CI/CD / Cloud Services / Containers / DevOps / Security

VMware Consolidates Its Cloud Platform Around Amazon, Applications

28 Aug 2017 12:16pm, by

A growing number of VMware customers are perfectly comfortable running 100 percent of their applications in the public cloud. In light of this recognition, VMware officially announced Monday at VMworld 2017 in Las Vegas the launch of public cloud-based infrastructure services, hosted partly or entirely on Amazon bare-metal servers.

“As we have 20,000 customers coming to VMworld, there’s consistent conversations that we’re seeing over and over,” said VMware senior vice president for product and portfolio marketing, Erik Frieberg, during a press conference at the show. “And what’s happening is, conversations around applications.”

VMware Cloud on AWS goes live Monday on Amazon’s US West region, which is based in Oregon, although executives stated that rollout to other AWS regions may consume the better part of 2018. The new platform will be a way for enterprises to host part or all of their virtual infrastructure on Amazon’s cloud, but with VMware’s classic vSphere management suite.

“If you’re a VP of operations or of IT, or a CIO of the organization, what’s the lifeblood of the organization? It’s applications,” the SVP continued. “Each customer has hundreds or thousands, or often tens of thousands, of applications. And as they approach, they don’t have this idea of hybrid cloud anymore — either an on-prem strategy or a hybrid cloud strategy. They have a cloud strategy. And what they’re doing is looking at every one of these applications and deciding, ‘What do I want to do with it?’”

Infrastructure Takes a Back Seat

Last year’s VMworld focused in large measure upon the ideal of stretching virtual infrastructure across clouds, including internal cloud platforms. The theme then was that customers were looking for a single foundation for their workloads. Last September, Amazon and VMware jointly announced a partnership which made clear their goals of making VMware virtual infrastructure and Amazon services available together on a single platform. So today’s announcement was not a surprise for customers expecting some type of major culmination to take place.

What did change today was VMware’s attitude toward applications at the center of the cloud ecosystem, rather than infrastructure. The company is now painting a picture of a plurality of services and a plethora of providers, all stitched together by a management platform that’s much more workload-centric than it ever was before. It includes CI/CD platforms such as Chef, Puppet, Ansible, Splunk, and Maven as key arteries that carry enterprise applications along their development lifecycles.

In that respect, VMware is looking to assemble an ecosystem that could compete against the emerging Cloud Native Landscape — not just its breadth but also its lexicon.

“On the left, you see over 20 infrastructure ISVs,” said VMware vice president of products for Cloud Platform, Mark Lohmeyer, referring to a diagram that doesn’t look all that different from something you’d see from the open source community. Those independent software vendors, said Lohmeyer, were “representing a wide range of best-in-class capabilities around DevOps, cloud migration and costing, network, security, data protection, and disaster recovery, who are taking the capabilities that work great with VMware on-prem today, and are extending them to work on VMware Cloud on AWS.”

Open source virtual infrastructure software such as Kubernetes have made inroads over the past year in demonstrating how applications can be managed as units unto themselves and scaled across cloud platforms. Last year, VMware made the case that its NSX network platform can bridge cloud platforms as well. But that message was very platform-centered; today’s revolves around the application.

“I’m seeing a lot of heterogeneity at the moment, in [customers’] cloud approaches,” said VMware Chief Technology Strategy Officer Guido Appenzeller [pictured speaking above], in response to a question from analyst Jean Bozman. “The majority of our customers are still very much on-prem-centric, for all types of workloads. There are some customers that have embarked to the cloud, and a substantial fraction of their workloads run in the cloud. You know, I have seen customers that, at this point, are comfortable running any type of workload in the public cloud. It’s a very small number of customers, right? And it typically requires you to re-engineer your applications. But it’s possible. And we at VMware offer a portfolio, where you have some solutions for on-prem, some solutions in a VMware base, and some solutions in the general public cloud.”

The move toward a portfolio-based approach arguably began two years ago, with its introduction of Photon Platform as a means for enabling containerization in a VMware-branded, hypervisor-driven environment. As the company moved away from offering its own public cloud services, last year it partnered with IBM in the delivery of services that extended customers’ existing VMware infrastructures into the IBM Cloud.

