DockerCon 2016 is now over and it was a great success. The VMware CNA team (along with the VMware cloud management, networking and storage teams) was there, and the traffic at the booth was astonishing.

We noticed booth visitors had plenty of questions around container technologies and their relation to virtual machines, especially around some of the technologies we presented at DockerCon–some of which are meant to blur those boundaries.

In this post, we are going to briefly outline our technologies and brands to help people better understand them. This includes:

If you are curious about any of the above technologies (and what they deliver and how they deliver it), please read on.

Before we get into a brief description of each technology, it is important to understand they fall into two completely different categories.

The first model assumes instantiating “docker images as containers in VMs.” This is the Photon bucket.

The second model assumes instantiating “docker images as VMs.” This is the VIC bucket.

The Photon Model

As we alluded to, this model involves a traditional “containers on top of VMs” model. This is Docker business as usual and what pretty much everyone does today: you instantiate a Linux OS, you install Docker on it and you start containers pulling Docker images from a registry.

In this context, we deliver the following Photon components:

Photon OS: in either model, one thing is clear – the container runtime environment should be smaller and more efficient than traditional OS. Our OS partner ecosystem validates this, as just about every major vendor has created a super-slim version of their OS. But, for VMware, because of our infrastructure platform, there was even greater opportunity. Because we were free to focus on the vSphere market, we could make things even smaller and even more efficient. We’ve been able to strip all sorts of legacy modules from the Photon OS kernel and tune buffers, time accounting and compile flags to eliminate redundancies between the container runtime and hypervisor. We’re seeing lots of interest around the concept of this type of runtime improvement, but we’re not done. There’s an entire layer of operational efficiency that we haven’t even begun to tackle. Beyond these focused optimizations, we’re seeing customers try things we never intended, like using Photon to create their container images (there is a Photon OS image in the Docker hub, check it out!). Others are looking at more traditional Linux application architectures running on Photon OS to take advantage of the optimizations there, as well.

Photon Controller: this is the highly efficient, completely distributed, API oriented and easy to maintain control plane that, by leveraging the ESXi hypervisor, can deliver a lean IaaS stack. The work to integrate Virtual SAN and NSX into this compute stack is underway. In addition to providing core IaaS functionalities, Photon Controller also includes cluster management workflows that will allow users to instantiate Swarm, Kubernetes and Swarm clusters. Cormac Hogan and William Lam have good articles on how to set those up. Go check them out!

Photon Platform: this isn’t a technology per se but rather a brand name to identify the container optimized IaaS platform above. Photon Platform is the brand name that includes ESXi and Photon Controller technologies, similar to how vSphere is the brand name that encompasses ESXi and vCenter technologies.

It is important to understand that Photon Platform isn’t a disruptive model when it comes to “Docker thinking.” The industry have been using this model for 3 years now:

  • you get a hypervisor (Photon Machine)
  • you get a hypervisor control plane (Photon Controller)
  • you instantiate a VM as a Docker host (Photon OS)
  • and you eventually run a container inside said Docker host

Container management and orchestration is out of scope for the Photon technologies. As a matter of fact, the very first supported commercial bundle we have launched is Photon Platform with Pivotal Cloud Foundry.

While you could always download Photon Controller today and instantiate your very own standalone Photon Platform IaaS platform, we are exploring additional out-of-the-box integrations with other container management stacks. For example at DockerCon, we demonstrated a docker-machine integration that you can grab here. Using this driver, you can leverage docker-machine to provision Docker hosts on top of the Photon Platform.

The VIC Model

The VIC model is indeed disruptive when it comes to traditional “Docker thinking” but, at the same time, it is intended to be the least disruptive when it comes to traditional data center operations.

Many have made the observation that containers running in Linux are similar in concept to VMs running on a hypervisor. They main difference is that a VM must run an operating system, whereas a container inherits an operating system. This is one of the reasons why containers are fast and efficient – there’s nothing to boot. As such, when you run containers in a VM, the VM hosting the containers is a little like a nested hypervisor.

But what if your nested hypervisor is far less capable than your actual hypervisor? It doesn’t come with clustering, HA, live migration, hardware virtualization security, etc.

VIC brings the container paradigm directly to the hypervisor, allowing you to deploy containers as first-class citizens, bypassing the pre-requisite for Linux VMs. The net result is that containers inherit all of the benefits of VMs, because they are VMs.

With vSphere Integrated Containers, the Docker image, once instantiated, becomes a VM inside vSphere. This solves security as well as operational concerns (we have learned one thing or two in the last 15 years on how to run applications inside VMs in production) at the same time.

