During Cloud Native Wasm Day, Adobe’s Colin Murphy talked about how Adobe is using WebAssembly within its flagship web browser-based products Photoshop, Lightroom and Acrobat. He also explored potential Wasm use cases for edge compute and in the data center with wasmCloud.
Of particular interest were the potential performance, cost-savings, security and compliance benefits as Adobe expects to take advantage of these technologies moving forward.
Check out the highlights below, and be sure to tune into the 30-minute presentation for a deeper discussion, lessons learned and recommendations for cloud native developers that want to write in Rust and take advantage of WebAssembly and wasmCloud.
AppDev at Adobe
On the server side, everything runs on Kubernetes.
Addressing Common Vulnerabilities and Exposures
In 2021, just as Adobe began working out microservices, the Federal Risk and Authorization Management Program (FedRAMP) standard changed. Any Common Vulnerabilities and Exposures (CVEs) of any rating had to be reported to Adobe’s sponsor. When running Kubernetes, it’s possible to end up using a lot of third-party images. The level of sophistication impacts the volume of controllers. “Despite feeling like all bases are covered, it’s possible to end up with thousands of CVEs. Imagine having one vulnerability from 2013 that nobody thinks is important? It will get flagged in Ubuntu, Red Hat, and maybe Alpine. This will result in three CVEs that no one has any intention of ever fixing, which makes it difficult to get through a FedRAMP audit.”
According to Colin, if you’re using a lot of of Docker images, you have three options to shore up CVEs:
- Pay people money to fix them.
- Fork third-party projects.
- Just cut them out altogether.
Thinking outside the box, Colin also evaluated a fourth option: finding a secure-by-default alternative that allows you to edit third-party images once and have them run in multiple locations.
WebAssembly: A Bridge to the Future
“We started to consider a successor to Docker or Kubernetes,” he said. “When considering WebAssembly, we asked whether it’s possible to take a live microservice actually running in Adobe’s Kubernetes production environment and deploy it on the client, on the edge, and on the server using WebAssembly”
“Everything is moving toward increasing functionality for data locality. Developers want to produce applications that can be used in different places,” he explained. “When writing with an understanding of the business logic, they don't want to have to worry about how it gets deployed – where or what.”
Testing revealed that in addition to its inherent security advantages, WebAssembly:
- Delivers a more scalable, responsive, innovative, and compliant customer experience versus JVMs
- Substantially reduce high cost of idle VMs and network traffic, especially for idle workloads
- Reduces and eventually eliminates Docker container orchestration and vulnerability issues
Be sure to check out highlights during Adobe’s demo showing how to:
- Port Adobe’s business logic that’s running live in a Kubernetes cluster into Wasm modules for wasmCloud, Cloudflare Workers and Fastly.
- Edit business logic collaboratively using Rust and WebAssembly
- Run machine learning models at the edge with wasmCloud
Conclusion – for CDN edge workers and server-side WebAssembly
For CDN edge workers there are upsides to using WebAssembly – zero overhead, and lower latency, cost savings and near instantaneous execution time as server-side work gets moved closer to the user. There are also a few downsides, for example, you cannot run the modules in the browser, there’s limited language support, and there is no AWS / Azure credential sharing.
“Early opportunities for server-side WebAssembly works when it becomes its own platform supporting the migration of browser functionality. Server-side Wasm offers efficiency, ease of portability and security, as well as future expansion to edge computing.”
According to Murphy, “[I am] looking forward to the future of a seamless experience. [Wasm] is going to be a thing … a major player on the server side.”