SlideShare a Scribd company logo

Containers 101 Meetup - VMs vs Containers

T
Tommy Berry

The document discusses an event focused on understanding containers and virtual machines (VMs), highlighting their complementary nature and the evolving characteristics of both technologies. Key topics include the advantages of containers for resource management, security, isolation, and workload efficiency, as well as various types of containers and their applications. Additionally, it covers the Virtual Container Host (VCH) that integrates container efficiencies within vSphere infrastructure, allowing seamless management and deployment.

Technology
1 of 18
Downloaded 13 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Containers 101 Meetup “Everything you always wanted to know about containers and VMs, but were too afraid to ask…” Presenter: Ben Corrie (@bensdoings)
Containers and VMs are Complementary •  Virtualization of mixed workloads still just as compelling •  VMs as flexible failure / isolation / tenant domains •  Blurring the lines between the two –  VMs that behave like containers?! 2
3 Docker HubDocker Client LINUX HOST Container Control & TTY / REST Pull ImageDocker Daemon Docker Daemon Layered file system (AUFS) S D N Docker ImagesNET TRAFFIC TO CONTAINERS Linux Kernel 1.  An executable process 2.  Resource constraints / private namespace 3.  Binary dependencies: Application, runtime, OS 4.  A shared Linux kernel for running the executable 5.  Ephemeral and persistent storage layers STATELESS PORTABLE FAST SECURE What is a Container?
4 What is a Container Host? Docker Client LINUX HOST LXC Container Docker Daemon Container Container Layered file system (AUFS) S D N Docker ImagesNET TRAFFIC TO CONTAINERS Linux Kernel Control & TTY / REST Docker Hub Pull Image 1.  Control plane & lifecycle management for containers 2.  Resource scheduling and a container abstraction 3.  Infrastructure abstractions: Storage, networking etc 4.  A single Linux kernel manages everything 5.  A static size and a resource reservation when virtual STATEFUL LONG-RUNNING SINGLE USER SINGLE USE
5 What is a Hypervisor? vSphere Client ESX HOST VM Linux vCenter VM Windows VMFS / vSAN S D N VMDKs ESX Kernel SOAP / XML HTTP MyVMware Pull Image 1.  Control plane & lifecycle management for VMs 2.  Resource scheduling and a VM abstraction 3.  Infrastructure abstractions: Storage, networking etc 4.  A hypervisor kernel manages everything except apps 5.  A static size, but no resource concerns unless nested STATEFUL LONG-RUNNING MULTI USER MULTI USE
6 Characteristics •  Speed –  Start time vs throughput. Benefits transactional containers –  Hello World vs Tomcat. Less benefit for long-running apps •  Efficiency –  Less memory consumption? Depends when virtualized –  Network traffic NAT’d through guest vs straight to vNIC •  Portability –  Docker image abstraction and API is very portable –  Subtle issues with kernel versions and patches •  Isolation –  Shared kernel significantly reduces runtime isolation •  Granularity -  Containers are great for granular services. Group in a VM as isolation domain.
7 Containers and Security •  Integrity –  Reducing attack surface – includes vulnerability scanning –  Isolation domains – runtime, network, storage –  State management – lifecycle, propagation and garbage collection •  Confidentiality –  Privilege escalation – security patching, capabilities (cgroups), system permissions –  Access control – authentication, secrets and credentials, docker cp and exec –  Secure transport and encryption –  Image provenance – image signing, lifecycle, propagation and GC •  Availability –  Data integrity –  Resource management – importance of resource limits –  Fault tolerance –  Monitoring – health and performance
8 Isolation Domains and Data Persistence •  How do I isolate workloads from each other? –  Runtime isolation – resource limits, kernel panic, ESX host failure, rack or region failure –  Network isolation – traffic sniffing, firewalls, encryption, rate limiting –  Storage isolation – data persistence, backup, networking, RBAC •  Stateful vs Stateless / Cattle vs Pets –  Different classifications of data. Where should it go? •  Image state, container state, volume state. What’s the difference? –  Should data lifespan be inherently tied to compute (VM / container)? –  Without live migration, shared storage and HA, stateless looks attractive •  The question is not “what plumbing do I need?” –  What characteristics or business value do I need for my application? –  Better question than, “do I need a container or a VM?”
