Authored by Paul Fazzone, General Manager, Cloud Native Applications

Microservices architectures represent the single biggest change in application development and operations practices in the last 20 years. In a nutshell, microservices are small, discrete application components linked together through lightweight, well-defined APIs. These application components, which are each independently deployable, are linked together in various ways to create modern applications. A major advantage to this application architecture allows for the discrete components to be updated independently from the others, enabling developers to efficiently deliver new features and fix issues with existing ones. The business value of this approach is clear – companies can get new products and services to their customers with phenomenal speed and efficiency.

Amongst our customers, the excitement to understand, experiment with and adopt microservices architectures is palpable. With hundreds of incredible new open source projects and venture backed startups creating awareness of and products around modern application development, it is easy to see why. But most of these projects and startups are facing the same challenge – how do they address IT integration and day 2 operations for enterprise organizations wanting to adopt their products? This is by far the number 1 challenge I hear about from customers considering how to move to a microservices application architecture. In fact, I recently had a Fortune 50 financial customer tell me they have more than 20 proof of concept projects around their company evaluating different platform, container, function as-a-service offering….most of them are stuck on security, networking and day 2 requirements like visibility, compliance, tenant isolation and availability.  These capabilities are key tenets of VMware products, so I was excited to read about the work Google and Pivotal have done to address some of these issues and make Kubernetes on BOSH (KuBo) a better deployment and operational experience for enterprise customers.

With KuBo (check it out on GitHub), high availability is built-in by default. BOSH provides high availability for Kubernetes masters and ETCD within the Kubernetes clusters. Lifecycle management of the Kubernetes cluster and its underlying VMs is completely automated. Deployment, repairs and upgrades are easy. Best of all, enterprises gain operational efficiencies with PCF and Kubo because they both use BOSH as a common deployment tool to efficiently and securely application development.

VMware have been working closely with Pivotal to deliver tight integration between Pivotal Cloud Foundry (PCF) and VMware NSX (to help address a couple of those pesky enterprise IT challenges). This integration provides advanced network and security services to PCF Application Instances. More importantly, it enables customers to realize a single, seamless network and security model across all of their applications. Because the integration was done through BOSH, KuBo will also benefit from NSX support, so customers can take advantage of PCF and Kubernetes side by side, backed by the world’s leading cloud native network and security solution. Cool stuff that solves real customer business and technology challenges.

VMware is all about building, delivering & supporting production-ready, easy to use, enterprise infrastructure solutions to support our customer’s business objectives. Looking forward, customers can expect deeper integration between Pivotal and VMware products that deliver exceptional business value while addressing key technical challenges at the intersection of application architecture and infrastructure solutions.

VMware is committed to the key open source cloud native community projects (Cloud Foundry, Kubernetes, Lightwave to name a few) that sit at this intersection and we are excited to get involved with and contribute to the KuBo project. We believe firmly that our customer’s future is  multi-cloud and are working hard to build, partner and contribute to deliver production ready enterprise solutions to realize a microservices architecture for their applications. Our goal is simple – continue to be the best place for our customers to build and run their business applications in production.


Authored by Wendy Cartee, Sr. Director of Product Marketing for Cloud Native

Today, VMware increased our support for the Linux Foundation from Silver to Gold member. Becoming a Gold member is a significant milestone for any company, and I’m proud to be part of this deepened commitment for the Linux community and all the projects that Linux Foundation has enabled over the years. With the advent of cloud, mobility, SDN, IoT, the Linux Foundation has played a critical role in bringing together developers, researchers, companies, organizations to drive open discussions, innovations, and development that are shaping not only technology but economies, policies, and lives.

As part of the Linux Foundation, VMware has supported many projects such as Cloud Foundry, Cloud-Native Computing Foundation, Open Container Initiative, OPNFV, and Open Network Automation Project. We were also instrumental in creating Linux Foundation collaborative projects such as OVS and the IO Visor Project with thriving developer communities. In addition to the Linux Foundation, VMware participates and leads in many open source projects such as OpenStack. We are constantly growing our practice, exploring new projects, and finding new ways to engage the open source communities.

