There should only be one infrastructure in your enterprise. To the extent that you use any other infrastructure than one that can be managed by VMware’s vCenter, that’s a silo. And you don’t want silos. That was the message repeated by VMware’s business leaders throughout over three hours of keynote speeches at its VMworld 2014 conference in San Francisco Monday and Tuesday.

It was somewhat difficult for their message to co-exist with the news that VMware was making room for the OpenStack cloud orchestration platform and the Docker container platform in its infrastructure. But VMware gave it a shot anyway.

Opening a wedge in the door for OpenStack
“About 15 or more months ago, we joined the OpenStack community,” said VMware’s SDDC general manager Raghu Raghuram during the Day 2 keynotes on Tuesday. “Since then, we’ve been contributing code not only to the core compute, network, and storage components of OpenStack, but in fact, all of OpenStack. We have put in a tremendous effort.”

At the time that happened, some veteran datacenter market observers wondered what VMware’s intent might be — a bit like Microsoft joining the Linux Foundation. As it turned out, OpenStack surged ahead of other open source efforts to quickly become the leading hybrid cloud orchestration platform for Linux — and, thus, for servers. VMware’s contributions enabled it to build an OpenStack distribution around the vSphere hypervisor, so that customers moving toward the OpenStack option would not be considering a move away from the vSphere ecosystem.

“As a result, I’m proud to say that the best way to run OpenStack is on top of VMware,” pronounced Raghuram (twice). “[We’ve] got an integrated OpenStack offering that’s built right into vCenter, you can activate it with virtual appliances, and once you’ve done that, it takes advantage of the best, most trusted hypervisor on the planet; it takes advantage of the most innovative networking stack in the industry; [and] it takes advantage of the hundreds of storage arrays that are supported by vSphere, including Virtual SAN, and of course including Virtual Volumes.”

VMware’s strategy with this alternative mode is clearly to forestall a potential hardline competitor from developing a competitive ecosystem that clearly excludes VMware. The company has termed all such visions of the datacenter “silos.” Another case in point is VMware’s new support for Docker containers, a new industry-wide methodology for packaging virtual components that are completely self-contained and portable.

Retroactive invention
Borrowing a page from Microsoft’s 2005 playbook on then-new virtualization technology, VMware made the case that Docker is so easy to support because the technology is actually rather old, and VMware mostly invented it anyway.

“Containers are a new technology,” said Ben Fathi, VMware’s CTO, before his boss Raghuram shouted back quickly, “Not!”

“They’re not a new technology,” Fathi corrected himself. “They’ve been around for ten or fifteen years. They have been available in BSD as jails, in Solaris as zones — even Windows 2000 Datacenter Edition 15 years ago had a similar concept in it.”

Of course the big difference between a jail and a container, both in the metaphorical and real-world sense, is that the latter is somewhat portable. But Fathi continued: “Containers aren’t that new. They’re really a powerful abstraction, but they never really caught on until a couple of years ago. A company came along called Docker, and they created this really nice, ubiquitous packaging format, so developers can write their application once and run it anywhere. Literally, they can run it on their laptop, on a bare metal Linux server, ... in the cloud, ... on a PaaS layer...

“In fact, some people are already saying, ‘VMs are yesterday’s news; Docker and containers are the future,’” he continued. “We believe that’s fundamentally wrong. We believe in containers without compromise... We think that VMs and containers deliver the best value when they work together.”

“Isolation after the fact”
“Together” in this case does not appear to mean side-by-side. In a blog post two weeks ago, VMware’s CTO for end-user computing, Kit Colbert (one of VMworld’s “rock stars” every year), argued that one optimum place for containers to be run is inside virtual machines. First, Colbert explained that VMware’s SDDC concept provides an entire ecosystem, including management tools, that Docker lacks (an argument which Docker’s supporters may dispute). Next, he said that because containers package OS subsystems inclusively, for what he called “trying to add in isolation after the fact.” The result is a configuration that has not yet been vetted by security experts as vSphere has, he said, and which may take several years before they match vSphere’s acceptance “as a standard security building block in IT.”

With all this being prologue, Colbert finally suggested that Docker containers be enveloped within VMs. “Running containers inside VMs brings all of the well-known VM benefits,” he wrote, “the proven isolation and security properties I just mentioned, plus mobility, dynamic virtual networking, software-defined storage, and the massive ecosystem of third-party tools built on top of VMs.” While some may argue this would incur performance costs, Colbert assured readers that tests would prove otherwise — tests whose results we might see following the close of VMworld this week.

“If you think about containers today,” said CTO Ben Fathi on Tuesday, “a developer will probably work on it on their laptop, they’ll maybe use Fusion or Workstation or just standard Linux to develop the application that allows them to do fast iterations. But at some point, they’ve got to take that application into production. And when they put it into production, we believe the best place to run it is on top of VMs, because that gives IT the ability to control the environment.”

The consequences of running Docker — or, for that matter, OpenStack — as an entity unto itself the way it was originally designed, was articulated by Fathi: “There’s no need to set up another infrastructure silo so you can just run your containerized applications. You can run them seamlessly the same way, on the same SDDC architecture, and VMs and containers together give you the best value.”

It’s an interesting way to consider “togetherness,” a bit like a pairing of shark with squid. But in the end, it may very well look like just one piece.