Let’s try and make sense of this all, by starting with what I understand each technology is/does.
When most people talk about Docker, what they are normally referring to is the Docker Engine. For this post, I’ll still refer to the Docker Engine as simply Docker. Docker is a container image management technology. It does not “run” containers in the same way that say for instance ESXi or VMware Workstation runs VMs. It’s a toolset to package applications up into “images”, share those images (push) on Docker Hub, and retrieve images (pull) from Docker Hub. From a Linux point of view, Docker then uses (or extends and provides API functionality to) libvirt to actually run images as individual “containers”. In addition to images, the Docker API is used to manage things like networks and volumes that containers utilise.
VMware Photon OS
VMware’s Photon OS is a Linux distribution that is optimised to act as a “Container” or “Docker” host. So rather than building a new VM with a more traditional mainstream distribution such as RHEL, CentOS, Ubuntu, etc. and installing Docker on it, (as well as all the the stuff that’s not needed for a container to run), Photon OS runs on a VM, and provides the essentials from a Linux OS point of view to safely and efficiently host containers.
VMware Photon Platform
It’s all good and well that we can start and stop container hosts using and containers using Photon OS and Docker like we’re used to stopping and starting VMs with vSphere. However, one of the things that containers can allow us to do is to deploy thousands of them in one go. That will be very hard to do without some sort of platform or solution to enable the rapid deployment of container hosts and their containers. Photon Platform is just that. It provides customers with a platform that will enable them to rapidly scale to and manage thousands of container hosts and containers.
Some notes on Photon Platform:
- There is no vCenter in the world of Photon. vCenter would impose a limitation on the number of objects (containers) to manage. Therefore, the Photon Controller directly manages ESXi hosts where containers run, completely bypassing vCenter.
- ESXi is managed by a Photon VIB that’s installed on the ESXi host
- If an ESXi host was to fail and therefore bringing all of the containers that it’s hosting down with it, Photon Platform will detect the failure and restart the affected containers hosts and their containers on other ESXi hosts
- The Photon Controllers are effectively running in containers themselves
- Container resource management is done via a resource ticket scheme which ensures that resources are shared between containers in a fair manner.
- Full integration with Kubernetes (That’s another blog post altogether I think, but it does need covering!!).
vSphere Integrated Containers (VIC)
With VIC, each container runs effectively as a separate VM on the ESXi host. This 1:1 ratio between containers and VMs might at first sound counterproductive, however I do understand why VMware has decided to not run multiple containers per container host VM. Two of the most obvious reasons are:
- Security: Running multiple containers on a container host would mean that you would have to somehow firewall traffic on the container networks within the container host for instance. You wouldn’t want one container to affect what’s happening with another container.
- Resource Management: Running a 1:1 container per VM ratio, enables vSphere admins to apply the same resource management methods to each individual container as what they are used to applying to their traditional VM workloads, for instance, VM shares, reservations and limits
I also understand from several conversations with some VMware employees that VIC in the 6.5 release is intended to give customers who haven’t yet made the leap into the world of containers, an easy way to get their feet wet with the technology, as it’s all integrated into vSphere, a product that they’ve come to know and love over the years.
Now, you might also be asking what the point is of standing up a new VM as a container host for every single container, and whether or not that would be a slow way of starting new containers. Well, according to those I spoke to at VMware, the current estimated time to boot a new container host VM with VIC is around 1 – 2 seconds. I’ve also heard that this might even come down to less than a second in later releases (NOTE: that was NOT an official promise from VMware). So this is significantly faster than booting a new traditional VM as a container host.
Now at the moment, you wouldn’t use VIC at large scale and Photon Platform is really what you should be looking at if you are planning on standing up hundreds or thousands of containers. However, VMware is looking at integration with VIC and Kubernetes in future releases.