I am inspired by our open source commitment and the many ways VMware is contributing. As a member of the Cloud-Native team at VMware, we are actively working on open sourcing many of our best projects and engaging with the community through developer channels and events such conferences, workshops, and meetups.

As a quick summary of some of open source projects specifically for cloud-native environments, here are a few key projects available on the VMware GitHub today that I would like to highlight:

Photon OS

Photon OS is a minimal Linux container host, optimized to run on VMware and 3rd party cloud platforms. Photon OS is compatible with container runtimes such as Docker and container scheduling framework, Kubernetes. It contains a yum-compatible package manager that makes the system as small as possible while preserving robust yum package management capabilities. Photon OS supports vSphere installations and is offered in different pre-packaged binary formats available in ISO, OVA, Amazon AMI, and Google GCE images.

Photon Controller

Photon Controller is a distributed, multi-tenant host controller optimized for containers. The Photon Controller delivers an API-driven developer experience by exposing RESTful APIs, SDKs, and CLI tooling to automate infrastructure resources easily. It is custom-built for massive scale and speed with support for open container orchestration frameworks such as Kubernetes, Docker Swarm, Mesos, and Pivotal Cloud Foundry as well virtualized environments allowing the creating of 1000s of new VM-isolated workloads per minute.

Project Harbor

Project Harbor is an enterprise-class registry server with advanced security, identity, role based access control, auditing, and management services for Docker images. With Harbor, enterprises can deploy a private registry, keeping their data compliant behind the company firewall. In addition, Harbor supports AD/LDAP integration and the setup of multiple registries and has images replicated between them for high availability.  Harbor is localized in Chinese, English, German, Japanese, and Russian today.

Project Lightwave

Project Lightwave offers an enterprise-grade, identity and access management services such as single sign-on, authentication, authorization and certificate authority, as well as certificate key management for container workloads that need security, governance, and compliance challenges for.  Project Lightwave is designed for environments that need multi-tenant, multi-master, highly scalable LDAP v3 directory service.  It includes directory-integrated certificate authority and store that help to simplify certificate-based operations and key management across the infrastructure. Lightwave authentication services support Kerberos, OAuth 2.0/OpenID Connect, SAML and WSTrust which enable interoperability with other standards-based technologies in the data center.

Project Admiral

Project Admiral is a container management platform providing automated deployment and life cycle management of container-based applications for developers and cloud ops teams. It manages Docker hosts, policies, multi-container templates, and applications to simplify and automate resource utilization and application delivery. Developers can use Docker Compose, Admiral Templates or Admiral UI to compose their app and deploy it using Admiral provisioning and orchestration engine. For cloud administrators, they can manage container host infrastructure and apply governance to its usage, including grouping of resources, policy based placements, quotas and reservations and elastic placement zones.

vSphere Integrated Container Engine

vSphere Integrated Containers Engine (VIC Engine) is a container runtime for vSphere, allowing developers familiar with Docker to develop in containers and deploy them alongside VM-based workloads on vSphere clusters. It provides a production-grade environment for these workloads to be managed through the vSphere UI and leverage existing processes to operationalize container apps quickly.  The VIC Engine provides lifecycle operations, vCenter support, logs, basic client authentication, volume and basic networking support. For more information, please see VIC Engine Architecture for an overview.

Our contributions and participation in the Linux and open source communities are growing. You will find us at many open source events around the world, including KubeCon Berlin March 29-30th, DockerCon Austin April 17-20th, and Cloud Foundry Summit Silicon Valley June 13-15th.  If you are interested in meeting to find out more about VMware cloud-native, please send me a tweet at @Wendy_Cartee. I look forward to meeting you at many of the upcoming open source conferences!


Authored by Massimo Re Ferre, Technical Product Manager for Cloud Native

I have been frequently asked “what’s [Docker] Containerd?” The short answer I gave may be of benefit for the larger community so I am turning this into a short blog post. I hope the condensed format is useful.

