A closer look at VMware’s vSphere Integrated Containers
At VMworld 2015, VMware announced vSphere Integrated Containers and the VMware Photon Platform to extend its presence for containers and microservices. The new technologies position VMware as a major player for containers and give existing VMware customers an easier path to adopt and manage a microservices environment.
The VMworld news expands on the Project Bonneville announcement VMware made a few months ago at Dockercon. Project Bonneville addresses the security concerns of containers by combining virtualization and containerization so that each container is actually a separate, discrete system. As Ben Corrie, principal investigator on Project Bonneville for VMware, stated in a blog post about the news, “The pure approach Bonneville takes is that the container is a VM, and the VM is a container.”
At face value that makes sense. Microsoft and others have followed a similar approach to resolve security concerns with container technologies. The new VMware initiatives take the containers to another level by addressing issues with the efficiency and management resulting from running containers as separate virtual machines.
In a blog post detailing the technology behind vSphere Integrated Containers, VMware’s Eric Gray explains, “vSphere Integrated Containers (VIC) combines the agility and application portability of Docker Linux containers with the industry-leading virtual infrastructure platform, offering hardware isolation advantages along with improved manageability. VIC consists of several different components for managing, executing, and monitoring containers.”
VMware recognizes that launching a separate virtual machine for each container or microservice can be tedious and resource-intensive. It points out, however, that the Instant Clone technology introduced in vSphere 6 addresses this challenge by running a generic base VM that can be quickly clone or forked for use with vSphere Integrated Containers. “This technique provides a thin copy and avoids duplication of memory for common elements while still preventing containers from inadvertently communicating with their neighbors.”
VMware is also making use of Project Photon to streamline container operations. Linux containers must contain the Linux kernel in order for the containerized code to execute but running a full Linux implementation in every container would quickly get cumbersome. The Project Photon takes a minimalist approach—including only the Linux kernel and required supporting resources from the Photon OS. Gray states, “There are no binaries for administration and package management, no init system, not even any Docker components present in the individual containers running under VIC – only the VCH [Virtual Container Host] itself uses Docker technology.”
The vSphere Integrated Containers may give businesses that don’t currently use VMware a compelling reason to consider it, but the real value is for the massive base of existing customers already invested in the vSphere virtual infrastructure platform. Administrators interact with and manage VIC using a plugin for the vSphere Web Client—allowing them to leverage what an interface they’re already familiar and comfortable with.
The vSphere Web Client plugin provides insight into container resource utilization, port mapping, and information about the base image to enable administrators to manage the microservices environment more effectively. It also streamlines troubleshooting and auditing of applications.