WebAssembly has gone beyond web browsers and into edge computing as it heads into the heart of the cloud and enterprise data centers.
WebAssembly (Wasm), released by the World Wide Web Consortium (W3C) in 2017, is an assembly language designed to run application code in web browsers. In 2019, W3C member Mozilla introduced a WebAssembly System Interface (WASI), which created a framework for WebAssembly applications to access operating system resources, setting the stage for WebAssembly to move out of the browser.
And get out of the browser he did. The potential of the combination of WebAssembly and WASI was such that it prompted Docker founder Solomon Hykes to Tweeter in 2019, “If WASM+WASI existed in 2008, we wouldn’t have needed [create] Docker. It’s so important. WebAssembly on the server is the future of computing.”
Since then, WebAssembly has made its way into cloud-native computing circles where developers want to run custom applications without direct access to the underlying infrastructure. These environments include mobile and edge computing deployments, such as content delivery networks (CDNs), where WebAssembly offers a lightweight way to bring application processing closer to consumers and supports a range of processor types.
Although it is still early days for WebAssembly and WASI, as 2022 begins these concepts are beginning to be considered by mainstream computing professionals. Despite their promise, however, WebAssembly and WASI also have drawbacks: they require a separate set of still-mature compiler toolchains that convert common programming languages into compatible bytecode and can raise their own security issues.
If WASM+WASI existed in 2008, we wouldn’t have needed to create Docker. It’s so important. Web assembly on the server is the future of computing. A standardized system interface was the missing link. Let’s hope WASI is up to the task! https://t.co/wnXQg4kwa4
— Solomon Hykes (@solomonster)
March 27, 2019
Advantages and disadvantages of WebAssembly
Proponents of Wasm claim that it is inherently more secure than traditional application runtimes, citing the fact that WebAssembly code is “sandboxed” or limited in the memory resources it can access, by default.
“One of the issues with software supply chain security is that I have an npm package with 100 dependencies, and I have no idea if those 100 dependencies are returning data to another server,” said Michael Yuan, CEO of Second State, a startup. which markets a commercial product based on the WasmEdge WebAssembly server-side project from the Cloud Native Computing Foundation. “So with WebAssembly you can say, ‘This module does not have network access, although it is deployed on a network machine.'”
However, while WebAssembly sandboxing protects against some forms of attack, it remains open to others that have been effectively mitigated for other codebases.
fintan ryanAnalyst, Gartner
“Sandboxed memory that makes it nearly impossible for WebAssembly to touch what’s out also makes it harder for the operating system to prevent bad things from happening inside,reads a Linux Foundation blog post from March 2021 (italics in original). ‘he should not touch, can not operate there.’
Another potential pitfall for Wasm/WASI is a relative lack of maturity among build tools and toolchains compared to the DevOps pipelines that IT pros have grown accustomed to over the past five years, according to Fintan Ryan. , analyst at Gartner.
“It doesn’t have the elegance of a lot of other environments,” Ryan said. “There’s a lot of work going on there, but it’s kind of like going back to how you built the software 15 years ago – once the toolchain is up and running. runtime is fine, but most people aren’t interested in going through all the hassle of setting this up.”
WebAssembly creeps on edges
Given the remaining hurdles to early adoption, Wasm has made its way into the corners of the tech industry with the strongest incentives to use it to improve scalability and peak performance.
For example, the rapid instantiation of applications using WebAssembly is attracting retail industry service providers, such as Shopify, which uses Wasm-based tools to host custom partner applications in its cloud. while maintaining the security and scalability of its core platform.
Over the past four years, CDN providers have also begun to support serverless edge computing mechanisms that allow customers to run resource-intensive applications close to consumers, without needing to access to or manage the underlying infrastructure.
These mechanisms, in turn, hosted WebAssembly functionality outside the realm of traditional web browsers. Cloudflare, for example, added support for WebAssembly to its Cloudflare Workers product in 2018. Cloudflare Workers was originally JavaScript-based, but WebAssembly was better suited to a wider range of programming languages and tasks. more resource-intensive such as resizing images or processing audio streams. , according to a Cloudflare blog post. However, although Cloudflare Workers represent a new use for Wasm, they use the Service Worker JavaScript API rather than WASI.
Another CDN provider, Fastly, has adopted WASI within Lucet, the company’s implementation of a WebAssembly compiler and runtime, which Fastly donated to open source in early 2019. in mid-2020, Fastly shifted its focus from Lucet to Wasmtime, a more widely supported project. governed by the Bytecode Alliance.
This alliance was founded by Mozilla, Fastly, Intel, and Red Hat in late 2019 with the goal of improving Wasm security. The alliance also created WASI common, a reusable library of WASI functions, or hostcalls, to further standardize how Wasm projects use WASI.
Yet for most enterprise users in late 2021, WebAssembly seemed to be the domain of specialized service providers like Fastly, given its relative newness and complexity.
“WebAssembly is super interesting in terms of its relationship to the container space, because you wonder if sandboxing and WebAssembly-style runtimes are the future,” said Josh Koenig, co-founder and chief strategy officer at Pantheon. , a web operations company. platform in San Francisco.
Pantheon experimented with Fastly’s [email protected] platform, which includes WebAssembly, but hasn’t put it into production yet. Although Koenig has an academic interest in broader discussions of WebAssembly, he is unlikely to delve into WebAssembly in his environment, he said.
“That’s a level below where we’re likely to be involved as a company,” Koenig said. “But we expect our vendors to probably run WebAssembly on our behalf.”
Some WebAssembly proponents have ambitions for the technology that go far beyond the edge, deep into enterprise and cloud data centers alongside containers and Kubernetes. Learn how the Cloud Native Computing Foundation is cultivating WebAssembly server-side tools for enterprises in part two of this story.
Beth Pariseau, Senior Writer at TechTarget, is an award-winning veteran of IT journalism. She can be reached at [email protected] or on Twitter @PariseauTT.