Background: What’s the Problem

Docker started a technology (Docker Engine) that allows you to package and run your application in a Linux container on a single host. Linux containers have been around for decades.


Docker made them consumable for the masses. At this point a couple of things happened in parallel:

  • The ecosystem started to flourish and more open source projects started to leverage Docker (Engine) as a core building block to run containerized applications at scale on a distributed infrastructure (think Kubernetes).
  • Docker Inc. (the company) started working on solving similar problems and decided to embed into the core Docker (Engine) technologies that would help solve the problems of running containerized applications at scale on a distributed infrastructure (think Docker Swarm Mode)
Blog-Image-Docker-Containerd-02 Blog-Image-Docker-Containerd-03

This created a dynamic where Docker and Kubernetes started building similar solutions – one is building solutions to solve problems on a core building block that happens to embed another solution (created by the latter) to solve the same problems and it is creating friction in the industry.

What Happened Next?

Purists and open source advocates are advocating that, by doing so, Docker Inc. is bloating the core building block with additional bugs and instability to make space for code that isn’t needed (when third party solutions are being used). Third party vendors are claiming that Docker Inc. is creating an artificial funnel and path with commercial interest. The general fear is rooted in (1) using Docker (Engine) for free results in (2) enabling Swarm Mode for free leads to (3) buying Docker Data Center. The industry has started to bifurcate to either forking Docker (Engine) or building a completely separate container runtime.

Enter Containerd

Docker has announced Containerd (, an open-source project that the industry can use as a common container run-time to build added value on top (e.g. container orchestration, etc.)


Containerd is a daemon that runs on Linux and Windows, and it can be used to manage the container lifecycle including tasks such as image transfer, container execution, some storage and networking functions. With containerd, Docker has evolved again to below:


There are many questions such as how Containerd will be packaged, how current Docker Engine will be re-packaged, etc. that have yet to be answered.  I will write another blog to follow up, and look forward to hearing your thoughts.


Authored by James Zabala, Principal Architect and Product Lead for Photon Platform

Today we’re excited to announce the release of Photon Platform v1.1! This is our fourth major release in 2016 and marks a major milestone in our concerted effort to build a true container-focused cloud platform. Download the bits on Github.

Photon Platform is an Enterprise Cloud Infrastructure Platform purpose-built for cloud-native applications. It enables IT to deliver on-demand tools and services developers need to build and run modern applications while retaining security, control and performance of the datacenter.

Photon Platform was originally announced at VMworld in 2015 and, in the spirit of VMware’s cloud-native initiatives, subsequently open sourced on November 16th, 2015. In that time we’ve made thousands of commits and written hundreds of thousands of lines of code.  Today, the v1.1 release brings an impressive list of new features, including networking and storage features powered by NSX and VSAN technologies, and our first release of Kubernetes as a Service on Photon Platform. Development teams can now rapidly build Kubernetes clusters on demand to accelerate application development. Likewise Photon Platform provides a rich HTML5 user interface for management of the overall infrastructure and robust multi-tenant functionality.

kubernetes-500-pod-app tenantresourcedashboard

You can read more about our philosophy in building Photon Platform in Jared Rosoff’s post about our VMworld Barcelona announcement.

Perhaps most exciting are some of the features coming down the pipe which I’ll share in the coming weeks as our version planning wraps up.

If you are inclined to help improve Photon Controller, whether by writing documentation or code, feel free to ping us on GitHub — we love collaborating!


VMware Hands-On Lab (HOL) by Dave Rollins

Today we are releasing the reaming network and Cloud Native Apps labs in 2017 Hands-on Labs catalog.  While we have already released the HOL-1703 and HOL-1725 series of NSX based content, today’s labs focus on VMware Integrated OpenStack and Partner solutions from Check Point and Trend Micro.


These also contain our first vertical solutions for Healthcare and the Teclo industry.  HOL-1741-USE-1 shows a use case on how Horizon, NSX and Trend Micro can help secure and protect the healthcare environment, but in practice, these solutions can be applied to any industry.

