Zero Trust MLOps with OpenShift Platform Plus

Artificial intelligence (AI) has been evolving as one of the top priorities for organizations because of the increasing volume of data being generated from core data centers to the edge. Similarly, the adoption of Kubernetes in the past 10 years has resulted in improved scalability, reliability and business resilience.

While Kubernetes has resulted in immense benefits, operational management and security continue to be challenging. Managing software supply chain integrity, monitoring the security of container images and runtime environments and enforcing compliance policies can be overwhelming.

Organizations frequently experience challenges scaling AI and machine learning (AI/ML) use cases for enterprise-wide adoption. MLOps helps teams provision infrastructure, stage models, manage dependencies, orchestrate model calling and serve AI models in a scalable fashion to accelerate the time-to-value of AI/ML applications for organizations. MLOps has been gaining momentum with Kubernetes adoption for data models similar to how DevOps has been adopted for app development, providing self-healing, auto scalability, automated pipeline and many more capabilities.

An MLOps process constitutes five major steps:

1. Data acquisition from different sources
2. Data tuning and data validation
3. Data model training
4. Deploying models at scale to enable AI applications
5. Continuous monitoring and modification of models and AI applications

Red Hat OpenShift AI is built using open source technologies, providing a flexible and scalable MLOps platform with tools to build, deploy and manage AI-enabled applications. It brings together a powerful suite of tools designed to make the process of fine-tuning and serving foundation models more seamless, scalable and efficient, simplifying the end-to-end data science process from model development to deployment.

Red Hat OpenShift Platform Plus serves as a foundation for MLOps, providing a collaborative environment for data scientists, analysts, operations and developers, resulting in a 210% return on investment and 20% improvement in data scientist efficiencies. OpenShift AI and OpenShift Platform Plus provide a more secure open hybrid cloud platform to run data science models, that enables tighter controls across application development, model provenance, governance and runtime threat detection.

Kubernetes misconfigurations are serious threats against containerized AI workloads because cybercriminals can exploit these settings to breach the enterprises (for example, enabling anonymous access with high privileges or getting access to data users aren’t allowed to access). Data model security must be considered early in the MLOps pipeline, and shouldn’t be an afterthought. OpenShift Platform Plus, along with its ecosystem partners, reduces complexity by enforcing security policies and providing a zero trust architecture for running AI models on the platform.

Here are 12 aspects of OpenShift Platform Plus that make this possible:

1. Red Hat Enterprise Linux CoreOS: OpenShift runs on Red Hat Enterprise Linux CoreOS, providing the same rich automated and remote upgrade features of Red Hat Enterprise Linux (RHEL) while enhancing the security and experience for developers, data scientists and operations team.
2. Role Based Access Control (RBAC): RBAC allows fine-grained control over who has various access levels to the cluster, helping define strict boundaries between different projects and blocking unauthorized resource access.
3. Auditing and monitoring: OpenShift provides the ability to audit and monitor the cluster in a variety of ways, including metrics, alerts, logs, dashboards, etc.
4. Context-based access control: Red Hat Single Sign-On (SSO), included in OpenShift, provides identity federation based on SAML 2.0, OpenID Connect and OAuth 2.0.
5. Multifactor authentication: OpenShift supports multiple identity providers, including active directory, LDAP, OpenID connect, etc.  
6. Quotas and limit range: OpenShift allows you to enforce resource quotas per project to limit the damage from denial of service attacks. The namespace segregation and storage isolation are also enforced.
7. Compliance Operator: This operator allows you to assess the required compliance state of the cluster as well as provide an overview of gaps and ways to remediate them.
8. Real-time vulnerability management: Red Hat Advanced Cluster Security for Kubernetes helps detect and restrict network policy based on application ports and protocols.
9. Encryption: Red Hat OpenShift Data Foundation supports cluster-wide encryption (encryption-at-rest) for all the disks and multicloud Object Gateway operations in the storage cluster.
10. Implement version control: Quay.io helps prevent deploying of images with known vulnerabilities.
11. Secrets: OpenShift provides a mechanism to store sensitive information such as passwords, configuration files and repository credentials to help avoid data poisoning.
12. Regularly updated container images: OpenShift simplifies Day-2 activities and health checks to improve the speed at which vulnerabilities are addressed.

To summarize, Red Hat provides an enterprise-ready open hybrid cloud platform enabling self-service for data scientists and developers to integrate, streamline, automate and simplify the creation of a zero trust architecture for MLOps processes. Please reach out to your account team for more information.