Home > Blogs > Cloud-Native Apps

VMware Cloud-Native Apps (CNA) Technology Primer

DockerCon 2016 is now over and it was a great success. The VMware CNA team (along with the VMware cloud management, networking and storage teams) was there, and the traffic at the booth was astonishing.

We noticed booth visitors had plenty of questions around container technologies and their relation to virtual machines, especially around some of the technologies we presented at DockerCon–some of which are meant to blur those boundaries.

In this post, we are going to briefly outline our technologies and brands to help people better understand them. This includes:

If you are curious about any of the above technologies (and what they deliver and how they deliver it), please read on.

Before we get into a brief description of each technology, it is important to understand they fall into two completely different categories.

The first model assumes instantiating “docker images as containers in VMs.” This is the Photon bucket.

The second model assumes instantiating “docker images as VMs.” This is the VIC bucket.

The Photon Model

As we alluded to, this model involves a traditional “containers on top of VMs” model. This is Docker business as usual and what pretty much everyone does today: you instantiate a Linux OS, you install Docker on it and you start containers pulling Docker images from a registry.

In this context, we deliver the following Photon components:

Photon OS: in either model, one thing is clear – the container runtime environment should be smaller and more efficient than traditional OS. Our OS partner ecosystem validates this, as just about every major vendor has created a super-slim version of their OS. But, for VMware, because of our infrastructure platform, there was even greater opportunity. Because we were free to focus on the vSphere market, we could make things even smaller and even more efficient. We’ve been able to strip all sorts of legacy modules from the Photon OS kernel and tune buffers, time accounting and compile flags to eliminate redundancies between the container runtime and hypervisor. We’re seeing lots of interest around the concept of this type of runtime improvement, but we’re not done. There’s an entire layer of operational efficiency that we haven’t even begun to tackle. Beyond these focused optimizations, we’re seeing customers try things we never intended, like using Photon to create their container images (there is a Photon OS image in the Docker hub, check it out!). Others are looking at more traditional Linux application architectures running on Photon OS to take advantage of the optimizations there, as well.

Photon Controller: this is the highly efficient, completely distributed, API oriented and easy to maintain control plane that, by leveraging the ESXi hypervisor, can deliver a lean IaaS stack. The work to integrate Virtual SAN and NSX into this compute stack is underway. In addition to providing core IaaS functionalities, Photon Controller also includes cluster management workflows that will allow users to instantiate Swarm, Kubernetes and Swarm clusters. Cormac Hogan and William Lam have good articles on how to set those up. Go check them out!

Photon Platform: this isn’t a technology per se but rather a brand name to identify the container optimized IaaS platform above. Photon Platform is the brand name that includes ESXi and Photon Controller technologies, similar to how vSphere is the brand name that encompasses ESXi and vCenter technologies.

It is important to understand that Photon Platform isn’t a disruptive model when it comes to “Docker thinking.” The industry have been using this model for 3 years now:

  • you get a hypervisor (Photon Machine)
  • you get a hypervisor control plane (Photon Controller)
  • you instantiate a VM as a Docker host (Photon OS)
  • and you eventually run a container inside said Docker host

Container management and orchestration is out of scope for the Photon technologies. As a matter of fact, the very first supported commercial bundle we have launched is Photon Platform with Pivotal Cloud Foundry.

While you could always download Photon Controller today and instantiate your very own standalone Photon Platform IaaS platform, we are exploring additional out-of-the-box integrations with other container management stacks. For example at DockerCon, we demonstrated a docker-machine integration that you can grab here. Using this driver, you can leverage docker-machine to provision Docker hosts on top of the Photon Platform.

The VIC Model

The VIC model is indeed disruptive when it comes to traditional “Docker thinking” but, at the same time, it is intended to be the least disruptive when it comes to traditional data center operations.

Many have made the observation that containers running in Linux are similar in concept to VMs running on a hypervisor. They main difference is that a VM must run an operating system, whereas a container inherits an operating system. This is one of the reasons why containers are fast and efficient – there’s nothing to boot. As such, when you run containers in a VM, the VM hosting the containers is a little like a nested hypervisor.

But what if your nested hypervisor is far less capable than your actual hypervisor? It doesn’t come with clustering, HA, live migration, hardware virtualization security, etc.

