VMware Harbor Registry

VMware Harbor Registry is an enterprise-class registry server that stores and distributes container images. Harbor allows you to store and manage images for use with Enterprise Pivotal Container Service (Enterprise PKS).


Harbor extends the open source Docker Distribution by adding the functionalities usually required by an enterprise, such as security, identity, and management. As an enterprise private registry, Harbor offers enhanced performance and security. Deploying a registry alongside the Enterprise PKS environment improves image transfer efficiency.

Key Features

Harbor includes the following key features:

  • Replicate projects: Harbor supports images replication to replicate repositories from one Harbor instance to another.
  • Manage role by LDAP group: Harbor administrators can import an LDAP/AD group to Harbor and assign project roles to it.
  • Manage Labels: Harbor provides labels to isolate image resources globally or at the project level.
  • Manage Helm Charts: Harbor provides management of Helm charts isolated by projects and controlled by RBAC.
  • Integrated UAA Authentication: Harbor can share UAA authentication with Pivotal Application Service (PAS) and Enterprise PKS.
  • Role-Based Access Control: Users and repositories are organized into projects. Users can have different permissions for the images in different projects.
  • Policy-Based Image Replication: Images can be synchronized between multiple registry instances with auto-retry on errors, offering support for load balancing, high availability, multi-datacenter, hybrid, and multi-cloud scenarios.
  • Vulnerability Scanning: Harbor uses Clair to scan images regularly and warn users of vulnerabilities.
  • LDAP/Active Directory (AD) Support: Harbor integrates with enterprise LDAP/AD systems for user authentication and management.
  • Image Deletion and Garbage Collection: Images can be deleted and their space can be recycled.
  • Notary: Image authenticity can be ensured by using Docker Notary.
  • Graphical User Portal: Users can easily browse, search repositories, and manage projects.
  • Auditing: All the operations to the repositories are tracked.
  • RESTful API: RESTful APIs for most administrative operations, easy to integrate with external systems.

Version and Compatibility

The following table provides version and compatibility information for the latest release of VMware Harbor Registry.

Element Details
Tile version(s) v1.8.4
Release date October 15, 2019
Software component version(s) v1.7.6., v1.8.4
Compatible Ops Manager versions v2.4.x, v2.5.x, and v2.6.x (refer to the Enterprise PKS release notes for specific matching versions)
Compatible Enterprise PKS versions v1.4.x and v1.5.x
Compatible PAS versions v2.1.x, v2.2.x, 2.3.x, and 2.4.x
BOSH stemcell version Ubuntu Xenial
IaaS support vSphere, AWS, GCP, Azure
IPsec support? No

WARNING: VMware Harbor Registry v1.6.3 and earlier require a Ubuntu Trusty stemcell. The end-of-life date for Ubuntu Trusty is April 2019. If a security vulnerability is found on this stemcell after April, it will not be fixed.


There are no special requirements for deploying VMware Harbor Registry.


  • You can configure the authentication source only once. You cannot change between UAA, LDAP, or local authentication after the initial deployment.
  • Email addresses must be unique. Two users cannot have the same email address.
  • Use the Google Chrome browser for the best results. There are known issues with some Firefox browser versions in this release.


If you have a feature request, questions, or information about a bug, contact Pivotal Platform Feedback or send an email to Harbor.


Harbor is available under the following VMware EULA.