9 Types of Containers •  Long-running –  Can be stateless or stateful –  Eg. Application servers, databases, load-balancers, KV stores etc –  Typically a need for strong isolation •  Transactional –  Runs for a period and transforms some data –  Eg. Runs a build. Processes a web request. Batch processing –  Should only consume resource when running •  Sidecar / micro-service –  Augments the capabilities of a service or provides a helper function –  Eg. Logging, monitoring, caching –  Scales with the service. Potentially hindered by strong isolation
10 Business Value as Plumbing •  Jenkins Cluster case study •  Characteristics of various workloads •  Cluster size is a measure of compute capacity – reservation or limit? Jenkins Master Jenkins Slave Jenkins Slave Long-running Stateful Long-running Long-running Docker Images Docker Images Container Container Container Container Container Container Database Web Server
11 The Resource Management Problem •  P to V offered a shift away from underutilized hardware •  V to C offers a shift away from underutilized VMs •  Why do we still have this problem? –  Long running workloads –  Lack of self-provisioning –  Stateful reconfiguration and cost of re-provisioning –  Problem translated to container hosts •  "Pets vs Cattle" != "VMs vs Containers". –  Container hosts are the new pets J
12 Demo 1: Workflow Efficiencies •  Controlling vSphere infrastructure from a Docker client –  Compute –  Storage –  Networking •  Image management and portability –  Modify existing image –  Push to registry –  Deploy to VIC •  VMs as Cattle –  Spin up VMs for specific tasks –  Build VIC with VIC
13 So What is VIC and How does it help? •  VIC brings all of the container workflow efficiencies to vSphere infrastructure –  Control vSphere infrastructure from a Docker client without having any vSphere credentials –  Treat VMs as ephemerally as containers –  No more OVAs, VMDKs, Templates, Cloning. Push / pull your state from secure registries •  VIC allows you to translate business value into plumbing –  Eg. I need to deploy Wordpress with MySQL. –  Do I want strong isolation between these workloads? Container as a VM –  Do I want strong isolation from other tenants? Container in a VM •  VIC helps to draw clear lines between admins and users •  Future integrations take this a step further. Eg. Kubernetes on vSphere
14 Revisit: What is a Container Host? Docker Client LINUX HOST LXC Container Docker Daemon Container Container Layered file system (AUFS) S D N Docker ImagesNET TRAFFIC TO CONTAINERS Linux Kernel Control & TTY / REST Docker Hub Pull Image 1.  Control plane & lifecycle management for containers 2.  Resource scheduling and a container abstraction 3.  Infrastructure abstractions: Storage, networking etc 4.  A single Linux kernel manages everything 5.  A static size and a resource reservation when virtual STATEFUL LONG-RUNNING SINGLE USER SINGLE USE
15 Docker HubDocker Client ESX HOST / HYPERVISOR ContainerVM Control & TTY / REST Pull Image vCenter Docker Daemon VM Layered file system (VMFS) S D N Docker ImagesNET TRAFFIC TO CONTAINERS ESX Kernel STATELESS PORTABLE FAST SECURE What is a “ContainerVM”? Linux Kernel 1.  An executable process 2.  Resource constraints / private namespace 3.  Binary dependencies: Application, runtime, OS 4.  A private Linux kernel for running the executable 5.  Ephemeral and persistent storage layers
16 What is a Virtual Container Host? vSphere Cluster Layered file system (VMFS) S D N Docker Images Docker Hub Pull Image 1.  Control plane & lifecycle management for ContainerVMs 2.  Resource scheduling and a container abstraction 3.  Infrastructure abstractions: Storage, networking etc 4.  A Linux kernel per container, separate from control plane 5.  Dynamic size and a resource limit, not reservation! VIRTUAL SINGLE USER MULTI USE MULTI HOST ESX Host ESX Host ESX Host VCH 1 VCH 2 Docker Daemon Docker Daemon vCenter Docker Client ContainerVM ContainerVM NET TRAFFIC TO CONTAINERS
17 Demo 2: ContainerVMs as Cluster Nodes •  Make container hosts as ephemeral as containers
@bensdoings Github.com/vmware/vic-product 18 Questions

