VMware unveiled a two-pronged approach to containers at its annual VMworld conference this week. VMware vSphere Integrated Containers, which is a revamp of the existing vSphere product, enables Docker containers to run inside vSphere VMs, while the new VMware Photon Platform is designed for running containers in a custom-built Linux environment.
With this dual strategy, VMware hopes to retain a customer base that's itching to adopt bleeding-edge container technology in production, while also building a new, parallel platform for container-first, cloud-first applications.
vSphere or Photon?
vSphere Integrated Containers (VIC) is exactly what it says on the label: a way to run containers in vSphere. Its advantages include leveraging vSphere's management controls and protecting containers though VM-level isolation. Some will say the protection of VMs comes at the cost of overhead and bulk, but VMware is trumpeting the use of vSphere 6's Instant Clone feature, where new VMs can be started in less than a second with minimal memory overhead.
Also included with VIC are the networking and storage-virtualization features one might expect from a VMware product, but with container-specific twists -- such as container introspection features for VMware NSX or provisioning of persistent data volumes for containers by way of VMware Virtual SAN or vSphere Virtual Volumes. In VMware's purview, the needs of containerized apps -- firewalls, virtual networks, snapshots, resource management -- have matching solutions in VMware's ecosystem.
Photon, unveiled earlier this year, melds a custom-built, lightweight Linux distribution for running containers with an ESX-based "microvisor" and a soon-to-be open-sourced control plane named Photon Controller. The goal, says VMware, is to provide "just enough" virtualization to run containers in a lightweight, cloud-native environment.
Two technologies, one goal
This should have a familiar ring. Variations on this approach have been the mainstay of actors in this space for a while now. CoreOS pioneered the idea of a minimal Linux system for running containers; Rancher expanded on the idea. Canonical's LXD tries to strike a balance between container and VM behaviors, as does Intel's Clear Containers concept, which leverages hardware-level virtualization features. Joyent's Triton also aims to offer better container protection via a new OS stack.
VMware certainly looks like it's playing catch-up, hence a strategy reminiscent of the one it's deploying with Integrated OpenStack: Satisfy the existing user base's demand for new features -- which are coming at a faster pace than VMware has traditionally supplied -- lest customers be lost to competition.
Even the Photon stack, ostensibly a sandbox for forward-thinking work with containers, has been built with an eye toward this goal. Consider Photon's support for multiple container types -- not only Docker but also CoreOS's Rocket and Cloud Foundry's Garden image formats -- which gives potential users of those formats something to do in VMware, should any of them feel inclined to look elsewhere.
This is more than a "just enough" virtualization approach -- it's "just enough" experimentation, too. But given how fast the competition can move, VMware may need to entertain these experiments more pervasively throughout its product stacks to be effective.