Containers are gaining a lot of traction within the virtualization community as the next step forward in virtualizing resources. VMware is arguably the industry leader in server virtualization. Virtual machines have been around for a few years now and the idea of having containerized workloads definitely has advantages over full virtual machines. The footprint of containers is much smaller than full virtual machines. They don’t run a full guest operating system such as Windows or Linux as do virtual machines. They only contain what is needed for a specific application. VMware has made waves in the container space recently with vSphere Integrated Containers or VIC. The vSphere Integrated Containers product runs within the VMware vSphere environment. This means that all the normal “virtual machine like” tools that administrators and developers are used to within the vSphere environment are available using vSphere Integrated Containers. Let’s take a look at the components of vSphere Integrated Containers and what the installation process looks like.
Components of vSphere Integrated Containers
There are a few components that are involved with provisioning vSphere Integrated Containers. The components involved with provisioning vSphere Integrated Containers in a VMware vSphere environment include:
- vSphere Integrated Containers Appliance – The VIC Appliance is the first component that gets installed to provision VIC. The appliance is what runs the container Registry and the VIC Management Port services. The VIC appliance is also where you obtain the VIC Engine binaries that are used to provision the Virtual Container Hosts
- Virtual Container Host or VCH – The VCH is what allows the provisioning of Docker. It is much like standing up a Linux virtual machine and provisioning Docker that way. The VCH in the VMware vSphere environment assumes all the benefits of VMware vSphere virtualization including HA and DRS benefits. The VCH is deployed as a VApp that gets deployed in vCenter Server and provides a “VM-like” look and feel to the containers that are provisioned underneath the VCH. Additionally, you can specify resource limits on the vApp
- VCH Endpoint VM – The VCH Endpoint VM is the virtual machine that gets provisioned inside of the VCH vApp. There is always a VCH Endpoint VM for a VCH vApp – 1:1 relationship. The Endpoint VM runs the services that VCH requires as well as the endpoint Docker APIs that are used in receiving the Docker commands and then in turn translates these into vSphere API calls that allows for the Docker/vSphere relationship
- The VIC-machine Utility – This is a utility written for Windows, Linux, and OSX that allows the provisioning and management of the VCHs. It includes functionality to create certificates, check prerequisites, manage firewall settings on the ESXi hosts, licenses, etc. Using the VIC-machine utility, you can create, inspect, upgrade, and delete VCHs
Installing VMware vSphere Integrated Containers Overview
Installing VMware vSphere Integrated Containers involves just a few steps that we want to consider. Most of the steps are very straightforward such as deploying the VIC appliance as it follows normal OVA deployment considerations. There are a few steps though that require some attention to detail and making sure things are done in the right order. An overview of the steps are as follows:
- Deploy the VIC Appliance
- Create a Distributed Port Group for the VIC Bridge Network
- Configure ESXi firewall rules
- Create the Virtual Container Host and VCH Endpoint VM
Deploy the VIC Appliance
The first step to getting up and running with vSphere Integrated Containers is to deploy the VIC Appliance. This is an OVA appliance that you deploy. Download the OVA from VMware (free but you need to sign up and get a VMware account). You simply follow the normal process for deploying an OVA appliance in vCenter. When you get to Step 8, be sure to pay attention to detail on this step as it has you enter SSH credentials, network configuration, etc.
The VIC appliance is easily deployed via an OVA appliance in vSphere
Create a Distributed Port Group for VIC Bridge Network
We need to create a special port group that is attached to our VIC host as well as the containers that get created. This port group acts as a bridge network for the containers to have connectivity.
Create a new Distributed Port Group to handle the VIC Bridge network
Configure ESXi Firewall Rules
The Virtual Container Host communicates with the ESXi hosts over port 2377 using “serial over LAN”. Port 2377 egress needs to be opened on all ESXi hosts before we can create the VCH Endpoint VM. The VIC machine utility makes this process much easier than configuring by hand. We can download the VIC machine utility to our workstation by visiting https://
- vic-machine-windows update firewall –target
–user administrator@vsphere.local –password –allow –thumbprint=
Create the Virtual Container Host and VCH Endpoint VM
As mentioned the Virtual Container Host is used to actually provision Docker. Deploying the VCH creates a vApp in vSphere. The Endpoint VM gets created as well when provisioning the VCH. It is what actually runs the services that VCH requires and the endpoint Docker APIs that receive and translate the commands. Once we have these last components in place, then we can actually start provisioning containers. To create the Virtual Container Host, we again use the vic-machine-windows command.
vic-machine-windows create
–target vcenter_server_address
–user “Administrator@vsphere.local”
–password vcenter_server_password
–bridge-network vic-bridge
–image-store shared_datastore_name
–no-tlsverify
–force
Create a new Distributed Port Group to handle the VIC Bridge network
Thoughts
VMware is definitely making strides in the container world with vSphere Integrated Containers. They have shown they are serious about containerized workloads. They are playing it smart as well by providing the ability to provision containers within the constructs of the vSphere tools that administrators already know and are familiar with. With VIC 1.2, there are even more features and functionality VMware has baked into the latest release. It definitely has a lot of momentum and enthusiasm behind the project and it certainly provides a viable way to consume containers along with virtual machine workloads in the enterprise.
BDRSuite offers cost-effective VMware Backup Solutions to backup and protect VMs on ESXi & vCenter. Backup starts at $1.80 vm/month.
Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.