If you like or love to follow VMware, you must be aware that VMware showcased vSphere Integrated Containers at last year's VMworld event.
This project was open sourced at the time and if you are interested to find more about it, follow the link here.
At the time this was just the project that came out of Project Bonneville; the integration of Docker containers within vSphere.
The open source project has made progress over the last year and we are now getting to the point that it is actually becoming a product that can be used in production by vSphere customers.
Yesterday, VMware announced that this project has matured and reached a state where it is now called cSphere Integrated Container Engine (VIC Engine).
They also announced a Container Management Portal (Project Admiral) and a Container Registry (project Harbor).
The entire set of tools will now be called vSphere Integrated Containers and provides vSphere administrators with a full set of tools that can be used to provide containers to developers and container users.
We will now take a look into the details of how this is going to work and what VMware wants us to understand.
As mentioned before, vSphere Integrated Containers consists of three components :
- VIC Engine
- Container Management Portal (Project Admiral)
- Container Registry (Project Harbor)
vSphere Integrated Container Engine (VIC Engine)
vSphere Integrated Containers Engine is a container runtime for vSphere, allowing developers familiar with Docker to develop in containers and deploy them alongside traditional VM-based workloads on vSphere clusters.
This allows for these workloads to be managed through the vSphere UI in a way familiar to existing vSphere admins.
VIC engine makes it possible for developers to use containers without knowing how they are deployed on top of the vSphere infrastructure.
VIC engine runs containers inside a virtual machine. There is a one-to-one mapping between the container and the virtual machines. So the container does not share the virtual machine and the operating system with other containers.
The container engine is not running in the same virtual machine as the container. It is centrally organized by the Virtual Container Host (VCH).
These virtual machines are deployed when a VIC engine is initiated. The VCH is placed in a vApp that is also created during the initiation. This combined makes a VIC engine.
The advantage for vSphere administrators is that they do not have to change their way of operating vSphere. VIC engine uses the same constructs that are already known within vSphere.
Another advantage is the same apps now can now be integrated with various other VMware products like VSAN, NSX, vRealize Suite, etc.
Container Management Portal (Project Admiral)
vSphere Administrators can use the vSphere Web Client to manage the vApp, container virtual machines and VCH deployed by VIC engine.
Admiral is a highly scalable and very lightweight Container Management platform for deploying and managing container based applications.
The portal provides users the ability to manage the containers that are run on top of vSphere. In the portal you get the following options to manage containers :
- Rule-based resource management - Set up your deployment preferences to let Admiral manage container placement.
- Live state updates - Provides a live view of your system.
- Efficient multi-container template management - Enables logical multi-container application deployments.
This helps the vSphere administrators to let the container users manage their containers themselves. The users do not see what happens underneath. That’s done by VIC engine.
Container Registry (Project Harbor)
Project Harbor is an enterprise-class registry server that stores and distributes Docker images.
It is forked from the same code with which Docker Hub has been created and is specifically tailored to the needs of Enterprise customers.
With Harbor, the images are stored in the private registry, keeping the bits and intellectual properties behind the company firewall. In addition, Harbor offers advanced security features, such as user management, access control, and activity auditing.
- Role Based Access Control - Users and docker repositories are organized via "projects", a user can have different permission for images under a namespace.
- Image replication - Images can be replicated (synchronized) between multiple registry instances. Great for load balancing, high availability, hybrid and multi-cloud scenarios.
- Graphical user portal - User can easily browse, search docker repositories, manage projects/namespaces.
- AD/LDAP support - Harbor integrates with existing enterprise AD/LDAP for user authentication and management.
- Auditing - All the operations to the repositories are tracked and can be used for auditing purpose.
- Internationalization - Already localized for English, Chinese, German, Japanese and Russian. More languages can be added.
- RESTful API - RESTful APIs are provided for most administrative operations of Harbor. The integration with other management software becomes easy.
- Easy deployment - docker compose and offline installer.
Now that's amazing. If you ask me, it is a lot of work done in just a year's time. Customers and partners also have the option of registering to participate in the VMware vSphere Integrated Containers beta program.
Announced yesterday Cross-Cloud Architecture will support VMware vSphere Integrated Containers enabling customers to run containers on VMware's virtual infrastructure on-premises or in the public cloud.