VIC brings the container paradigm directly to the hypervisor, allowing you to deploy containers as first-class citizens, bypassing the pre-requisite for Linux VMs. The net result is that containers inherit all of the benefits of VMs, because they are VMs.

With vSphere Integrated Containers, the Docker image, once instantiated, becomes a VM inside vSphere. This solves security as well as operational concerns (we have learned one thing or two in the last 15 years on how to run applications inside VMs in production) at the same time.

But these are NOT traditional VMs that require 2TB and take 2 minutes to boot. These are usually as big as the Docker image itself and take a few seconds to instantiate.  We call them ContainerVMs to underscore they are not traditional VMs. They boot from a minimal ISO which contains a stripped-out Linux kernel (based on Photon OS), and the container images and volumes are attached as disks.

The ContainerVMs are provisioned into a “Virtual Container Host” which is just like a Swarm cluster, but implemented as logical distributed capacity in a vSphere Resource Pool. You don’t need to add or remove physical nodes to increase or decrease the VCH capacity, you simply re-configure its resource limits and let vSphere clustering and DRS handle the details.

The biggest benefit of VIC is that it helps to draw a clear line between the infrastructure provider (IT admin) and the consumer (developer/ops). The consumer wins because they don’t have deal with managing container hosts, patching, configuring, etc. The provider wins because they can leverage the operational model they are already using today (including NSX and VSAN).

Your developers will continue to “docker run busybox” and your (IT admin) will keep managing VMs. The best of both worlds.

This isn’t to say this is the best model. It’s yet another option. If you think using containers as a run-time for your Docker images is the best route to take for your project, then Photon Platform is the best underlying place to run those Docker Hosts (and containers on top of them).

Note: if you have heard of “Project Bonneville” that is <just> the internal name we gave to the research project, started 2+ years ago, that culminated in VIC as we see it today.

The Third Option

What we have discussed so far are the two main models.

Photon Platform is disruptive when it comes to the operational model you have today (assuming you are running vSphere). But on the other hand it is optimized to run containers at scale and so it’s aligned to the “Docker thinking.”

VIC is disruptive when it comes to the “container model” you usually think of when you think of Docker but on the other hand it is optimized for operations. (Or, in other words, you can keep your operations).

A lot of customers are still using a third option (somewhere in between) that is leveraging vSphere. Think of this model (running Docker images on containers on Docker host VMs running on vSphere) as a way to mitigate the disruption: you are running VMs on a very well operationalized infrastructure and you are running Docker images as traditional containers.

This model doesn’t solve the operational burden of running containers in production nor does it solve the need for having a multi-tenancy IaaS platform that is optimized to run containers at scale.

Nevertheless, this could be a great choice for many customers and we are working to integrate vSphere functionalities with Docker technologies (for example: the new Docker Volume Plugin for vSphere).

We see Photon Platform, VIC and vSphere as a continuum of solutions, possibly radically different to cover the spectrum of all customers’ needs and their very different maturity level when it comes to running Dockerized applications in production.


This post was not intended to go deep into the technologies discussed but to give you greater context of the various technologies and brand names we showcased at DockerCon 2016.

We covered two new models (Photon Platform and VIC) that are being developed to purposely address the Docker wave. Additionally, we are positioning vSphere as a viable platform for Dockerized applications that minimize operational disruption.

The picture below may help visualizing (at a high level) how these three stacks compare with each other:

Overview of Running Containers in VMware Environments

Overview of Running Containers in VMware Environments

VMware Embraces Containers across the Software-Defined Data Center

Kit Colbert, vice president and general manager, Cloud-Native Applications Business Unit

Enterprises are increasingly embracing digital transformation initiatives today with an eye on accelerating their pace of innovation. Next-generation application architectures leveraging Linux containers and microservices are helping to speed up software development efforts. They have changed how enterprises build, run and update their applications.

As enterprises begin their journey from building to deploying their cloud-native applications into production, they encounter the same IT requirements they are all too familiar with–backup, compliance, disaster recovery, monitoring, security and more. Some enterprises are at a crossroads. Do they take a radical rip-and-replace approach? Is it possible to gracefully adopt containers and microservices relying on existing investments? How can they simultaneously support today’s applications and workloads while also investing for the future?