More Related Content

PPTX
KuberNETes - meetup
Nathan Ness
 
PPTX
Kubernetes Introduction
Martin Danielsson
 
PDF
Cloud networking deep dive
amylynn11
 
PDF
Status of Embedded Linux
LinuxCon ContainerCon CloudOpen China
 
PDF
Overlay/Underlay - Betting on Container Networking
Lee Calcote
 
PDF
Container Networking Deep Dive
Open Networking Summit
 
PDF
Scale Kubernetes to support 50000 services
LinuxCon ContainerCon CloudOpen China
 
PDF
K8s storage-glusterfs-20180210
Che-Chia Chang
 
KuberNETes - meetup
Nathan Ness
 
Kubernetes Introduction
Martin Danielsson
 
Cloud networking deep dive
amylynn11
 
Status of Embedded Linux
LinuxCon ContainerCon CloudOpen China
 
Overlay/Underlay - Betting on Container Networking
Lee Calcote
 
Container Networking Deep Dive
Open Networking Summit
 
Scale Kubernetes to support 50000 services
LinuxCon ContainerCon CloudOpen China
 
K8s storage-glusterfs-20180210
Che-Chia Chang
 

What's hot (20)

PDF
Project kuryr returns: Docker delivered, Kubernetes Next
Antoni Segura Puimedon
 
PDF
Cloud Computing Fundamental
Dony Riyanto
 
PPTX
Service mesh from linkerd to conduit (cloud native taiwan meetup)
Chia-Chun Shih
 
PDF
Docker network performance in the public cloud
Arjan Schaaf
 
PPTX
OpenStack Icehouse Overview
OpenStack Foundation
 
PPTX
VMware Hybrid Cloud Service - Overview
rajdeep
 
PPTX
Global Operations with Docker Enterprise
Nicola Kabar
 
PDF
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
OpenStack Korea Community
 
PPTX
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Cynthia Thomas
 
PDF
Tech Talk by Gal Sagie: Kuryr - Connecting containers networking to OpenStack...
nvirters
 
PDF
Policy-based Resource Placement
LinuxCon ContainerCon CloudOpen China
 
PDF
Unikernels: the rise of the library hypervisor in MirageOS
Docker, Inc.
 
PPTX
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...
Cloud Native Day Tel Aviv
 
PDF
Hacking apache cloud stack
Nitin Mehta
 
PPTX
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Nati Shalom
 
PPTX
Meetup 12-12-2017 - Application Isolation on Kubernetes
dtoledo67
 
PPTX
Securing & Monitoring Your K8s Cluster with RBAC and Prometheus”.
Opcito Technologies
 
PDF
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
Fawad Khaliq
 
PDF
11thDockerMeetupSwitzerland
Michael Mueller
 
PPTX
High performace network of Cloud Native Taiwan User Group
HungWei Chiu
 
Project kuryr returns: Docker delivered, Kubernetes Next
Antoni Segura Puimedon
 
Cloud Computing Fundamental
Dony Riyanto
 
Service mesh from linkerd to conduit (cloud native taiwan meetup)
Chia-Chun Shih
 
Docker network performance in the public cloud
Arjan Schaaf
 
OpenStack Icehouse Overview
OpenStack Foundation
 
VMware Hybrid Cloud Service - Overview
rajdeep
 
Global Operations with Docker Enterprise
Nicola Kabar
 
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
OpenStack Korea Community
 
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Cynthia Thomas
 
Tech Talk by Gal Sagie: Kuryr - Connecting containers networking to OpenStack...
nvirters
 
Policy-based Resource Placement
LinuxCon ContainerCon CloudOpen China
 
Unikernels: the rise of the library hypervisor in MirageOS
Docker, Inc.
 
