In November we announced Red Hat Enterprise Linux 7 Atomic Host Public Beta, a small footprint, container host based on Red Hat Enterprise Linux 7.  It provides a stable host platform, optimized for running application containers, and brings a number of application software packaging and deployment benefits to customers.

What are the top 7 reasons to deploy containers on Red Hat Enterprise Linux 7 Atomic Host?

  1. Specifically Designed to Run Containers

Applications that are packaged to run in containers provide the basis for agile and nimble application deployments. Red Hat Enterprise Linux 7 Atomic Host Beta provides a streamlined host platform that is optimized to run application containers. The software components included in Red Hat Enterprise Linux 7 Atomic Host Beta, as well as the default system tunings, have been designed to enhance the performance, scalability, and security of containers - giving you the optimal platform on which to deploy and run application containers. In addition, Red Hat Enterprise Linux 7 Atomic Host Beta is fully compatible with Red Hat Enterprise Linux 7; using a small subset of the Red Hat Enterprise Linux 7 Server packages. The difference is that Red Hat Enterprise Linux 7 Atomic Host Beta provides an optimized software stack, a lean container host with built-in orchestration, to run applications inside containers and effectively separates the life cycle of both the application and the host.

  1. The Confidence of Red Hat Enterprise Linux and Certification

Red Hat Enterprise Linux 7 Atomic Host Beta is built from Red Hat Enterprise Linux 7, enabling Red Hat Enterprise Linux 7 Atomic Host Beta to deliver the open source innovation, stability, and maturity of our flagship platform. The kernel, and packages necessary to compose the container host image are identical to those shipped in Red Hat Enterprise Linux 7.  This means that Red Hat Enterprise Linux 7 Atomic Host Beta inherits the hardware certifications of Red Hat Enterprise Linux 7, giving you a vast choice of certified hardware partners. Moreover, Red Hat is working on providing container certification to ensure that these images are validated and supported by Red Hat and our software partners, thus providing peace of mind to the IT manager.

As all Red Hat products are built in the open - the innovation and meritocracy inherent to the upstream community improves the standard of the code that is ultimately delivered.  Red Hat engineers are influencing and participating in the upstream discussions to ensure that enterprise features are accepted upstream and brought into the Red Hat products.  This is particularly true in the container community where technically capable Red Hat engineers are participating in the upstream discussions and guiding the upstream code development.

  1. Deploy Across the Open Hybrid Cloud

Red Hat Enterprise Linux 7 Atomic Host Beta extends container portability across the open hybrid cloud by enabling deployment on physical hardware; certified hypervisors, including Red Hat Enterprise Virtualization and VMware vSphere; private clouds such as Red Hat Enterprise Linux OpenStack Platform; and Amazon Web Services and Google Compute Platform public clouds. Red Hat Enterprise Linux 7 Atomic Host Beta provides customers with the flexibility to choose the right deployment model.

Customers who are looking to make the best use of their hardware and to gain a performance advantage will deploy applications in containers running as close to physical hardware as possible. Running Red Hat Enterprise Linux 7 Atomic Host Beta on physical systems with BIOS and UEFI capabilities allows applications to run at wire speed. Red Hat Enterprise Linux 7 Atomic Host Beta includes both anaconda and kickstart, capabilities that should be familiar to Red Hat Enterprise Linux users. Both of these capabilities have been tailored to install the Atomic Host image on a physical system. In addition, a Preboot Execution Environment Server (PXEboot) capability is provided. Systems configured using PXEboot will boot using an image provided by the PXE server, and will start the installation program automatically.

Red Hat Enterprise Linux 7 Atomic Host Beta images can run on top of most certified hypervisors; support is currently provided for Red Hat Enterprise Linux, Red Hat Enterprise Virtualization, Red Hat Enterprise Linux Open Stack Platform with KVM hypervisor, and VMware with ESX hypervisor.  A Red Hat Enterprise Linux 7 Atomic Host Beta image in the qcow2 format is provided to run on top of Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 7 OpenStack Platform guests and two Red Hat Enterprise Linux 7 Atomic Host Beta images are provided in Open Virtualization Alliance (OVA) format to run on top of Red Hat Enterprise Virtualization and VMware vSphere.

Red Hat Enterprise Linux 7 Atomic Host Beta images can be deployed in the cloud on certified cloud provider environments, and run on Google Compute Engine (GCE) and on Amazon Web Services (AWS). Customers who choose to deploy in the cloud rather than on premise can take advantage of the compute resources in the cloud and easily deploy their applications inside containers running on Red Hat Enterprise Linux 7 Atomic Host Beta.

