Currently VMware is  providing two docker solutions:

• VIC [vSphere integrated Container]
• Photon Controller

Both of these products will enable containers on VMware products. In this blog  I will mainly focus on VIC.

VIC: VIC allows customers to run “Container as a VM” in vSphere  infrastructure. It can be deployed on standalone ESXi host or vCenter Server. When  a container will run as a VM, it will provide multiple benefits over standalone container linux VM.

Resource Management: In normal container case, we have a linux VM or hot which runs a docker daemon and launches lots of containers. A developer can connect these container via docker client. Over a period of time, linux VM/ Host will consume significant amount of memory for containers and eventually container can run out of memory scenarios. Since its doesn’t allow to use the shared memory. With VIC, since containers are deployed as VM, Its provides esxi memory management feature. All VIC containers are VM to vSphere, so all the memory management feature will be enabled for VIC container.

Tenancy: If user deploy container on linux vm/host, it doesn’t provide the option to assign resource per developer. Suppose we have multiple developers who are using containers, docker can’t provide the resource allocation option. In-case of VIC, it has the concept of VCH(Virtual Container Host), which controls access to a pool of vSphere resources. A VCH is designed to be single tenant, each with their own pool of resources. vSphere admin can deploy multiple VCH on ESXi host or vCenter server, can be assigned to individual developer. So multiple container can provide multi-tenancy option.

Container as a Service [CAAS]: One of the main concerns for developers is security and networking in-case of linux based docker. With VIC,since all the container will be deployed as vm, it will be facilitated to use vSphere security and networking feature. With Vic, each container will get its own vNic. A vSphere admin can monitor resource that are being consumed.

Virtual Container Host

A container host in VIC is a Virtual Container Host (VCH). A VCH is not in itself a VM – it is an abstract dynamic resource boundary that is defined and controlled by vSphere into which containerVMs can be provisioned. As such, a VCH can be a subset of a physical host or a subset of a cluster of hosts.However a container host also represents an API endpoint with an isolated namespace for accessing the control plane, so a functionally equivalent service must be provisioned to the vSphere infrastructure that provides the same endpoint for each VCH. There are various ways in which such an service could be deployed, but the simplest representation is to run it in a VM.

Given that a VCH in many cases will represent a subset of resource from a cluster of physical hosts, it is actually closer in concept to something like Docker Swarm than a traditional container host.