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...
Cloud Native Day Tel Aviv
 
Hacking apache cloud stack
Nitin Mehta
 
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Nati Shalom
 
Meetup 12-12-2017 - Application Isolation on Kubernetes
dtoledo67
 
Securing & Monitoring Your K8s Cluster with RBAC and Prometheus”.
Opcito Technologies
 
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
Fawad Khaliq
 
11thDockerMeetupSwitzerland
Michael Mueller
 
High performace network of Cloud Native Taiwan User Group
HungWei Chiu
 
Ad

Similar to Containers 101 Meetup - VMs vs Containers (20)

PDF
What's really the difference between a VM and a Container?
Adrian Otto
 
PDF
What's really the difference between a VM and a Container?
Adrian Otto
 
PDF
321 codeincontainer brewbox
Lino Telera
 
PDF
Docker and containers : Disrupting the virtual machine(VM)
Rama Krishna B
 
PDF
Microservices, Containers and Docker
Ioannis Papapanagiotou
 
PPTX
Containers vs. VMs: It's All About the Apps!
Steve Wilson
 
PPTX
vSphere Integrated Containers 101 and End-User Workflow
Simone Morellato
 
PDF
Are VM Passé?
dotCloud
 
PDF
Are VMs Passé?
Docker, Inc.
 
PPTX
doitUNIT I - Docker-Containerization.pptx
aman0710p
 
PDF
Cloud Native Application
VMUG IT
 
PDF
Container Security
Salman Baset
 
PPTX
Containers and workload security an overview
Krishna-Kumar
 
PDF
VSphere Integrated Containers v3.0
The World Bank
 
PDF
Immutable Infrastructure Security
Ricky Sanders
 
PPTX
Containerization & Docker - Under the Hood
Imesha Sudasingha
 
PDF
Container and Cloud Native Application: What is VMware doing in this space? -...
gguglie
 
PDF
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
Odinot Stanislas
 
PDF
Containerization Principles Overview for app development and deployment
Dr Ganesh Iyer
 
PDF
Choosing PaaS: Cisco and Open Source Options: an overview
Cisco DevNet
 
What's really the difference between a VM and a Container?
Adrian Otto
 
What's really the difference between a VM and a Container?
Adrian Otto
 
321 codeincontainer brewbox
Lino Telera
 
Docker and containers : Disrupting the virtual machine(VM)
Rama Krishna B
 
Microservices, Containers and Docker
Ioannis Papapanagiotou
 
Containers vs. VMs: It's All About the Apps!
Steve Wilson
 
vSphere Integrated Containers 101 and End-User Workflow
Simone Morellato
 
Are VM Passé?
dotCloud
 
Are VMs Passé?
Docker, Inc.
 
doitUNIT I - Docker-Containerization.pptx
aman0710p
 
Cloud Native Application
VMUG IT
 
Container Security
Salman Baset
 
Containers and workload security an overview
Krishna-Kumar
 
VSphere Integrated Containers v3.0
The World Bank
 
Immutable Infrastructure Security
Ricky Sanders
 
Containerization & Docker - Under the Hood
Imesha Sudasingha
 
Container and Cloud Native Application: What is VMware doing in this space? -...
gguglie
 
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...
Odinot Stanislas
 
Containerization Principles Overview for app development and deployment
Dr Ganesh Iyer
 
Choosing PaaS: Cisco and Open Source Options: an overview
Cisco DevNet
 
Ad

Recently uploaded (20)

PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Approach and Philosophy of On baking technology
30anthuong17
 
Cloud computing and distributed systems.
kkkkkhan
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 

Containers 101 Meetup - VMs vs Containers

  • 1. Containers 101 Meetup “Everything you always wanted to know about containers and VMs, but were too afraid to ask…” Presenter: Ben Corrie (@bensdoings)
  • 2. Containers and VMs are Complementary •  Virtualization of mixed workloads still just as compelling •  VMs as flexible failure / isolation / tenant domains •  Blurring the lines between the two –  VMs that behave like containers?! 2
  • 3. 3 Docker HubDocker Client LINUX HOST Container Control & TTY / REST Pull ImageDocker Daemon Docker Daemon Layered file system (AUFS) S D N Docker ImagesNET TRAFFIC TO CONTAINERS Linux Kernel 1.  An executable process 2.  Resource constraints / private namespace 3.  Binary dependencies: Application, runtime, OS 4.  A shared Linux kernel for running the executable 5.  Ephemeral and persistent storage layers STATELESS PORTABLE FAST SECURE What is a Container?
  • 4. 4 What is a Container Host? Docker Client LINUX HOST LXC Container Docker Daemon Container Container Layered file system (AUFS) S D N Docker ImagesNET TRAFFIC TO CONTAINERS Linux Kernel Control & TTY / REST Docker Hub Pull Image 1.  Control plane & lifecycle management for containers 2.  Resource scheduling and a container abstraction 3.  Infrastructure abstractions: Storage, networking etc 4.  A single Linux kernel manages everything 5.  A static size and a resource reservation when virtual STATEFUL LONG-RUNNING SINGLE USER SINGLE USE
  • 5. 5 What is a Hypervisor? vSphere Client ESX HOST VM Linux vCenter VM Windows VMFS / vSAN S D N VMDKs ESX Kernel SOAP / XML HTTP MyVMware Pull Image 1.  Control plane & lifecycle management for VMs 2.  Resource scheduling and a VM abstraction 3.  Infrastructure abstractions: Storage, networking etc 4.  A hypervisor kernel manages everything except apps 5.  A static size, but no resource concerns unless nested STATEFUL LONG-RUNNING MULTI USER MULTI USE
  • 6. 6 Characteristics •  Speed –  Start time vs throughput. Benefits transactional containers –  Hello World vs Tomcat. Less benefit for long-running apps •  Efficiency –  Less memory consumption? Depends when virtualized –  Network traffic NAT’d through guest vs straight to vNIC •  Portability –  Docker image abstraction and API is very portable –  Subtle issues with kernel versions and patches •  Isolation –  Shared kernel significantly reduces runtime isolation •  Granularity -  Containers are great for granular services. Group in a VM as isolation domain.
  • 7. 7 Containers and Security •  Integrity –  Reducing attack surface – includes vulnerability scanning –  Isolation domains – runtime, network, storage –  State management – lifecycle, propagation and garbage collection •  Confidentiality –  Privilege escalation – security patching, capabilities (cgroups), system permissions –  Access control – authentication, secrets and credentials, docker cp and exec –  Secure transport and encryption –  Image provenance – image signing, lifecycle, propagation and GC •  Availability –  Data integrity –  Resource management – importance of resource limits –  Fault tolerance –  Monitoring – health and performance
  • 8. 8 Isolation Domains and Data Persistence •  How do I isolate workloads from each other? –  Runtime isolation – resource limits, kernel panic, ESX host failure, rack or region failure –  Network isolation – traffic sniffing, firewalls, encryption, rate limiting –  Storage isolation – data persistence, backup, networking, RBAC •  Stateful vs Stateless / Cattle vs Pets –  Different classifications of data. Where should it go? •  Image state, container state, volume state. What’s the difference? –  Should data lifespan be inherently tied to compute (VM / container)? –  Without live migration, shared storage and HA, stateless looks attractive •  The question is not “what plumbing do I need?” –  What characteristics or business value do I need for my application? –  Better question than, “do I need a container or a VM?”
  • 9. 9 Types of Containers •  Long-running –  Can be stateless or stateful –  Eg. Application servers, databases, load-balancers, KV stores etc –  Typically a need for strong isolation •  Transactional –  Runs for a period and transforms some data –  Eg. Runs a build. Processes a web request. Batch processing –  Should only consume resource when running •  Sidecar / micro-service –  Augments the capabilities of a service or provides a helper function –  Eg. Logging, monitoring, caching –  Scales with the service. Potentially hindered by strong isolation
  • 10. 10 Business Value as Plumbing •  Jenkins Cluster case study •  Characteristics of various workloads •  Cluster size is a measure of compute capacity – reservation or limit? Jenkins Master Jenkins Slave Jenkins Slave Long-running Stateful Long-running Long-running Docker Images Docker Images Container Container Container Container Container Container Database Web Server
  • 11. 11 The Resource Management Problem •  P to V offered a shift away from underutilized hardware •  V to C offers a shift away from underutilized VMs •  Why do we still have this problem? –  Long running workloads –  Lack of self-provisioning –  Stateful reconfiguration and cost of re-provisioning –  Problem translated to container hosts •  "Pets vs Cattle" != "VMs vs Containers". –  Container hosts are the new pets J
  • 12. 12 Demo 1: Workflow Efficiencies •  Controlling vSphere infrastructure from a Docker client –  Compute –  Storage –  Networking •  Image management and portability –  Modify existing image –  Push to registry –  Deploy to VIC •  VMs as Cattle –  Spin up VMs for specific tasks –  Build VIC with VIC
  • 13. 13 So What is VIC and How does it help? •  VIC brings all of the container workflow efficiencies to vSphere infrastructure –  Control vSphere infrastructure from a Docker client without having any vSphere credentials –  Treat VMs as ephemerally as containers –  No more OVAs, VMDKs, Templates, Cloning. Push / pull your state from secure registries •  VIC allows you to translate business value into plumbing –  Eg. I need to deploy Wordpress with MySQL. –  Do I want strong isolation between these workloads? Container as a VM –  Do I want strong isolation from other tenants? Container in a VM •  VIC helps to draw clear lines between admins and users •  Future integrations take this a step further. Eg. Kubernetes on vSphere
  • 14. 14 Revisit: What is a Container Host? Docker Client LINUX HOST LXC Container Docker Daemon Container Container Layered file system (AUFS) S D N Docker ImagesNET TRAFFIC TO CONTAINERS Linux Kernel Control & TTY / REST Docker Hub Pull Image 1.  Control plane & lifecycle management for containers 2.  Resource scheduling and a container abstraction 3.  Infrastructure abstractions: Storage, networking etc 4.  A single Linux kernel manages everything 5.  A static size and a resource reservation when virtual STATEFUL LONG-RUNNING SINGLE USER SINGLE USE
  • 15. 15 Docker HubDocker Client ESX HOST / HYPERVISOR ContainerVM Control & TTY / REST Pull Image vCenter Docker Daemon VM Layered file system (VMFS) S D N Docker ImagesNET TRAFFIC TO CONTAINERS ESX Kernel STATELESS PORTABLE FAST SECURE What is a “ContainerVM”? Linux Kernel 1.  An executable process 2.  Resource constraints / private namespace 3.  Binary dependencies: Application, runtime, OS 4.  A private Linux kernel for running the executable 5.  Ephemeral and persistent storage layers
  • 16. 16 What is a Virtual Container Host? vSphere Cluster Layered file system (VMFS) S D N Docker Images Docker Hub Pull Image 1.  Control plane & lifecycle management for ContainerVMs 2.  Resource scheduling and a container abstraction 3.  Infrastructure abstractions: Storage, networking etc 4.  A Linux kernel per container, separate from control plane 5.  Dynamic size and a resource limit, not reservation! VIRTUAL SINGLE USER MULTI USE MULTI HOST ESX Host ESX Host ESX Host VCH 1 VCH 2 Docker Daemon Docker Daemon vCenter Docker Client ContainerVM ContainerVM NET TRAFFIC TO CONTAINERS
  • 17. 17 Demo 2: ContainerVMs as Cluster Nodes •  Make container hosts as ephemeral as containers