One of Red Hat’s greatest strengths is allowing you to deploy most products wherever you want. From a bare-metal server to virtualization, and major public clouds to the edge, Red Hat can help you make it happen. I hope to clarify topics around how and why to do this in the cloud and help you make the best decisions when using Red Hat Enterprise Linux (RHEL) outside of your data center.

Red Hat Cloud Access is a program designed to provide subscription portability for those who want to use their Red Hat subscriptions in the cloud. This is a path towards creating open hybrid cloud infrastructures built on Red Hat technologies. The program is available with most Red Hat subscriptions at no extra cost, allowing you to keep the benefits of Red Hat subscriptions (including our support and discounts) and providing access to value-add capabilities like gold images and the Azure Hybrid Benefit for Linux.

Cloud Access lets you set up account-level registration tooling that auto-connects to the Red Hat Hybrid Cloud Console. Cloud Access also allows you to use Subscription Watch and Red Hat Insights to unify reporting of your subscriptions across the data center and the clouds, and get predictive analytics.

Product eligibility

How does this work in terms of product eligibility? If you have an unused, active Red Hat subscription with a cloud-compatible unit of measure (Core, vCPU, RAM, Virtual Guest, etc.), it’s probably eligible. 

Some subscriptions that are not eligible include:

  •  Virtual Datacenter or other unlimited RHEL guest subscriptions that require virt-who
    • Unless you are trying to run VDC on VMware Cloud (VMC), Azure VMware Solution (AVS), or Google Compute VMware Engine (GCVE).
    • Virtual Datacenter will apply to these VMware environments like on-premise subscriptions. 
  • Red Hat Virtualization products; nested virtualization is not supported
  • Subscriptions for Red Hat-hosted offerings

These guidelines are not definitive, and Red Hat product and subscription eligibility change over time as cloud providers and Red Hat introduce new products and capabilities. Refer to the Red Hat product documentation for specific details about the product’s use on a public cloud infrastructure.

Pay as you go vs. bring-your-own-subscription

The central concept to understanding how RHEL operates in the cloud is that RHEL images are available in the cloud as either an on-demand / pay as you go (PAYG) model from the Hybrid Cloud Console or as a bring-your-own-subscription (BYOS) model from Red Hat Cloud Access.

When should you choose one over the other, and which best helps you optimize costs? This depends on what you are looking to do with the machines. Let's go over some common scenarios to see which method of procurement helps the most.

Scenarios best suited for PAYG include the following: 

  • You are uncertain about the number of machines, capacity or utilization needed throughout the year.
    • This applies where cloud hosting is short-term, such as a temporary use case.
    • For example, entertainment industry studios need to render an animated film but they don't require year-round capacity.
  • You want the ability to terminate the deployments at any time and stop paying for them.
    • This lets you pay only for what is used.
  • You do not need support directly from Red Hat.
  • You only need to run these machines in the cloud.
  • You do not want any upfront costs or commitment to obtain flexible computing capacity.

Scenarios best suited for BYOS include the following:

  • You have an approximation of how many machines are needed throughout the year.
  • You want to pre-pay to obtain Red Hat discounts.
  • You want support directly from Red Hat.
  • You do not want software premiums that increase with your increases to virtual node size (compute and memory).
  • You want to utilize custom or gold images.

Here is a general comparison of the two models for procurement below. 

On-demand / pay as you go (PAYG)

  • When a Red Hat customer uses a product made available by a Certified Cloud and Service Provider (CCSP) in a public image catalog.
    • Post-paid and cannot use your Red Hat discount. You are only charged for what you use.
    • The images are provided by the cloud provider and can be used only within the cloud environment.
  • The Red Hat subscription cost is built into the offering through a software premium.
  • Customers get support directly from the cloud provider.
  • Ideal for taking advantage of the benefits associated with on-demand, such as no upfront cost and no commitment or planning to obtain flexible computing capacity. 

Bring-your-own-subscription (BYOS)

  • Customers pay Red Hat for product subscriptions and support, and they pay the CCSP for cloud resource consumption.
    • Pre-paid and can use your Red Hat discount.
  • Cloud VMs deployed from a custom image or gold image.
  • It works identically to the on-premise subscription.
  • Ideal for obtaining consistency regardless of where your workloads are.

Regardless of which model you use to obtain RHEL in the cloud, you can register to Red Hat Update Infrastructure or Red Hat Subscription Management with Red Hat Satellite and the Red Hat CDN for updates and patches.

Red Hat Update Infrastructure enables our Certified Cloud and Service Provider partners to provide a unique and secure method of allowing their customers to update their RHEL in the cloud without needing administrator access to your RHEL environment. Red Hat Subscription Management lets users track their subscription quantity and consumption, Satellite can manage content, patching and other capabilities for your servers. Today, Red Hat Update Infrastructure can provide an identical update strategy in your clouds regardless of your buying model. You still retain the ability to use Satellite and Red Hat Subscription Management if you prefer.