  1. Atomic Updating and Rollback

Red Hat Enterprise Linux 7 Atomic Host Beta features a new update system for operating systems based on rpm-ostree. Rpm-ostree is an open source tool, to manage bootable, immutable, versioned file system trees made of RPM content. RPMs are composed on a server into an OSTree repository, and client systems can replicate these in an image-like fashion. The resulting atomic trees make incremental updating of the host OS much simpler by supporting the ability to check for, download, and deploy updated versions in a single step.

Unlike traditional operating system update mechanisms, Red Hat Enterprise Linux 7 Atomic Host Beta also automatically keeps the previous version of the host OS, supporting the ability to easily rollback to an earlier state. When updating, Atomic Host does not change the running system, instead it creates a new partition to place the atomic tree upgrade and sets the default to boot into the new partition. This simplified upgrade and rollback capability allows our customers to focus on running applications that bring business value.

  1. Container Orchestration

Through our collaboration with Google, Red Hat Enterprise Linux 7 Atomic Host Beta includes Kubernetes, a framework for managing clusters of containers. Kubernetes helps with horizontal scaling of multi-container deployments across a container host, and interconnecting multiple layers of the application stacks. This enables you to orchestrate services running in multiple containers into unified, large-scale business applications.

Kubernetes is mainly composed of three main primitives:  "pods," a collection of one or more docker containers which share a network namespace, "services," a description of sets of pods which should be easily and automatically located in the cluster, and "replication controllers", which are descriptions of how many copies of a single pod should be running on the cluster simultaneously.  The admin description of the primitives, and thus the functions the cluster should perform, is done via a declarative language (JSON or YAML).  The most feature rich primitive is obviously the pod description.  Many of the options exposed via the docker command line are available, but other things like container failure restart policies, how to perform container health checks, and storage requirements can be described.

  1. Secure Host by Default

Containerized applications are co-located processes on a host and a misbehaviour by the application can compromise the host. We recognize that our customers value security when it comes to running applications in a multi-tenant environment.  Red Hat has consistently led upstream security enablement and provided to deliver military-grade security to Red Hat customers for more than 10 years.  Red Hat Enterprise Linux 7 Atomic Host Beta is delivering time tested security technologies (SELinux) for the container host to not only ensure that the host is secure from applications running inside containers but also to ensure that there is security between the containers themselves.  Red Hat worked on a secure Linux container stack that taught the Linux kernel subsystems to provide isolation by creating an abstraction in each container. Such an abstraction of a kernel subsystem is called a kernel namespace -- Red Hat Enterprise Linux 7 Atomic Host Beta inherits the same kernel supported in Red Hat Enterprise Linux 7 and has enabled five different kernel namespaces that provide isolation and security to the container host.

For additional details on kernel namespaces see my previous blog post on this topic.

Red Hat is working on providing multiple layers of security; providing leadership in the security space by leading community innovation and in adding layers of security in the container file system. Last but not least, the Red Hat Enterprise Linux 7 Atomic Host Beta only allows applications to run in secure containers and not directly on the host, paving the way for easier enforcement of the security controls in the host. These technologies add layers of security to prevent a compromised container from affecting other containers or the host.

  1. Red Hat Enterprise Linux Container Images and Building Containers

Red Hat Enterprise Linux 7 Atomic Host Beta provides all of the required tools to build and run container images based on Red Hat Enterprise Linux, including Red Hat Enterprise Linux 6 and 7 container images as well as the docker services. This means that applications that run on Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 can be deployed in a container on Red Hat Enterprise Linux 7 Atomic Host Beta, opening access to a vast ecosystem of certified applications. Applications that have been developed, tested, and certified for Red Hat Enterprise Linux 6 systems can be deployed as a container and run on Red Hat Enterprise Linux 7 Atomic Host. Additionally, Red Hat Enterprise Linux 7 Atomic Host Beta users will have access to the full breadth of their Red Hat subscriptions inside these containers, including the the popular programming language stacks and development tools delivered through Red Hat Software Collections.

Red Hat Enterprise Linux Atomic Host is the platform building block towards a comprehensive container strategy at Red Hat.   As deploying applications inside containers becomes more prevalent, Red Hat Enterprise Linux customers have requested Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) integration. The next generation of OpenShift (version 3) will support the Red Hat Enterprise Linux Atomic Host and Red Hat Enterprise Linux 7 platforms. Red Hat has built a strong reputation in driving upstream conversations, building consensus, backed by engineering talent that can drive upstream development to focus on the right components. We believe that Red Hat is well positioned to collaborate with customers and partners, and to provide an integrated container solution to the market.

Resources and Links

Learn more about Red Hat Enterprise Linux Atomic Host Beta: