Why (and how) VMware created a new type of virtualization just for containers

10.09.2015
As the hype about containers has mounted over the past year, it has raised questions about what this technology – which is for packaging applications - means for traditional management and virtualization vendors. Some have wondered: Will containers kill the virtual machine

VMware answered that question with a resounding no at its annual conference in San Francisco last week. But, company officials say containers can benefit from having a new type of management platform. And it’s built a whole new type of virtualization just for containers.

A decade and a half ago, VMware helped revolutionized the technology industry with the introduction of enterprise-grade hypervisors that ushered in an era of server virtualization.

Last week the company revealed a redesigned version of its classic virtualization software named Project Photon. It’s a lightweight derivative of the company’s popular ESX hypervisor that has been engineered specifically to run application containers.

+MORE AT NETWORK WORLD: Containers key as Cisco looks to ‘open’ its data center OS | VMware’s Gelsinger talks about the status of virtual networking, feuding with Cisco and the state of the EMC Federation +

“At its core, it’s still got the virtualization base,” explains Kit Colbert, VMware’s vice president and CTO of Cloud Native Applications. Colbert calls Photon a “micro-visor” with “just enough” functionality to have the positive attributes of virtualization, while also being packaged in a lightweight format ideal for containers.

Project Photon includes two key pieces. One is named Photon Machine – a hypervisor software born out of ESX that is installed directly onto physical servers. It creates miniature virtual machines that containers are placed in. It includes a guest operating system, which the user can choose. By default Photon Machine comes with VMware’s customized Linux distribution named Photon OS, which the company has also designed to be container friendly.

The second major piece is named Photon Controller, which is a multi-tenant control plane that can handle many dozens, if not hundreds or thousands of instances of Photon Machine. Photon Controller will provision the clusters of Photon Machines and ensure they have access to network and storage resources as needed.

The combination of Photon Machine and Photon Controller creates a blueprint for a scale-out environment that has no single point of failure and exposes a single logical API endpoint that developers can write to. In theory, IT operators can deploy Project Photon and developers can write applications that run on it.

Project Photon will integrate with various open source projects, such as Docker for the container run-time support, as well as Google Kubernetes and Pivotil’s Cloud Foundry for higher-level application management. (Photon manages infrastructure provisioning while Kubernetes and CF manage application deployments.)

VMware has not yet set pricing for either platform, but both will be available this year as a private beta.

Not all customers are ready to go all-in on containers though. So, VMware is also integrating container support into its traditional management tools.

VSphere Integrated Containers is a second product VMware announced that Colbert says is a good starting point for organizations that want to get their feet wet with containers. For full-scale container build outs, Colbert recommends transitioning to Project Photon.

VSphere Integrated Containers is a plugin for vSphere, the company’s venerable ESX management software. “It makes containers first-class citizens in vSphere,” Colbert explains. With the plugin, customers are able to deploy containers inside of a virtual machine, allowing the container in the VM to be managed just like any other VM by vSphere.

By comparison, currently if a user wanted to deploy containers in vSphere, they would likely deploy multiple containers inside a single virtual machine. Colbert says that has potentially harmful security implications though: If one of the containers in the VM is compromised, then the other containers in the VM could be impacted. By packaging one container inside each VM, it allows containers to be protected by the security isolation and baked in management features of vSphere.

Kurt Marko, an analyst at Marko Insights, says VMware’s approach to containers could be appealing to VMware admins who are being pressured to embrace containers. It could come with a downside, though.

“Wrapping Photon containers in a micro-VM makes it look like any other instance to the management stack and operators,” Marko wrote in an email. “Of course, the potential downside is lost efficiency since even micro-VMs will have more overhead than containers sharing the same kernel and libraries.” VMware says the VM-overhead is minute, but Marko says it will take independent analysis to determine if there is a tax for using containers inside VMs.

As VMware attempts to position itself as a container company, there are headwinds. First, it is still very early on in the container market.

“The hype far outweighs the utilization” at this point, says IDC analyst Al Gillen, program vice president for servers and systems software. He estimates that fewer than 1/10 of 1% of enterprise applications are currently running in containers. It could be more than a decade before the technology reaches mainstream adoption with more than 40% of the market.

VMware also hasn’t traditionally been known as a company that leads the charge when it comes to cutting edge open source projects, which is a perception the company is fighting. Sheng Liang, co-founder and CEO of Rancher Labs – a startup that was showcasing its container operating system and management platform at VMworld - said the container movement has thus far been driven largely by developers and open source platforms like Mesos, Docker and Kubernetes – he hasn’t run into a single container user who is running containers in VMware environments, he said.

Forrester analyst Dave Bartoltti says that shouldn’t be surprising though. VMware has strong relations with IT operations managers, not developers who have been most enthusiastically using containers. Announcements the company has made at VMworld are about enabling those IT ops workers to embrace containers in their VMware environments. Other management vendors, like Red Hat, Microsoft and IBM are equally enthusiastically embracing containers. VMware’s argument though, is that containers and VMs are better together.

(www.networkworld.com)

Brandon Butler