Today, we are pleased to announce the newest release of vSphere Integrated Containers (VIC). As part of vSphere 6.5, vSphere Integrated Containers 1.2 will deliver significant new capabilities including the ability to provision native Docker Container Hosts, major security enhancements, and a unified management portal.
What’s New in vSphere Integrated Containers 1.2
Native Docker Container Hosts
vSphere Integrated Containers will have the ability to provision native Docker container hosts. This feature will enable IT administrators to provide developers with an on-demand, ticketless container provisioning mechanism while maintaining strict control over the use of resources in the data center. IT administrators will enjoy the uniform deployment of container hosts and control over resource consumption, while developers will appreciate fast, self-service provisioning.
This latest release will provide administrators with the ability to create a registry whitelist. Created on a per-Virtual Container Host basis, the list will specify the registries a host can access to safeguard developers and make sure they download images from authorized registries only.
The vSphere Integrated Containers registry will have the ability to scan all images for known vulnerabilities. Administrators will also be able to set threshold values that restrict vulnerable images that exceed the threshold from being run. Once an image is uploaded into the registry, it will check the various layers of the image against known vulnerability databases and report issues to the administrator.
vSphere Integrated Containers 1.2 will allow both developers and administrators to enable Content Trust. When enabled by a developer via environment variables, the system confirms that only properly signed and validated images are able to run. Administrators will also have the option of turning on Content Trust on a per-project basis. When on, this feature will allow only trusted images to run in the specified project.
Identity and Access Management
This release will extend the core authentication and authorization capabilities from the registry to the management portal, including:
- Projects – Administrators will be able to pool a set of users and resources into a logical group and apply authentication and authorization permissions to them.
- Role-Based Access Control (RBAC) – Users and Docker repositories will be organized via projects. A user will have a different permission for images under a given namespace.
- Active Directory/Lightweight Directory Access Protocol (AD/LDAP) – Will integrate with existing enterprise AD/LDAP for user authentication and management.
- SSO – Single Sign On integration with vSphere Platform Services Controller.
Integrated Portal and Registry UI
The new release will feature an updated developer-facing User Interface (UI) by enhancing the integration between the portal and the registry. Constructs such as projects and users will now be common across both components. The authentication and authorization capabilities will also be extended to cover the components.
Updated UI in the H5 Client
The vSphere Client™ (the HTML5 UI used by the VI Administrator) will also be updated. The vSphere Integrated Containers section will feature a list of all Virtual Container Hosts and container VMs in the vSphere deployment.
Install / Upgrade Enhancements
The installation and upgrade of vSphere Integrated Containers has been further simplified. In addition to streamlining the installation process, the OVA, once deployed, will have a dedicated UI to create a “Demo” VCH that allows users to explore the capabilities of vSphere Integrated Containers.
Virtual Container Host Configuration
To support the needs of fast growing teams, vSphere Integrated Containers 1.2 will allow the Virtual Container Host to be reconfigured post deployment.
vSphere Integrated Containers 1.2 will be available for vSphere 6.5 and 6.0, Enterprise Plus edition, beginning September 12, 2017. You will be able to download it from myvmware.com. Please contact your VMware representative if you would like to schedule a technical deep dive session.
For more information about vSphere Integrated Containers, please check out the vSphere product page on the VMware website and follow us on @cloudnativeapps.
VMware Social Media Advocacy