The VMware Network Functions Virtualization lab (HOL-1786-HBD-1) covers how communication service providers can virtualize network service functions to reduce CapEx and OpEx, while improving service agility.


As an added bonus, we are releasing the much anticipated Cloud Native Apps labs today.  These where slated to be released later this week, but with the announcement at VMworld Europe of updates to the Photon Platform, we have received a number of requests for their release!  Along with the Photon Platform lab, we are also releasing the vSphere Integrated Containers lab.

Here are the links to the labs we have for you today.  You can click on the Lab SKU link to be taken directly to the lab entry and start taking the lab.  Also, you can download any of the lab manuals from the Hands-on Labs Document site.

HOL-1720-SDC-1 VMware Integrated OpenStack (VIO) with vSphere and NSX HOL-SDC-1620
HOL-1724-SDC-1 Advanced SDDC Security with Check Point vSEC and NSX N/A
HOL-1730-USE-1 vSphere Integrated Containers HOL-SDC-1630
HOL-1730-USE-2 Cloud Native Apps With Photon Platform HOL-SDC-1630
HOL-1741-USE-1 Horizon and NSX/Trend Micro: Use Cases to Secure and Protect Healthcare HOL-MBL-1661
HOL-1786-USE-1 vCloud Network Functions Virtualization N/A

If you attended VMworld, you may have noticed some Hands-on Labs staff wearing the Yellow (banana) shirts.  They were focused on assisting attendees with NSX and networking questions and are also affectionately known as “Tina’s Minions”!  Hi Keith!



Authored by Jared Rosoff, Chief Technologist Cloud-Native Applications

Over the past few years our customers have been asking us how they can get the developer productivity and agility of the public cloud, but with the cost, security, and control of their private data center. Photon Platform, which we are announcing today at VMworld Barcelona, delivers on this promise. In this article we’ll dig into the background of why we built Photon Platform and how it delivers on this new need for cloud native workloads.

The need for developer services

As much as the public cloud heralded in a new cost model, shifting from capex to opex, the bigger change is actually in the way we construct software. Public cloud is as much a programming model as it is a cost model.

Developers today demand on-demand, API-drive access to the tools and services they need to write software. Teams are embracing devops toolchains, leveraging things like Chef, Puppet and Terraform to describe and automate deployments. These environments are highly dynamic, often getting provisioned, used, and then torn down over the course of an hour.

Developers are taking new levels of responsibility for the operation of their software. No longer do they push builds over a wall to an operations team. Instead they are responsible both for writing the software and for maintaining the running instances of the software. This means they need direct access to monitoring, management, and diagnostic tools that previously only the IT operations teams used.

The need for private cloud

Public cloud has defined and delivered this new developer experience. But for many organizations, there is a need to achieve this same operating model in their own data center.

For large applications, the cost of renting vs. buying makes the public cloud a poor option. Shifting from capex to opex is great when you have rapidly changing costs or lack predictability in your workloads. But when applications reach maturity and have predictable growth, continuing to pay the tax to rent your hardware gets expensive.

Many organizations have strict security and regulatory requirements that make public cloud prohibited. There are often strict controls on the location of data in order to comply with data sovereignty laws. Sometimes you need to build applications that interoperate with existing systems already in your data center. For these workloads, the latency of crossing from public cloud to your own data center makes this architecture infeasible.

Problems faced with private cloud

As we talked to more and more customers that were making this journey to deliver a public cloud experience in their private data center, several things became very apparent:

  1. vSphere is a different thing. It’s operational model is focused on enabling IT to directly manage workloads and infrastructure, rather than provide a set of service to developers.
  2. Other options are immature, complex, or incomplete. Whether looking at the open-source OpenStack ecosystem, or newer bare-metal container based solutions, IT professionals struggle to get these systems up and running and to keep them running. When they do, they often lack the features, flexibility and security needed to power mission critical enterprise workloads.

We need a new way.

