Today, Red Hat announces the general availability of Red Hat OpenShift 4.3, the newest version of the industry’s most comprehensive enterprise Kubernetes platform. With security a paramount need for nearly every enterprise, particularly for organizations in the government, financial services and healthcare sectors, OpenShift 4.3 delivers FIPS (Federal Information Processing Standard) compliant encryption and additional security enhancements to enterprises across industries. Combined, these new and extended features can help protect sensitive customer data with stronger encryption controls and improve the oversight of access control across applications and the platform itself.
This release also coincides with the general availability of Red Hat OpenShift Container Storage 4, which offers greater portability, simplicity and scale for data-centric Kubernetes workloads.
Encryption to strengthen the security of containerized applications on OpenShift
As a trusted enterprise Kubernetes platform, the latest release of Red Hat OpenShift brings stronger platform security that better meets the needs of enterprises and government organizations handling extremely sensitive data and workloads with FIPS (Federal Information Processing Standard) compliant encryption (FIPS 140-2 Level 1). FIPS validated cryptography is mandatory for US federal departments that encrypt sensitive data. When OpenShift runs on Red Hat Enterprise Linux booted in FIPS mode, OpenShift calls into the Red Hat Enterprise Linux FIPS validated cryptographic libraries. The go-toolset that enables this functionality is available to all Red Hat customers.
OpenShift 4.3 brings support for encryption of etcd, which provides additional protection for secrets at rest. Customers will have the option to encrypt sensitive data stored in etcd, providing better defense against malicious parties attempting to gain access to data such as secrets and config maps stored in ectd.
NBDE (Network-Bound Disk Encryption) can be used to automate remote enablement of LUKS (Linux Unified Key Setup-on-disk-format) encrypted volumes, making it easier to protect against physical theft of host storage.
Together, these capabilities enhance OpenShift’s defense-in-depth approach to security.
Better access controls to comply with company security practices
OpenShift is designed to deliver a cloud-like experience across all environments running on the hybrid cloud.
OpenShift 4.3 adds new capabilities and platforms to the installer, helping customers to embrace their company’s best security practices and gain greater access control across hybrid cloud environments. Customers can deploy OpenShift clusters to customer-managed, pre-existing VPN / VPC (Virtual Private Network / Virtual Private Cloud) and subnets on AWS, Microsoft Azure and Google Cloud Platform. They can also install OpenShift clusters with private facing load balancer endpoints, not publicly accessible from the Internet, on AWS, Azure and GCP.
With “bring your own” VPN / VPC, as well as with support for disconnected installs, users can have more granular control of their OpenShift installations and take advantage of common best practices for security used within their organizations.
In addition, OpenShift admins have access to a new configuration API that allows them to select the cipher suites that are used by the Ingress controller, API server and OAuth Operator for Transport Layer Security (TLS). This new API helps teams adhere to their company security and networking standards easily.
OpenShift Container Storage 4 across the cloud
Available alongside OpenShift 4.3 today is Red Hat OpenShift Container Storage 4, which is designed to deliver a comprehensive, multicloud storage experience to users of OpenShift Container Platform. Enhanced with multicloud gateway technology from Red Hat’s acquisition of NooBaa, OpenShift Container Storage 4 offers greater abstraction and flexibility. Customers can choose data services across multiple public clouds, while operating from a unified Kubernetes-based control plane for applications and storage.
To help drive security across disparate cloud environments, this release brings enhanced built-in data protection features, such as encryption, anonymization, key separation and erasure coding. Using the multicloud gateway, developers can more confidently share and access sensitive application data in a more secure, compliant manner across multiple geo-locations and platforms.
OpenShift Container Storage 4 is deployed and managed by Operators, bringing automated lifecycle management to the storage layer, and helping with easier day 2 management.
Automation to enhance day two operations with OpenShift
OpenShift helps customers maintain control for day two operations and beyond when it comes to managing Kubernetes via enhanced monitoring, visibility and alerting. OpenShift 4.3 extends this commitment to control by making it easier to manage the machines underpinning OpenShift deployments with automated health checking and remediation. This area of automated operations capabilities is especially helpful to monitor for drift in state between machines and nodes.
OpenShift 4 also enhances automation through Kubernetes Operators. Customers already have access to Certified and community Operators created by Red Hat and ISVs, but customers have also expressed interest in creating Operators for their specific internal needs. With this release, this need is addressed with the ability to register a private Operator catalog within OperatorHub. Customers with air-gapped installs can find this especially useful in order to take advantage of Operators for highly-secure or sensitive environments.
With this release the Container Security Operator for Red Hat Quay is generally available on OperatorHub.io and embedded into OperatorHub in Red Hat OpenShift. This brings Quay and Clair vulnerability scanning metadata to Kubernetes and OpenShift. Kubernetes cluster administrators can monitor known container image vulnerabilities in pods running on their Kubernetes cluster. If the container registry supports image scanning, such as Quay with Clair, then the Operator will expose any vulnerabilities found via the Kubernetes API.
OpenShift 4.3 is based on Kubernetes 1.16. Red Hat supports customer upgrades from OpenShift 4.2 to 4.3. Other notable features in OpenShift 4.3 include application monitoring with Prometheus (TP), forwarding logs off cluster based on log type (TP), Multus enhancements (IPAM), SR-IOV (GA), Node Topology Manager (TP), re-size of Persistent Volumes with CSI (TP), iSCSI raw block (GA) and new extensions and customizations for the OpenShift Console.
Test Drive Red Hat OpenShift 4
Red Hat OpenShift is trusted by enterprises around the globe. This release comes at the heels of Red Hat’s recent win of the Ford IT Innovation award, which recognized Red Hat’s leadership in innovation enterprise Kubernetes.
OpenShift 4.3 is available now. We encourage current customers to check out these new capabilities through the Red Hat customer portal. New to Kubernetes and OpenShift? Try out OpenShift 4 in-browser, through either our hands-on lab (for operations) or learn.openshift.com (great for developers).
Learn more:
- Transition from OpenShift 3 to 4
- About OpenShift Container Storage 4
- About Multi-Cloud Object Gateway
- View customer stories about Red Hat OpenShift
{{cta('1ba92822-e866-48f0-8a92-ade9f0c3b6ca')}}
저자 소개
채널별 검색
오토메이션
기술, 팀, 인프라를 위한 IT 자동화 최신 동향
인공지능
고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트
오픈 하이브리드 클라우드
하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요
보안
환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보
엣지 컴퓨팅
엣지에서의 운영을 단순화하는 플랫폼 업데이트
인프라
세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보
애플리케이션
복잡한 애플리케이션에 대한 솔루션 더 보기
오리지널 쇼
엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리
제품
- Red Hat Enterprise Linux
- Red Hat OpenShift Enterprise
- Red Hat Ansible Automation Platform
- 클라우드 서비스
- 모든 제품 보기
툴
체험, 구매 & 영업
커뮤니케이션
Red Hat 소개
Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.