introduction - dell emc container management systems (cms) exist almost everywhere. amazon web...

R1.0 DELL EMC VXRAIL-VXRACK SYSTEM SDDC CONTAINERS PAGE 1 OF 9

RAYONSTORAGE.COM | GREYBEARDSONSTORAGE.COM SILVERTONCONSULTING.COM | TWITTER.COM/RAYLUCCHESI © 2017 SILVERTON CONSULTING, INC. ALL RIGHTS RESERVED

Introduction Containersareapowerfultechnology,primarilyusedtoruncloudnativeservicesbutcanalsobeusedtorunhighlyscalable,on-premisesapplications.Containerssupportmodernapplicationdevelopmentandoperationsmodelsthatenablerapidimplementation,automateddeploymentandeasyscalability.

VMwarevSphere®cannowruncontainersunderanyofthefollowing:• StandaloneDockerContainerEngine–containerdevelopersessentiallydoitallusingcommandlinesandAPIs;• vSphereIntegratedContainers–containerdevelopershaveaself-serviceGUI,integratedwithaprivate,securerepositoryandvCenteroperationsmanagement,visibilityandcontrolovercontainerexecution;• PivotalContainerService(PKS)–developersandoperationsstaffcanmakeuseofacombinationofcommandlineandvCenterservicestomanageandscalecontainerapplications;and• PivotalCloudFoundryApplicationService-developersandoperationsstaffcantakeadvantageofsophisticationandautomationtostepawayfromthetechnicaldetailsandletthesystemruntheapplicationbyitself.VMwarevSpherepresentlyoffersthelargestselectionofmethodstoruncontainersintheenterprise.DellEMC’sextensiveengineeringtointegrateandvalidatevSphereonDellhardwaretogetherwiththeirsinglesupportmodelmakeDellEMC®VxRail™andVxRack™SystemSDDC(software-defineddatacenter)hyper-convergedengineeredsystemsthefastest

andsimplestinfrastructuretorunvSpheretoday.IfyourITteamisinterestedinusingcontainersintheirdatacenter,oneofthebestwaystodosoisonVxRailandVxRackSDDC.

Containers Althoughcontainerapplicationshavebeenaroundsincetheearly2000s,theyreallygainedpopularitywhentheopensourceDocker™Projectcameoutwithitscontainerimageformatandruntime.Dockerimagesareastandardized,lightweight,

R1.0 DELL EMC VXRAIL-VXRACK SYSTEM SDDC CONTAINERS PAGE 2 OF 9

RAYONSTORAGE.COM | GREYBEARDSONSTORAGE.COM SILVERTONCONSULTING.COM | TWITTER.COM/RAYLUCCHESI © 2017 SILVERTON CONSULTING, INC. ALL RIGHTS RESERVED

standalone,executablepackagecontainingeverythingneededtorunafunctionsuchascompiledcode,runtimelibraries,environmentvariables,andconfigurationfiles.Containersaremainlyusedtoimplementcloudnativewebservicesandotherhighlyscalableapplicationsthatdistributefunctionalityacrossmanyindividuallyexecutableunits.Typically,dozensifnothundredsofcontainersareusedbyanapplication,eachofwhichimplementsasmallamountoffunctionality,calledamicroservice.Toscaleapplicationperformance,multiplecontainerscanexecutethesamemicroservice.Containerscanalsobeusedtoimplementnon-microserviceapplications,butthey’retypicallyusedforhighlyscalable,microserviceapplications.AcontainerexecutesfunctionalityusingkernelresourceisolationfeaturestoallowmultipleindependentcontainerstoexecuteunderasingleOSinstance.Usingtheseservices,containerscanavoidtheoverheadofrunningafull-blownvirtualmachine(VM)underahypervisorandstillprovidealightweightvirtualizedenvironment.Containersaredesignedtoruncompletelyisolatedfromthehost,onlyaccessingfilesandportsifconfiguredtodoso.Containersalsoexecuteinastatelessfashion.Thatis,anycontainerstateinformationislostwhenaninstanceisterminated.However,containerscanmakeuseofexternalservicessuchasbackingstoresordatabasestosaveapplicationstateifneededandrecentresearchismovingtoofferoptionsformorestatefulcontainerswithoutneedforexternalservices.Nowadays,containermanagementsystems(CMS)existalmosteverywhere.AmazonWebServices™(AWS™),MicrosoftAzure™,GoogleCloudPlatform™(GCP),IBM®SoftLayer,Pivotal®WebServices(PWS),Virtustream®andmanyothersoffercontainersupport.Developmentteamsareusingcontainersforanumberofreasons,suchas:

