Q
Get started Bring yourself up to speed with our introductory content.

How does VMware instant clone technology modify vSphere Integrated Containers?

Expert Steve Bigelow explains how instant clone technology helps VMware's vSphere Integrated Containers supply a baseline Linux OS and, as a result, increase greater hardware isolation and security.

Instant clone technology is the mechanism that VMware uses to supply a base Linux OS to each of the containers...

running within the virtual container host  environment created by VMware vSphere Integrated Containers (VIC).

How does VMware instant clone technology affect vSphere Integrated Containers?

In conventional container environments, each container instance runs on top of a common operating system (OS) -- typically a version of Linux -- and shares the OS kernel. VIC more closely resembles a virtualized environment where each container is basically run within its own virtual machine instance. As with traditional virtualization, this approach promises greater hardware isolation and security, which is preferred for important enterprise application deployments.

But spinning up lots of OSes poses a technical challenge for virtualized environments like VIC. Common VMs each use a unique OS. When a server runs multiple VMs, the multiple OSes can add up to significant duplication in OS components, which consume computer resources, ultimately limiting the number of VMs that the physical server can support -- thereby limiting scalability.

VMware gets around OS duplication and inflated container resource use by using a custom Linux OS based on Project Photon stored as a base image in the virtual container host (VCH). When a new container is started in the VCH, a thin copy of the Photon OS kernel is copied to the new container instance. In addition to using only a small amount of resources -- only a small fraction of the resources needed for a full OS -- the kernel copy can be modified, or forked, for the specific container application while still sharing common OS components within the VCH. These containers cannot communicate with each other directly, preventing malware, crashes and other issues from disrupting a large number of containers simultaneously. Even Docker components are relegated to the VCH rather than individual containers, further reducing the size of each container. VMware calls this approach "just enough VM" to run a container.

Next Steps

What sets vSphere Integrated Containers apart from other containers?

An exploration of VMware's container storage strategy

Docker trumps the container technology competition in cloud

This was last published in November 2015

Dig Deeper on VMware new releases and updates

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How might you benefit from using vSphere Integrated Containers as opposed to traditional virtualization?
Cancel

-ADS BY GOOGLE

SearchServerVirtualization

SearchVirtualDesktop

SearchDataCenter

SearchCloudComputing

Close