Red Hat ブログ
If you attended the morning general session led by Paul Cormier, executive vice president and president of Products and Technologies at Red Hat, you heard some exciting cloud and container-related announcements. First, Red Hat and Amazon Web Services (AWS) have partnered to integrate AWS cloud services with Red HatⓇ OpenShift Container Platform to enable hybrid deployments. Second, with the launch of OpenShift.io, the software development cycle can be unified, streamlining application creation and deployment. What does this have to do with infrastructure? Well, everything.
Our customers tell us that, this year, they want to optimize and modernize their IT. As IT advances and changes, enterprises must modernize existing resources when possible and simultaneously plan their IT strategies for the future. When reliability, usability, and consistency across all environments matter, many enterprises choose Linux®.
As Cormier said, “[Red Hat Enterprise Linux] runs across all footprints and in all environments.” It runs on bare metal, and Red Hat Virtualization was built to run on Red Hat Enterprise Linux. By consolidating or migrating workloads to an open source virtualization solution, management can be unified, and the platform standardized.
“Infrastructure is evolving like never before.” - Paul Cormier, executive vice president and president, Products and Technologies, Red Hat
Cloud-native development still requires that your traditional infrastructure be stable and secure. You need a strong infrastructure, and Red Hat provides that strength in spades. Tuesday’s breakout sessions focused on Red Hat Enterprise Linux, Red Hat Virtualization, and Red Hat OpenStackⓇ Platform; what the future holds for them; and how they fit into larger IT optimization strategies.
Red Hat Enterprise Linux in the public cloud
The public cloud is an integral part of most IT strategies, but getting there is not a cut-and-dry process. Matt Micene, senior tech evangelist, Linux and containers at Red Hat, and Jerome Boutaud, senior product manager at Red Hat, discussed common pitfalls to avoid in the process.
Change is happening at all layers, across people, process, and tools, and the move to cloud impacts the way we work. The public cloud is rapidly transforming both IT and business through:
- Cloud-native platforms: modernizing existing IT, and building cloud infrastructure.
- Modern application development architecture: developing, delivering, and integrating apps.
- DevOps and cultural changes: agile processes for IT and business.
The journey to public cloud is a 4-step process, with many benefits:
- Move: New hardware, quick iteration, new developers know the cloud
- Redeploy: Scale automatically, build new dev/test/stage/prod environments to production in minutes, good use of platform
- Optimize: Right-size, streamline use of technology, global distribution
- Master: A hybrid strategy avoids lock-in, takes advantage of specific vendor features, and builds on common building blocks
“Swiss Double Rainbow,” photo by Grisha Levit, on Flickr
Micene and Boutaud presented the example of the move to public cloud via fictional social media platform, Bowtracker. Through the app, users can share locations and photos of rainbows, (double and single). The app was running on a single server on premise, and the team needed to move this minimum viable product to the cloud as an alternative to buying new hardware.
The migration to the public cloud worked, but Bowtracker ran across some challenges along the way―like going viral in Germany and amassing a legion of dedicated fans and users. How could the nascent social media company have sped up their switch to the public cloud? Next time, start with containers. Containers built on a Red Hat Enterprise Linux foundation scale rapidly, optimize the platform, and enable stable, more secure microservices orchestration.
What’s in store for Red Hat Enterprise Linux
Continuing the discussion of IT optimization, Karen Noel, director of Engineering at Red Hat, and Ron Pacheco, director of Product Management at Red Hat, talked about transforming application delivery while protecting application investments.
At Red Hat, we know customers want and have many ways to deploy their apps. In response, we’ve built a portfolio to meet those business needs and work together. Interoperability is achieved by building the solutions on Red Hat Enterprise Linux. Not only is the infrastructure built on Red Hat Enterprise Linux, but the apps are also running on Red Hat Enterprise Linux, be it physical, virtual, or containers.
The path to a security-enhanced Red Hat OpenStack Platform
Security must be continuous. That’s the message Keith Basil, principal product manager at Red Hat, and Nathan Kinder, senior manager, software engineering at Red Hat, emphasized as they kicked off their session. Securing OpenStack—with its many components—can be complex. Add compliance efforts and security control groups, and things get tricky.
Here’s a breakdown of security policy, process, and procedures:
- Design: Design with security in mind.
- Build: Bake security remediation into CI process.
- Run: See how it works together.
- Manage: Control the processes and procedures.
- Adapt: Adjust and revise security processes as necessary and as standards change.
Basil shared how OpenStack works in 2 minutes (maybe 3). From requesting a virtual machine (VM) to adding in an IP and establishing firewall settings, OpenStack accomplishes a lot. Each of these components is an actor, and there needs to be authentication between all of them. This makes for a large surface area for security processes to cover.
Another level to security is compliance standards. There’s a worldwide compliance framework that includes NIST, ISO 27001, GSA, ANSSI, ETSI, FedRAMP standards, and more. Before government and public sector solutions can be deployed, they have to meet accreditation and certification compliance requirements. Due to our stringent regulations and policies, the U.S. is considered a leader in compliance. What is Basil’s dream? That he can one day hand a government official 70% of his or her security requirements in ready-to-deploy OpenStack. But we’re not there yet.
“Compliance is a full stack exercise.” - Keith Basil, principal product manager, Red Hat
OpenStack can’t be secured at a single layer. Compliance should recognize OpenStack dependence on underlying Linux platforms, and security controls should be implemented throughout the entire stack (RHEL, KVM, OpenStack, and hardware). Fortunately, RHEL has Common Criteria certification, an international standard for certifying computer security software.
Network function virtualization (NFV) and the telecommunications industry are a focus for infrastructure and virtualization security in OpenStack. In the mobile space, vendors want to put NFV in the cloud. They can use OpenStack for mobile purposes because OpenStack has been enhanced to meet FedRAMP moderate level requirements.
Basil and Kinder ended their session with a cool resource share: a collaborative guide with security best practices for OpenStack, as requested by customers. It’s called Docs: An OpenStack Platform System Security Guide. Inspired by real-world experience, this resource was created by OpenStack experts and will be available online soon.
A strong foundation for a week of infrastructure discussions
This is just a sample of all the infrastructure talks, sessions, and labs by customers, partners, and Red Hat at Summit day 1, with many more to come during the next 2 days of the premier open source conference. As was stated throughout today’s sessions, the path to IT optimization is built on a strong platform. By modernizing and investing in existing investments, enterprises can optimize for containers, OpenStack, virtualization, and upcoming technology trends.
Here in Boston? Be sure to check out the infrastructure sessions, talks, and labs.
About the author
Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies.