VMware fires Photon torpedo – a homegrown Linux for microservices
'Lightwave' security layer to bind containers running in lightweight distro
VMware has created its very own Linux distribution, dubbed 'Project Photon', as part of an effort to create a stack for what it's calling “Cloud-Native applications”.
The rest of us would probably call them “microservices”, the technique of spawning instances of an application to handle a small user population – maybe even an individual. Microservices usually rely on containers that chat among each other over an API.
The idea is that rather than rely on a monolithic application to do everything, one can instead create lightweight components that handle one part of the process previously baked into a single application.
Each component can be given DevOps-driven frequent updates that improve the user and/or customer experience without worrying about breaking a bigger application.
This approach is held to be a better way to scale than conventional tiered application models, with Google's two-billion-containers-a-week regime and Netflix's use of a containerised content delivery network often cited as validation for that assertion.
All of which sounds just great, but omits a real-world concern or two. Namely just where will you find a platform to do this stuff and, when you do, how will you make sure that all those containers aren't being suborned and leaking data hither and yon.
Which brings us back to VMware and its two announcements.
Photon is a lightweight – we're told 300MB – Linux distro that supports three containerisation environments: Docker, rkt and Pivotal's Garden. Photon's been tuned so that it's very, very comfortable running in either vSphere or vCloud Air. We're told VMware started with the Linux kernel and designed Photon from scratch.
Lightwave is billed as a “container identity and access management technology” that will “maintain the identity and access of all interrelated components and users” in a microservices-style app. The tool works with a heap of authentication protocols to ensure that when containers chat, they are authorised to do so.
Virtzilla's network virtualisation product NSX helps out, too, with its usual tricks like micro-segmentation to create tighly-controlled VLANs beyond which container-generated traffic cannot tread.
VMware's hope is that you'll virtualise Photon on ESXi, run containers inside it and use Lightwave – and NSX - to manage interaction between the containers.
VMware's proposed micrososervices architecture
VMware has committed to supporting Project Photon with the same zeal it brings to vSphere support, but as Photon is Linux it will be open source under GPL v2. So will Lightwave, but under an Apache 2.0 licence.
Does this launch matter? Probably. CoreOS' rkt has been widely interpreted as a shot across Docker's bows. VMware's just made choice of container framework moot, if you're willing to buy in to its way of doing microservices. It's also given the world lots of the pieces needed to start deploying microservices. Sibling Pivotal's tossed in its “Lattice” tool to manage containers on clusters, too, to help things along.
The likes of Google and Netflix can build their own management, automation and orchestration pieces. VMware's bidding to do it for the rest of us.
But VMware believes everything runs better in its hypervisors and argues that IT organisations need the control it brings and will therefore wear a bit of a performance hit if it brings the comfort of comprehensive management. Now to wait and see if developers are willing to tolerate similar issues. ®
Sponsored: 2016 Cyberthreat defense report