But that service is fronted by IBM, as a service offered to IBM Cloud customers. VMware Cloud on AWS, by contrast, is a VMware-branded, VMware-provided service. Lohmeyer told reporters that VMware will be responsible for patching, upgrades, and delivery of new features, for the AWS platform. Native AWS services will also be made available for applications deployed to the public cloud, although VMware’s diagram clearly stopped the extension of AWS services into the on-premises portion. So VMware won’t be enabling a kind of “Amazon Stack” to rival Microsoft’s Azure Stack.

VMware Security

This full-stack approach has also enabled a new type of intent-driven security feature for the company, one called AppDefense. VMware senior vice president for security products Tom Corn gave The New Stack an early glimpse of this feature, which will glean the intended behavior of an application first by studying its configuration for deployment in CI/CD platforms, and second by comparing that configuration data against its own behavioral analysis of applications’ communications patterns.

Using an analytics engine, AppDefense will determine when and where the behavior of any application falls outside of the predicted norms and immediately flags the operator.  From a browser-based console, the operation may then decide how to respond, and how to automate responses for future re-occurrences.

“We’ve been working on this for two to three years,” said Corn, “and it is the very essence of this question: Can you use the unique properties of virtualization to have a completely different twist on security? It’s a new solution we’re delivering, which is about protecting applications that are running on top of virtualized and cloud environments, and it really consists of three elements whose chief thing is about, ‘How do I lock down those applications?’ And those are, capture, detect, and respond.”

Corn described the “capture” portion of the operation as gathering its intended configuration and behavior, through multiple sources. A live detection process, applied against this accumulated intent, will result in live analysis of applications. As he then showed us, an operator using a browser or the AppDefense mobile app can choose to have suspicious applications run in a protected mode, where VMs run under more strict policy restrictions and under closer monitoring. Or, they may be placed under quarantine, where they are restrained from being launched without approval.

In the course of his discussion, Corn did not refer explicitly to virtual machines, and he did acknowledge that containerized application behavior would be accounted for as well. But the brief initial glimpse we received showed a VM-focused approach to managing applications under behavior review.

The SVP declined to make specific comparisons to Cisco’s Tetration Analytics, which is a behavior-driven application analytics platform first announced in mid-2016.

What Corn did promise was that AppDefense would do for application security what NSX did for infrastructure security. That distinction further illustrated the infrastructure company’s shift in focus. The New Stack asked VMware executives the extent to which their customers had led them to this shift on account of the growing awareness of orchestration — the capability of managing containerized applications that goes over and above what a container engine delivers by itself.

Erik Frieberg told us his company’s customers are indeed expressing an interest in building systems based on container frameworks. But he stopped short of crediting any single orchestrator (e.g., DC/OS, Kubernetes, Docker Swarm), or orchestration in general, for having sparked this interest.

Mark Lohmeyer said VMware continues to press forward with its plans for vSphere Integrated Containers (VIC). “If you look at the two different stakeholders from the customer, you’ve got the developers and you’ve got IT,” he said. “The nice thing about vSphere Integrated Containers is, for the developers, it presents them a native container interface, so they can take advantage of all their existing container-oriented development tooling — it works on top of that with no changes. But for IT ops, they get to manage it through the SDDC [software-defined data center], and through vCenter and leveraging their tools.”

At least at this early stage of the show, VMware executives’ strategy appears to be to de-emphasize the “container-ness,” if you will, of the newer category of workload. By leveraging CI/CD platforms to glean the intent of applications, the company may gain an opportunity to co-opt one of container orchestration’s prime attractions ­­— intent-driven configuration — in building a more competitive platform that once again spans older and newer technological territories.

Stay with The New Stack for further coverage of this week’s platform news from VMworld 2017 in Las Vegas.

A newsletter digest of the week’s most important stories & analyses.

View / Add Comments

Please stay on topic and be respectful of others. Review our Terms of Use.