If you use Red Hat Enterprise Linux (RHEL) in your environment, you are probably familiar with a lot of its features and functionality. However, many people are not as familiar with the Red Hat Insights functionality available at the Red Hat Hybrid Cloud Console, as well as the different options you have for connecting RHEL systems to Red Hat.  

How you choose to connect your RHEL systems to Red Hat is important, as this determines what level of functionality and value you can receive from these online services. It is also important from an IT security and compliance standpoint, as it determines how much data your systems will share with Red Hat and if your systems can directly execute remediation playbooks and commands initiated from the Hybrid Cloud Console.  

The range of user needs varies considerably. Some desire a fully-connected management experience, while others prefer to have their RHEL systems fully disconnected and isolated from the Internet. Red Hat offers options across this entire spectrum.

Range of user needs related to having their RHEL systems connected (or disconnected) from Red Hat.

Overview of Red Hat Insights functionality available on the Hybrid Cloud Console

If you haven’t looked at Insights recently, you might be surprised at the amount of functionality that is now available for streamlining management of your Red Hat infrastructure.  

Insights can be used to manage RHEL environments running in a public cloud, hybrid cloud environments spanning multiple public clouds, or on-premise environments.  

Here is an overview of the currently-available functionality on the Hybrid Cloud Console related to RHEL:

  • Insights Advisor helps you more easily identify potential issues with your RHEL systems related to security, performance, availability or stability. For many of the issues identified, you can generate a remediation playbook to remedy them.
  • Insights Patch helps you identify which advisories are applicable to your RHEL systems and generate remediation playbooks to install them.
  • Insights Vulnerability helps you identify which systems in your environment are impacted by security vulnerabilities, generate reports related to them and generate playbooks to install patches to remediate these issues.  
  • Insights Compliance helps you determine if your RHEL systems meet various compliance policies, and generate remediation playbooks to fix many of the issues identified.  
  • Insights Malware notifies you if systems are found to contain known malware.
  • Insights Drift allows you to compare RHEL systems to each other (or to a pre-defined baseline) to identify differences. You can generate events based on these drift findings to help enable root cause analysis and correction.
  • Insights Resource Optimization helps you identify if your RHEL workload that is running in a public cloud environment is properly sized.  
  • Insights Policies allows you to define custom policies to monitor your RHEL configuration, and can tie into your active management processes via eventing.
  • Subscriptions helps you monitor your RHEL usage by physical, virtual and public cloud sockets.  
  • Image Builder allows you to build RHEL images for a number of different platforms.  

For more information on these Insights services, refer to the Red Hat Insights product documentation.  

You’ll notice that many of these Insights services have analytics functionality, as well as active management functionality.  The active management functionality relies on Ansible Playbooks that are generated by Insights or eventing infrastructures. For more information about Insights events and notifications, including how to configure integrations with Splunk, ServiceNow or Slack, refer to the Configuring notifications and integrations on the Red Hat Hybrid Cloud Console documentation. Insights events can even integrate with the Event-Driven Ansible developer preview. For more information see the Using Red Hat Insights as a source of events for Event-Driven Ansible automation blog post.  

Once the remediation playbook has been generated on the Hybrid Cloud Console, you have several options to run it:  

  1. You can download and execute the remediation playbook in your environment.
  2. If you have a Red Hat Satellite subscription (formerly known as a Smart Management subscription), you can directly execute the remediation playbook on systems in your environment from the Hybrid Cloud Console.
  3. You can utilize Red Hat Ansible Automation Platform. For more information, see the Setting up Insights Remediations documentation.  

To be able to directly execute playbooks, you’ll need systems that are connected with the remote host configuration (RHC) tool or the Satellite Cloud Connector. To be able to see the analytics information, you’ll need systems that are either connected with insights-client or RHC.

The following table provides a summary of what functionality is available depending on the method you use to connect your RHEL systems: 

 

Directly execute remediation playbooks on RHEL systems from Insights

Download and manually run remediation playbooks from Insights

View analytics information about RHEL systems with Insights

Subscription management

Connected with Insights remote remediations management, with Satellite subscription

(rhc or Cloud Connector)

Yes

Yes

Yes

Yes

Connected with Insights analytics 

(insights-client)

 

Yes

Yes

Yes

Connected with subscription management

(subscription-manager)

     

Yes

Disconnected

(Satellite)

     

Yes, with Satellite

Connecting with Insights remote remediations management

As an overview, connecting with Insights remote remediations management enables the following workflow:

  • Your systems are registered to Red Hat and you can access content from the Red Hat repositories that your subscriptions entitle.  
  • You can access the Hybrid Cloud Console and view all of the analytics information regarding your environment.
  • You can generate remediation playbooks from Insights to perform tasks such as installing patches, remediating issues, etc. 
  • From the Hybrid Cloud Console, you can execute these playbooks on your connected systems.
  • You can use RHC to manage the configuration of Insights services on your RHEL hosts.
  • You can utilize Subscription Watch to monitor your RHEL subscription usage.

If you’d like to be able to directly run active management playbooks generated from Insights, you’ll need a Satellite subscription as well as RHEL systems that are connected to Red Hat with either the remote host configuration (RHC) tool or, if you use Satellite in your environment, with the Satellite Cloud Connector.  

