Product Announcements

Project Lightwave Now Available

Project Lightwave Now Available

Today, we are happy to announce that Project Lightwave, an identity and access management project for cloud-native apps, has been released as a free, open source project and is now available via GitHub and JFrog Bintray. Project Lightwave was originally introduced last month (read the news release).

What is Project Lightwave?

Project Lightwave is made up of the following key identity infrastructure elements:

  • Lightwave Directory Service – standards based, multi-tenant, multi-master, highly scalable LDAP v3 directory service enables an enterprise’s infrastructure to be used by the most-demanding applications as well as by multiple teams.
  • Lightwave Certificate Authority – directory integrated certificate authority helps to simplify certificate-based operations and key management across the infrastructure.
  • Lightwave Certificate Store – endpoint certificate store to store certificate credentials.
  • Lightwave Authentication Services – cloud authentication services with support for Kerberos, OAuth 2.0/OpenID Connect, SAML and WSTrust enable interoperability with other standards-based technologies in the data center.

When paired with Project Photon, VMware’s lightweight Linux operating system for cloud-native apps, Project Lightwave helps to assure that only authorized objects can run in the infrastructure.

The Benefits of Open Sourcing Lightwave

In speaking with customers deploying cloud-native apps, their #1 concern is security. When we examined how they were securing their apps, we found each had built out their own identity infrastructure. Those systems were commonly fragile, error-prone, and difficult to scale to handle the levels of load and automation required by cloud-native apps.

Project Lightwave is standards-based and features enterprise-grade identity and access management services. The project’s code is battle-tested and production-ready having been used in vSphere to secure distributed environments at scale.

The project provides centralized authentication and authorization infrastructure and unified management for users, resources and certificates and supporting APIs. It is simple to integrate, and it streamlines security management for cloud-native apps.

By releasing Lightwave as an open source project, we hope to give back to the community a tool to help accelerate the roll-out of cloud-native apps.

Extending Identity and Access Management to Cloud-native Apps

Cloud-native apps consist of many layers of infrastructure running at massive scale. Security control protocols at each layer in the stack use different techniques and protocols.  Project Lightwave enables administrators to centrally manage access and security policies.


Figure 1: Project Lightwave: Identity & Access management for cloud-native apps

The project can be used to secure layers of a cloud-native apps stack such as:


  • Trust container images and their origin
  • Control which images can be run and who can access them


    • Trust the nodes you are scheduling containers on
    • Control access to orchestration configuration

Container engine

  • Control who can run containers and what they can do to them
  • Trust the container images that are running


  • Control user access and permissions on each host
  • Chain of trust from physical host to OS to container instance


  • Trust network endpoints
  • Encrypt network connections

Try it out today