to using VMware vSphere with all the tools, process, and integrations therein, VIC allows you to carry this skillset and tooling forward using Docker containers in vSphere.
VIC is built on Photon OS, which is VMware's cloud-native OS powering much of the newer products moving forward. VMware is supporting and innovating with the current technology found in today's traditional data centers. Yet it is also positioning the product for the future trend of using containers in tomorrow's data centers via Photon OS and VIC.