Cloud Native / Containers / Security

VMware Responds to Container Movement with Lightweight Linux OS and Cloud-Native Tools

20 Apr 2015 5:01am, by

VMware is answering some of the questions about how it plans to compete in a containerized world with the release of two tools it plans to open source, both of which help enterprises build and deploy cloud-native applications. At the same time, its spin-off company Cloud Foundry is announcing a related tool as well.

Being announced:

  • Project Lightwave – a container identity and access management solution.
  • Project Photon – a lightweight Linux operating system designed for containers.
  • Lattice – a lightweight packaging of Cloud Foundry’s clustered container scheduling, routing and log aggregation.

Businesses turn to cloud-native applications to help them gain greater velocity and agility, factors that apply to VMware as a company as well, according to Kit Colbert, VMware’s vice president and CTO of Cloud-Native Apps. The company will be making releases every couple of months this year, he says, as it aims to put projects out there “early and often” and gain customer feedback.

“This space is very, very young. A lot of companies we talk to are still getting their heads wrapped around what exactly this looks like and what the final thing needs to be,” he said.

Colbert says of the work of the cloud-native app unit:

“This is an opportunity to define what our mission is: It’s fundamentally to make the developer a first-class user of the data center. In some ways, what VMware has been doing with our software-defined data center vision has been very similar. It’s been taking the virtualized data center and making it a true hybrid cloud with self-service.”

While focused on developers, it has the ops team in mind as well, he says:

“We’re helping the ops team run those cloud-native applications and manage all the functions such as compliance, performance, security. It’s helping bring the application code all the way from the developer’s laptop to the production stack.”

Project Lightwave

This container identity and access management solution aims to address the security shortcomings that containers pose.

A Gartner’s report called Docker security “immature,” and said overall Linux containers “disappoint when it comes to secure administration and management, and to support for common controls for confidentiality, integrity and availability.”

With thousands or even hundreds of thousands of instances of an app running, it’s essential to identify all the pieces and ensure the network is properly configured so they can talk to each other, yet ensure some hacker state doesn’t have an easy way in, Colbert explains.

Lightwave can authenticate not just users, but components that are part of the app — that they are who they say they are and that they’re running where they should be. It can be used with a directory service or integrate with an identity provider. This is not a replacement for Docker, Rocket, Mesos or Kubernetes, he said, but an extension.

If you have a number of Linux-based hosts, a scheduler can check with Lightwave for the authenticated hosts on which to provision an application. With OVN, announced in January, it also can authenticate trusted networks for the application.

Screen Shot 2015-04-19 at 10.37.27 AM

“There’s an ecosystem that forms around these different parts that have to be glued together for identity management to have the trust and security that our customers are looking for,” he said.

He said Mesosphere has been particularly interested in Lightwave. It, CoreOS and Pivotal will take part in the online launch of these tools Monday at 10:00 am PT/1:00 pm ET.

Project Photon

With Linux becoming a standard building block for enterprises, VMware sees it making sense to extend its hypervisor to include Linux, Colbert said.

“The idea is to drive simplicity of management and greater security by creating a Linux distro that we can build into vSphere conceptually. The reason we’re open sourcing it is that there are a lot of unique things we can do here when you look at how you can rethink what a hypervisor and Linux look like together,” he said.

While releasing its own Linux distro, the company remains committed to running any OS a customer wants, he said.

A traditional OS, he said, includes many packages that the application inside the container can’t see and won’t be using, so it becomes unnecessary. CoreOS, he said, deserves credit for pioneering the idea of a minimal OS for containers.

“That split is what’s very interesting to us at VMware,” he said. “When you look at that split, what used to be an operating system that used to have some app stuff and some infrastructure stuff, now the app stuff is inside the container; the infrastructure is outside of there. … Photon is kind of the infrastructure portion of the Linux OS. That’s why we want to build that into [its hypervisor] ESX.”

IDC analyst Gary Chen, for one, has been saying that to move to an OS-centric technology like containers, VMware needs to own its own OS to compete with rivals who own an OS and have been combining it with a hypervisor.

“It’s not out of the question that they eventually will need to make a bigger investment into the OS layer, and could pick up a company to help with that, especially for containers,” Chen has said previously.

Lattice

Lattice is a lightweight version of open source Cloud Foundry components for running containerized workloads on a cluster, without requiring a full-blown deployment of Cloud Foundry. Lattice does not include authentication or buildbacks. It runs via Vagrant and doesn’t use Cloud Foundry CLI, since it has its own that has no Cloud Controller.

According to its GitHub page, the Lattice technology is based upon open source Cloud Foundry components:

  • Diego schedules and monitors containerized workloads
  • Loggregator aggregates and streams application logs
  • Gorouter provides http load-balancing

As we wrote about last Fall, Diego has its own story, serving as a new orchestration manager that distributes tasks and application processes.

Diego serves as an app execution, container-based pluggable scheduler and health check manager, said Andrew Shafer, senior director of technology at Pivotal. IBM, SAP and Cloud Credo are also helping develop the open source project. The project is open to anyone. See more on Github.

How Diego fits with Docker demonstrates an effort to make Cloud Foundry more accessible and streamlined. Also as we wrote on The New Stack last Fall, Diego helps bring a cleaner container abstraction with Warden (Garden), the container technology developed originally for Cloud Foundry:

Diego has allowed the Cloud Foundry team to simplify the platform as a service (PaaS). The droplet execution manager (DEA), health manager and some of the cloud controller are now taken care of by Diego, Whelan said. Cloud Controller is not part of Diego and remains in Cloud Foundry.  For the developer, Cloud Foundry will run the application processes and distribute them to Diego, which then manages the tasks and longer processes across its cell network. It makes Diego more closely resemble its own microservices environment, granted with still much to develop. Developers who don’t want or need all the features of Cloud Foundry could still use Diego as a core component to build a PaaS for their needs.

The orchestration problem that Diego resolves makes it comparable to platforms such as Google Kubernetes and Mesos. Kubernetes and Diego both run on etcd, the configuration technology that is also what CoreOS uses to manage its OS for server deployments:

Mesos is simply a communication infrastructure and protocol for enabling scheduling across distributed resources. Diego does that (admittedly with more specificity) and a lot more: containerization, log aggregation, routing, health management, etc.  Frameworks built on top of Mesos such as Marathon are more directly comparable to Diego.

CoreOS, Pivotal and SAP are sponsors of The New Stack.

Feature image via Flickr Creative Commons.

A newsletter digest of the week’s most important stories & analyses.

View / Add Comments

Please stay on topic and be respectful of others. Review our Terms of Use.