In-Depth

VMware Packages Containers for the Enterprise

The company that made server virtualization popular is now targeting DevOps with cloud-native containers built on vSphere.

• By Jeffrey Schwartz
• 10/07/2015

Every major provider of computing software, hardware and cloud services, along with many newcomers, see containerization as the future architecture for developing and sharing applications across OSes, hypervisors and clouds. VMware Inc. is no exception among those sharing this vision, which has evolved over the past year, and the company has crystalized its plans to bring containers to enterprises by extending its vSphere virtualization platform.

Driving this shift toward containers that enable portability via API-driven micro-services is the proliferation of new computing device types used by employees and the push toward more modern and responsive applications aimed at enabling workers to get information faster and act on it, regardless of where they are. These new applications must be portable across compute, VMs, OSes, and clouds and therefore will require hybrid infrastructures that can enable the exchange of information among different local datacenters and public cloud providers.

These applications must be much more adaptable to different infrastructures than the more traditional ones that exist today, and they require a so-called "DevOps" approach to building and supporting them so they can be developed, revised and added to new compute and application environments in as little time as possible. That's very much how VMware envisions the future of the datacenter, cloud and applications alike. These apps, company officials say, will be cloud-native. Existing apps, meanwhile, will require the tools to bring them to these hybrid cloud environments. What will emerge are applications that are API-based and can respond to the characteristics of the different infrastructure components that connect them.

"An application is built realizing that there are components of it in the public cloud, pieces of it in the private cloud and we bring those together through common networking, management and security in a seamless experience," said VMware CEO Pat Gelsinger, speaking during his keynote address at the company's annual VMworld conference, which took place last month in San Francisco. Business imperatives will drive the shift to unified hybrid clouds, Gelsinger predicted. "I've gone on record as saying I believe this is the most significant change that will occur in technology this decade -- agility," he said. "This is what the unified hybrid cloud is all about, it's about enabling a global point of view across multiple clouds, and that's what we think is so powerful about the system that VMware is working into."

To get there, VMware previewed a number of new offerings that will embody these unified hybrid clouds centered on two new platforms to deliver these cloud-native apps. First is vSphere Integrated Containers, which will extend existing applications by wrapping them in standard containers. For brand-new applications, the company introduced the Photon Platform.

VMware Outlines vSphere Integrated Containers
VMware vSphere Integrated Containers, planned for a private beta by year's end and release sometime in 2016, will provide a common infrastructure for existing apps wrapped into containers. VMware believes this will make it easier for enterprises to jump on the container bandwagon by simplifying the ability to containerize existing apps without requiring changes to infrastructure, development teams, and management processes and tools. It's designed to give developers the ability to take advantage of the benefits of containers such as portability and speed by integrating with container orchestration and automation platforms such as CoreOS Tectonic, Docker, Google Kubernetes and Mesosphere's Datacenter Operating System (DCOS) and Cloud Foundry, the cloud Platform-as-a-Service (PaaS) platform offered by VMware sister company Pivotal.

VMware has dropped pieces of this over the past year that culminated in last month's introduction of vSphere Integrated Containers. One of those pieces is Project Bonneville, "a Docker daemon with custom VMware graph, execution and network drivers that delivers a fully compatible API to vanilla Docker clients" introduced in June. The design approach of Bonneville is based on the notion of containers running within the hypervisor, according to the company. The other key piece includes VMware's own lightweight (25MB) Linux distribution called Project Photon OS (previously known as Project Photon, which the company introduced in April) and the VMware Instant Clone feature introduced earlier this year in vSphere 6. To ensure the authenticity and integrity of a container and its underlying components, the Project Bonneville technology isolates and launches every container in a VM using the vSphere 6 Instant Clone capability, which VMware contends provides minimal overhead resulting in lower latency. By bringing all of this together with vSphere Integrated Containers, the company believes it's taking a unique approach to helping organizations build infrastructure that supports the containerization of existing applications, according to Kit Colbert, VP and chief technology officer for cloud-native applications, speaking during the VMworld keynote.

"We are actually deconstructing and virtualizing the container host, and deconstructing that along the VM, so we take out the common [interfaces] of the container engine in Linux and conceptually embed those inside of vSphere," Colbert said. "What that enables us to do is a one-to-one mapping between containers and VMs, one container per VM. This means the container isn't a VM or a VM isn't a container." Ray O'Farrell, who just before VMworld was promoted to chief technology officer and chief development officer, on stage with Colbert emphasized how this approach is different from others targeting containers in cloud environments. Other players' containers typically reside in a single VM, and groups of multiple containers also reside in a single VM, which O'Farrell contended represents a greater security risk because "if one of those containers should become compromised in some way, the other containers rely on the OS level of isolation to protect themselves. However, with vSphere Integrated Containers, rather than rely on the OS for protection, they are able to rely on the robust protection associated with virtual machines that we've come to trust for many years with VMware technologies."

Michael Adams, director of vSphere product marketing, describes vSphere Integrated Containers as an extension of the vSphere platform. "It will bring out a number of technologies in basically a package or a bundle that will enable optimized container use," Adams says. "And so what that means now is vSphere will run any app including containers. That's really the key. We could run containers before, but not in an optimized fashion in terms of how fast we deploy them and how well they're secure and integrated into the product." VMware says this will especially appeal to those who use its NSX software-defined network controller in that IT organizations can apply network segmentation and policies, visibility of container behaviors, monitoring and troubleshooting.

