Architecting Containers Part 1: Why Understanding User Space vs. Kernel Space Matters

Perhaps you’ve been charged with developing a container-based application infrastructure?  If so, you most likely understand the value that containers can provide to your developers, architects, and operations team. In fact, you’ve likely been reading up on containers and are excited about exploring the technology in more detail. However, before diving head-first into a discussion about the architecture and deployment of containers in a production environment, there are three important things that developers, architects, and systems administrators, need to know

Continue reading “Architecting Containers Part 1: Why Understanding User Space vs. Kernel Space Matters”

What’s Next for Containers? User Namespaces

What are user namespaces? Sticking with the apartment complex analogy, the numbering of users and groups have historically been the same in every container and in the underlying host, just like public channel 10 is generally the same in every unit in an apartment building.

But, imagine that people in different apartments are getting their television signal from different cable and satellite companies. Channel 10 is now different for for each person. It might be sports for one person, and news for another.

Historically, in the Linux kernel, there was a single data structure which held users and groups. Starting in kernel version 3.8

Continue reading “What’s Next for Containers? User Namespaces”

Red Hat Directory Server 10 Now Generally Available

Today, we are pleased to announced the general availability of Red Hat Directory Server 10, the latest version of Red Hat’s open source, network-based registry server. Built on the technologies delivered by the 389 Directory Server project, Red Hat Directory Server offers a Lightweight Directory Access Protocol (LDAP)-compliant server that centralizes critical application information, simplifies user management and enhances security across an entire organization.

As a tool for building business applications, Red Hat Directory Server provides

Continue reading “Red Hat Directory Server 10 Now Generally Available”

Identity Management or Red Hat Directory Server – Which One Should I Use?

In the identity management server space Red Hat has two offerings: Identity Management (IdM) in Red Hat Enterprise Linux and Red Hat Directory Server (RHDS). This article is dedicated to helping you understand why there are two solutions and how to chose the best one for your environment.

Before diving in too deep

Continue reading “Identity Management or Red Hat Directory Server – Which One Should I Use?”

Direct, or Indirect, that is the Question…

In my last post I reviewed some of my observations from the RSA Security Conference. As mentioned, I enjoyed the opportunity to speak with conference attendees about Red Hat’s Identity Management (IdM) offerings. That said, I was quick to note that whether I’m out-and-about staffing an event or “back home” answering e-mails – one of the most frequently asked questions I receive goes something like this: “…I’m roughly familiar with both direct and indirect integration options… and I’ve read some of the respective ‘pros’ and ‘cons’… but I’m still not sure which approach to use… what should I do?” If you’ve ever asked a similar question – I have some good news – today’s post will help you to determine which option aligns best with your current (and future) needs.

Continue reading “Direct, or Indirect, that is the Question…”

RSA Security Conference 2015 in Review: Three Observations

As many specialists in the security world know – the RSA Security Conference is one of the biggest security conferences in North America. This year it was once again held in San Francisco at the Moscone Center. Every year the conference gets bigger and bigger, bringing in more and more people and companies from all over the world.

If you attended – you may have noticed that Red Hat had a booth this year. Located in the corner of the main expo floor (not far from some of the “big guys” like: IBM, Microsoft, EMC, CA Technologies, and Oracle) we were in a great location – receiving no shortage of traffic.  In fact, despite staffing the booth with six Red Hatters we didn’t have any “down time” –  everyone seemed to be interested in what Red Hat has to offer in security.

Over the course of the conference I made a few interesting observations…

Continue reading “RSA Security Conference 2015 in Review: Three Observations”

rkt, appc, and Docker: A Take on the Linux Container Upstream

At this week’s CoreOS Fest in San Francisco, CoreOS is – unsurprisingly – pushing hard on the Application Container Spec (appc) and its first implementation, rkt, making it the topic of the first session after the keynote and a bold story about broad adoption.

When making technology decisions, Red Hat continuously evaluates all available options with the goal of selecting the best technologies that are supported by upstream communities. This is why Red Hat is engaging upstream in appc to actively contribute to the specification.

Red Hat engages in many upstream communities.  However, this engagement should not imply full support, or that we consider appc or rkt ready for

Continue reading “rkt, appc, and Docker: A Take on the Linux Container Upstream”

Webcast Tomorrow: Top 6 Misconceptions about Linux Containers

Linux containers have been getting a lot of hype recently, and it’s easy to understand why. Delivering applications to meet the demands of the businesIcon_RH_Object_Clipboard-Checklist-A_RGB_Buttons is challenging and containers are disrupting traditional application development and deployment models, enabling businesses to explore new, better ways to deliver products and services.

New innovations like the Docker image format and Kubernetes give you a simpler way to quickly create, package, assemble, and distribute applications. But with hype comes misunderstandings and misconceptions.

Join Red Hat and Cisco tomorrow, May 5, 2015 at 11:00 AM ET / 8:00 AM PT for the webcast, Top 6 Misconceptions about Linux Containers, to gain clarity around these misconceptions. In the webcast, you will:

  • Gain a pragmatic look at Linux containers.
  • Understand what benefits containers can deliver for you.
  • Discover what security, implementation, and other considerations you should understand before your organization embraces this technology.

If you haven’t already done so, register today.

Understanding the Changes to ‘docker search’ and ‘docker pull’ in Red Hat Enterprise Linux 7.1

If you’re working with container images on Red Hat Enterprise Linux 7.1 or Red Hat Enterprise Linux Atomic Host, you might have noticed that the search and pull behavior of the included docker tool works slightly differently than it does if you’re working with that of the upstream project. This is intentional.

When we started the planning process for containers in RHEL 7.1, we had 3 goals in mind:

  1. Give control over the search path to the end-user administrator
  2. Enable a federated approach to search and discovery of docker-formatted container images
  3. Support the ability for Red Hat customers to consume container images and other content included as part of their Red Hat Subscription

The changes we implemented, which are documented on the Red Hat Customer Portal, affect three different areas of the tool:

Continue reading “Understanding the Changes to ‘docker search’ and ‘docker pull’ in Red Hat Enterprise Linux 7.1”

SSSD vs Winbind

In a previous post, I compared the features and capabilities of Samba winbind and SSSD. In this post, I will focus on formulating a set of criteria for how to choose between SSSD and winbind. In general, my recommendation is to choose SSSD… but there are some notable exceptions.

Continue reading “SSSD vs Winbind”