• Fasterdevelopment–containerapplicationscaneasilybebuiltfromexistingornewmicroservicesbutcanalsobeusedtore-package/implementexistingmonolithicapplications,

• Highresilience–containerapplicationstypicallyrunmultiplecontainers,anyofwhichcanfailandberestartedveryquickly,

• Portability–containerapplicationscanrunjustaboutanywhere(e.g.,onlocalworkstations,invirtualizedinfrastructureandinprivateorpubliccloudenvironments).

• Scalability–containersrequirelessOSfunctionalitytorun,sotheycanstartuporshutdownrapidlytoimproveapplicationperformance.

ITorganizationsbenefitbymovingapplicationengineeringtoamoremoderndevelopmentparadigmthatisdesignedtorunbothon-premisesandinthecloud.Moreover,whennewfunctionalityorchangesareimplementedusingcontainers,

R1.0 DELL EMC VXRAIL-VXRACK SYSTEM SDDC CONTAINERS PAGE 3 OF 9

RAYONSTORAGE.COM | GREYBEARDSONSTORAGE.COM SILVERTONCONSULTING.COM | TWITTER.COM/RAYLUCCHESI © 2017 SILVERTON CONSULTING, INC. ALL RIGHTS RESERVED

applicationstypicallyevolveinsmallincrementsratherthanthroughmajorreleases,whichallowsforquickerrolloutofnewfeaturesandcloudnativelike,developmentlifecyclesthroughtheuseofDevOps.Containersexistasimagesthatresideinregistries.DockersupportsitsownpubliclyhostedregistryservicecalledtheDockerHub™,1whichholds100,000+containerapplications.Forexample,Redis™,MongoDB™andMySQL™appinstancesareallfreelyavailableunderDockerHub.Containerapplicationsexecuteunderacontainerhostorengine,whichsuppliesamini-virtualizationenvironmentforcontainers.Containerhostsalsosupplylocalservicerouting,container(work)scheduling,containerspinupandspindownservicesandlocal(withinhost)dependencymappingservices.ContainerenginesaretypicallymanagedbyaCMS,suchasDockerSwarm™,GoogleKubernetes®(oftencalledK8S),Mesosphere®DC/OS,andCloudFoundry™ContainerService.ACMSdeploysandmanagesthelifecycleofcontainersandcontainerengines.

How to run containers on vSphere OptionsforrunningcontainerappsusingvSphereincludestandaloneDockerContainerEngine,vSphereIntegratedContainersEngine,standaloneKubernetes,andusingPivotalCloudFoundrywithitsPivotalContainerService(PKS)andPivotalApplicationService.Wereviewsomeofthemorepopularonesbelow.