VMware is embracing containers and new models of operating while helping enterprises leverage existing technologies and resources to accelerate their cloud-native journey. Some enterprises are seeking to jumpstart their cloud-native initiatives on top of their current virtual infrastructure. While others seek a cohesive infrastructure stack to solve integration challenges.

Advancing and Expanding Containers-related Projects

This week at DockerCon 2016, VMware will demonstrate its support for Docker containers across compute, networking, storage and management. We have extended our software-defined data center solutions to support Docker to enable IT to easily respond to the cloud-native needs of enterprise developers.

In 2015, we introduced VMware vSphere® Integrated Containers™ and VMware Photon™ Platform to improve the developer experience for building applications using containers while addressing enterprise IT requirements. vSphere Integrated Containers provides IT with an easy on-ramp to containerized and traditional workloads, while Photon Platform promises a new, optimized stack for cloud-native only environments. vSphere Integrated Containers and components of the Photon Platform including the newly available Photon OS 1.0 are downloadable from VMware’s GitHub page.

Solving the challenges of networking and security is a key enabler for production deployments of Docker containers. In a vSphere Integrated Containers environment, enterprises are able to leverage all of the VMware NSX® platform’s rich networking and security features in a Docker environment today. These include per container networking and security services such as micro-segmentation, logical switching and routing and load balancing. Enterprises can also tap NSX’s rich ecosystem of partner integrations to enable advanced services such Next Generation Firewall, IDS/IPS, Advanced Malware Prevention and more. All of the above is available today thanks to the fact that vSphere Integrated Containers instantiate Docker images as virtual machines (as opposed to containers). Additionally, we’ll showcase a cutting-edge demo in our booth (G3) at DockerCon.

Our uniquely capable storage offerings, such as VMware Virtual SAN™, already serve thousands of enterprises running in virtualized environments. With the new Docker Volume Driver for vSphere (available today as a beta release), many of those same key capabilities are natively available to enterprises also running in containerized applications. This is one step on our path to delivering the benefits of our storage platform directly to developers of cloud-native applications.

Thousands of customers rely on VMware vRealize® Automation™ to simplify and accelerate the delivery of integrated multi-tier applications with application-centric networking and security across clouds. At DockerCon 2016, we will introduce Project Bellevue, a technology preview that will enable vRealize Automation to support containers. Project Bellevue capabilities such as modeling containerized applications in vRealize Automation unified service blueprints, provisioning container hosts from the vRealize Automation service catalog and managing container hosts will be demonstrated in the booth.

Foundational Infrastructure to Deploy Cloud-Native Applications with Confidence

In speaking with our customers about their cloud-native efforts, many of them are challenged with how they will move their containerized applications into production. They want to know how best to meet IT requirements across security and isolation, service-level agreements, data persistence, networking services and management. We’re aggressively investing time and resources to deliver a foundational infrastructure that customers can count on to deploy cloud-native applications in production.

VMware is a Gold Sponsor of DockerCon 2016 which runs June 19-21 in the Washington State Convention Center in Seattle. If you are at the show, visit us in booth G3. Additionally, be sure to attend a presentation from Guido Appenzeller, VMware’s Chief Technology Strategy Officer for networking and security, titled “Run Docker Containers. In Production. Today” on Monday, June 20 at 11:45am PT in Room 618.

Update on the AppCatalyst technology preview

A year ago, we released AppCatalyst, a desktop hypervisor for developers – as a technology preview. The existing tools at the time were not specifically designed to support developer workflows, and there were many developer use cases where AppCatalyst did much better. The program helped us better understand the use cases and in the process gain valuable insight.

The technology preview for AppCatalyst will end on the 30th of June 2016. While the solution in its current form will not be productized, the learnings from the program will be incorporated into future products and features. We’re constantly evaluating how products are being used and exploring new ways to deliver more value to our customers.

We want to thank you for your participation in the program. If you are already using AppCatalyst and would like to continue using it till the end of 2016, please click here to download the updated version that will expire on the 31st of December 2016. You can also use VMware Fusion to continue running the virtual machines you’ve created with AppCatalyst.

VMware’s Photon OS 1.0 Now Available!

