CNA1699BU
#VMworld #CNA1699BU
Running Docker on your Existing Infrastructure with vSphere Integrated Containers
VMworld 2017 Content: Not fo
r publication or distri
bution
Martijn BaeckePatrick Daigle
CNA1699BU
#VMworld #CNA1699BU
Running Docker on your Existing Infrastructure with vSphere Integrated Containers
VMworld 2017 Content: Not fo
r publication or distri
bution
• This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not been determined.
Disclaimer
3#CNA1699BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Patrick@pdaigle
Martijn@baecke
4#CNA1699BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Agenda
1 Why are containers relevant?
2 What is Docker?
3 Containers on SDDC – Use Cases
4 Developer Self-Service
5 Live Demo
6 Q&A
5#CNA1699BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Not Too Long Ago Life Was Easy…
Apps!
Access to
virtual machine
for coding!
Users Developers
6#CNA1699BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Digital Transformation Drives Change…
Apps!
Access to
virtual machine
for coding!
Users Developers
Apps! Apps! More
Apps! Apps!
New features!
Apps! NOW!
APIs! DevOps!
Containers!
Control the
infrastructure!
7#CNA1699BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Developers’ Pyramid of Needs
Performance
Scalability
Availability
Security
Manageability
Functional Differentiation
What the developer today care about – i.e. functional differentiation
What the platform should provide to applications - i.e. the things that deliver service level
8#CNA1699BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
DevOps
Digital Transformation
Business Applications Infrastructure
9#CNA1699BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
App
DataAnalysis
The Speed of This Makes a Competitive Advantage
10#CNA1699BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
The Perfect Storm : Confluence of Four Forces
11#CNA1699BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Docker 101 : The Basics
12#CNA1699BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Docker Adoption
13#CNA1699BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
What is Docker?
~# docker build my_app
~# docker push my_app
~#
“Docker is an open-source project that automates the deployment of applications inside software containers”
14#CNA1699BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Why Developers Love Docker?!
LightPortable FastPortable Lightweight Fast
… Standard Format That Integrates with Developer Tooling
15#CNA1699BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Docker Architecture
Docker Toolbox
docker (cli)
docker-machine
Linux
docker (engine)
c c c c
Docker Hub(Registry)
docker
images
16#CNA1699BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
From Nothing to Running App in 3 Commands
Docker Toolbox
docker (cli)
docker-machine
Linux
docker (engine)
n
g
i
n
x
Docker Hub
docker
images
nginxnginx
docker-machine env default
docker pull nginx
docker run -d -p 8000:80 nginx
1
1
2
3
2
3
17#CNA1699BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
But What Does Ops Need?
Security & Isolation
RichSLAsData
GovernanceGuaranteedResources
ManagementTooling
18#CNA1699BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
OS
Hardware
Virtual Machine
Container
Solution for Dev Problem
Solution for Ops Problem
vSphere
Virtual Machine the Foundation for Containers
Best of both worlds
• Isolated & Secure• Flexibility• Manageable• Separation of duties
App
19#CNA1699BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
NSX ESXi vSAN
Virtual Container Hosts Docker Container Hosts
Provisioning / Scheduling
Physical Infrastructure
Secu
rity
/ M
icro
-segm
ent
ation
Reg
istr
y
Secu
rity
Ma
nagem
ent C
Docker Engine
Linux Kernel
C C
Linux Kernel
C
Linux Kernel
C
Linux Kernel
C
vSphere Integrated Containers
• Docker API Compliant• Containers run as VMs• Application repackaging use case
• Self Service Docker Hosts• Simple micro services development and deployment
22#CNA1699BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Consumers & Providers in IT
Physical Infrastructure
VirtualInfrastructure
IaaS
PlatformServices
ApplicationDevelopers
Consumer
Provider
Docker Endpoint
Virtual Container Host Net
| Sec | Ops Visibility
23#CNA1699BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Docker compatible interface
Container management portal
Enterprise-class container registry
Familiarity of vSphere
No new tooling or technologies
Full enterprise-grade power of
Software-Defined Data Center
vSphere Integrated Containers – Enabling the Best of Both Worlds
vSphere Integrated Containers
24#CNA1699BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
VCH
Container Endpoint
vSphere Integrated Containers – Operating Model
ESXi ESXi ESXi ESXi ESXi
VSAN
vCenter Server
NSX
C-VM
Container VM
nginx process
Linux Kernel
vic-machine-linux createdocker run –d –p 80:80 nginx
ESXi ESXiESXi
vSphere Cluster
C-VM
VM VM
VM VM
25
VMworld 2017 Content: Not fo
r publication or distri
bution
Containers on SDDC: Use Cases
• Modernize traditional apps• No refactoring
• Develop new 12-factor apps• App refactoring
Application Repackaging Cloud Native
• Enable developer agility• Self-service portal
Developer Sandbox
27#CNA1699BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Use Case Example:Developer Sandbox
Use Case Description:
• Ticketless development environment with IT governance and control
VMware Value Proposition:
• Enable developer agility on vSphere
• Efficient utilization via resource pools
• Simplified container framework deployment
• Enterprise-class registry (AD/LDAP, replication, content trust, scanning)
• Unified enterprise tooling with logging, monitoring
Customer Benefits:
• Enable developer agility
• Faster application time to market
• Docker and Kubernetes
28#CNA1699BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Developer Sandbox – Real-world Example
• Developer self-service with VI Admin governance
– Developer consumes resources via Docker API/CLI
• Provides developers with self-service for applications not yet in the enterprise service catalog
– Rapid prototyping
• Run a full-fledged docker engine as a ContainerVM using vSphere Integrated Containers and the Docker API/CLI
– DCH are packaged in a docker image and can be instantiated on VIC like any other container
– DCH provides command-line options to enable/disable features of the docker engine
– All DCH packages are based on PhotonOS
• Source, dockerfiles and documentation available at github.com/vmware/vic-product
Docker Container Host
VIC Engine
C
Docker Engine
Linux Kernel
C C
docker run –p 12375:2375 –d vmware/dch-photon
29#CNA1699BU CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution