Development / Edge / IoT / Contributed

WebAssembly: The Future of Cloud Native Distributed Computing

4 Oct 2021 8:00am, by
Liam Randall
Liam Randall, a serial entrepreneur and venture capitalist, has worked at every level of the enterprise IT startup ecosystem over the last 25 years. He has built and operated large networks and developed and maintained large 100M+ ARR e-commerce solutions, including designing and implementing global network security monitoring sensor grids. Randall was the founder of the first Kubernetes company — Critical Stack (acquired by Capital One Bank in 2016) — with the goal of automating security and compliance for secure container orchestration. Randall is currently investing in and accelerating the growth of new open source core cloud native startups such as Cosmonic (CNCF wasmCloud) and Stacklet (CNCF Cloud Custodian).

WebAssembly has emerged as one of the fastest-growing Cloud Native trends of 2021. With distributed application runtimes like wasmCloud (a Cloud Native Computing Foundation sandbox project donated by Cosmonic this summer), we see WebAssembly appearing on the server and the edge, embedded into platforms like Envoy as an extendible platform and a direct cloud native orchestration target via projects like Krustlet, which was recently accepted into the CNCF Sandbox.

The challenges hindering distributed application development, deployment and maintenance have given rise to a new paradigm in which WebAssembly plays a prominent role in the future of cloud native distributed computing.

WebAssembly is a small and portable virtual machine that runs in modern web browsers, servers, and on a vast array of diverse hardware. Fast and efficient, this open WC3 standard is a compilation target supported by a variety of programming languages including Rust, C / C++, Typescript, Go, and more.

Abbreviated as Wasm, this open standard for the web places a premium on capability-driven security, meaning all applications are started in a Deny-by-Default sandbox and must be granted explicit access to capabilities. It was initially incubated inside the Mozilla skunkworks and is now under the stewardship of the Bytecode Alliance as a complement for JavaScript in web browsers, standalone, and cloud native Wasm. Wasm has transcended the browser and is rising in popularity throughout the cloud native ecosystem.

WebAssembly Key-Value Propositions
Efficient, Fast Fast startup times make Wasm ideal for on-demand scaling with near-native speed execution.
Safe, Secure Sandboxed and operating in a deny-by-default where explicit access to individual capabilities is granted.
Open, Debuggable Wasm is a community-driven WC3 standard under the stewardship of the Bytecode Alliance.
Polyglot Choose your own language and you can bring well-tested libraries to a domain.
Portable WebAssembly is a compilation target that runs on multiple environments — servers, browsers, embedded devices. As a secure sandbox, Wasm can also be embedded inside other applications making it ideal for executing other code.

In its own right, WebAssembly brings new capabilities and additional security features to modern development environments — both in the browser and with cloud native. However, modern cloud native developers are confronted with new challenges, such as CPU diversity, multiple operating environments, security, distributed application architecture, and scalability, that transcend deployments into a single public cloud provider.

To understand the modern distributed computing environment, one must consider the rising diversity inside the public cloud, where we see new ARM CPUs challenging the historical dominance of the x86 chipsets, competing on both cost and performance.

Traditional enterprise systems typically compile software to a specific development environment including a CPU and an operating system, such as Linux-32 bit, MacOS-ARM64, or Windows-64bit. Looking past the public cloud towards the edge, we find an even more diverse range of execution environments on an assorted set of CPU architectures.

This includes places where we choose not to or can not run Linux such as tiny devices, inside a web browser, or on Apple’s IOS. WebAssembly gives developers a portable shim, simultaneously targeting the diverse combinations of operating systems and chipsets and delivering on the promise of write once, run everywhere.

The Linux Foundation Edge working group has helpfully put together a continuum — a view of the world we can use as a starting point.

This view of the world helps us frame the complexity of modern distributed computing. There are many different device types — with a variety of system architectures and capabilities, but these categories actually undersell the complexity.

If we annotate this view slightly to include some additional context with some of the platforms that are both incumbent and common in the ecosystem, we get a more complete and complicated world view that we need to account for.

In the public cloud and on the service provider, we find Kubernetes — in both regular and micro sizes.  We find applications that are hosted on top of Kubernetes in containers, which are built and distributed with a specific OS and CPU architecture in mind.  We should include developer environments in our ecosystem, and including mobile devices means we need to support phones, browsers, smart TVs, and all of the rest of the Internet of Things (IoT).

