Virtualization Technology News and Information
Q&A: Interview with Ben Hindman Talking Mesosphere, VMware and Containers

Ben Hindman is a co-founder of Mesosphere and the original author of the Apache Mesos project. I recently had the opportunity to talk with him about Mesospshere's view of VMware's Monday announcement and the challenges of security and managing containers at scale in virtual environments.

VMblog:  What did VMware announce on Monday, and where does Mesosphere fit in?

Ben Hindman:  VMware announced two open source technologies that are important to Mesosphere: Lightwave, which is an identity and access management system, and Photon, which is their lightweight Linux distribution.

We are working with VMware to offer the Mesosphere Data Center Operating System on top of Photon as the base operating system, as well as being able to use Lightwave as one possible implementation for authentication, authorization and access control.

We also want to work with VMware to integrate with Open Virtual Networking (OVN), their open source networking technology, which is also a critical part of their open source strategy. OVN integration will allow us to create dynamic network isolation, creating yet another security boundary around different containers.

VMblog:  So architecturally, DCOS would run on top of Photon, rather than, say, CoreOS or Red Hat Linux?

Hindman:  Yes. It would really come down to customer choice. Users of VMware's vSphere may very well choose Photon as their Linux of choice. Its enhanced security and integration with other VMware products will be a compelling offering.

VMblog:  What are the shortcomings in container security today that Lightwave and Photon are improving on?

Hindman:  Well, it's possible today for malicious code to "break out" of the container and potentially get root access to the box, but that problem is being solved-yet there are other problems that are just as important that are not being addressed. 

In particular, there is not yet a standardized open source offering that all of us use to do authentication and authorization. This effectively means everyone does it slightly differently, which means application security is not truly portable. In order to roll out applications they have to be customized for each environment, which means no matter what you do for one organization rolling out to the next is a total pain, because one application does security one way and another application does it another way. It's a big headache and it's part of this whole mess of managing and operating your datacenter services or your cloud-native apps.

The attractive thing about Lightwave is the idea that VMware is putting out an open source project that might create a standard around security that all these applications and systems can use. This way we can have well-known APIs to actually provide security, versus today's free-for-all where everyone is doing it differently.

This is important to Mesosphere because we're building the datacenter operating system, and a big part of the operating system is the security layer - the authentication and authorization layer. We've got an entire authentication and authorization team that's working on what the API looks like for the Datacenter Operating System (DCOS) - and it's nice to have another open source project out there that we can partner with to do the heavy lifting-where we are all integrating to a common substrate.

From an industry perspective, it's a total pain if you have to rebuild the security layer as you move an application onto a different platform. That's the interesting thing that I think we're solving with this, and I think Lightwave is a step in that direction.

VMblog:  Because we're talking about so many projects that are open source from the beginning - Mesos, Docker, CoreOS, etc. - do we need open source tech at every layer, including security?

Hindman:  I think this is the same reason VMware decided to create Open Virtual Networking. They realized that if you want to create a standard it probably has to be open, because a lot of organizations that don't want to pay for the technology are not going to use it, which means it's not going to become a standard. But if you can have at least a basic implementation of it that's totally open, then a bunch of people will use it. They might upgrade and buy the enterprise version of the open standard, but they the need the initial offering to be open.

And interestingly, VMware is open sourcing Lightwave not as an entirely new technology, but as something that has been used in their commercial products in production, at scale.

VMblog:  Are there fundamental differences between how you might need to approach virtual-machine security versus container security?

Hindman:  I think the biggest thing is that with containers, the surface area, the attack vector area, is a lot larger because there's nothing in between the kernel and the container. Even though there's a lot of work being done in the kernel to try and make this stuff secure, it's more likely that there's bugs in that large surface area. With virtual machines, the attack vector is so much smaller because it's just a hypervisor that emulates a well-understood piece of hardware.

The real concern is not that you can't make containers secure, but that you have to think about all the potential attack vectors. The problem is that thinking about all these attack vectors means thinking about the entire surface area, and if the surface is huge there's a lot of cases to think about and it's hard to protect yourself.

That's why we're so interested in the secure containerization provided by projects like Photon, in order to leverage the security layers that already exist in virtual machines. That's why Photon and Lightwave are such strong complements. With Lightwave, it's more about generic identity and access management for the entire platform, for all the apps and services you're running. Lightwave has very little to do with securing containers, per se, and more to do with open sourcing identity and access management technology that will apply across both containers and virtual machines.

VMblog:  What does this mean for all the parties involved here, like Mesosphere, VMware and Docker, for example? Does this mean they can now start pitching containers as officially enterprise-ready?

Hindman:  There is no finish line when it comes to security. This is just another stage in the race and it makes people realize that putting security first is a very big part of this transition to micro services and container-based workloads and they really need to think about it ahead of time.

Containers and related technologies - Docker, Mesosphere DCOS, Kubernetes, and so on - are a big enterprise play, but they're also open source. And a big part of "enterprise" is security. I think a big part of why VMware is doing this is it's realizing that if its enterprise customers are moving in this direction, VMware is in a very good position to help them solve the security problem. At some point, it was going to have to happen. It's just a real requirement for enterprises.


Once again, a special thank you to Ben Hindman, co-founder of Mesosphere and the original author of the Apache Mesos project, for taking time to speak with VMblog.

Published Wednesday, April 22, 2015 7:13 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<April 2015>