By Gregory Murray, Product Line Manager for Cloud-Native Apps at VMware

I’m excited to announce that VMware has published the binaries and updated our repos for our Photon OS 1.0 release! In a little more than a year, the team has evolved Photon OS from a technology preview into a mature operating system available as open source software that’s been vetted by VMware engineering, support and guest OS validation teams as well as thousands in the community.

With the 1.0 release, we’ve greatly expanded the number of packages that we’re including in the repository, opening the door to many more use cases than were possible with the technology preview releases. At the same time, we’ve managed to keep both the disk and memory footprints extremely small. Read more about Photon OS 1.0 support for packages in our previous blog post.

There have been several enhancements to our release processes to improve its security profile, as well. Prior to availability, the 1.0 release was subjected to more than eight different vulnerability scanning tools, static code analysis and third-party penetration testing.

We’ve maintained the focus on being frugal with system overall resources and their effect on performance in vSphere environments. As a result of the optimizations for vSphere, kernel boot times are ~200ms and runtime performance shows consistent improvement. Even with these enhancements, the Photon OS developers have managed to keep disk and memory footprints very small. Today, the 1.0 release sits at a 384MB memory footprint and, with a minimal installation, 396MB on disk.

Today, we’re also happy to introduce the Photon Administration Guide. We have received plenty of feedback from the community over the last year. We have packaged up common questions about Photon OS as well as operations details in a thorough, easy-to-use guide to help users get the most out of Photon OS.

We invite you to download Photon OS and join our community on GitHub—the source for Photon OS support. We’ve got some exciting things planned for future releases of Photon OS and need your feedback to make sure that we’re heading in the right direction for running your workloads on vSphere.

Join us at Cloud Foundry Summit 2016

cfsummit2016We are a proud gold sponsor at this year’s Cloud Foundry Summit and we look forward to interacting with the Cloud Foundry community next week.

Please stop by our booth (#201), we’d love to hear how you are using Cloud Foundry to create applications that are transforming your business and for us to give you a first hand look at the enterprise cloud-native stack Pivotal and VMware announced last month.

On Wednesday @ 9:45am, don’t miss our 5 minute lightening talk by our very own Mark Peek, Principal Engineer for CNA and member of The Cloud Foundry Foundation’s Technical Advisory Board.

See you there and stay connected!


Announcing EMC Native Hybrid Cloud with VMware Photon Platform

Last week I announced the first offering from our joint work with Pivotal.  Today I am excited to announce that we’ve been working closely with Pivotal and EMC to help realize EMC’s vision for Native Hybrid Cloud, a new offering that brings Pivotal Cloud Foundry, VMware Photon Platform and VxRack System 1000 together into an engineered offering that enables any organization to rapidly build, deploy and run cloud-native applications on premises.

With the pressure on business to deliver software and software services, the top-to-bottom hardware and software integration of Native Hybrid Cloud enables business to dramatically accelerate the formation of a cloud-native environment without the time, complexity, or uncertainty associated with building a do-it-yourself solution.

Native Hybrid Cloud

Essentially the EMC team is taking the Pivotal-VMware cloud-native stack we announced last week and building it into their VxRack appliance to deliver a robust converged platform.  This makes it even easier for customers to quickly and easily realize all the benefits of an on-prem cloud-native solution.

The cloud-native team is looking forward to this year’s EMC World! We’ll be front-and-center in the VMware Booth’s CNA zone and the EMC Native Hybrid Cloud area. If you are attending EMC, please come by and see first hand how developers and IT operators can spend more time enhancing applications and less time readying an application for production.

You also don’t want to miss:

See you there!

Announcing the Photon OS Release Candidate

By Gregory Murray, Product Line Manager for Cloud-Native Apps at VMware

It’s been an eventful week for the Cloud-Native Apps team. On the 26th, Pivotal and VMware announced an enterprise cloud-native stack featuring Pivotal Cloud Foundry and VMware Photon Platform.

Today is a milestone day for the Photon OS team – we’re sharing our 1.0 Release Candidate. Go check it out now!

Photon OS is VMware’s enterprise-grade, small-footprint Linux distribution, optimized for running cloud-native applications on vSphere. Photon OS is also an embedded component within Photon Platform, our purpose-built cloud-native infrastructure, and vSphere Integrated Containers.  Since we announced and open-sourced Photon OS last year, the product has racked up tens of thousands of downloads, and we’re confident that this Release Candidate will be the most popular download to date.

