X

Containers vs. virtual machines: After a tough 2017, can VMware rebound in 2018?

There’s been a shift in infrastructure that powers applications in the cloud. Workloads are steadily moving from virtual machines to containers since the launch of Docker. Because of this, the vendor landscape is changing, and as new alliances are formed, old ones are being put aside. Communities are forming around new tools and standards, all in the push to make infrastructure more scalable, secure, cost-effective, and easy to manage. In 2017, we saw a continuation of the mass migration from virtual machines to containers. Let’s look at some of the major developments that are driving this shift and see what 2018 holds for DevOps teams and VMware, the largest seller of virtual machines.

VMware got to this point by driving greater efficiency over hardware servers in the datacenter. Today, any organization with a datacenter will be a VMware customer. However, with the advent of containers, VMware is being forced to find new ways to sustain its growth.

vRealize Suite

VMware

VMware’s focus is on better management of cloud infrastructure, and they’re making big changes to their platform to better implement this. Last year, the bulk of their efforts went into their vRealize cloud management suite. It lets you automate your infrastructure management using templates, and make changes to your stack visually. The focus of vRealize is to enable flexibility in infrastructure by supporting private, public, and hybrid cloud environments equally well in a single unified platform. It supports containers created using VMware Integrated Containers (VIC).

VMware Integrated Containers

VMware’s integrated containers feature aims to make Docker containers run on its platform alongside VMs. In the recent 1.2 release, VIC brought support for native Docker container hosts. It also included a host of security updates. The Registry Whitelists feature lets IT admins approve select container registries to be accessible by hosts. Additionally, when downloading container images from these registries, VIC now scans every image to ensure it’s free from commonly known vulnerabilities. Similarly, the Content Trust feature ensures only signed and trusted container images are allowed to be downloaded to the host. These features are essential for container use as compromised container images are the biggest threat to container workloads.

Additionally, VIC provides advanced access management including Projects, which lets IT admins group users according to the projects they work on, with role-based access for different levels of access and Active Directory and Lightweight Directory Access Protocol (AD/LDAP) for enterprise user authentication with single sign-on (SSO).

For organizations running big VMware operations, this will come as an interesting option if they are skeptical about Docker. It brings Docker into the familiar confines of VMware without requiring users to learn a new technology.

Partnering with AWS

In a surprising announcement in 2016, AWS and VMware announced a partnership where users could leverage VMware in the AWS cloud. This is surprising because of the rivalry between the two companies over the past few years where AWS was seen as taking market share away from VMware with its cloud-based VMs. However, both companies have missed the container bandwagon, and are now playing catch up. In hindsight, it only makes sense that these two companies that earn their bread and butter from virtualization — one in the datacenter and the other in the cloud — would come together for a complete offering. This service is fully managed and billed by VMware, and customers get the best of both worlds — the familiarity and powerful management features of VMware, along with the scalability and innovative cloud services of AWS. This partnership has met with a response from the other cloud vendors as well, showing how big a deal this is in the cloud computing space.

Drawing battle lines

In response to this, there have been a couple of similar announcements from Google Cloud and Azure. Google Cloud announced a partnership with Cisco, which has been a rival of VMware in the virtualization and networking space. In another partnership, Google Cloud, VMware, and Pivotal have announced a managed Kubernetes service that will be run on the Google Cloud, but managed and supported by VMware and Pivotal. For VMware, it’s another step to make container run alongside their vSphere VMs, and for Google Cloud it’s the promise of gaining a deeper hold on the enterprise market through VMware.

Azure last year announced an aggressive migration service to woo customers away from VMware to Azure touting theirs as the only real hybrid cloud platform. VMware isn’t happy about this development and has announced that they will not be supporting any of their instances on Azure. This is also to underscore the importance of the AWS-VMware deal. In the enterprise where risk is not the modus operandi, it’s likely the AWS-VMware solution will be more favored.

Lock-in vs. open

VMware has traditionally functioned alone, happy to innovate on its core virtualization technology. It has a strong product offering with a long list of features for management, security, and operations of virtual instances. However, all of these features have been built and remain proprietary, tied into the VMware platform. They don’t play well with other offerings from other vendors. This worked as long as virtualization was the hot trend in enterprise IT, but once the "containers vs virtual machines" battle began, open source technology came to the forefront. Partnerships between organizations and API-based integration is the norm today. VMware needs to undergo a cultural change to better serve today’s cloud-native applications.

Speed vs. simplicity

The key benefit that containers offer over VMs is that they are extremely lightweight, easy to start up, and very portable across the software delivery pipeline. VMware has taken a note from this and is doing its best to provide lightweight virtual machines, and even support containers alongside its VMs. This bridge is hard to build as the divide is substantial. As VMware is realizing it stands a better chance of joining the movement than trying to draw attention to itself. That’s the reason it is open to partnering with AWS and Google Cloud and has even joined the Cloud Native Computing Foundation.

IT vs. DevOps

VMware needs to undergo a shift in its target customer base as well. It has been the darling of IT teams who have traditionally managed infrastructure. However, in modern DevOps teams, developers are sharing the responsibilities of IT such as deployment, infrastructure configuration, and automation across the pipeline. This is where containers have boosted the pace of operating in a DevOps culture, and VMs have gotten a bad rap. To change this perception, virtualization solutions need to shift their focus from IT to include developers too.

Firewalls vs. dynamic security

Security is a key concern for enterprises weighing the balance between virtualization and containerization. In virtualization environments, security was simpler. It was baked into the VMware platform and was quite static reflecting the fairly static virtual machines it monitored. With containers, security has changed. It’s become dynamic. Rather than setting up firewalls for resources, containers use a policy-based security model where resources share access only on an as-needed basis, and even this access is governed using dynamic policies that can adapt to changes in the resources themselves. Read more about container technologies and container security on the Container Technology Wiki from Aqua Security.

A look back at 2017 shows big changes in the pecking order. VMware is no longer comfortable at the top of the list of infrastructure vendors. It’s facing disruption from newer and more advanced container technologies. To cope, VMware is adapting its product offerings, forging alliances across the border with previous rivals like AWS, and is also looking for opportunities to join the container movement in a meaningful way. Whichever way this game plays out, the winner at the end is, of course, the customer. It’s going to an exciting 2018 as the containers vs. virtual machines tussle rages on, and as VMware looks to find new a new footing in the shifting landscape.

Photo credit: Wikimedia