Getty Images

Server-side WebAssembly prepares for takeoff in 2023

Server-side WebAssembly is still a work in progress, but engineers at Adobe and BMW say it shows promise for fast, flexible app management among cloud and edge environments.

Server-side WebAssembly has gained enough momentum in the last year to win over early adopters at large enterprises, who hope it will help them distribute apps between cloud and edge environments more easily.

WebAssembly (Wasm) has been expanding its reach since it began in 2017 as a language for running applications inside web browsers. It began to move beyond the browser in 2019, when Mozilla introduced an open source project called the WebAssembly System Interface (WASI) that provided a framework for WebAssembly apps to access operating system resources. This set the stage for content delivery networks (CDNs) to use WebAssembly to deploy customers' apps without giving them access to the underlying CDN infrastructure.

Meanwhile, enterprises had started down the path of application portability with Kubernetes and containers but began to face resource constraints when they tried to deploy apps in edge locations such as cell phone towers and on small IoT devices. Miniature versions of Kubernetes such as K3s, MicroK8s and MicroShift arose to tackle that problem, but container-based apps also lacked easy portability between programming languages and OSes, as well as new processor types such as ARM and GPUs.

Once CDN vendors demonstrated the ability to run apps built with WebAssembly that were agnostic to underlying processors and OSes, a light bulb went on in the IT industry. Given the growth of distributed microservices applications and edge computing over the last three years, the time was ripe to explore WebAssembly as a full-fledged enterprise application platform.

"About a year ago, I started working on how we were going to run microservices in FedRAMP [compliant environments], and right before we started our real auditing of our application, the FedRAMP standard changed -- any CVE, of any rating, had to be reported," said Colin Murphy, a senior software engineer at Adobe, in a presentation at KubeCon Europe in May. "Kubernetes uses a lot of third-party images, and if you're fairly sophisticated, you have lots of controllers, and you think you've done a great job, covered all your bases -- and you end up with thousands of CVEs."

This started Adobe's search for a replacement for Kubernetes in strictly regulated Federal Risk and Authorization Management Program (FedRAMP) environments, which led it to an open source IT infrastructure platform project called wasmCloud, first launched in 2019.

"It's kind of what we've been doing with [our Kubernetes platform] for a while," Murphy said. "But with WebAssembly, I don't have to have the operating system that's in Docker, it's going to be very fast compared to a JVM in SpringBoot in startup time and memory footprint, and it'll be easier for compliance with HIPAA, SOC 2, FedRAMP and PCI."

Server-side WebAssembly takes its first steps into data centers

In the 18 months since Adobe's engineers first began to explore server-side WebAssembly, the company has deployed a set of proof-of-concept apps in its internal Kubernetes platform using wasmCloud. The open source framework links apps to various software libraries specific to different OSes, processor types, Kubernetes distributions and cloud APIs via WebAssembly modules.

With WebAssembly, I don't have to have the operating system that's in Docker, it's going to be very fast compared to a JVM in SpringBoot in startup time and memory footprint, and it'll be easier for compliance with HIPAA, SOC 2, FedRAMP and PCI.
Colin MurphySoftware engineer, Adobe

"We run wasmCloud inside Kubernetes as a sidecar [container], and it's shown a tenfold improvement in performance over containers in cold startup time," said Sean Isom, engineering manager at Adobe, in a separate interview this month. "We've been working with WasmCloud to build providers for [Amazon] Dynamo DB, cryptography and snapshots, but we're waiting for WASI to catch up."

In theory, once wasmCloud is running in production, platform engineers can make decisions about where and how to deploy applications at runtime without requiring developers to change their code. But for now, this remains a theoretical proposition for Isom's team, as it awaits full-fledged WebAssembly support for programming languages and libraries outside of Rust.

WebAssembly compiler projects for various languages have been incubating in projects hosted by the Bytecode Alliance, a nonprofit consortium of vendors. Those projects have also made strides this year in broadening server-side WebAssembly support for traditional programming languages such as Python, Java and .NET.

"Long term, the language support is less important than support for libraries to get the developer experience to the point where you can just say, 'Follow this README, and here are the five steps you need to put your service into this model,'" Isom said. "But it's a really promising technology, one that enterprises are taking notice of -- it's not just a toy anymore. And the orchestration story is already there with wasmCloud."

German automaker BMW is at an earlier stage of testing open source wasmCloud than Adobe, but one of its data scientists said he believes server-side WebAssembly will likely be the future basis for the company's legacy application modernization, as well as machine learning app distribution to edge devices in cars.

