This article is one of the blog posts dedicated to use of Identity Management (IdM) and related technologies to address the Payment Card Industry Data Security Standard (PCI DSS). This specific post is related to requirement one – install and maintain a firewall configuration to protect cardholder data. The outline and mapping of individual articles to the requirements can be found in the overarching post that started the series.
The first requirement of the PCI standard talks about the firewalls and networking. While Red Hat’s Identity Management solution is not directly related to setting up networks and firewall rules, there are several aspects of IdM that
Continue reading “PCI Series: Requirement 1 – Install and Maintain a Firewall Configuration to Protect Cardholder Data”
In November 2015, I blogged about the announcement to bring .NET to RHEL from the .NET Core upstream project to enterprise customers and developers, both as an RPM and as a Linux container. That was quite a moment for the industry and, quite frankly, for me as well, having participated in the discussions that led to the significant announcement with Microsoft. Since then, we have been in tight collaboration to make sure this day would actually arrive. Despite the usual challenges with a relatively new open source project, the project was
Continue reading “.NET Core on Red Hat Enterprise Linux”
Yesterday, Intel launched the Xeon E5-2600 v4 processor family with 26 new world records on industry-standard benchmarks. Once again, Intel’s innovation, driven by Moore’s law, has enabled faster computing for the enterprise world.
Red Hat and Intel have enjoyed a long history of collaboration across a full spectrum of enterprise IT – covering a wide range of use cases, from applications running on physical servers to virtualized and cloud-based deployments. It should come as no surprise that many of
Continue reading “Red Hat Enterprise Linux Sets Record Breaking Performance Results on New Generation of Intel Processors”
Identity management solutions integrate systems, services, and applications into a single ecosystem that provides authentication, access control, enterprise SSO, identity information and the policies related to those identities. While I have dedicated time to explaining how to provide these capabilities to Linux systems – it is now time to broaden the scope and talk a little bit about services and applications.
In some ways, services and applications are very similar. They are both usually
Continue reading “Identity Management and Application Integration”
Today, Red Hat and Microsoft announced a broad partnership that includes many facets including Microsoft becoming a Red Hat Certified Cloud and Service Provider (CCSP), the availability of many of our products on Microsoft Azure, integrated customer service delivery for Red Hat products deployed on premise and on Microsoft Azure, Microsoft .NET integration with many of our platform products, and plans for management tooling integration for open hybrid cloud implementations.
This is something much bigger than just a partnership, and is an evolution that we believe fits perfectly into our overall strategy. Anyone who has followed Red Hat for the past three years knows that we are driving forward with a market vision we refer to as open hybrid cloud. For many, this simply means private-and-public cloud. For Red Hat, we take the word hybrid very seriously, and… it means much more than private and public cloud.
Hybrid means customer choice, and also means acknowledging that most customers have heterogeneous environments. Customers want choice when it comes to the public clouds, and since many rely on Red Hat Enterprise Linux to run their most critical business applications, they are looking for myriad cloud choices for where to run these applications. Making Red Hat Enterprise Linux available on Microsoft Azure
Continue reading “What Customers Want”
Six years ago, we worked closely with Microsoft to deliver on a significant and widespread customer request: the ability for our respective operating systems to function as guests on each other’s hypervisor. This was then codified by the certification of Hyper-V as a supported hypervisor for use with Red Hat Enterprise Linux and the certification of Red Hat products as supported hypervisors for use with Windows which both companies have maintained for the past six years.
More than half a decade later, customers are now asking Red Hat and Microsoft to have Red Hat Enterprise Linux as a supported guest in the Azure Cloud. We both heard you! Thanks to a deep commitment by both companies, this day has arrived and, together, we are responding to another important customer ask with full support.
As the game show host says, “But wait! there’s more!” In March 2014, we announced that we were bringing Microsoft .NET capabilities to OpenShift Origin. We now expect that Microsoft .NET capabilities will grow past OpenShift Origin to include
Continue reading “Red Hat Enterprise Linux on Azure? .NET as an RPM and Container from Red Hat? Sweet!”
As many specialists in the security world know – the RSA Security Conference is one of the biggest security conferences in North America. This year it was once again held in San Francisco at the Moscone Center. Every year the conference gets bigger and bigger, bringing in more and more people and companies from all over the world.
If you attended – you may have noticed that Red Hat had a booth this year. Located in the corner of the main expo floor (not far from some of the “big guys” like: IBM, Microsoft, EMC, CA Technologies, and Oracle) we were in a great location – receiving no shortage of traffic. In fact, despite staffing the booth with six Red Hatters we didn’t have any “down time” – everyone seemed to be interested in what Red Hat has to offer in security.
Over the course of the conference I made a few interesting observations…
Continue reading “RSA Security Conference 2015 in Review: Three Observations”
With every new Intel Xeon processor generation, the benefits typically span beyond simple increases in transistor counts or the number of cores within each processor. Things like increased memory capacity per chip or larger on-chip caches are tangible and measurable, and often have a direct effect on performance, resulting in record-breaking scores on various standard benchmarks.
There is, however, more to every new processor family launch than meets the eye. These new chips often send a ripple of innovation throughout our ecosystem of partners, forcing them to re-evaluate and re-visit existing performance results and break the status quo. The ability to support these partners is of paramount importance to Red Hat and, as a result, Red Hat Enterprise Linux is often being selected by our partners to support their ongoing benchmarking efforts.
Yesterday, Intel launched the Intel Xeon E7 v3 processor family with several new world record industry-standard benchmarks. Red Hat Enterprise Linux was used in nearly one-third of all results. The following table captures these leading results
Continue reading “Red Hat Delivers Leading Application Performance with the Latest Intel Xeon Processors”
The main alternative to direct integration of Linux/UNIX systems into Active Directory (AD) environments is the indirect approach – where Linux systems are first connected to a central server and this server is then somehow connected to AD. This approach is not new. Over the years many environments have deployed LDAP servers to manage their Linux/UNIX systems (using this LDAP server) while users were stored in AD. To reconcile this issue and to enable users from AD to access Linux systems – users and their passwords were routinely synchronized from AD. While this approach is viable – it’s also quite limited and prone to error. In addition, there is little value in having a separate LDAP server. The only reason for such a setup is to have a separation of duties between Linux and Windows administrators. The net result is that the overhead is quite high while the value of such an approach is quite low.
When IdM (Identity Management in Red Hat Enterprise Linux based on FreeIPA technology) emerged, many environments were either considering direct integration or were “in-process” with respect to adoption. How, exactly, does IdM work? IdM provides
Continue reading “Overview of Indirect Active Directory Integration Using Identity Management (IdM)”
As mentioned in my previous post there are multiple ways to connect a Linux system to Active Directory (AD) directly. With this in mind, let us review the following list of options…
- The legacy integration option: this is a solution where (likely older) native Linux tools are used to connect to an LDAP server of your choice (e.g. AD).
- The traditional integration option: this is a solution based on Samba winbind.
- The third-party integration option: this is a solution based on (proprietary) commercial software.
- The contemporary integration option: this is a solution based on SSSD.
Legacy Integration Option
In the case of the legacy integration option (see figure above), a Linux system is connected to AD using LDAP for identity lookup and LDAP or Kerberos for authentication. It pretty much solves the problem of basic user authentication. That said, such a solution has the following significant limitations:
Continue reading “Overview of Direct Integration Options”