Project Bonneville relies on a Docker API to enable vSphere to create Docker containers hosted as VMs. However, VMware has said it plans to expand support to other container platforms, including Google's Kubernetes.
VMware Project Bonneville relies heavily on two other VMware technologies: Project Photon (a lightweight Linux operating system) and VMware's Instant Clone feature (previously known as Project Fargo). Essentially, Project Bonneville uses the vSphere Instant Clone feature to clone a container host VM that is running the Project Photon operating system (OS).
An administrator starts with one VM running the Project Photon operating system. This VM is used as a template for future Bonneville VMs. When an administrator creates a new Bonneville VM, the vSphere Instant Clone feature copies the original VM. This new VM serves as the host for a new Docker container. Each VM hosts one container instance and can be deleted when the container is no longer needed.
Running a container inside a VM solves many of the challenges with container security and management. Using this model, administrators can manage the container host VM using vSphere, just as they can manage other VMs. One of the chief security concerns with containers is that every container shares the same underlying kernel. If the security of one container is compromised, all containers on the host would be at risk. Hosting a container within a VM means the container would have the same level of security and isolation as the VM.