Standalone Docker Container Engine ADockerContainerEngine(DCE)orhostcanberununderaLinuxOSVMtoexecutecontainersundervSphererunningonVxRailorVxRackSDDC.Thatway,LinuxOS,theDCEanditscontainersrunwithinasingleVM.Thisrequiresthemostdevelopmentexpertiseandresponsibilitybecauseit’sessentiallyonlyacontainerruntimewithoutaCMS.SuchaDCEVMcanmakeuseofpublicorprivatecontainerregistries.VMwareadminscanprovisiontheVMwithanyresourcesitneeds,anddeveloperscanusetheDockerapplicationprogramminginterface/commandlineinterface(API/CLI)todeployandruncontainerswithinthatDCEVM.NotethatusingastandaloneDCEdoesn’tprovideclustermanagementorhighavailabilityappexecution,it’ssimplyastandardizedcontainerruntime.However,organizationscouldrunoneoftheDockerCMSsdiscussedabove.Suchanapproachwouldn’tbeabletotakeadvantageofmanyvSphereservicesortouseknowledgeofthevSphereclusterenvironmentandtheywouldbeunderdeveloperresponsibilitytocontrol.

R1.0 DELL EMC VXRAIL-VXRACK SYSTEM SDDC CONTAINERS PAGE 4 OF 9

RAYONSTORAGE.COM | GREYBEARDSONSTORAGE.COM SILVERTONCONSULTING.COM | TWITTER.COM/RAYLUCCHESI © 2017 SILVERTON CONSULTING, INC. ALL RIGHTS RESERVED

Fordevelopers,useofastandaloneDCEwillrequireahighlevelofskillinDockerAPI/CLI.Further,operatorswillonlyhavethesingle(DCE)VMtomanageandwilllackanyvisibilityintocontainersrunninginthatVM.

vSphere Integrated Containers vSphereIntegratedContainers(VIC)isanothermethodforexecutingcontainerappsunderVxRailorVxRackSDDC.ContainersunderVICcanruninoneoftwomodes:

• UsingaVirtualContainerHost(VCH)resourcepool–theVCHandallitscontainersexecuteasseparate,lightweightVMsinvSphere.

• UsingaDockerContainerHost(DCH)VM–similartothestandaloneDCEabove,LinuxOS,DockerEngineandallitscontainersexecutewithinasingleVM.

VCHoperatesasabridgebetweenvSphereandtheapplication’scontainers,whichusesPhotonOSalightweightLinuxkernelthatinterfaceswellwithvSphereandisquicktoboot,deployandrun.InadditiontotheDockerHubregistrydiscussedabove,VICcontainerappscanuseHarbor™,2VMware’sopensourceproject,whichimplementsasecure,enterprise-classcontainerregistrythatcanbehostedon-premises.UnderHarbor,containerapplicationrepositoriesareimplementedasprojects,anduserscanhavedifferentprivilegesondifferentprojects.Harboralsohasbuilt-invulnerabilityscanningtoinsureimagesaresecure.Furthermore,underVICcontainers,developerscanuseaself-servicewebportalcalledAdmiral™,3VMware’sopensourceprojectforcontainerlifecyclemanagement.AdmiralmakesuseoftheDockerAPItomanagecontainersandcontainerhosts.AdmiralprovidesdevelopersaGUIcontainermanagementconsoleandautomatedpolicymanagementfordeployingandrunningcontainersinVIC.However,developerscanstilluseaCLItointeractwiththeenvironment.Operatorsalsobenefitfromitsincreasedsecurityandgovernancecontrol.ForVICVCHcontainerVMs,vSpherevCenterservicescanalsobeusedbyoperationstomanagecontainerVMsina1to1model(containertolightweightVM)vs.VICDCHthatrunsmultiplecontainersinasingleVMinamanyto1model.TheseincludevSpherevMotion™,DistributedResourceScheduler™andHighAvailability™services.