Photon platform

Photon Platform is an Enterprise Cloud Infrastructure Platform which enables IT to deliver on-demand tools and services developers need to build and run modern applications while retaining security, control and performance of the datacenter. Purpose-built for cloud native applications with natively-integrated enterprise container infrastructure support, Photon Platform brings the scale, performance and features previously accessible only to hyper-scale web companies into the customer’s own datacenter. It leverages the industry leading hypervisor, networking, and storage technologies to bring the best-in-class performance, reliability and ease-of-use to cloud native workloads.



Kubernetes as a Service

Photon Platform enables you to deliver Kubernetes as a Service to multiple tenants from a single shared pool of hardware. Each tenant gets access to API, CLI and GUI tools which allow them to provision dedicated Kubernetes clusters on the fly. Users get a dedicated kubernetes cluster with strong isolation from other tenants. Photon Platform automates the provisioning and high availability of these clusters, automatically replacing failed nodes with no human intervention.

Infrastructure as a Service

Photon Platform delivers core IaaS capabilities including VMs, Networks, and Persistent Disks on-demand to developers. Resources are provisioned quickly and reliably, supporting the needs of devops tools that programmatically allocate resources at scale.

Modern Developer Experience

Photon Platform exposes services to developers through REST API, CLI or HTML5 based GUI. This makes it easy to integrate Photon Platform’s capabilities into developer tools and workflows including CI/CD, deployment automation, or configuration management tools.

Scale-out architecture

Photon Platform uses a unique scale-out, multi-master control plane. Photon controller implements a quorum based consensus model that ensures that as long as >50% of controller nodes are available, the control plane still operates with full capabilities. A standard deployment is 3x Photon Controller nodes, but you may deploy more nodes to increase the capacity of the control plane or to enable more sophisticated high availability models. Control plane data and and processing is spread across photon controller nodes. Photon controller has no external dependencies; you don’t need to run any databases, message queues, or other systems to keep the control plane running.


We’re very excited to introduce Photon Platform to the VMware family of products. We believe this new architecture enables modern IT organizations to deliver a best-in-class developer experience to their development teams with the cost, security and control advantages of the private cloud.

To learn more about Photon Platform, check the product page at


Authored by Emad Benjamin, Principal Architect, Global Services Advanced Architecture

The room for this session was packed in Las Vegas, and boy did people come armed with their questions. It was great to see attendees for multiple companies who are paying attention to the Cloud Native Apps (CNA) space.  Now, we promised that what was discussed in Vegas would stay in Vegas, but if we can offer a glimpse for our European attendees, then we are sure you would appreciate this minor break away from tradition.

Speaking of breaking away from tradition, well “Hello, CNA!” – What a way to begin the session as to just what is CNA, how does one distinguish a cloud native app from a monolithic one. But wait a minute!? What is monolithic, draw it for me please!?  And this is how the conversation began; we defined what we see as being a monolithic app as opposed to highly scaled out micro-services like architecture often found in CNA.  It is all great flexibility offered on Day-1 and we talked about the benefits, but what happens on Day-2 (security, manageability, scalability) – well we discussed the answers to that too, and won’t spoil the surprise, but suffice to say that if you come to the session we will do our best to answer any and all questions about this, IMHO a rapidly forming new and highly opinionated space.  Come join us and listen to a few of our technical services experts as to how their customers are tackling CNA.


But wait…you didn’t think that was it…here read more…

In this group discussion we will have an interactive session on what is cloud native, what scale it addresses, who are some of the adopters, and which direction this trend is forcing the market over the next few years.  It is an opportunity for you to ask the simplest of questions to the most complex ones, sometimes a simple question as “what is cloud native” can quickly turn into a complicated answer, and hence is the opportunity to discuss the wide variety of opinion that surrounds this.