Connecting systems to Red Hat with the RHC tool will register them to subscription management, enable data collection for Insights, and enable the rhc daemon which allows for playbooks generated on the Hybrid Cloud Console to be directly executed on the host. In addition, RHC allows you to manage the configuration of Insights Services on RHEL hosts. Currently, the only supported service that can be configured with RHC is Insights Compliance, which allows you to optionally have RHC install the required OpenSCAP packages on RHEL hosts.  

For more information on connecting your RHEL systems with RHC, see the Remote Host Configuration and Management documentation.  

If you use Satellite in your environment, you can use the Cloud Connector to enable Insights remote remediations. With the Cloud Connector, playbooks can be generated on the Hybrid Cloud Console, and then be executed on the hosts, using the local Satellite server.  For more information, see the Using Cloud Connector to remediate issues across your Red Hat Satellite infrastructure documentation.  

Connected with Insights analytics

As an overview, connecting with analytics enables the following workflow:

  • Your systems are registered to Red Hat and you can access content from the Red Hat repositories that your subscriptions entitle.  
  • You can access the Hybrid Cloud Console and view all of the analytics information regarding your environment.
  • You can generate remediation playbooks to perform tasks such as installing patches, remediating issues, etc. 
  • You cannot directly execute these playbooks on your hosts from the Hybrid Cloud Console, however, you can download and manually run the playbooks.
  • You can utilize Subscription Watch to monitor your RHEL subscription usage.

The connected with analytics experience allows you to take advantage of the analytics functionality available in Insights. You can also generate remediation playbooks to perform operations from Insights, but you cannot directly execute them. However, you can optionally download and manually run these playbooks.  

To enable the Insights analytics functionality, the insights-client tool uploads information from your RHEL systems to Red Hat on a routine basis (normally daily). To find out more information about what data is uploaded, see System Information Collected by Red Hat Insights.  

To enable this experience, you can register your systems to Red Hat using the subscription-manager and insights-clients utilities. For more information on connecting with insights-client, see the Client Configuration Guide for Red Hat Insights documentation.  

Connected with subscription management 

As an overview, connecting with only subscription management enables the following workflow:

  • Your systems are registered to Red Hat and you can access content from the Red Hat repositories that your subscriptions entitle.  
  • You cannot utilize the Insights analytics or remediations functionality.
  • You can utilize Subscription Watch to monitor your RHEL subscription usage.

In some environments, regulation, security policies or other reasons prevent customers from sharing the amount of information from their RHEL systems needed to enable Insights analytics functionality.  

In these environments, customers can register their systems with subscription management. Some information is still shared with Red Hat, however, but it is significantly less than the data uploaded when utilizing the Insights analytics experience. For more information, see the Data Gathered and Used by Subscription Watch article and the How the subscriptions service gets and refreshes data documentation. 

For more information on registering your RHEL systems with subscription-manager, see Registering a system using Red Hat Subscription Management documentation.  

Disconnected environments

In some environments, RHEL systems are disconnected from the internet entirely, or other regulations and security policies prevent customers from having their RHEL systems share information with Red Hat.  

In these environments, it is recommended to use Red Hat Satellite. With Satellite, you can use Inter-Satellite Synchronization (ISS) to synchronize content from a connected Satellite server to a Satellite server within the disconnected environment.  

For more information on Inter-Satellite Synchronization (ISS), refer to the Synchronizing Content Between Satellite Servers documentation.  

When and where to connect RHEL systems to Red Hat

There are a number of different methods that can be used to connect RHEL systems to Red Hat. For example, you can connect systems using command line utilities such as rhc, insights-client and subscription-manager. You can also connect using the RHEL web console, the RHEL installer (through an interactive install or kickstart install) and the RHEL image builder. Currently, not all of these different methods support connecting systems with Insights remote remediations management (using RHC) – but we are planning on updating them to enable this as an option in the future. In the meantime, using the rhc command line utility is currently the recommended solution to connect systems with Insights remote remediations (or if you are using the public cloud, see the section below on cloud-based auto-registration).  

Activation keys

Activation keys provide a method to register systems to Red Hat without using a Red Hat customer portal username  and password. This can help increase security and make it easier to automate the registration process. Activation keys can also be used to set the system purpose (role, SLA and usage) of the RHEL systems that register with the activation key.

For more information about activation keys, refer to the Creating and managing activation keys documentation.  

Cloud-based auto-registration

If you use RHEL in a public cloud, you can optionally enable cloud-based auto-registration. With this configured, newly created RHEL instances in your public cloud account can be automatically registered to Red Hat with RHC. For more information, refer to the Cloud Based Auto-Registration article.  

Conclusion

One of our previous RHEL releases highlighted that RHEL brings the Linux experience to nearly every enterprise, every cloud and every workload. This includes customers from many different sectors, customers from around the world who operate under many different rules and regulations, ranging from those who are all-in on cloud to those who operate in fully-disconnected on-premise environments, and everything in between. Because of this, RHEL offers a number of different options when connecting RHEL systems to Red Hat.


About the author

Brian Smith is a Product Manager at Red Hat focused on RHEL automation and management.  He has been at Red Hat since 2018, previously working with Public Sector customers as a Technical Account Manager (TAM).  

Read full bio