Even the really small things — with tiny capabilities. And while Kubernetes and Linux dominate the public cloud and increasingly towards the edges, there is a lower bound of computing where we may choose or not be able to deploy them.

Of course, securing this vast array of combinations becomes incredibly complex, with different nuances and approaches to security across the distributed cloud native edge. WebAssembly’s capability-driven security approach moves the security boundary from the process, where we find it in today’s popular container-driven formats, to the WebAssembly secure sandbox. While there are differences in the technologies, WebAssembly is compatible with today’s enterprise environments and may be used in conjunction with them.

Distributed Computing Challenges

In the last epoch of technology, deployments have been dominated by microservices and SaaS applications hosted centrally in the public cloud. There are compelling reasons to believe that the next epoch of technology will be dominated by distributed applications. The diversity of system architecture, diversity in application architecture, distributed security, offline use, and machine learning deployed to the edge are continuing to drive the rise of distributed computing.

Both the number and incredible diversity of devices connected to the internet continue to skyrocket as we head towards an estimated 50 billion connected devices by 2030, the enterprise integration tasks are compounded by a dozen popular and incompatible CPU architectures. Each of which has its own relatively unique operational lifecycle from dozens of major manufacturers.

WebAssembly is well-positioned to operate in this complex environment — Wasm runtimes can even be optimized to adapt an application for specific circumstances. For example, the Bytecote Alliance’s Wasmtime is heavily optimized for server-side execution and Wasm-micro-runtime (WAMR) has been optimized for smaller embedded devices.

The vast collections of distributed and connected systems will be interconnected in tremendously different application architectures. N-Tier Applications, Model-View-Controller, Pub/Sub, Microservices, and more.

In the home, the modern enterprise, and even in the day-to-day interactions of our society, modern applications are increasingly peer-to-peer instead of client-server. Peer-to-peer means that compatible, complex logic, and microservices will need to be deployed throughout the diverse ecosystem.

Wasm excels here as well — its near-native performance makes it ideal for standalone, embedded, or other types of integrations. The portability and write once run everywhere approach gives developers new capabilities to deploy their applications.

The security of these vastly distributed applications is a broad topic, however, the native security design of WebAssembly is a welcome addition to distributed projects running anywhere in the continuum.

WebAssembly itself functions as a sandbox; helpful when you want to adapt or bring code to a huge variety of complex systems. WebAssembly also embraces the modern trend of capability-driven security, where applications no longer are granted the rights of their parents, but instead are executed into a deny-by-default sandbox.

It is easy to believe that as we connect billions of devices to the internet that we can simply offload all of the functionality to remote API and services — that these could be dumb endpoints, connected back to a smart core or intelligent edge.

While the edge will continue to move capabilities close to the users to minimize performance impacts, there are many compelling reasons to believe that devices will both be connected and still offer some level of functionality when offline or during intermittent connections. Real complex logic will need to live on and within the end devices for a variety of reasons:

  1. Latency and determinism concerns mean that some devices need to react locally and without any delay, such as the need for driverless cars to react instantly.
  2. The large data sets available at the edge in all of the diverse spectrums of data such as video, radio, audio, device telemetry, and more must first be processed where the data resides — at the devices. We will continue to see Machine Learning (ML) models extracting metadata to be shipped back to the public cloud for further analysis.
  3. Growing concerns around privacy and security will keep logic at the edges or on the devices themselves — some data, such as raw microphone or camera feeds in your home, should not be shipped outside of a local environment without preprocessing.
  4. In a need for limited or deliberate autonomy — some devices will need to be able to operate in remote environments that lack connectivity. Ships far out sea, distant rovers, or drones. Even internet-connected smart appliances should maintain some level of functionality in the case of intermittent connectivity.
  5. Rising regulatory concerns, such as GDPR and CCPA, are the start of things to come. Big tech is going to be further regulated in the near future and this will impact the where and how in the design of our distributed software systems.

What this means, is that the estimated 50 billion connected devices by 2030 will amplify our workloads — these devices may be small, they may be inexpensive — but they will be increasingly intelligent and complex. For the aforementioned reasons, WebAssemblies write once run everywhere, security model, and portability are sure to make it an important part of tomorrow’s infrastructure.

The New Stack is a wholly owned subsidiary of Insight Partners, an investor in the following companies mentioned in this article: Real.

Feature image via Pixabay.

A newsletter digest of the week’s most important stories & analyses.