Security is a major concern for container deployment in an enterprise environment. Organizations must ensure that...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
only authorized users can access, modify or deploy containers.
In addition, organizations must be certain that the activities of one container don't affect other containers -- especially when containers share common resources, such as an OS kernel. Consequently, vSphere Integrated Containers (VIC) supports an array of VMware VIC security features.
VMware VIC security offers multilevel container isolation
Isolation is critical. Since vSphere fundamentally creates containers as VMs, the same hardware layer abstraction that is present in VMs is also in place to isolate containers from each other and the underlying host systems. You can implement further isolation at the network level using multiple port groups for microsegmentation.
There's also an emphasis on user authentication and authorization -- essentially, limiting the number of users with access to resources and restricting the resources available to each user or group. VIC supports identity and access management (IAM) capabilities through Lightweight Directory Access Protocol (LDAP) and Active Directory services that are standard in enterprise data centers. In addition, role-based access control (RBAC) features in the VIC management portal enable the administrator to further enhance VMware VIC security by restricting access to container images and the components of those images according to projects and teams. This creates highly granular security postures for container content.
Protected registries offered additional security
Container images and components are registered in a repository, such as the open source Harbor private enterprise registry. The registry itself is also protected with security features, such as IAM, LDAP integration and RBAC integration. Beyond security integrations, the registry includes Notary features that employ cryptographic signage to verify content authenticity and trust. The addition of vulnerability scanning to the registry helps to identify potential threats and block potentially harmful registry content.
There are other VMware VIC security precautions. For example, the VIC appliance is locked down by default, vSphere credentials are not visible to the VIC appliance guest and the Docker client communicates with a virtual container host using a certificate.
Of course, the actual benefits offered by these VMware VIC security features are only as good as the attention and effort invested in their proper configuration and usage. The best security features are often useless if they're ignored, misconfigured or unused.
Dig Deeper on Securing a VMware environment
Related Q&A from Stephen J. Bigelow
VMware's NSX network virtualization platform applies software-layer abstraction to networking, adds network functionality and enforces granular ...continue reading
Consider factors like security, platform compatibility, data usage requirements and management when transitioning from a private cloud to a hybrid ...continue reading
Several tools and commands can come in handy to storage admins looking to benchmark I/O performance on Linux systems. But not all benchmarking tools ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.