"Twenty years ago, it was natural to program in Windows and compile for 32 bits, but going into big data with Windows compute nodes sounds stupid today," said Christoph Brewing, a data scientist and software developer in the company's research and development division. "We had to switch at a certain point from Windows to Linux, and that's where the problem is. … It sounds easy to recompile the application, but it's not."

Tools such as wasmCloud could offer a way to bring those applications into use on a more modern infrastructure platform without having to refactor them, Brewing said.

Server-side WebAssembly apps could also pre-process and post-process machine learning data close to where it's created in cars. BMW could then bring that processed data into its cloud for analysis without having to create two sets of tools, according to Brewing.

So far, Brewing's experiments with wasmCloud have been limited to testing it with an inference service app he built, but the results have him optimistic about expansion to a working prototype of wasmCloud in the next year.

"I hope that for our next generation of tools, we can leapfrog the market and go straight to Wasm," he said. "But it's not as easy as bringing everything into Rust -- you need interfaces with the real world."

Brewing echoed Adobe's Isom about the need for better language and library support for Wasm before he can consider it for use at scale in production. He also cited known issues with WASI, such as a lack of mature support for multi-threading, as well as a lack of a mature external file system and network access, as blockers to running server-side WebAssembly in production.

Server-side WebAssembly takes aim at FaaS, edge Kubernetes

Most server-side WebAssembly proponents acknowledge there's still work left to be done to make the technology ready for mainstream enterprise adoption. But even within the six months between KubeCon + CloudNativeCon Europe in May and its North American counterpart in October, commercial vendor support for server-side WebAssembly expanded at a blistering pace.

For example, the commercial vendor that supports wasmCloud, Cosmonic, released a developer preview of its Cosmonic platform as a service at the colocated Cloud Native Wasm Day North America event Oct. 24, saying it has accumulated 100 early adopters and raised $8.5 million in seed funding.

Server-side WebAssembly portability
As they develop, server-side WebAssembly runtimes have the potential to make apps portable across devices, programming languages and OSes without refactoring.

Another startup, Fermyon Technologies, launched a Wasm-based PaaS, also on Oct. 24. Fermyon has raised $26 million in funding so far over two rounds, the most recent of which was $20 million announced at Cloud Native Wasm Day. The company is working with Microsoft to host a version of its PaaS on Azure Kubernetes Service.

Also during Cloud Native Wasm Day North America, a CNCF project called WasmEdge, which positions Wasm and WASI as faster, more efficient replacements for Linux containers, unveiled a new partnership with Docker, which plans to add Wasm runtime support to its developer workflow tools.

Few, if any, server-side WebAssembly proponents say it will replace Linux containers entirely, but many say container-backed function as a service (FaaS) products such as AWS Lambda and event-driven computing projects such as Knative could be disrupted by server-side Wasm.

"People can over-rotate on the idea of it replacing Lambda, but some people like it as a potentially standardized serverless-style runtime that can be embedded in a smaller footprint," said Justin Cormack, CTO at Docker. "We also see potential for a modular system of libraries that can be shared by multiple languages, a kind of universal shared library."

Major cloud providers don't yet offer their own WebAssembly-based functions as a service, but customers can build such services themselves using open source components. Amazon's retail business uses WebAssembly to run the Prime Video app on thousands of combinations of media devices and video streaming formats.

"If I were a betting person, I'd say with high confidence that AWS will have Wasm Lambda out for 2023," said Liam Randall, founder and CEO of Cosmonic. "In fact, I'd say the big three cloud providers will all launch at least a preview of Wasm [serverless functions] in the next year."

Edge computing-focused versions of Kubernetes might also be displaced by server-side WebAssembly as it matures, according to one analyst.

"Even some of the Kubernetes versions developed for single-node and telco edge are kind of fat compared to Wasm," said Brent Ellis, an analyst at Forrester Research. "With Wasm, you can get down to a 32-kilobyte compiled app, run just that app in the edge environment, and link it to libraries and a broader app stack in the cloud environment."

The broader macroeconomic picture in tech as a new year approaches could reduce the time and funding IT pros have to spend on experimental projects such as server-side WebAssembly. But for companies such as Adobe, the incentives will make experimentation efforts worthwhile, according to Isom.

"We haven't seen cost savings yet because we haven't fully replicated our production traffic [in WasmCloud]. … But anything we can do to trim even 2% to 3% off our infrastructure costs at a company the size of Adobe is worth investigating," he said. "The way the market is going, I see Wasm as opening use cases we haven't even envisioned today to get code closer to users, which also gets you more customers."

Beth Pariseau, senior news writer at TechTarget, is an award-winning veteran of IT journalism. She can be reached at [email protected] or on Twitter @PariseauTT.

Dig Deeper on IT systems management and monitoring

Software Quality
App Architecture
Cloud Computing
Data Center