As we march towards a 1.0 release, we’ve been hard at work on testing and maturing Photon OS to the near production-grade state it’s in today. It turns out that after more than a decade of supporting guest operating systems, we’ve got quite a bit of expertise on validating and optimizing an operating system for VMware platforms. We took the opportunity to leverage those resources – and, as a result, went a bit quiet – to really hammer on Photon OS performance, security and package library. We think you’ll find this RC much more representative of what’s needed to run Linux, cloud-native applications on vSphere.

So what’s new with Photon OS today?

Today’s Photon OS release allows users to more easily secure and manage systems while improving overall compute performance. We do this through:

  • Easy system updates and in-place upgrades. Today’s release candidate includes tdnf enhancements, making it straightforward to perform system-wide scans and refreshes of your installed core packages, including Docker.
  • Greatly expanded package library in the repos. As we worked with support, the guest operating system validation team and others, we found critical requirements for many new packages. These packages should make Photon OS much more broadly applicable to customer use-cases and open up many new options on what can be done with Photon OS.
  • More file systems options: With the newer 4.2 kernel, Photon OS now supports btrfs, in addition to overlayfs, giving users the ability to leverage some of the efficiencies and capabilities of btrfs.
  • New performance enhancements: We continue to tune the Photon OS kernel when running on vSphere and now deliver a 10-26 percent improvement in file operation microbenchmarks. We’ll be working with our performance team to translate this to some real-world applications and post more details on the VROOM! blog.

Photon OS is a crucial underpinning to our vSphere Integrated Containers and Photon Platform products, and today’s release brings all of VMware’s cloud-native infrastructure solutions one step closer being fully-supported and production-ready. We’re excited to hear about your experiences with Photon OS, and welcome your feedback on our release over on GitHub and @cloudnativeapps.


Accelerate Digital Transformation with Pivotal and VMware

At VMworld 2015, VMware and Pivotal announced they would work together on a combined solution for cloud-native applications.  Today I am thrilled that Pivotal and VMware have announced the first offering resulting from this work, an enterprise cloud-native stack featuring Pivotal Cloud Foundry and VMware Photon Platform.

Why is this a big deal?  It goes back to the basics of the digital transformation businesses are driving.  They realize that software and software services are becoming bigger and bigger differentiators for their businesses and so must accelerate how they deliver innovation to their customers.  Businesses are leveraging new application architectures, delivery models, and operational models.  To accomplish this, they must embrace next generation application and infrastructure platforms.  Businesses are most successful when they have a tightly integrated, simple to use application and infrastructure platform.  This is why this announcement is a big deal: the combination of Pivotal’s cloud-native application platform, Pivotal Cloud Foundry, with VMware’s cloud-native infrastructure, VMware Photon Platform, will allow your organization to spend more time and resources on innovating and driving customer value and less time getting an application ready to run in production.

Before talking about the integrated solution, let’s look at each component.  We’ll start with the cloud-native application platform, Pivotal Cloud Foundry (PCF).  As anyone who has experience with cloud-native app development will know, cloud-native apps are about much more than just containers.  There are many problems to solve when operating cloud-native apps in production, such as enabling registration and discovery of application services, network request routing / load balancing, health and availability, monitoring and logging, identity and authentication, and much more.  PCF provides a single, powerful environment providing all these capabilities and more.  This allows application teams to rapidly build, deploy, and operate cloud-native applications within PCF.

On to the infrastructure.  All application platforms require an infrastructure to run on.  The infrastructure must provide compute, storage, and network capabilities at a minimum.  But enterprises require much more: security, multi-tenancy, resource management, scheduling, and more.  In addition, for cloud-native environments, businesses are looking for a high-scale, API-driven, OSS solution.  This is exactly what we’re delivering with Photon Platform.  It’s a robust infrastructure solution optimized for cloud-native applications.

