SAN FRANCISCO – VMware has built not one but two nifty ways to run containers on top of its infrastructure, but will customers come?
At its annual VMworld conference here this week, the company introduced two major products: Photon Platform, and vSphere Integrated Containers, both of which offer VMware customers an efficient means to run a containerized application inside a VM on top of a VMware virtualization host.
VMware vSphere Integrated Containers, previously Project Bonneville, embeds a container engine and a specialized Linux runtime called Photon OS directly in to ESX, which subsequent containerized applications can take advantage of. Without them, running containerized applications on an ESX host is more involved -- create a VM, then load an operating system and container engine in to it – while the containers are larger and take a long time to boot.
Photon Platform works on top of a pared-down ESX "microvisor" called Photon Machine, Photon OS and Photon Controller, a distributed multi-tenant control plane that provides security and authentication (through VMware Project Lightwave), plus integration with container management frameworks such as Apache Mesos and Google Kubernetes.
VMware developed the two separate platforms to cater to different uses. The way to think of the VMware Integrated Containers is as a single platform that runs both traditional apps and next-generation containers, said Kit Colbert, executive vice president and CTO of VMware's Cloud Native Apps group. And because containers here run on top of vSphere, it's possible to use any and all vSphere tools to manage them.
Photon Platform, meanwhile, is for when you have a critical mass of containerized applications. In that case, "you want to create a specialized infrastructure that runs only next generation apps," Colbert said. "Traditional apps won’t run that well on Photon." Both approaches deliver a level of security that can't be found by running containers without a VM. Docker and other application container approaches do not provide each application its own user ID isolation, which is widely viewed as a security risk. By running a container inside a VM, the container gets the benefit of hardware isolation offered by the hypervisor.
An argument against using running containers inside a VM is that it adds overhead, something you want to avoid when pursuing a microservices architecture. To blunt that argument, VMware introduced the concept of the just enough VM, or jeVM – a lightweight VM and operating system that provides all the services that a container might need, and that boots up quickly. Add to that support for instant cloning courtesy of VMFork (previously Project Fargo), and VMware believes its container offerings deliver the best of both worlds: scalability and agility of the cloud native applications, with the security and operational processes that enterprises demand.
Too little, too late or too much, too soon?
VMworld attendees were generally intrigued.
"The way they're integrating Docker and the VM – that integration will make containers much easier to use," said a systems administrator for a large financial services software firm. "Today, there's a lack of visibility between the VMware and Docker ecosystem.".
But like many other attendees, interest in Docker was just that – interest. "We've talked about Docker, it’s cool," he said, but talk has yet to progress to action.
Meanwhile, critics maintain that VMware is generally late to the container game. With the exception of Photon OS and Project Lightwave, which are available as open source projects on GitHub, neither vSphere Integrated Containers nor Project Photon are anywhere near general availability (Photon Platform is expected to go in to private beta in Q415). And despite efforts to cater to groups where Docker is popular (developers at DevOps startups) with tools such as AppCatalyst and vRealize Code Stream, it remains to be seen whether it can cultivate that customer base.
About the author:
Alex Barrett is editor in chief of TechTarget's Modern Infrastructure. Contact her at [email protected]