Q
Get started Bring yourself up to speed with our introductory content.

How do VMware VIC security features protect containers?

VMware VIC security features, like isolation and user authentication, can improve enterprise container security so long as proper configuration and usage policies are observed.

Security is a major concern for container deployment in an enterprise environment. Organizations must ensure that...

only authorized users can access, modify or deploy containers.

In addition, organizations must be certain that the activities of one container don't affect other containers -- especially when containers share common resources, such as an OS kernel. Consequently, vSphere Integrated Containers (VIC) supports an array of VMware VIC security features.

VMware VIC security offers multilevel container isolation

Isolation is critical. Since vSphere fundamentally creates containers as VMs, the same hardware layer abstraction that is present in VMs is also in place to isolate containers from each other and the underlying host systems. You can implement further isolation at the network level using multiple port groups for microsegmentation.

There's also an emphasis on user authentication and authorization -- essentially, limiting the number of users with access to resources and restricting the resources available to each user or group. VIC supports identity and access management (IAM) capabilities through Lightweight Directory Access Protocol (LDAP) and Active Directory services that are standard in enterprise data centers. In addition, role-based access control (RBAC) features in the VIC management portal enable the administrator to further enhance VMware VIC security by restricting access to container images and the components of those images according to projects and teams. This creates highly granular security postures for container content.

Protected registries offered additional security

Container images and components are registered in a repository, such as the open source Harbor private enterprise registry. The registry itself is also protected with security features, such as IAM, LDAP integration and RBAC integration. Beyond security integrations, the registry includes Notary features that employ cryptographic signage to verify content authenticity and trust. The addition of vulnerability scanning to the registry helps to identify potential threats and block potentially harmful registry content.

Container images and components are registered in a repository, such as the open source Harbor private enterprise registry.

There are other VMware VIC security precautions. For example, the VIC appliance is locked down by default, vSphere credentials are not visible to the VIC appliance guest and the Docker client communicates with a virtual container host using a certificate.

Of course, the actual benefits offered by these VMware VIC security features are only as good as the attention and effort invested in their proper configuration and usage. The best security features are often useless if they're ignored, misconfigured or unused.

This was last published in December 2017

Dig Deeper on Securing a VMware environment

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How do you reinforce configuration and usage procedures for container security in your organization?
Cancel

-ADS BY GOOGLE

SearchServerVirtualization

SearchVirtualDesktop

SearchDataCenter

SearchCloudComputing

Close