Now let’s return to the integrated solution.  Successfully building, deploying, and operating a cloud-native application in production requires many enterprise-grade capabilities.  Many of the customers I’ve spoken with over the last eight months face installation and maintenance complexity.  There’s simply too many pieces and various third parties with whom the customer must contract as they assemble their cloud-native stack. In addition, many of these pieces are at different levels of maturity, reliability, and interoperability.  By offering a single solution that is built to work together, tested and backed with unified support, we will accelerate initial deployment and post-installation efforts.  You can expect speedy application deployments and streamlined operations with built-in application and infrastructure management.  This joint solution is built for speed, scale and programmability, that is usable by developers, operations teams, and everyone in-between.

Pivotal Cloud Foundry on VMware Photon Platform Demo

The Pivotal-VMware cloud-native stack offers unparalleled simplicity and power that enables your organization to deliver cloud-native apps quicker, easier, and with greater efficiency.  What are you most excited about?

Introducing vSphere Integrated Containers Open Source Software

Authored by Mark Peek, Principal Engineer for Cloud-Native Apps

At VMworld 2015 we showcased vSphere Integrated Containers (based on the Project Bonneville code), providing a docker daemon endpoint into a vSphere cluster. Since then, the team has been actively working on redesigning the architecture and implementation to best deliver this product to our customers. We also thought about better ways to engage and add value to our customers with this work. I am happy to announce we have now open sourced the initial 0.1 release of vSphere Integrated Container (VIC) available on the GitHub repository. This early access version supports basic operations such as a VCH deploy, docker pull, create and start. These operations are implemented via the VIC Container Abstraction which treats containers as VMs rather than in VMs. More information about the VIC Container Abstraction can be found here.

Open Source

Why are we open sourcing this code? At Cloud-Native, we believe in collaborating with the community and sharing ideas with developers as we work together to build useful tools and products. Following on the open source nature of the container community, we wanted to make the VIC code open source as well. This will give our customer and partner communities access to the code, visibility into our work, more direct access to file issues, contribute code back, and help us make our code better for their use. We are also structuring the product in such a way to expose a “port layer” which customers or other teams may use to support other container endpoints or to implement new functionality.

Port layer

At this time we are focused on delivering a docker endpoint for our customers to use with future integrations coming along the way. As such we have developed an abstraction called the Port Layer. This allows us to write a docker front end that then uses the port layer as a more generalized, low-level, container backend. This will allow 3rd party integration with consistent API’s for compute, network, and storage. You can learn more about the port layer here.

Check it out on GitHub and let us know what you think!

Introducing the Photon Platform BOSH CPI

By James Zabala, Senior Product Manager for Cloud-Native Apps at VMware

We recently released v0.8 of Photon Controller — a distributed, high-scale platform purposefully-built for cloud-native applications. I encourage you to read more about the v0.8 release and the tremendous engineering effort behind it.

Today we’re continuing our fervent push towards making Photon Platform the best Cloud-Native infrastructure available by announcing our BOSH CPI implementation.

BOSH is a popular open source toolchain designed to help you build and run distributed services. Many identify BOSH as a method of deploying Cloud Foundry (which it was originally designed to do), but it’s actually a far more robust system. BOSH addresses many of the common challenges in running distributed systems: release engineering, deployment and even life-cycle management of small or large-scale distributed services.

With BOSH, a developer can create software releases — a tight coupling of source code, binary assets, configurations, etc. — and then easily capture dependencies as an image that BOSH will manage and distribute as necessary. The system manages operating system images, persistent data, and system configurations, providing developers a single pane of glass to operate complex distributed systems. With the ever-expanding management challenges across objects and systems supporting today’s cloud-native applications, the BOSH toolchain is a natural fit for current software engineering best practices.

A BOSH CPI, or Cloud Provider Interface, is an API that is used to interact with an underlying IaaS to create and manage objects on an infrastructure, including images, VMs and disks. Put simply, the Photon Platform BOSH CPI release enables developers to use our elastic, large-scale and highly-available infrastructure without changing their workflow.

We’ve worked closely with the Cloud Foundry Foundation (CFF) to build and incubate our BOSH CPI with the goal of making Photon Platform a first-class citizen for the many devops organizations relying on BOSH to run their applications. The process of incubating the CPI aligns with the strong community-based nature of BOSH and the Cloud Foundry Foundation, of which VMware has been a member since day one.

Getting started with the CPI is easy: visit the project’s GitHub page and follow a few simple steps to get started using BOSH on Photon Platform. No open-source project is ever complete without feedback, and we look forward to hearing from you soon!