vSphere Integrated Containers

Published by Andrea on

To expand our infrastructure to develop some new services, I have tested the VMware’s compatible Docker platform.

You can obtain an official VMware release (OVA format) from the vSphere Integrated Containers download page on VMware website, the current version is 1.2, the license is included in the vSphere Enterprise Plus and vSphere Operations Management Enterprise Plus, or you can try the lab, this is the link https://my.vmware.com/en/group/vmware/evalcenter?p=vic-17-hol.

The description of the project on GitHub (https://github.com/vmware/vic) is “a container runtime for vSphere, allowing developers familiar with Docker to develop in containers and deploy them alongside traditional VM-based workloads on vSphere clusters, and allowing for these workloads to be managed through the vSphere UI in a way familiar to existing vSphere admins”, this means that you can use docker commands to deploy applications on Host Docker or VM connected to a Virtual Container Host (VCH) inside vApp (https://blogs.vmware.com/cloudnative/2017/09/12/vsphere-integrated-containers-v1-2/).

I’ve downloaded the OVA file in “C:\temp”.

I’m using a windows 10 VM to deploy it so I’ve installed the Docker Toolbox for Windows (https://www.docker.com/products/docker-toolbox), VMware OVF Tool (https://www.vmware.com/support/developer/ovf/) and VMware PowerCLI (https://my.vmware.com/group/vmware/details?downloadGroup=PCLI650R1&productId=614) on it, the deploy is in a vSphere 6.5 infrastructure.

Remember to set the Windows PowerShell execution policy to remote signed to use it:

Set-ExecutionPolicy RemoteSigned

We need to create the VICs bridge portgroup from the PowerCLI:

$creds = get-credential
Connect-VIServer server.domain.com -credential $creds
$vds = DSwitch0 (insert the name of the distribuited virtual switch you want to use)
new-vdportgroup -name vic-bridge1 -vdswitch $vds -vlanid 300 (insert VLAN of first Host VIC)
new-vdportgroup -name vic-bridge2 -vdswitch $vds -vlanid 301 (insert VLAN of second Host VIC)

We need to convert OVA file because PowerCLI doesn’t support SHA256 in OVF Manifest:
ovftool.exe –shaAlgorithm=SHA1 C:\temp\vic-v1.2.0-d0ea01c2.ova C:\temp\vic-v1.2.0.ova

We are ready to deploy the VIC OVA with these commands:

$ova = “C:\temp\vic-v1.2.0.ova”
$ovacfg = Get-OvfConfiguration $ova
$pass = ‘P@ssw0rd!’
$vmhost = ‘host1.domain.com’
$ds = get-datastore -name ‘DATASTORE0’
$ovacfg.appliance.root_pwd.value = $pass
$ovacfg.appliance.permit_root_login.value = $true
$ovacfg.IpAssignment.IpProtocol.value = ‘IPv4’
$ovacfg.network.ip0.value = ‘’
$ovacfg.network.DNS.value = ‘’
$ovacfg.network.fqdn.value = ‘vic.domain.com’
$ovacfg.network.gateway.value = ‘’
$ovacfg.network.netmask0.value = ‘’
$ovacfg.network.searchpath.value = ‘domain.com’
$ovacfg.NetworkMapping.Network.value = ‘LAN DOMAIN’
Import-VApp -Source $ova -OvfConfiguration $ovacfg -Name ‘vic’ -VMHost $vmhost -Datastore $ds -DiskStorageFormat Thin
get-vm -name ‘vic’ | Start-VM

Started the VM, with the link https://ip:9443 you can access to the initial configuration of the appliance.

Remember to register the IP to the DNS!

Install the vCenter PlugIn in the vCenter Server as described in this guide:


Now you can check if the vSphere Integrated Containers plug-in installation in the HTML5 vCenter Web Client is ok.

We will use the vic-machine-windows application from the command prompt, that you’ll find in the vSphere Integrated Containers Engine Binaries, in the Windows 10 VM to deploy the VCHs (Virtual Container Hosts).

Obtain the vCenter Thumbprint from the PSC under Certificate Store.

Enable 2377/tcp outbound connection on host ESXi (change red parameters):

vic-machine-windows update firewall –target vcenter_address –user user –password “P@ssw0rd!” –compute-resource Cluster –thumbprint 74:86:5F:64:18:A0:F4:B9:11:ED:35:42:E4:F5:E3:D0:2A:E7:FC:46 –allow

After you can deploy the VCHs, this is an example for the first of the two I have deployed:

vic-machine-windows create –target vcenter_address –user user –password “P@ssw0rd!” –name VCH1 –compute-resource Cluster /Resources/‘Server Pool’ –public-network “LAN DOMAIN” –bridge-network “vic-bridge1” –image-store “DATASTORE0” –volume-store “DATASTORE0”:default –no-tlsverify –thumbprint 74:86:5F:64:18:A0:F4:B9:11:ED:35:42:E4:F5:E3:D0:2A:E7:FC:46

Now you can add the two VCHs to the VIC, via web interface creating the credential with the certificate you can find in the folder created during the deploy of the two VCHs, this is the result.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.