We are pleased to announce the newest release of vSphere Integrated Containers (VIC). As part of†vSphere 6.5, vSphere Integrated Containers v1.2 will deliver significant new capabilities, including the ability to provision native†Docker†container hosts, major security enhancements and a unified management portal.
Native Docker Container Hosts:
vSphere Integrated Containers will have the ability to provision native Docker container hosts. This feature will†enable IT administrators to provide developers with an on-demand, ticketless†container provisioning mechanism while†maintaining strict control over the use of resources in the data center. IT administrators will enjoy the uniform deployment of container hosts and control over resource consumption, while developers will appreciate fast, self-service provisioning.
Security‚Ä®
- Registry Whitelists
This latest release will provide administrators with the ability to create a registry whitelist. Created†on a per-Virtual Container Host†basis, the list will specify the†registries a host can access to safeguard†developers and make sure they download images†from authorized registries only.
- Image Scanning
The vSphere Integrated Containers registry will have the ability to scan all images for known vulnerabilities. Administrators will also be able to set threshold values that†restrict vulnerable†images that exceed the threshold†from being run.†Once an image is uploaded into the registry, it will check the various layers of the image against known vulnerability databases and report issues to the administrator.
- Content Trust
vSphere Integrated Containers v1.2 will allow both developers and administrators to enable Content Trust. When enabled by a developer via environment variables, the system confirms that only properly signed and validated images are able to run. Administrators will also have the option of turning on Content Trust on a per-project basis. When on, this feature will allow only trusted images to run in the specified project.
Identity and Access Management‚Ä®
This release will extend the core authentication and authorization†capabilities from the registry†to the management portal, including:
- Projects –†Administrators will be able to pool a set of users and resources into a logical group and apply†authentication†and authorization permissions on them.
- Role-Based Access Control (RBAC)†– Users and Docker repositories will be organized via projects. A user will have a different permission for images under a given namespace.
- Active Directory/Lightweight Directory Access Protocol (AD/LDAP)†– Will integrate with existing enterprise AD/LDAP for user authentication and management.
- SSO†– Single Sign On integration with vSphere Platform Services Controller.
UX Improvements:
- Integrated portal and registry UI
The new release will feature an†updated developer-facing†User Interface (UI) by†enhancing the†integration between the portal and the registry. Constructs such as†projects and users will now be common across both components. The†authentication and†authorization capabilities will also be extended to cover the components.
- Updated UI in the H5 Client
The vSphere Client (the HTML5 UI used by the†VI Administrator) will also be†updated. The vSphere Integrated Containers section will feature a list of all Virtual Container Hosts (VCH) and container virtual machines (VMs) in the vSphere deployment.
- Install/upgrade enhancements
The installation and upgrade of vSphere Integrated Containers has been†further simplified. In addition to†streamlining the†installation process, the OVA, once deployed, will have a dedicated UI to create a†”Demo” VCH that allows users to explore the capabilities of vSphere Integrated Containers.
- Virtual Container Host Configuration
To support the needs of fast growing teams, vSphere Integrated Containers v1.2 will allow the Virtual Container Host†to be reconfigured post deployment.
Availability:
vSphere Integrated Containers 1.2 will be available for vSphere 6.5 and 6.0, Enterprise Plus edition, beginning September 12, 2017. You will be able to download it from†myvmware.com. Please contact your VMware representative if you would like to schedule a technical deep dive session.