Modernizing Applications With Containers On or distribution · Native Docker container hosts in...
Transcript of Modernizing Applications With Containers On or distribution · Native Docker container hosts in...
Karthik NarayanProduct Line Manager
@_KarthikNarayan
SER3152BU
#VMworld #SER3152BU
Modernizing Applications With Containers On vSphere
VMworld 2017 Content: Not fo
r publication or distri
bution
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
2#SER3152BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Agenda
1 Refresher on containers
2 The current way of deploying containers
3 vSphere Integrated Containers terminology
4Native Docker container hosts in vSphere
Integrated Containers
5 Demo 1
6 Isolated containers using the Virtual Container Hosts
7 Demo 2
8 What’s new in vSphere Integrated Containers
#SER1875BU CONFIDENTIAL 3
VMworld 2017 Content: Not fo
r publication or distri
bution
Refresher On Containers
VMworld 2017 Content: Not fo
r publication or distri
bution
5
What is a Container?
A container includes an application
and all its runtime dependencies.
#SER3152BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Why Do We Need Containers?
6#SER3152BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Container is an Isolated Instance of User Space
#SER3152BU CONFIDENTIAL 7
VMworld 2017 Content: Not fo
r publication or distri
bution
#SER3152BU CONFIDENTIAL 8
What Is An Image?
VMworld 2017 Content: Not fo
r publication or distri
bution
9
Images Are Layers
#SER3152BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Where Are Images Stored?
10
Docker Hub VMware Enterprise Registry
Public Registry Private Registry
#SER3152BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
VMs vs. Containers
#SER3152BU CONFIDENTIAL 11
Hardware
VM
OS
App
Hypervisor
VM
OS
App
VM
OS
App
VM
OS
App
Hardware
|||||||
App
OS
|||||||
App
|||||||
App
|||||||
App
VMworld 2017 Content: Not fo
r publication or distri
bution
Containers Are Not New
#SER3152BU CONFIDENTIAL 12
2000 2004 2008 2013 2014
VMworld 2017 Content: Not fo
r publication or distri
bution
Docker Made It Simple
~# docker build my_app
~# docker push my_app
~#
13#SER3152BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
The Current Way Of Deploying Containers
VMworld 2017 Content: Not fo
r publication or distri
bution
Physical
Hardware
Linux
Container Engine
CCC
Container Deployment On Bare Metal
Linux
Container Engine
CCC
15#SER3152BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Linux
Container Engine
CCC
VM
vSphere
Container Deployment In VMs
• Involves ticketing
• IT creates the VM, Developers install the rest
• Results in snowflake deployments
• IT is on the hook to manage these
• Semi-permanent allocation of resources –Cannot be reclaimed easily
16#SER3152BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
vSphere Integrated Containers Terminology
VMworld 2017 Content: Not fo
r publication or distri
bution
vSphere Integrated Containers Terminology
• Virtual Container Hosts
– Virtual equivalent of Container Hosts. They are vSphere resource pools that host your Container VMs
• Container VMs
– Virtual Machines deployed from a container image
• Endpoint VM
– The VM that your developers connect to, and issue commands against
18#SER3152BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Native Docker Container Hosts In vSphere Integrated Containers
VMworld 2017 Content: Not fo
r publication or distri
bution
Native Docker Container Hosts In vSphere Integrated Containers
• Ticketless dev environment with IT governance and control
• Run a full fledged Docker engine as a Container VM
• Docker container hosts are packaged as containers and instantiated like a container
• To start a Docker Container host you run:
$ docker run -p 12375:2375 -d vmware/dch-photon:1.13
And then connect to the newly deployed docker engine with:
$ docker -H <VCH Host>:12375 info
#SER3152BU CONFIDENTIAL 20
VMworld 2017 Content: Not fo
r publication or distri
bution
DemoVMworld 2017 Content: N
ot for publicatio
n or distribution
Isolated Containers Using The Virtual Container Hosts
VMworld 2017 Content: Not fo
r publication or distri
bution
Linux
Container Engine
CCC
VM
vSphere
But Wait… There Is More
23
• Security concerns from a shared kernel
• Lack of multi-tenancy
• Inefficient resource utilization
• Non-elastic infrastructure
• Restricted visibility for IT admins
• Lacks of tools, best practices and experience
• DIY / Build your own stack not suited for some customers
#SER3152BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Linux
Container Engine
CCC
VM
Linux
Kernel
Linux
Kernel
Linux
Kernel
vSphere
Virtual Container Host
Introducing The vSphere Integrated Containers Engine
24
Container Host
#SER3152BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
DemoVMworld 2017 Content: N
ot for publicatio
n or distribution
NSX ESXi vSAN
Virtual Container Hosts Docker Container Hosts
Provisioning / Scheduling
Physical Infrastructure
Two Ways Of Running Containers On vSphere
26
C
Docker Engine
Linux Kernel
C C
Se
cu
rity
/ M
icro
-se
gm
en
tatio
nS
ecu
rity
VIC
Se
rvic
e E
ngin
e
Ma
na
ge
ment /
Regis
try
Linux
Kernel
C
Linux
Kernel
C
Linux
Kernel
C
#SER3152BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
What’s New In vSphere Integrated Containers
VMworld 2017 Content: Not fo
r publication or distri
bution
vSphere Integrated Containers
28
Focus Areas For The Upcoming Release
Security
• Content Trust
• Vulnerability Scan
SSO
• RBAC
• Projects
Native Docker container hosts
• On-demand via VCH
VCH enhancements
• Reconfigure
• Support for additional Docker commands
UX Improvements
• Updated vSphere UI in HTML5
• Integrated Portal and Registry UI
• Install / upgrade enhancements
#SER3152BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution