MiFID ii, RTS 25 and time synchronisation in Red Hat Enterprise Linux and Red Hat Virtualization

While there is a lot more than just the “Regulatory Technical Standard 25”, abbreviated to RTS 25 from now on, in the EU’s MiFID II regulations, the focus of this blog is all around RTS 25 and achieving compliance with the time synchronisation requirements this entails.

At a high level, the goal of MiFID ii is

Continue reading “MiFID ii, RTS 25 and time synchronisation in Red Hat Enterprise Linux and Red Hat Virtualization”

Discovery and Affinity

Questions related to DNS and service discovery regularly come up during deployments of Identity Management (IdM) in Red Hat Enterprise Linux in a trust configuration with Active Directory. This blog article will shed some light of this aspect of the integration.

We will start with a description of the environment. Let us say that the Active Directory  environment consist of

Continue reading “Discovery and Affinity”

Built-in protection against USB security attacks with USBGuard

Most people don’t consider their average USB memory stick to be a security threat. In fact, in a social engineering experiment conducted in 2016 at the University of Illinois and detailed in this research paper, a group of researchers dropped 297 USB sticks outside in the parking lot, in the hallway, and classrooms. Of the 297 USB sticks dropped,

Continue reading “Built-in protection against USB security attacks with USBGuard”

Signed Images from the Red Hat Container Catalog

As a follow-up to my introduction of simple signing, I’m excited to announce that Red Hat is now serving signatures for Red Hat Container Catalog Images!

In May, Red Hat announced the Container Health Index, providing an aggregate safety rating for container images in our public registry. As part of our commitment to delivering trusted content, we are now serving signed images. This means that customers can now configure a Red Hat Enterprise Linux host to cryptographically verify that images have come from Red Hat when they are pulled onto the system. This is a significant step in advancing the security of container hosts, providing assurance of provenance and integrity and enabling non-repudiation. Non-repudiation simply means that the signer cannot deny their signature—a key security principle for digital transactions.

Continue reading “Signed Images from the Red Hat Container Catalog”

Microsoft, Red Hat, and HPE Collaboration Delivers Choice & Value to Enterprise Customers

In the world of heterogeneous data centers – having multiple operating systems running on different hardware platforms (and architectures) is the norm.  Even traditional applications and databases are being migrated or abstracted using Java and other interpreted languages to minimize the impact on the end user, if they decide to run on a different platform.

Consider the common scenario where you have both Windows and Linux running in the data center and you need your Linux application to talk to Microsoft SQL Server and get some existing data from it. Your application would need to connect to the Windows server that is running the SQL Server database using one of many available APIs and request information.

While that may sound trivial, in reality you need to: know where that system is located, authenticate your application against it, and pay the penalty of traversing one or more networks to get the data back – all while the user is waiting. This, in fact, was “the way of the world” before Microsoft announced their intent to port MS SQL server to Linux in March of 2016.  Today, however, you have a choice of having your applications connect to a Microsoft SQL Server that runs on either Windows or Linux

Continue reading “Microsoft, Red Hat, and HPE Collaboration Delivers Choice & Value to Enterprise Customers”

Container Live Migration Using runC and CRIU

In my previous article I wrote about how it was possible to move from checkpoint/restore to container migration with CRIU. This time I want to write about how to actually migrate a running container from one system to another. In this article I will migrate a runC based container using runC’s built-in CRIU support to checkpoint and restore a container on different hosts.

I have two virtual machines (rhel01 and rhel02) which are hosting my container. My container is running Red Hat Enterprise Linux 7 and is located on a shared NFS, which both of my virtual machines have mounted. In addition, I am telling runC to mount the container

Continue reading “Container Live Migration Using runC and CRIU”

Thinking Through an Identity Management Deployment

As the number of production deployments of Identity Management (IdM) grows and as many more pilots and proof of concepts come into being, it becomes (more and more) important to talk about best practices. Every production deployment needs to deal with things like failover, scalability, and performance.  In turn, there are a few practical questions that need to be answered, namely:

  • How many replicas do I need?
  • How should these replicas be distributed between my datacenters?
  • How should these replicas be connected to each other?

The answer to these questions depends on

Continue reading “Thinking Through an Identity Management Deployment”

Combining PTP with NTP to Get the Best of Both Worlds

There are two supported protocols in Red Hat Enterprise Linux for synchronization of computer clocks over a network. The older and more well-known protocol is the Network Time Protocol (NTP). In its fourth version, NTP is defined by IETF in RFC 5905. The newer protocol is the Precision Time Protocol (PTP), which is defined in the IEEE 1588-2008 standard.

The reference implementation of NTP is provided in the ntp package. Starting with Red Hat Enterprise Linux 7.0 (and now in Red Hat Enterprise Linux 6.8) a more versatile NTP implementation is also provided via the chrony package, which can usually synchronize the clock with better accuracy and has other advantages over the reference implementation. PTP is implemented in the linuxptp package.

With two different protocols designed for synchronization of clocks, there is an obvious question as to which one is

Continue reading “Combining PTP with NTP to Get the Best of Both Worlds”

Red Hat Delivers High Performance on Critical Enterprise Workloads with the Latest Intel Xeon E7 v4 Processor Family

Not long ago, Intel introduced a new Xeon processor platform to enable faster computing for the enterprise world. Codenamed Broadwell, this architecture brought additional cores to the chip and many improvements, from faster memory support to various security enhancements. As with three generations of Intel Xeon processors before this one, these benefits span beyond simple increases in transistor counts or the number of cores within each processor.

Today, Intel launched the Intel Xeon E7 v4 processor family, a high-end, enterprise-focused class of processors based on Broadwell architecture and targeted at large systems with four or more CPUs. Accompanying the launch are several new world record industry-standard benchmarks; this is where things like increased memory capacity or larger on-chip caches benefit overall system performance, resulting in the highest reported scores on various standard benchmarks. The Xeon E7 v4 launch, along with other announcements like it, typically send a ripple of innovation throughout Red Hat’s partner ecosystem in the form of new and improved performance results. The ability to support these partners is of paramount importance to Red Hat and, as a result, Red Hat Enterprise Linux is often selected by these ongoing benchmarking efforts.

Here is how Red Hat Enterprise Linux scored this time:

Continue reading “Red Hat Delivers High Performance on Critical Enterprise Workloads with the Latest Intel Xeon E7 v4 Processor Family”