everythingpossible - Fotolia


VMware forges own microservices architecture

After seeing the rapid adoption of application virtualization, VMware brings its own Linux distribution into the cloud mix and adds the missing security ingredient.

VMware's recent announcements show it will not idly sit by as it watches other companies do to applications what VMware did to the server market with the unveiling of two new products to support application virtualization.

These two new projects will support its new Cloud Native Apps team to address the increasing uptake of containers and microservices within the DevOps arena: Project Photon and Project Lightwave.

  • Project Photon: The foundation of this microservices architecture is a lightweight Linux OS optimized to run on vSphere or vCloud Air, designed solely to support various container engines such as Docker, Rocket/rkt or Garden. Engineered to be easier to maintain and deploy due to fewer enabled features -- making it more secure -- with a smaller memory and disk footprint.
  • Project Lightwave: The industry's first container identity and access management (IAM) tool which provides SSO, authentication and authorization. It is open source to encourage end-user and vendor collaboration.

The evolution of applications

Whenever I'm at an EMC event, there is always a slide shown about the "third platform," which is described as the next-generation compute platform accessed from mobile devices, utilizing big data and based in the cloud. It's these third-platform applications that are leading this charge into containerization and microservices.

In the past few years, the idea of taking a large application stack and deconstructing it into smaller chunks that could be isolated from each other -- allowing them to be patched, processed, tweaked, moved or recompiled without impacting the whole stack -- has taken hold with developers, especially within Web application providers. Containers are isolated from each other, yet share the underlying Linux OS; this approach allows a container to be portable and able to run in any Linux distribution because the key dependencies of the application are packaged together. The push to containers means applications can move between infrastructure vendors and even between cloud and on-premises solutions. Containers have ushered in distributed/scale-out application architecture, in which a collection of containers work together to accomplish a larger task.

Project Photon provides platform for containers

VMware created Project Photon to run on top of the vSphere ESXi hypervisor as a virtual machine, not on top bare-metal servers. VMware developed it based on a Linux 3.19 kernel. Project Photon will support RPM for image-based versioning, and YUM-compatible package-based management. It supports Docker containers, CoreOS Rocket containers as well as Pivotal's own Garden container format.

Project Photon allows end users to run both containers and VMs natively on a single platform, whether on-premises in a vSphere environment or off-premises within vCloud Air. Plus, it provides all the security, management and orchestration benefits in vSphere.

So it comes as no surprise that VMware are planning to give away Project Photon for free with vSphere ESXi, as well as making it available as open source. With this move, VMware hopes to entice enterprises and developers to make it, rather than other Linux platforms, as the underlying foundation for more variants of software containers.

Security aspect is missing

The problem about microservices and containers is that there isn't an established tool to provide security services. Some form of security is already provided by container engines -- isolating the application workload from each other -- but the distributed nature of these types of applications, which can feature complex networks of microservices and hundreds or thousands instances of applications, will require companies to maintain the identity and access of all interrelated components and users. This is where the problem with containers lies: You need a tool that is flexible enough to scale across thousands of nodes and components securing identity, network and application runtime.

Project Lightwave adds security

VMware created Project Lightwave specifically to enforce security and governance across the entire infrastructure and application stack, ensuring only authorized containers are deployed on authorized hosts by authorized users. It complements Project Photon by providing IAM to the containers deployed on it.

Lightwave will hook into the open source Open Virtual Network stack and interface with popular Linux distributions, as well as those who may prefer to run containers on top of a vSphere ESXi layer, Photon and NSX.

Features and capabilities will include:

  • Centralized identity management: Project Lightwave will deliver single sign-on, authentication and authorization using name and passwords, tokens and certificates to provide enterprises with a single way for securing cloud-native applications.
  • Multi-tenancy: Project Lightwave's multi-tenancy support will enable an enterprise's infrastructure to be used by a variety of applications and teams.
  • Open standards support: Project Lightwave will incorporate multiple open standards such as Kerberos, LDAP v3, SAML, X.509 and WS-Trust, and is designed to interoperate with other standards-based technologies in the data center.
  • Enterprise-ready scalability: Project Lightwave is being built with a simple, extensible multi-master replication model allowing horizontal scalability while delivering high performance.
  • Certificate authority and key management: Project Lightwave will simplify certificate-based operations and key management across the infrastructure.

Next Steps

The ins-and-outs of microservices architecture

4 reasons you need microservices architecture right now

Bring agility to SOA with microservices

Dig Deeper on Using VMware cloud computing tools