R1.0 DELL EMC VXRAIL-VXRACK SYSTEM SDDC CONTAINERS PAGE 5 OF 9

RAYONSTORAGE.COM | GREYBEARDSONSTORAGE.COM SILVERTONCONSULTING.COM | TWITTER.COM/RAYLUCCHESI © 2017 SILVERTON CONSULTING, INC. ALL RIGHTS RESERVED

Also,byintroducingstandardvSphereservicestothecontainerexecutionenvironment,withVICdeveloperscantakeadvantageofVMwarestoragetomaintainstateacrosscontainerexecutionsandothervSphereservicessuchasHA,DRSandothers.Thismeansthattraditional,monolithicenterpriseapplicationscanberepackagedtotakeadvantageofcontainerdeploymentandoperationsmodels.Monolithiccontainerappswouldn’tbestandardmicroservicescontainers,butthey

couldstillberunascontainerizedapplicationsunderVICandutilizeAdmiralandHarbor.ForVIC,developersnewtocontainerscangetbywithlessknowledgeofDockerAPI/CLIastheycanusetheAdmiralself-servicecontainermanagementconsole.OperatorscanalsotakeadvantageofAdmiralandforVICVCH,theycanalsomakeuseofvCentertomanagethesinglecontainerVMsandtheVCHVM.

Pivotal Cloud Foundry PivotalCloudFoundry(PCF)isacloudnativeplatformfordeployingandoperatingmodernapplications.Thismodernplatformallowsformultiplelayersofabstraction.TwoofinteresttousarethePivotalContainerService™,aContainers-as-a-Service(CaaS)offeringandPivotalApplicationService™,aPlatform-as-a-Service(PaaS)offering,botharediscussedbelow.PCFalsosupportsthePivotalFunctionService™(PFS™),whichprovidesserver-lessfunctionality.PFSisafuturedeliverableandwillnotbediscussedanyfurtherinthisdocument.

Pivotal Container Service PivotalContainerService(PKS™)runsunderPivotalCloudFoundryasitsCaaSservicethatcombinesCloudFoundryBOSH™infrastructuremanagementwithproductiongradeGoogleKubernetesCMSandengineasanotherwaytoruncontainersunderVxRail.BOSH4andKubernetes5arebothopensourceprojects,andcombinedarecalledthePivotalContainerService.GoogleoriginallydevelopedKubernetestomanageitsproductionworkloadsacrossitsdatacenters,andKubernetescurrentlyrunsbillionsofcontainersaweek.KubernetesexecutesunderGCP,AmazonEKS(ElasticContainerService),MicrosoftAKS(AzureContainerService),IBMCloudContainerServiceorstandaloneonvSphere,aswellasinabaremetalenvironmentsuchasWindowsandLinux.Forthissectionhowever,wereviewitincontextwithPKS.BOSHisusedforreleaseengineering,deploymentlifecyclemanagementanddistributedsystemsmonitoring/restart.BOSHisusedinternallyinGCP,AWSEC2

R1.0 DELL EMC VXRAIL-VXRACK SYSTEM SDDC CONTAINERS PAGE 6 OF 9

RAYONSTORAGE.COM | GREYBEARDSONSTORAGE.COM SILVERTONCONSULTING.COM | TWITTER.COM/RAYLUCCHESI © 2017 SILVERTON CONSULTING, INC. ALL RIGHTS RESERVED

(ElasticComputeCloud),PivotalCloudFoundryandOpenStack®.BOSHalsosupportsavailabilityzones(AZs)asitsunitofhighavailabilityorfailuredomain.PKScontainerappscanstilltakeadvantageofVMware’sHarborcontainerregistrybutdonotoperateunderVIC’sAdmiralcontainermanagementtool.Kubernetescanrunalmostanywhere–onbaremetalservers,onvirtualizedinfrastructureandintheprivateorpubliccloud.Asaresult,applicationengineerscandevelopandtestcontainerfunctionalityusingabaremetalKubernetesclusterand,whenready,promotethemtovSpherePKSorscalethemuptothecloud.WithPKS,developersbenefitfrommulti-containerschedulinganddeploymentandneedonlysupplytheDockercontainerimagewithinstructionsonhowtorunitandtheplatformtakescareoftherest.Operationsgetaproductiongradedistributionwithaconsistentdeploymentandrobustenterprisegrade,platformexperience.