In this talk we will highlight the elements of this rapidly moving phenomenon through our industry, a phenomenon of building platforms, not just business logic software but infrastructure as software. We humbly believe that the drive towards these platform solutions is due to the following fact: approximately half of new applications fail to meet their performance objectives, and almost all of these have 2.x more cloud capacity provisioned than what is actually needed. As developers/DevOps engineers we live with this fact every day, always chasing performance and feasible scalability, but never actually cementing it into a scientific equation where it is predictable, but rather it has always been trial based, and heavily prone to error. As a result we find ourselves delving with some interesting platforming patterns of this decade, and unfortunately we are lead to believe that such patterns as microservices, 3rd platforms, cloud native, and 12factor are mainly a change in coding patterns.  However, contrary to this popular belief, these patterns represent a major change in “deployment” approach, a change in how we deploy and structure code artifacts within applications runtimes, and how those application runtimes can leverage the underlying cloud capacity. These patterns are not code design patterns, but rather platform engineering patterns, with a drive to using APIs/Software to define application platform policies to manage scalability, availability and performance in a predictable manner.



Authored by Mark Peek, Principal Engineer, Cloud-Native Applications

Technologies such as PaaS and containers are making developers increasingly more efficient at delivering their code into production. The tooling around continuous integration and continuous deployment is reducing the time it takes to safely push code through the delivery pipeline. Earlier this year we announced the Pivotal-VMware Cloud Native Stack which delivered the power of the Pivotal Cloud Foundry on top of Photon Platform. And at VMworld US 2016 we hinted about more to come on top of Photon Platform.


Next week at VMworld Europe 2016 in Barcelona, Jared Rosoff (CTO, Cloud Native Applications) will be delivering a spotlight session on Delivering Containers as a Service with Photon Platform [CNA12273]. In this session he will talk about how containers are becoming increasingly popular as a way to deliver software from development out into production. Kuberenetes integration with Photon Platform can address the challenges to running an enterprise container infrastructure. Jared will discuss the capabilities such as self-service Kubernetes clusters on demand, multi-tenant operation, and much more. Come join us in Barcelona to hear about our Photon Platform offerings.


Authored by Alka Gupta, Senior Global Technical Alliance Manager


You have heard about Pivotal CloudFoundry. You have also heard about VMware’s brand new product, Photon Platform. You want to learn more about each one of them and  how the two work together to deliver an optimized cloud native experience to both operators and developers? Where does each sit in the stack and what use cases does a PCF+Photon Platform solution address. When should I run PCF on vSphere and when on Photon Platform?

These are exactly the questions we will address in this session: Architecting Cloud-Native Systems with Photon and Pivotal Cloud Foundry [CNA7813-QT]

We will share a real world case study on deploying PCF on Photon Platform, lessons learned and some best practices. You will be able to walk away with an understanding of Photon Platform architecture, why it is best suited to run Pivotal Cloud Foundry, architecture components of each and how they integrate together.


Authored by Alka Gupta, Senior Global Technical Alliance Manager


Digital era is upon us. Every business is challenged by new innovations, whether it’s new products like Tesla, new business models like venmo or new user experiences like Uber. Customers and end users are expecting businesses to provide experiences that are personalized, localized, mobilized and responsive to their demands in cycles nearing real time. And I can guarantee you that your company is impacted by these trends as well!  Achieving state-of-the-art application development and delivery lies at the heart of this transformation and accelerates your time-to-market.

You are likely to have questions around how you can extend your current investments in VMware SDDC towards enabling your developers build these next gen apps.  In session CNA-7813, learn how VMware and Pivotal have partnered together to deliver the best in class integrated solutions in this space, targeting both operators and developers.

In addition, you will become familiar with Pivotal Cloud Foundry and its core tenets. You will also learn about the operational, reporting and monitoring capabilities available for PCF from VMware vRealize suite of products.  You will get the best practices around securing PCF with NSX today, and what’s on the horizon. For those interested in carving out separate greenfield stacks for cloud native workloads, you will see how to run Pivotal Cloud Foundry on our newly announced Photon Platform.

From this session, you will walk away with a good understanding of standing up a Pivotal Cloud Foundry environment in your data center, operationalizing it, and rolling it into production. You will be able to offer your developers a turnkey cloud native app-dev platform to build and run their apps with agility, with operational control via your trusted VMware SDDC.