Cloud // Infrastructure as a Service
Commentary
8/28/2014
10:00 AM
Charles Babcock
Charles Babcock
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

VMware: VMs And Containers Better Together

VMware takes pains to say that Linux containers will complement, not replace, virtual machines.

Eating At Interop: 8 NYC Dining Options
Eating At Interop: 8 NYC Dining Options
(Click image for larger view and slideshow.)

VMware knows a lot about running Linux containers. It knows they run best when they're in a virtual machine. That is the long and the short of how VMware will approach the burgeoning interest in the Docker container format.

During VMworld this week, VMware officials acknowledged growing interest in containers, then tucked them neatly into its virtual machine framework. While containers themselves are not new, a fact that VMware executives pointed out several times, the widespread use of containers in the Docker packaging is. VMware executives have been taken aback by the somewhat haphazard discussion of containers as a possible replacement for virtual machines. Nevertheless, with Docker packaging, developers get a more convenient way of preparing code for deployment and for updating code after deployment.

During VMworld, VMware execs knocked down the notion that containers will replace virtual machines -- and most informed observers agree they will not -- and they offered in its place the notion that VMware tools are the logical agents with which to manage containers. VMware will demonstrate how the software-defined data center will run Linux containers, CEO Pat Gelsinger told his keynote audience Monday morning, but it will run them in "a more efficient and compliant manner than bare-metal Linux containers." That is, it will run them in virtual machines, where their security is more assured, and manage them with vSphere and vCloud management systems.

[Want to learn more about the impact of containers on VMware? See What Docker Means For VMware, Cloud.]

I'm not convinced that VMware has the only answer on issues of container management, and I'll reserve judgment until those most directly interested in using Linux containers have a chance to bring alternative systems to market. At the moment, two of the logical candidates to do so, Docker and Google, are busy working with VMware.

At a media conference Tuesday, Craig McLuckie, product manager for Google's Kubernetes container-generation system, said Google has been relying on Linux containers for many years. "We've been excited to see Docker popularize these container technologies," he said. Google will work with Docker, VMware, and others to further develop Kubernetes and include container provisioning in VMware's workflows so that a container can be generated and put inside a virtual machine. "We see these technologies as being complementary," he said.

Not everybody does. Putting a container in a virtual machine -- actually, several or dozens will go in each VM -- adds operational overhead that the container purists would prefer to avoid. Likewise, Ben Golub, CEO of Docker, listening to VMware execs saying how containers need virtual machines, separated himself from complete adherence to that notion. At a media conference Tuesday, he noted that Docker 1.0 was "enterprise ready" without VMware's help. "Plenty of people are using Docker on bare metal," but he then embraced the prospect that some Docker users will put their containers inside VMware virtual machines. "It depends on what you're trying to accomplish," he said. Developers can make use of bare-metal servers and enjoy their speed and efficiency; IT managers with production workloads "will look to the VMware environment for security and manageability."

VMware CTO Ben Fathi explained that containers running natively on hardware present a large attack surface. Many containers share the host's Linux operating system, and each line of code in the operating system is an exposure, an opportunity for a bug or malware to slip in and cause something to go wrong in cramped quarters. The containerized applications are reading and writing data from a shared pool of memory; few barriers exist if bad code prompts a read of a second container's data or an overwrite. Malicious

Next Page

Charles Babcock is an editor-at-large for InformationWeek, having joined the publication in 2003. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive Week. He is a graduate of Syracuse ... View Full Bio
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Laurianne
50%
50%
Laurianne,
User Rank: Author
8/28/2014 | 1:56:43 PM
Containers on bare metal
Interesting point re the attack surface being bigger when you run containers on bare metal, Charlie. Does that seem to be a key concern among attendees, or is it more theoretical due to the low number of exploits?
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
8/28/2014 | 2:50:13 PM
Dev and Ops, will the two ever meet?
Laurie, the possibility of something going wrong amid hundreds of thousands of lines of Linux code versus the 30-40 commands of the hypervisor is a concern to operations managers.  They've spent a lifetime trying to secure legacy applications and they're the ones, largely, running the virtualized data center. The next gen app developers see it differently: secure our containers so we can enjoy the efficiencies.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
8/28/2014 | 3:06:13 PM
Google testimony on multiple containers per VM
Craig McLuckie said after the press conference that it wasn't unusual for Google to run 200 containers in a virtual machine. Part of the joint development of Kubernetes is to allow it to provision and manage gorups of containers, with groups put inside a VM. Monitoring and managing individual containers is a time-consuming, attention demanding way to go.
Li Tan
50%
50%
Li Tan,
User Rank: Ninja
9/2/2014 | 2:17:13 AM
Re: Dev and Ops, will the two ever meet?
In my opinion, devs and ops will have more and more overlapping and interaction. For example, in my organization the developer has on-call duty to carry pager to solve the operation problems. This provides developer a wider view on the system. I think VM and Container will complement each other instead of one replacing the other - Container provides more efficiency and flexibility.
Multicloud Infrastructure & Application Management
Multicloud Infrastructure & Application Management
Enterprise cloud adoption has evolved to the point where hybrid public/private cloud designs and use of multiple providers is common. Who among us has mastered provisioning resources in different clouds; allocating the right resources to each application; assigning applications to the "best" cloud provider based on performance or reliability requirements.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 16, 2014.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.