Pivotal Application Service PivotalApplicationService(PAS™)runsaspartofthePivotalCloudFoundryasacompletePaaSsolution.TheApplicationservicesuppliestheApplicationRuntimewithcontainerexecutionengines,theOpsManager,acontainerappGUIdeploymentandmanagementtool,allwhileusingBOSHforreleaseengineering,deploymentandhighavailability.PCFPAScanoperatebaremetal,undervSphereaswellasinsideAWS,MicrosoftAzureandGCP.ContainerappsunderPASaredeployedinoneoftwoformats:

• DropletcontainerimagescreatedandpackagedusingPCFbuildpacks;or• DockercontainerimagescreatedandpackagedusingDockerfiles.

PASrunsbothDropletandDockerimagesascontainerapps.DockercontainersarejustaspecialformofPCFDroplets.However,PCFDropletcontainerscaninherentlymakeuseofpersistentstorageandremovemuchofthedeveloperburdenforcontainercreation,packaging,andmanagement.DockercontainerimagesprovideflexibilityinPASforthoseorganizationsthatmayhavealreadystandardizedontheuseofDockerimages.PCFDropletappsaregenerallycloudnativeappsthatusea12-factorappdevelopmentapproach,6whichspecifiesamethodologyforbuildinginherentlycloudnativeapplications.PAScontainerappscanmakeuseofHarborregistriesorotherprivateandpublicregistriestoholdcontainerimages.However,PASOpsManageristhemanagementconsoleforPCFPAScontainerapps.

R1.0 DELL EMC VXRAIL-VXRACK SYSTEM SDDC CONTAINERS PAGE 7 OF 9

RAYONSTORAGE.COM | GREYBEARDSONSTORAGE.COM SILVERTONCONSULTING.COM | TWITTER.COM/RAYLUCCHESI © 2017 SILVERTON CONSULTING, INC. ALL RIGHTS RESERVED

DeveloperscanusePAStocreatecontainersfortheminacompletelyautomatedfashionandallowsthemtojustfocusonwritingcoderatherthanhowapplicationsaredeployed.Moreover,operatorscanalsomakeuseofPAStoautomaticallymanagecontainerappexecutionandtakeadvantageofanenterprisegradeplatformoperationsexperience.

When to use standalone DCE, VIC DCH, VIC VCH, PKS or PAS Standalone

DCE VICDCH VICVCH PKS PAS

Initialcontaineruse Yes Yes Yes No No

Containersinproduction No No Yes Yes Yes

ContainersasVMs No No Yes No No

Harborsupport No Yes Yes Yes Yes

Admiralsupport No Yes Yes No No

Multi-AZsupport7 No No No Yes Yes

CMScloudcompatible Yes Yes No Yes Yes

Developereffortneeded High High High Med. Low

Operationscontrol Low Med. High High HighStandaloneDCEisbestforcustomerswhoaregettingstartedwithcontainersforthefirsttime.ThisisreallyjustastandardizedDockercontainerruntimefordevelopers.EngineerscoulddevelopcontainerappsonbaremetalandthenreadilymigratethoseappstoastandaloneDCEVM.However,standaloneDCEappswon’trunasfastasVICapps.Multicontainerdeploymentsanddeploymentmanagementaretheresponsibilityofthedevelopertomaintain.Thisrequiresahighlevelofskillonthedeveloper’sparttocreateandmaintain.OperationshaslimitedcontrolandvisibilitybeyondmanagingthesingleDCEVM.VICDCHisasteppingstonetoproductionuseofcontainersonvSphere.TheadvantageofusingVICDCHisthatengineerswholacktheauthoritytospinupVMscandevelop,deployandruncontainerappsusingvSphereHarborregistriesandtheAdmiralmanagementconsole.DevelopersmaystillusetheDockerAPI/CLIbutcanalsouseAdmiraltocreatecontainers.OperationscanuseHarbortoprovideasecureandcontrolledregistryandAdmiraltomanagecontainerexecutionbuthavelimitedcontrolbeyondmanagingthesingleDCHVM.VICVCHisaproductionenvironmentforcontainerappsundervSphere.DeveloperswilluseAdmiralortheDockerCLI/APItocreatecontainers.Operatorscanalsouse