What if you want to take advantage of convenient, flexible deployments while keeping Red Hat support and discounts? Red Hat’s third-party marketplace offerings on the cloud are our answer.

I’ve listed step-by-step instructions for enabling Red Hat Cloud Access to gain BYOS capabilities in AWS and Azure below.

How to deploy RHEL on AWS

Manual method

The process will vary on the applications you chose to set up, I will go over the RHEL management bundle for gold image access. 

  1. Go to sources inside of the Hybrid Cloud Console - https://console.redhat.com/settings/sources
  2. Click “Amazon Web Services”
  3. Enter a name for the source for your tracking
  4. Select “Manual Configuration”
  5. Select RHEL Management
  6. Create an AWS IAM policy using the contents provided
  7. Create a new role, select another AWS account by the ID specified, and attach the permissions policy you created in the last step
  8. Copy and paste the role ARN into the Red Hat console
  9. Review details and click “Add”

Account authorization

Use this method to register your AWS account and enjoy benefits such as instant access to gold images.

  1. Go to sources inside of the Hybrid Cloud Console - https://console.redhat.com/settings/sources
  2. Click “Amazon Web Services”
  3. Enter a name for the source for your tracking
  4. Click “Account authorization”
  5. Enter your account access key ID and secret access key
  6. Configure the applications you would like to enable
    1. Note: To access Red Hat gold images and subscription watch data, only the RHEL management bundle is needed
  7. Review the details and click “Add”

How to deploy RHEL on Azure

Single registration

Use this method to register your Azure subscription and enjoy benefits such as instant access to gold images.

1. Create a Linux VM running on the Azure subscription you would like to link and SSH into it

  • It should have an external disk attached to it at creation time with at least 8 GB of storage
  • It should be able to connect to the internet to access api.access.redhat.com

2. By default, you should enter the user's home directory

3. Get or update pip

curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py | python3 get-pip.py

4. Install the package to create virtual environments

pip3 install virtualenv

5. Create a virtual environment called ansible

virtualenv -p $(which python3) ansible

6. Enter the virtual environment

source ansible/bin/activate

7. Install ansible and requests-oauthlib in the virtual environment

pip3 install ansible requests-oauthlib

8. Install the insights subscription collection

ansible-galaxy collection install redhatinsights.subscriptions

9. Create an inventory text file inventory.ini with the following content

localhost 

[all:vars]
ansible_python_interpreter=/home/<USERNAME>/ansible/bin/python3
ansible_connection=local

10. Obtain a Red Hat offline token here to enter at the end of the next step: https://access.redhat.com/management/api

11. Run the Ansible Playbook to send the necessary Azure Instance Metadata to Red Hat 

ansible-playbook -i inventory.ini -b ~/.ansible/collections/ansible_collections/redhatinsights/subscriptions/playbooks/verify_account.yml -e rh_api_refresh_token=<OFFLINE_TOKEN>

12. If everything runs successfully, you can delete the VM. It is not needed for the source anymore. The connection can be managed at https://access.redhat.com/management/cloud under the Microsoft Azure Subscriptions section.

Manual entry

Completing this method enables cloud access and golden images for an Azure subscription.

Note: This method for accessing gold images is deprecated. This functionality will be removed once its replacement is part of the Hybrid Cloud Console.

  1. Go to https://access.redhat.com/management/cloud in the Red Hat account you would like to connect
  2. Click the blue button that says “Enable a new provider”
  3. Select “Microsoft Azure” as the certified cloud provider
  4. Click “Add subscriptions manually”
  5. Enter a Microsoft Azure Subscription ID, a nickname for it to keep track of it on the Red Hat Customer Portal, and the number of entitlements you want to enable for that subscription
  6. Click the blue “Enable” button
    1. You may see a green banner that says “Successfully added Microsoft Azure as an enabled Cloud Access provider and activated Red Hat Gold Images.”
    2. To enable Gold Image Access quicker, go to the cloud access tab, under “Microsoft Azure” click “Microsoft Azure Subscriptions”, click on the vertical ellipsis ⋮ , and click “Activate Red Hat Gold Images”
    3. This will say “Red Hat Gold Image activation successful. Your images will be available in your Microsoft Azure console within 3 hours.” However, it can be quicker depending on the number of products enabled.

Final thoughts

I hope this brings more clarity to your RHEL footprint and how to best manage the resources you have available. You can find more information about cloud access in the reference documentation and the FAQ. We also have technical documentation on deploying RHEL on public cloud platforms.

 


About the author

Kush Gupta has been at Red Hat as an Associate Solution Architect since 2021, communicating the value of Red Hat technologies such as RHEL, Ansible and OpenShift. He also likes to explore the other parts of the portfolio including IdM and SSO. Gupta likes to read and play soccer in his free time

Read full bio