Containers are all the rage these days–especially Docker containers. The concept has a variety of benefits, but it also comes with some perceived and inherent security issues. VMware wants to add a layer of security and streamline Docker container workflow by merging Docker containers with VMware virtualization.
Earlier this week VMware shared news about Project Bonneville at DockerCon. Project Bonneville is a native container solution developed for VMware’s hypervisor to integrate Docker containers more tightly in the virtual infrastructure and streamline container workflow.
Project Bonneville combines virtualization and containerization similar to what Microsoft has done with Hyper-V Containers. Ben Corrie, principal investigator on Project Bonneville for VMware stated in a blog post about the news, “The pure approach Bonneville takes is that the container is a VM, and the VM is a container.”
Al Hilwa, program director of software development research for IDC, told me, “Docker has made great inroads into the development cycle, but it still has not penetrated production workloads. I think VMware’s involvement can help bring Docker into the data center faster. I also think that adapting virtualization to complement containers is an important strategic evolution for VMware.”
“In the last two years there’s been an explosion of interest in the potential of application containers. Some look to containers as the infrastructure grease to help expedite deployment, integration, testing and provisioning – package once, run anywhere,” explained Corrie. “Others point to the resource management capabilities typically associated with VMs and the low overheads of container instantiation. Many have mused on the relationship between containers and virtual machine (VMs) – are they competitive or complementary?”
VMware believes the two are complementary and it set out to design a platform that demonstrates that fact. Like Microsoft and CoreOS, VMware challenges the assumption that containers are inherently a Linux construct. Corrie describes Project Bonneville as a pure notion of what containers on a hypervisor should be. “In the abstract, a container is a binary executable, packaged with dependencies and intended for execution in a private namespace with optional resource constraints. A container host is a pool of compute resource with the necessary storage and network infrastructure to manage a number of containers. Around this, you have an ecosystem that provides dependency-management, image resolution, cloud storage, etc.”