R1.0 DELL EMC VXRAIL-VXRACK SYSTEM SDDC CONTAINERS PAGE 8 OF 9

RAYONSTORAGE.COM | GREYBEARDSONSTORAGE.COM SILVERTONCONSULTING.COM | TWITTER.COM/RAYLUCCHESI © 2017 SILVERTON CONSULTING, INC. ALL RIGHTS RESERVED

AdmiralandhavecompletevCentervisibilityandcontroltomanagetheVCHandcontainerVMs.PKSisidealforrunningstatefulapplicationsandapplicationsthatarealreadycontainerized.PKSisalsofordevelopersandoperationsstaffwhoneedmorecontrolovercontainersetupanddeploymentoptionsbyusingKuberneteswithBOSH.DevelopmentwillusetheKubernetesAPI/CLItocreatecontainers.OperationswilluseboththeKubernetesandBOSHAPIs/CLIstomanagecontainerappexecution.PASisfordevelopmentandoperationsteamsthatwanttheeasiestwaytoruncontainerand12factorappsusingafullimplementationofPaaS.DeveloperswillusePAStoautomatethecreationofcontainersand12factorappsforthem.OperationswillusePAStoautomatethemanagementofcontainerappsexecutionthroughoutthePAScluster.

VxRail and VxRack SDDC container considerations VxRackSDDCcanruneveryoneoftheaboveoptionsbutPKSandVxRailcanrunallofthem.Moreover,VxRailalsooffersthePivotalReadyArchitecturesolutionwhichisacertified,validated,pre-engineeredandsupportedofferingfromDellEMC,specificallydesignedforenterprisecustomerswantingtousePCFPKSandPCFPAS.

Summary UsingvSphereonVxRailandVxRackSDDCsolutionsoffermanyalternativesforcontainerdevelopment,deploymentandexecution.ContainerappscanexecuteinassimpleanenvironmentasastandaloneDCEVMorascomplexanenvironmentasafull-blownPaaSusingPCFPAS.UsingVICwithbothDCHandVCHoffersamorenativeVMwareenvironmentexperienceforbothdevelopmentandoperationstohelpmanageandruncontainerappsacrossvirtualizedinfrastructure.Inaddition,PCFPKStogetherwithVxRailcangiveorganizationsafullyfunctionalclusterorchestration,alongwitharich,scalableandhighlyavailablecontainerexecutionenvironment,withouthavingtomakeuseofafull-blownPaaS.Insummary,ITstaffwhoareinterestedinusingcontainerstodevelopnext-generationcloudnativeapplicationscan’tgowrongwithVxRailorVxRackSDDC,astheybothcoverjustaboutanycontainerappusagescenarioandcanbeusedbyinexperiencedandexperiencedoperationsteamsalike.

1Pleaseseehttps://hub.docker.com/explore/?page=1asof06Dec2017.

R1.0 DELL EMC VXRAIL-VXRACK SYSTEM SDDC CONTAINERS PAGE 9 OF 9

RAYONSTORAGE.COM | GREYBEARDSONSTORAGE.COM SILVERTONCONSULTING.COM | TWITTER.COM/RAYLUCCHESI © 2017 SILVERTON CONSULTING, INC. ALL RIGHTS RESERVED

2Pleaseseehttps://github.com/vmware/harborasof06Dec2017.3Pleaseseehttps://vmware.github.io/admiral/asof01Jan2017.4Pleaseseehttps://github.com/cloudfoundry/boshasof07Dec2017.5Pleaseseehttps://github.com/kubernetes/kubernetesasof07Dec2017.6Pleaseseehttps://12factor.netasof11Dec2017.7Multi-AZsupportusingmultiplevSphereclustersisnotsupportedonVxRackSDDCbutisavailableonVxRail.