Red Hat is heading for a hybrid cloud with Enterprise Linux 7.5: what does it mean
Red Hat has announced Enterprise Linux 7.5, a potential base for hybrid cloud environments. The system has received several updates: security enhancements, new functionality of the administration console, and solutions for working with containers.
In more detail about innovations we will tell under a cat.
/ Flickr / challiyil / CC
')
Red Hat notes that the upgrade will reduce corporate costs for the maintenance of the IT infrastructure and provide new opportunities for managing hybrid cloud environments (including in the Azure cloud). To this end, the following innovations were made.
Red Hat believes that using a hybrid cloud environment gives corporations new opportunities. For example, it helps accelerate the release of products to the market. This is due to the possibility of scaling and testing applications, as well as increasing data security. If the company's physical servers are out of order, the data will remain in the data center cloud. However, the transition to a hybrid infrastructure will require additional efforts from the IT department - it will be necessary to resolve information security incidents in different computing environments. To solve this problem, Enterprise Linux 7.5 added features to track software security.
One of them is the integration of the Red Hat Ansible Automation application configuration management system and the OpenSCAP framework. The latter implements security checklists and uses CPE, CCE and OVAL rules to create checks. This makes it possible to create Ansible playbooks directly from OpenSCAP scans. As a result, the time spent on eliminating vulnerabilities is reduced.
Another tool is the Network-Bound Disk Encryption (NBDE) feature. It encrypts the root volumes of the hard disks of virtual or physical machines and does not require re-entering the password after rebooting the system. For encryption and decryption, the Tang server and the Clevis framework are used, as well as the LUKS specification.
The updated version supports Virtual Data Optimizer (VDO). VDO is a kernel module that saves disk space and reduces network load during replication. According to a Red Hat study , VDO reduces the cost of storing data in the cloud or on-premise by 83% by reducing the amount of redundant data.
First, it defines all the "zero" blocks and "weeds out" them. Next, it looks for redundant data. Data redundancy is verified by metadata using the Universal Deduplication Service (UDS) kernel module, which is shipped as part of the VDO. Further, the LZ4 compression algorithm is applied to the individual data blocks. All compressed blocks are “packed” into physical blocks and stored on media. A guide to creating a VDO volume can be found here .
The cockpit web console has been improved. It simplified the management of hybrid cloud environments, networks and storage. To do this, we added the boom command line utility and an API for managing LVM snapshot and image loader records. Also added support for downloading SSH keys from arbitrary directories. Other features and improvements can be found here .
In addition, Red Hat Enterprise Linux 7.5 implemented a new functionality for working with Windows-based infrastructures: improved management of Windows Server, increased security of data transfer in Microsoft Azure and performance of Microsoft Active Directory.
/ Flickr / rodger evans / cc
The developers also made changes to working with containers - added support for Buildah. Buildah is a command line tool that helps you create OCI-compatible Linux container images. In this case, you can modify images without launching the container environment and without the daemon running in the background.
Buildah allows you to :
All this helps to save system resources and quickly deploy container applications. Linux host security is provided by the Linux Atomic Host, which reduces the attack surface (including by isolating kernel resources). An example of setting up and using Buildah can be found at this link.
Enterprise Linux 7.5 can be downloaded now. There are versions for x86, IBM Power, IBM System-Z architectures.
In more detail about innovations we will tell under a cat.
/ Flickr / challiyil / CC
')
Red Hat notes that the upgrade will reduce corporate costs for the maintenance of the IT infrastructure and provide new opportunities for managing hybrid cloud environments (including in the Azure cloud). To this end, the following innovations were made.
Implemented integration with OpenSCAP
Red Hat believes that using a hybrid cloud environment gives corporations new opportunities. For example, it helps accelerate the release of products to the market. This is due to the possibility of scaling and testing applications, as well as increasing data security. If the company's physical servers are out of order, the data will remain in the data center cloud. However, the transition to a hybrid infrastructure will require additional efforts from the IT department - it will be necessary to resolve information security incidents in different computing environments. To solve this problem, Enterprise Linux 7.5 added features to track software security.
One of them is the integration of the Red Hat Ansible Automation application configuration management system and the OpenSCAP framework. The latter implements security checklists and uses CPE, CCE and OVAL rules to create checks. This makes it possible to create Ansible playbooks directly from OpenSCAP scans. As a result, the time spent on eliminating vulnerabilities is reduced.
Another tool is the Network-Bound Disk Encryption (NBDE) feature. It encrypts the root volumes of the hard disks of virtual or physical machines and does not require re-entering the password after rebooting the system. For encryption and decryption, the Tang server and the Clevis framework are used, as well as the LUKS specification.
Added module Virtual Data Optimizer
The updated version supports Virtual Data Optimizer (VDO). VDO is a kernel module that saves disk space and reduces network load during replication. According to a Red Hat study , VDO reduces the cost of storing data in the cloud or on-premise by 83% by reducing the amount of redundant data.
First, it defines all the "zero" blocks and "weeds out" them. Next, it looks for redundant data. Data redundancy is verified by metadata using the Universal Deduplication Service (UDS) kernel module, which is shipped as part of the VDO. Further, the LZ4 compression algorithm is applied to the individual data blocks. All compressed blocks are “packed” into physical blocks and stored on media. A guide to creating a VDO volume can be found here .
There are new management console functions.
The cockpit web console has been improved. It simplified the management of hybrid cloud environments, networks and storage. To do this, we added the boom command line utility and an API for managing LVM snapshot and image loader records. Also added support for downloading SSH keys from arbitrary directories. Other features and improvements can be found here .
In addition, Red Hat Enterprise Linux 7.5 implemented a new functionality for working with Windows-based infrastructures: improved management of Windows Server, increased security of data transfer in Microsoft Azure and performance of Microsoft Active Directory.
/ Flickr / rodger evans / cc
Container support added
The developers also made changes to working with containers - added support for Buildah. Buildah is a command line tool that helps you create OCI-compatible Linux container images. In this case, you can modify images without launching the container environment and without the daemon running in the background.
Buildah allows you to :
- create a container from scratch or from an image;
- create an image from a container or using Dockerfile;
- create Docker and OCI images;
- mount / unmount the container root file system;
- use the updated contents of the container's root file system as a file system layer for transferring data to a new image;
- remove the container or image.
All this helps to save system resources and quickly deploy container applications. Linux host security is provided by the Linux Atomic Host, which reduces the attack surface (including by isolating kernel resources). An example of setting up and using Buildah can be found at this link.
Enterprise Linux 7.5 can be downloaded now. There are versions for x86, IBM Power, IBM System-Z architectures.
Several posts from our corporate blog:
- How containers simplify deployment and application development
- How IaaS helps application developers: 5 user cases
- Why a virtual computer is like a physical computer: the main similarities and differences
- Data security in the cloud: threats and methods of protection
- What distinguishes the network from the subnet: where is the border
Source: https://habr.com/ru/post/353744/
All Articles