Photon Platform for Greenfield Apps
The vSphere Integrated Containers offering will serve 90 percent of all use-cases today where organizations want to migrate existing infrastructure and apps to hybrid cloud-native environments using containers, according to Adams. For those creating applications that don't rely on legacy applications or code and require scale an order of magnitude higher, the Photon Platform aims to provide the infrastructure for these modern cloud-native apps. These are applications that don't require capabilities in container platforms such as live migration, load balancing or availability because they are built into these new applications, according to Adams. The Photon Platform consists of two components. First is the Photon Controller, which is a distributed multitenant management and control layer/control plane that can manage millions of containers, according to Colbert. The second piece is the Photon Machine, which includes the Photon OS and also what VMware calls a "microvisor," a thin lightweight hypervisor based on the VMware ESX hypervisor. "This actually takes the core virtualization engine, the microvisor if you will, from ESX, and it combines that with our Linux distribution, Photon OS," Colbert said.

Colbert explained the Photon Machine is designed for DevOps and thanks to its API-centric model it's optimized for cloud-native applications. Because it exposes single API endpoints, it has no one point of failure, he said. Like vSphere Integrated Containers, the Photon Platform will be available for private beta by year's end and release sometime in 2016. Steve Herrod, former CTO of VMware and now an investor in early-stage startups, believes his former employer's native cloud strategy makes sense. "I think it's still early in terms of adoption and these sorts of decisions of where to go are still being made, but vSphere Integrated Containers makes a lot of sense," says Herrod, now managing director at San Francisco-based General Catalyst Partners. In addition to pointing out that it's early days, the Photon Platform faces numerous rivals such as CoreOS, Docker and Mesosphere. "There will be a lot of competition," Herrod says. Simon Crosby, co-founder and CTO of VM security vendor Bromium Inc. and a onetime CTO with the Xen division of Citrix Systems Inc., has a different view. "In the containerization world in general, there is a huge amount of froth, there are far too many vendors -- each of which is doing a piecemeal," Crosby says. "Big vendors picking it up and making it more useful is a good thing. This is good stuff from VMware. In general, you can bet this whole containerization thing is best served by the big incumbents who sell to the enterprise infrastructure space already."

Project SkyScraper for Cross-Cloud Sync
VMware's hybrid cloud offerings already hinge upon compatibility between vSphere and vCloud Air, but the biggest issue is moving live workloads without conflicts or errors. At VMworld, the company previewed a way to simplify the live movement of workloads from its private to public clouds with a tool called Project SkyScraper.

Project SkyScraper is a planned extension to vSphere that will let companies live migrate workloads between VMware virtual infrastructure and its vCloud Air. It consists of the new Cross-Cloud vMotion, which is included in vSphere 6.0 and based on the company's existing vMotion live migration tool. Project SkyScraper also consists of Content Sync, which includes a subscription-based Content Library that runs on-premises and lets administrators synchronize VM templates, vApps, ISOs and scripts between their datacenters and the vCloud Air public cloud. This aims to ensure that these templates and scripts are consistent between the on-premises private cloud and the external vCloud Air.

The Project SkyScraper preview can be used by less-skilled administrators with the vSphere Web Client, which the company said is designed for faster implementation. "It's a usability element that makes life a lot simpler," Adams says. "What you have is the workload movement technology and the sharing aspect between the critical components."

Farming the Container Landscape
Despite all the hype surrounding containers and micro-services, it's very apparent that it represents the direction in which application development and hybrid cloud computing is now headed. VMware has played its hand just a few months after Microsoft explained its vision for containers at its back-to-back Build and Ignite conferences (see "Inside Microsoft's Embrace of Container-Fueled Automation" and "Windows Containers Debut in Windows Server 2016 Preview").

Microsoft Azure CTO Mark Russinovich recently described Microsoft's vision for both Windows Server Containers and Hyper-V Containers (see his blog post). Answering the question how the latter differs from a VM, Russinovich noted: "Besides the optimizations to the OS that result from it being fully aware that it's in a container and not a physical machine, Hyper-V Containers will be deployed using the magic of Docker and can use the exact same packages that run in Windows Server Containers. Thus, the tradeoff level of isolation versus efficiency/agility is a deploy-time decision, not a development-time decision -- one made by the owner of the host."

For VMware, it appears very much about bringing containers into the vSphere VM environment. There are some similarities between the approaches Microsoft and VMware are taking with regard to containers in hybrid cloud scenarios in that both companies see the value of having the hypervisor as part of the mix and they both have strategies for having thin hypervisors and thin OSes, says IDC analyst Al Gillen. "It really does make sense for VMware to start building out a developer tools portfolio because that's really how the next-generation applications are going to be built," Gillen says. "The concern that VMware would have is what happens if people decide they don't need VMs at all, and they want to simply spin up a thin OS and load that machine up with containers, and not put any full VMs on top of it? The classic VM market is going to become more and more stable and all of the growth is going to move over to this modern application portfolio."

they are going to run that on Linux, that's a problem for Microsoft. So Microsoft has to work to keep those customers. VMware doesn't have that particular concern, but if Microsoft is successful at keeping its customers on Windows, and convincing them to build Docker containers and run it in a Windows infrastructure, that's really bad for VMware, because VMware has no solution for that."

The IT community will decide over the next year or so the future of these and other container-based architectures, which are still evolving, and what role they ultimately play in the evolution of DevOps and modern cloud-native applications.