But these are NOT traditional VMs that require 2TB and take 2 minutes to boot. These are usually as big as the Docker image itself and take a few seconds to instantiate.  We call them ContainerVMs to underscore they are not traditional VMs. They boot from a minimal ISO which contains a stripped-out Linux kernel (based on Photon OS), and the container images and volumes are attached as disks.

The ContainerVMs are provisioned into a “Virtual Container Host” which is just like a Swarm cluster, but implemented as logical distributed capacity in a vSphere Resource Pool. You don’t need to add or remove physical nodes to increase or decrease the VCH capacity, you simply re-configure its resource limits and let vSphere clustering and DRS handle the details.

The biggest benefit of VIC is that it helps to draw a clear line between the infrastructure provider (IT admin) and the consumer (developer/ops). The consumer wins because they don’t have deal with managing container hosts, patching, configuring, etc. The provider wins because they can leverage the operational model they are already using today (including NSX and VSAN).

Your developers will continue to “docker run busybox” and your (IT admin) will keep managing VMs. The best of both worlds.

This isn’t to say this is the best model. It’s yet another option. If you think using containers as a run-time for your Docker images is the best route to take for your project, then Photon Platform is the best underlying place to run those Docker Hosts (and containers on top of them).

Note: if you have heard of “Project Bonneville” that is <just> the internal name we gave to the research project, started 2+ years ago, that culminated in VIC as we see it today.

The Third Option

What we have discussed so far are the two main models.

Photon Platform is disruptive when it comes to the operational model you have today (assuming you are running vSphere). But on the other hand it is optimized to run containers at scale and so it’s aligned to the “Docker thinking.”

VIC is disruptive when it comes to the “container model” you usually think of when you think of Docker but on the other hand it is optimized for operations. (Or, in other words, you can keep your operations).

A lot of customers are still using a third option (somewhere in between) that is leveraging vSphere. Think of this model (running Docker images on containers on Docker host VMs running on vSphere) as a way to mitigate the disruption: you are running VMs on a very well operationalized infrastructure and you are running Docker images as traditional containers.

This model doesn’t solve the operational burden of running containers in production nor does it solve the need for having a multi-tenancy IaaS platform that is optimized to run containers at scale.

Nevertheless, this could be a great choice for many customers and we are working to integrate vSphere functionalities with Docker technologies (for example: the new Docker Volume Plugin for vSphere).

We see Photon Platform, VIC and vSphere as a continuum of solutions, possibly radically different to cover the spectrum of all customers’ needs and their very different maturity level when it comes to running Dockerized applications in production.


This post was not intended to go deep into the technologies discussed but to give you greater context of the various technologies and brand names we showcased at DockerCon 2016.

We covered two new models (Photon Platform and VIC) that are being developed to purposely address the Docker wave. Additionally, we are positioning vSphere as a viable platform for Dockerized applications that minimize operational disruption.

The picture below may help visualizing (at a high level) how these three stacks compare with each other:

Overview of Running Containers in VMware Environments

Overview of Running Containers in VMware Environments


Kit Colbert, vice president and general manager, Cloud-Native Applications Business Unit

Enterprises are increasingly embracing digital transformation initiatives today with an eye on accelerating their pace of innovation. Next-generation application architectures leveraging Linux containers and microservices are helping to speed up software development efforts. They have changed how enterprises build, run and update their applications.

As enterprises begin their journey from building to deploying their cloud-native applications into production, they encounter the same IT requirements they are all too familiar with–backup, compliance, disaster recovery, monitoring, security and more. Some enterprises are at a crossroads. Do they take a radical rip-and-replace approach? Is it possible to gracefully adopt containers and microservices relying on existing investments? How can they simultaneously support today’s applications and workloads while also investing for the future?

VMware is embracing containers and new models of operating while helping enterprises leverage existing technologies and resources to accelerate their cloud-native journey. Some enterprises are seeking to jumpstart their cloud-native initiatives on top of their current virtual infrastructure. While others seek a cohesive infrastructure stack to solve integration challenges.

Advancing and Expanding Containers-related Projects

This week at DockerCon 2016, VMware will demonstrate its support for Docker containers across compute, networking, storage and management. We have extended our software-defined data center solutions to support Docker to enable IT to easily respond to the cloud-native needs of enterprise developers.

In 2015, we introduced VMware vSphere® Integrated Containers™ and VMware Photon™ Platform to improve the developer experience for building applications using containers while addressing enterprise IT requirements. vSphere Integrated Containers provides IT with an easy on-ramp to containerized and traditional workloads, while Photon Platform promises a new, optimized stack for cloud-native only environments. vSphere Integrated Containers and components of the Photon Platform including the newly available Photon OS 1.0 are downloadable from VMware’s GitHub page.

Solving the challenges of networking and security is a key enabler for production deployments of Docker containers. In a vSphere Integrated Containers environment, enterprises are able to leverage all of the VMware NSX® platform’s rich networking and security features in a Docker environment today. These include per container networking and security services such as micro-segmentation, logical switching and routing and load balancing. Enterprises can also tap NSX’s rich ecosystem of partner integrations to enable advanced services such Next Generation Firewall, IDS/IPS, Advanced Malware Prevention and more. All of the above is available today thanks to the fact that vSphere Integrated Containers instantiate Docker images as virtual machines (as opposed to containers). Additionally, we’ll showcase a cutting-edge demo in our booth (G3) at DockerCon.

Our uniquely capable storage offerings, such as VMware Virtual SAN™, already serve thousands of enterprises running in virtualized environments. With the new Docker Volume Driver for vSphere (available today as a beta release), many of those same key capabilities are natively available to enterprises also running in containerized applications. This is one step on our path to delivering the benefits of our storage platform directly to developers of cloud-native applications.

Thousands of customers rely on VMware vRealize® Automation™ to simplify and accelerate the delivery of integrated multi-tier applications with application-centric networking and security across clouds. At DockerCon 2016, we will introduce Project Bellevue, a technology preview that will enable vRealize Automation to support containers. Project Bellevue capabilities such as modeling containerized applications in vRealize Automation unified service blueprints, provisioning container hosts from the vRealize Automation service catalog and managing container hosts will be demonstrated in the booth.

Foundational Infrastructure to Deploy Cloud-Native Applications with Confidence

In speaking with our customers about their cloud-native efforts, many of them are challenged with how they will move their containerized applications into production. They want to know how best to meet IT requirements across security and isolation, service-level agreements, data persistence, networking services and management. We’re aggressively investing time and resources to deliver a foundational infrastructure that customers can count on to deploy cloud-native applications in production.

VMware is a Gold Sponsor of DockerCon 2016 which runs June 19-21 in the Washington State Convention Center in Seattle. If you are at the show, visit us in booth G3. Additionally, be sure to attend a presentation from Guido Appenzeller, VMware’s Chief Technology Strategy Officer for networking and security, titled “Run Docker Containers. In Production. Today” on Monday, June 20 at 11:45am PT in Room 618.


A year ago, we released AppCatalyst, a desktop hypervisor for developers – as a technology preview. The existing tools at the time were not specifically designed to support developer workflows, and there were many developer use cases where AppCatalyst did much better. The program helped us better understand the use cases and in the process gain valuable insight.

The technology preview for AppCatalyst will end on the 30th of June 2016. While the solution in its current form will not be productized, the learnings from the program will be incorporated into future products and features. We’re constantly evaluating how products are being used and exploring new ways to deliver more value to our customers.

We want to thank you for your participation in the program. If you are already using AppCatalyst and would like to continue using it till the end of 2016, please click here to download the updated version that will expire on the 31st of December 2016. You can also use VMware Fusion to continue running the virtual machines you’ve created with AppCatalyst.


By Gregory Murray, Product Line Manager for Cloud-Native Apps at VMware

I’m excited to announce that VMware has published the binaries and updated our repos for our Photon OS 1.0 release! In a little more than a year, the team has evolved Photon OS from a technology preview into a mature operating system available as open source software that’s been vetted by VMware engineering, support and guest OS validation teams as well as thousands in the community.

With the 1.0 release, we’ve greatly expanded the number of packages that we’re including in the repository, opening the door to many more use cases than were possible with the technology preview releases. At the same time, we’ve managed to keep both the disk and memory footprints extremely small. Read more about Photon OS 1.0 support for packages in our previous blog post.

There have been several enhancements to our release processes to improve its security profile, as well. Prior to availability, the 1.0 release was subjected to more than eight different vulnerability scanning tools, static code analysis and third-party penetration testing.

We’ve maintained the focus on being frugal with system overall resources and their effect on performance in vSphere environments. As a result of the optimizations for vSphere, kernel boot times are ~200ms and runtime performance shows consistent improvement. Even with these enhancements, the Photon OS developers have managed to keep disk and memory footprints very small. Today, the 1.0 release sits at a 384MB memory footprint and, with a minimal installation, 396MB on disk.

Today, we’re also happy to introduce the Photon Administration Guide. We have received plenty of feedback from the community over the last year. We have packaged up common questions about Photon OS as well as operations details in a thorough, easy-to-use guide to help users get the most out of Photon OS.

We invite you to download Photon OS and join our community on GitHub—the source for Photon OS support. We’ve got some exciting things planned for future releases of Photon OS and need your feedback to make sure that we’re heading in the right direction for running your workloads on vSphere.