VMware has launched an open source project, Lightwave, to bring better security and more identity and access controls to Linux containers. With Lightwave, VMware is now trying to advance the state of managing containerized applications, instead of talking about the need to put containers in virtual machines.
It expects, of course, that many of those containers will run in VMware virtual machines in the future, so the open-source effort makes business sense.
Does the world need a VMware-sponsored open source project for container management, when developers are hard at work on container management in Google's Kubernetes project, Docker Inc.'s ongoing Docker project, the Apache Software Foundation's Mesos, and Red Hat's OpenShift? VMware argues that it does.
"There's been an explosion in cloud-native applications, driven by end user requirements for 24X7, services on-demand," said VMware's Mike Adams, director of product marketing, in an interview. An open source project is needed to provide container identity and access controls that can be used in different cloud settings. Lightwave will face its first test inside VMware vCenter and vCloud settings in the enterprise data center, and in VMware's vCloud Air cloud service, until they catch on elsewhere, said Adams.
[Want to learn more about container's future in production systems? See Containers Get Ready To Run Critical Production Apps.]
"Developers are not using data centers as efficiently as they could. We want to make their actions more seamless" as they move code between data center and cloud services, Adams said.
In addition to Lightwave, VMware is launching another open source project -- the Photon Project, to produce a lightweight version of Linux for running containers on a server host. Two examples already exist: CoreOS and Red Hat's Atomic Host. Containerized applications carry the end user parts of the operating system that they need inside the container; the host system only needs to contain the correct Linux kernel and a few related tools and utilities.
This open source effort might appear to be a belated way for VMware to keep its fingers in the rapidly evolving field of formatting and deploying containers. And it is. But don't dismiss the effort as insignificant. Critics should recall how Cloud Foundry at one time was just an attempt by VMware to keep its fingers in application development. Cloud Foundry now is widely backed by other vendors and adopted by a broad user community.
VMware sees next generation applications being written as a collection of microservices, or multiple service components, each in its own container. In any given setting, several of those services might be containerized and also running in a shared virtual machine.
Container security and access controls remain an area with no clear-cut leader, though Docker and CoreOS' Rocket Project both claim to be addressing it in their own ways. VMware is making its own case as a trusted partner in container security, and doing so with open source technology as well.
If it succeeds, VMware will have a container operating system in Photon and a way to securely move containers around and identify and control their users. Photon will be optimized to work with Linux containers running in the vSphere virtualized environment, Adams said. VMware's pitch is virtual machines and containers, better together.
More Technical Details On The Projects
Specifically, Lightwave promises container identity and access management technology, using existing VMware code that's being made open source and given to the Lightwave project. It will include single sign-on, user identification and authorization, based on user name, passwords, tokens and certificates. The effort will be lead by Kit Colbert, former CTO and VP of end-user computing at VMware, now CTO and VP for cloud-native applications.
Lightwave will work in multi-tenant environments, whether on premises or in the cloud, and it is expected to support use of Kerberos security, LDAP v3 directories, Security Assertion Markup Language, X.509 cryptography certificates, and WS-Trust, a service for validating WS-Security tokens.
The Photon container host system will support Docker and Rocket container formatting, along with Garden container formats from Pivotal's commercial version of Cloud Foundry, Pivotal CF.
In addition to Photon and Lightwave, a third open source project, Lattice, will be started by EMC/VMware spin-off, Pivotal, to produce a container scheduling system that works with the code from the other two.
Intel, Mososphere, CoreOS, JFrog, and HashiCorp announced their support for the projects in the VMware announcement.
Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization’s IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access and Conference Passes.