VMware takes pains to say that Linux containers will complement, not replace, virtual machines.
Eating At Interop: 8 NYC Dining Options
(Click image for larger view and slideshow.)
VMware knows a lot about running Linux containers. It knows they run best when they're in a virtual machine. That is the long and the short of how VMware will approach the burgeoning interest in the Docker container format.
During VMworld this week, VMware officials acknowledged growing interest in containers, then tucked them neatly into its virtual machine framework. While containers themselves are not new, a fact that VMware executives pointed out several times, the widespread use of containers in the Docker packaging is. VMware executives have been taken aback by the somewhat haphazard discussion of containers as a possible replacement for virtual machines. Nevertheless, with Docker packaging, developers get a more convenient way of preparing code for deployment and for updating code after deployment.
During VMworld, VMware execs knocked down the notion that containers will replace virtual machines -- and most informed observers agree they will not -- and they offered in its place the notion that VMware tools are the logical agents with which to manage containers. VMware will demonstrate how the software-defined data center will run Linux containers, CEO Pat Gelsinger told his keynote audience Monday morning, but it will run them in "a more efficient and compliant manner than bare-metal Linux containers." That is, it will run them in virtual machines, where their security is more assured, and manage them with vSphere and vCloud management systems.
I'm not convinced that VMware has the only answer on issues of container management, and I'll reserve judgment until those most directly interested in using Linux containers have a chance to bring alternative systems to market. At the moment, two of the logical candidates to do so, Docker and Google, are busy working with VMware.
At a media conference Tuesday, Craig McLuckie, product manager for Google's Kubernetes container-generation system, said Google has been relying on Linux containers for many years. "We've been excited to see Docker popularize these container technologies," he said. Google will work with Docker, VMware, and others to further develop Kubernetes and include container provisioning in VMware's workflows so that a container can be generated and put inside a virtual machine. "We see these technologies as being complementary," he said.
Not everybody does. Putting a container in a virtual machine -- actually, several or dozens will go in each VM -- adds operational overhead that the container purists would prefer to avoid. Likewise, Ben Golub, CEO of Docker, listening to VMware execs saying how containers need virtual machines, separated himself from complete adherence to that notion. At a media conference Tuesday, he noted that Docker 1.0 was "enterprise ready" without VMware's help. "Plenty of people are using Docker on bare metal," but he then embraced the prospect that some Docker users will put their containers inside VMware virtual machines. "It depends on what you're trying to accomplish," he said. Developers can make use of bare-metal servers and enjoy their speed and efficiency; IT managers with production workloads "will look to the VMware environment for security and manageability."
VMware CTO Ben Fathi explained that containers running natively on hardware present a large attack surface. Many containers share the host's Linux operating system, and each line of code in the operating system is an exposure, an opportunity for a bug or malware to slip in and cause something to go wrong in cramped quarters. The containerized applications are reading and writing data from a shared pool of memory; few barriers exist if bad code prompts a read of a second container's data or an overwrite. Malicious
Charles Babcock is an editor-at-large for InformationWeek, having joined the publication in 2003. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive Week. He is a graduate of Syracuse ... View Full Bio
Multicloud Infrastructure & Application ManagementEnterprise cloud adoption has evolved to the point where hybrid public/private cloud designs and use of multiple providers is common. Who among us has mastered provisioning resources in different clouds; allocating the right resources to each application; assigning applications to the "best" cloud provider based on performance or reliability requirements.