VMware's companion project to Project Photon is Project Lightwave (Lightwave). Lightwave includes single sign-on, authentication, authorization and certificate authority, and certificate key management services to secure your containerized applications. Not only is this project free and open source, it's also enterprise-ready for all your cloud-native (containerized) apps.
Lightwave includes four key security components:
- Directory Services
- Certificate Authority
- Certificate Store
- Authentication Services
If you want to download Lightwave, you can get it from VMware's GitHub site.
I'm personally glad that VMware has stepped up with Lightwave because I think that many administrators and managers believe that virtual machines, including containers, are somehow more secure than their physical counterparts. Those of us in the know realize that this is far from true. VMware knows it too, hence Lightwave's existence.
I'm also happy that Lightwave debuted almost simultaneously with Project Photon. The reason is that had we waited for a year or more, there would have been a lot of hacks on containers, which would have sent the tech media folk into a frenzied lather over container security. It surprises and thrills me that VMware headed that off at the starting gate. But the assumption that a small system provides a "smaller attack surface" (video about 1 minute in) just isn't true. As anyone knows, it's not the size of the distribution, it's the exposed network services that creates the attack surface.
Security and network professionals know this. So does anyone who follows Black Hat Conference results on hacking operating systems. Ubuntu is a large/standard distribution, but out of the box it's pretty secure because it provides little for network hackers to latch onto.
While all of Lightwave's components are enterprise grade, be warned that for the timebeing its support is community-based because VMware considers it to be a technology preview. However, I don't want you to be shocked at this time next year when Project Photon and Project Lightwave both make their ways into VMware's ESXi and vCloud product lines at a subscription cost for support.
Community support will always exist, but realistically enterprises won't adopt it on a large scale without that support backing.
Lightwave notable features:
- Multi-tenancy to simplify governance and compliance across the infrastructure and application stack and across all stages of application development lifecycle
- Support for SASL, OAuth, SAML, LDAP v3, Kerberos, X.509, and WS-Trust
- Extensible authentication and authorization using username and password, tokens and PKI infrastructure for users, computers, containers and user defined objects
I look forward to the evolution of Photon, Lightwave, and the whole container ecosystem. I think (and have said for years) that container virtualization is the way to go.
Lightwave™ is comprised of many open source software components, each of which has its own license that is located in the source code of the respective component as well as documented in the open source license file accompanying the Lightwave™ distribution.
What do you think of Project Lightwave and Project Photon so far? Have you had a chance to use either of them? Do you think that you will now that you know about them? Talk back and let me know.