Cloud // Infrastructure as a Service
Commentary
8/28/2014
10:00 AM
Charles Babcock
Charles Babcock
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

VMware: VMs And Containers Better Together

VMware takes pains to say that Linux containers will complement, not replace, virtual machines.

exploits on Linux are rare, but a few occur each year, leaving the possibility that one of them will act as a spoiler in a sensitive container environment.

Virtual machines, however, exist as a set of file definitions and policies that mimic a real machine, with logical boundaries around server resources to set them apart from other VMs. They have a small attack surface. The host's hypervisor does its work with just 30 or 40 commands communicated directly to the hardware. They can be periodically checked and protected; alterations are easily detected.

Containers, on the other hand, are much faster to spin up, replicate and scale-out, all important qualities in Web operations. Google is a practiced user of containers precisely because its search and internal operations exploited those efficiencies. It created the Linux control groups and much of the original source code that underlies Docker operations. So why is Google helping VMware put containers in virtual machines?

Google runs them that way when it's dealing with customer workloads headed for App Engine or Compute Engine. (Unlike VMware, it puts them inside a KVM virtual machine.) It's in Google's interest to have more IT departments familiar with and accustomed to using containers. That familiarity will potentially increase the attractiveness of Google's cloud services. Hence, its willingness to make its Kubernetes container provisioning system available as open source code and continue its development with VMware.

Containers also represent a way for VMware to reach application developers, a community that may be less interested than VMware in virtual machines and production security. VMware has spun off the parts that interest developers, such as the Cloud Foundry development platform and Gemstone caching system, into its Pivotal subsidiary. One of things Pivotal has produced is Pivotal CF, a commercial version of the Cloud Foundry platform.

James Watters, Pivotal
James Watters, Pivotal

James Watters, Pivotal's VP of product and ecosystem for Cloud Foundry, says container efficiencies can be easily carried over into a virtualized environment. More than one container may be run in a virtual machine; in all likelihood dozens or hundreds will be. The resources needed to keep a dozen containers in one virtual machine are much less than the resources needed for a dozen virtual machines. In a multi-tenant world, there's a limit: Containers in one virtual machine are probably going to come from one customer and not be mixed with those from another customer.

So the "blend," as Watters puts it, of container technology with the manageability and security of virtual environments is likely to be the recommended path for IT managers for a long time. VMware, Docker, and Cloud Foundry "are building in very robust Docker support. I'd argue VMware has the most advanced container management system in the world," Watters said in an interview.

With Google and Docker seeing big advantages to fitting containers into the VMware environment, that's how it's likely to remain -- at least for a while. But I still think that containers running inside virtual machines represent an architecture that's very close to VMware's interests rather than the only sensible way to run containers. Other possibilities will one day manifest themselves for launching and running containers on their own. But until some startup or disruptive coalition shows a system with the potential to do it, we'd better get used to hearing about the benefits of blending the two together.

Cloud Connect (Sept. 29 to Oct. 2, 2014) brings its "cloud-as–business–enabler" programming to Interop New York for the first time in 2014. The two-day Cloud Connect Summit will give Interop attendees an intensive immersion in how to leverage the cloud to drive innovation and growth for their business. In addition to the Summit, Interop will feature five cloud workshops programmed by Cloud Connect. The Interop Expo will also feature a Cloud Connect Zone showcasing cloud companies' technology solutions. Register with Discount Code MPIWK or $200 off Total Access or Cloud Connect Summit Passes.

Charles Babcock is an editor-at-large for InformationWeek, having joined the publication in 2003. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive Week. He is a graduate of Syracuse ... View Full Bio
Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Li Tan
50%
50%
Li Tan,
User Rank: Ninja
9/2/2014 | 2:17:13 AM
Re: Dev and Ops, will the two ever meet?
In my opinion, devs and ops will have more and more overlapping and interaction. For example, in my organization the developer has on-call duty to carry pager to solve the operation problems. This provides developer a wider view on the system. I think VM and Container will complement each other instead of one replacing the other - Container provides more efficiency and flexibility.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
8/28/2014 | 3:06:13 PM
Google testimony on multiple containers per VM
Craig McLuckie said after the press conference that it wasn't unusual for Google to run 200 containers in a virtual machine. Part of the joint development of Kubernetes is to allow it to provision and manage gorups of containers, with groups put inside a VM. Monitoring and managing individual containers is a time-consuming, attention demanding way to go.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
8/28/2014 | 2:50:13 PM
Dev and Ops, will the two ever meet?
Laurie, the possibility of something going wrong amid hundreds of thousands of lines of Linux code versus the 30-40 commands of the hypervisor is a concern to operations managers.  They've spent a lifetime trying to secure legacy applications and they're the ones, largely, running the virtualized data center. The next gen app developers see it differently: secure our containers so we can enjoy the efficiencies.
Laurianne
50%
50%
Laurianne,
User Rank: Author
8/28/2014 | 1:56:43 PM
Containers on bare metal
Interesting point re the attack surface being bigger when you run containers on bare metal, Charlie. Does that seem to be a key concern among attendees, or is it more theoretical due to the low number of exploits?
Multicloud Infrastructure & Application Management
Multicloud Infrastructure & Application Management
Enterprise cloud adoption has evolved to the point where hybrid public/private cloud designs and use of multiple providers is common. Who among us has mastered provisioning resources in different clouds; allocating the right resources to each application; assigning applications to the "best" cloud provider based on performance or reliability requirements.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 23, 2014
Intrigued by the concept of a converged infrastructure but worry you lack the expertise to DIY? Dell, HP, IBM, VMware, and other vendors want to help.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.