VMware Project Lightwave targets containerised app security concerns

Virtualisation giant VMware looks to increase enterprise readiness of container-based apps with security tool

VMware is working on bringing to market an identity and access management technology to address user security concerns about running applications in containers.

Interest in the use of containers, over virtual machines, to run applications has been growing for some time now, because of the flexibility it offers developers in terms of the programming languages they can use to create their apps and the environments they can deploy them in.

VMware, in particular, has long championed the use of them as a means of helping the enterprise run applications with ease in private, public and hybrid cloud environments.

So much so, it embarked on a series of joint initiatives with Docker, Google and Pivotal in August 2014 to make it easier for enterprises to run and manage containerised applications using their existing VMware environments.

However, concerns about the security of containerisation tools – such as Docker – continue to dog the technology, with market watcher Gartner concluding at the start of the year that they “disappoint” from a secure administration point of view.

“Linux containers are mature enough to be used as private and public platform as a service,” stated Gartner’s Security properties of containers managed by Docker report.

“[They] disappoint when it comes to secure administration and management and to support for common controls for confidentiality, integrity and administration,” it added.

Introducing Project Lightwave

To tackle this VMware has debuted Project Lightwave, which it claims is the industry’s first identity and access management tool for container-based apps, alongside another open source-based initiative called Project Photon.

Read more about container technnologies

  • A number of major technology companies have hitched onto the Docker bandwagon in recent months and this time, it's VMware.
  • Microsoft is casting a wider net and targeting security concerns with its latest container push.
  • Docker's acquisition of software networking company SocketPlane could bring the developer of open application containers a step closer to building an alternative to hypervisors made by companies like VMware.

The latter is the name given to VMware’s lightweight Linux operating system that is optimised to run containers and is available to download from GitHub from today (20 April).  

VMware UK CTO Joe Baguley said Photon’s work is geared towards capitalising on the performance improvements users often see when opting to run containerised apps and workloads on VMware hypervisors.

“We have seen in some of the testing we’ve done that, for some workloads, things run faster when virtualised in a Docker container on ESX [VMware’s hypervisor] than they do on a Docker container run anywhere else because of the optimisations we do,” he said.

“So, by bringing out our own version of Linux, we’re building on that by providing an optimised place for containers to run.”

Lightwave, meanwhile, is designed to address the security concerns people have about using multiple containers in their IT environments, explained Baguley, and is expected to appear on GitHub in the second quarter of this year.

“There are obvious concerns about people running different containers on the same operating system, and security concerns around how people can manage access to those containers in a scalable way. That’s what we’re doing here with this,” he said.

Both projects are a logical next step in encouraging wider enterprise adoption of container-based apps, added Baguley.

“If you look back to the evolution of virtualisation, once you knew how to virtualise a machine, the next questions were around how to secure them, how to manage hundreds of them and how to back them up. That’s the phase we’re in with containers at the moment,” he said.

Read more on Virtualisation and storage