In our third and final installment (see: part one & part two), let’s take a look at some high-level use cases for Linux containers as well as finally (finally) defending what I like to call “pet” containers. From a general perspective, we see three repeated high-level use cases for containerizing applications:
- The fully orchestrated, multi-container application as you would create in OpenShift via the Red Hat Container Development Kit;
- Loosely orchestrated containers that don’t use advanced features like application templates and Kubernetes; and
- Pet containers.
Continue reading “In Defense of the Pet Container, Part 3: Puppies, Kittens and… Containers”
As the number of production deployments of Identity Management (IdM) grows and as many more pilots and proof of concepts come into being, it becomes (more and more) important to talk about best practices. Every production deployment needs to deal with things like failover, scalability, and performance. In turn, there are a few practical questions that need to be answered, namely:
- How many replicas do I need?
- How should these replicas be distributed between my datacenters?
- How should these replicas be connected to each other?
The answer to these questions depends on
Continue reading “Thinking Through an Identity Management Deployment”
There are two supported protocols in Red Hat Enterprise Linux for synchronization of computer clocks over a network. The older and more well-known protocol is the Network Time Protocol (NTP). In its fourth version, NTP is defined by IETF in RFC 5905. The newer protocol is the Precision Time Protocol (PTP), which is defined in the IEEE 1588-2008 standard.
The reference implementation of NTP is provided in the ntp package. Starting with Red Hat Enterprise Linux 7.0 (and now in Red Hat Enterprise Linux 6.8) a more versatile NTP implementation is also provided via the chrony package, which can usually synchronize the clock with better accuracy and has other advantages over the reference implementation. PTP is implemented in the linuxptp package.
With two different protocols designed for synchronization of clocks, there is an obvious question as to which one is
Continue reading “Combining PTP with NTP to Get the Best of Both Worlds”
Not long ago, Intel introduced a new Xeon processor platform to enable faster computing for the enterprise world. Codenamed Broadwell, this architecture brought additional cores to the chip and many improvements, from faster memory support to various security enhancements. As with three generations of Intel Xeon processors before this one, these benefits span beyond simple increases in transistor counts or the number of cores within each processor.
Today, Intel launched the Intel Xeon E7 v4 processor family, a high-end, enterprise-focused class of processors based on Broadwell architecture and targeted at large systems with four or more CPUs. Accompanying the launch are several new world record industry-standard benchmarks; this is where things like increased memory capacity or larger on-chip caches benefit overall system performance, resulting in the highest reported scores on various standard benchmarks. The Xeon E7 v4 launch, along with other announcements like it, typically send a ripple of innovation throughout Red Hat’s partner ecosystem in the form of new and improved performance results. The ability to support these partners is of paramount importance to Red Hat and, as a result, Red Hat Enterprise Linux is often selected by these ongoing benchmarking efforts.
Here is how Red Hat Enterprise Linux scored this time:
Continue reading “Red Hat Delivers High Performance on Critical Enterprise Workloads with the Latest Intel Xeon E7 v4 Processor Family”
Over the past few decades we have seen great advancements in the IT industry. In fact, the industry itself seems to be growing at an increasingly faster pace. However, as the industry grows so to does its evil twin – the figurative sum of all threats to IT security.
On the bright side, along with a steady stream of ever-evolving security issues and threats, there has also been a great effort to mitigate and, when possible, entirely eliminate such threats. This is accomplished by either fixing the bugs that allowed these issues and threats to exist (in the first place) or by fixing the configurations and protectionary mechanisms of systems so as to prevent attackers from finding success.
As 2015 has been no stranger to news stories about data leakages, various security flaws, and new types of malware – one could easily conclude that “the dark side” is winning this seemingly eternal race.
However, taking the complexity of today’s IT solutions into account
Continue reading “Configuring and Applying SCAP Policies During Installation”
Perhaps you’ve been charged with developing a container-based application infrastructure? If so, you most likely understand the value that containers can provide to your developers, architects, and operations team. In fact, you’ve likely been reading up on containers and are excited about exploring the technology in more detail. However, before diving head-first into a discussion about the architecture and deployment of containers in a production environment, there are three important things that developers, architects, and systems administrators, need to know
Continue reading “Architecting Containers Part 1: Why Understanding User Space vs. Kernel Space Matters”
With the release of Red Hat Enterprise Linux 6.7, we’re happy to also announce general availability of Red Hat Access Insights, a new hosted service from Red Hat designed to help customers proactively identify and resolve issues that could impact business operations.
Given the complexity and scale of modern IT environments, we recognize that it can be increasingly complicated to monitor, maintain, and secure enterprise infrastructure. By tapping into Red Hat’s collective experience
Continue reading “Exploring Red Hat Access Insights”
Here on the Red Hat Enterprise Linux Blog we’ve dedicated a number of posts to containers and a variety of associated Red Hat solutions. Whether you’re seeking to deploy Red Hat Enterprise Linux 6 applications on Red Hat Enterprise Linux 7 as containers, hoping to better understand how atomic updates work, or are simply out to learn all you can about Red Hat Enterprise Linux Atomic Host – there’s likely a post (here) with the information you need. However, we’ve yet to really explore container orchestration. To this end, I invite you to read this new post from Red Hat’s own Joe Fernandes. Joe talks about Kubernetes, Google’s tool for managing clusters of Linux containers, its progenitor (i.e Google’s Borg), and how Red Hat is building on top of Kubernetes to bring web-scale container infrastructure to enterprise customers.
Red Hat’s Performance Engineering team is responsible for the performance of many of Red Hat’s products. We cover existing products such as Red Hat Enterprise Linux, OpenStack Platform, OpenShift and Red Hat Enterprise Virtualization, as well as newer products like Ceph and CloudForms.
Although these days we contribute extensively to Red Hat’s cloud offerings, Red Hat Enterprise Linux remains a core responsibility as the building block for our ecosystem of customers and partners, plus much of Red Hat’s growing product portfolio.
Prior to beginning efforts on Red Hat Enterprise Linux 7 in earnest
Continue reading “Shaping the Performance of a Linux Distro: Inside Red Hat Enterprise Linux 7”
Having access to quality random numbers is essential for correct and secure operation of operating systems. Operating systems need random numbers from an entropy pool for a variety of tasks, like creating secure SSH or GPG/PGP keypairs, generating random PIDs for processes, generating TCP sequence numbers, and generating UUIDs.
With Red Hat Enterprise Linux 7 we introduced the virtio RNG (Random Number Generator) device that provides KVM virtual machines access to entropy from the host machine. Red Hat Enterprise Virtualization starting version 3.5 also has exposed this feature. We have since made improvements to Red Hat Enterprise Linux guests to make the feature easier and more straightforward to use.
A Brief Introduction to virtio and Paravirtualized Devices
virtio is the paravirtualized transport framework for KVM virtual machines. Using the virtio framework, new devices can be
Continue reading “Red Hat Enterprise Linux Virtual Machines: Access to Random Numbers Made Easy”