For data center architects who have standardized on VMware virtualization, a logical question is whether benefits can be gained from hosting containers on virtual machines. Our answer is yes—hosting containers on VMware vSphere VMs increases security and isolation, and it enables the use of multiple host operating systems on one server.

The VxFlex Ready Node infrastructure that we used for this testing hosted two parallel projects. The projects ran on the same software-defined storage but required isolation from each other. In our testing, we employed VMware vSphere VM security to prevent accidental access to resources by anyone outside the respective project teams.

Another key benefit of using VM virtualization for containers is the capability to use multiple host operating systems on the same server. A bare-metal implementation with one host operating system would have forced both projects to use the same stack: operating system, Docker, Kubernetes, and the PowerFlex CSI plug-in. Alternatively, the projects would use separate physical servers to isolate different container software stacks.

Using VMware for our projects gave us the isolation and consolidation benefits of running multiple container stacks within VMs on the same VxFlex Ready Node infrastructure. Performance testing was not part of this project, but testing performance for any production systems, including virtualized container infrastructure, is essential. Virtualization adds another layer to the application stack. Both the container and the VM must be optimized to gain the best performance. For example, the VM configuration (vCPU, vMem, and storage) must be aligned to the performance requirements of the containerized application. For more information, see Best Practices for Storage Container Provisioning in the VMware documents web site.

Note that this solution works on bare metal without the VMware virtualization layer/environment that is described in this section.