PCI Series: Requirement 2 – Do Not Use Vendor-Supplied Defaults for System Passwords and Other Security Parameters

This article is third in a series dedicated to the use of Identity Management (IdM) and related technologies to address the Payment Card Industry Data Security Standard (PCI DSS). This specific post covers the PCI DSS requirement related to not using vendor-supplied defaults for system passwords and other security parameters. The outline and mapping of individual articles to the requirements can be found in the overarching post that started the series.

The second section of the PCI-DSS standard applies to defaults – especially passwords and other security parameters. The standard calls for the reset of passwords (etc.) for any new system before placing it on the network. IdM can help here. Leveraging IdM for centralized accounts and policy information allows for a simple automated provisioning of new systems with

Continue reading “PCI Series: Requirement 2 – Do Not Use Vendor-Supplied Defaults for System Passwords and Other Security Parameters”

In Defense of the Pet Container, Part 3: Puppies, Kittens and… Containers

In our third and final installment (see: part one & part two), let’s take a look at some high-level use cases for Linux containers as well as finally (finally) defending what I like to call “pet” containers. From a general perspective, we see three repeated high-level use cases for containerizing applications:

  1. The fully orchestrated, multi-container application as you would create in OpenShift via the Red Hat Container Development Kit;
  2. Loosely orchestrated containers that don’t use advanced features like application templates and Kubernetes; and
  3. Pet containers.

Continue reading “In Defense of the Pet Container, Part 3: Puppies, Kittens and… Containers”

PCI Series: Requirement 1 – Install and Maintain a Firewall Configuration to Protect Cardholder Data

This article is one of the blog posts dedicated to use of Identity Management (IdM) and related technologies to address the Payment Card Industry Data Security Standard (PCI DSS). This specific post is related to requirement one – install and maintain a firewall configuration to protect cardholder data. The outline and mapping of individual articles to the requirements can be found in the overarching post that started the series.

The first requirement of the PCI standard talks about the firewalls and networking. While Red Hat’s Identity Management solution is not directly related to setting up networks and firewall rules, there are several aspects of IdM that

Continue reading “PCI Series: Requirement 1 – Install and Maintain a Firewall Configuration to Protect Cardholder Data”

Identity Management and Related Technologies and their Applicability to PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is not new. It has existed for several years and provides security guidelines and best practices for the storage and processing of personal cardholder data. This article takes a look at PCI DSS 3.2 (published in April of 2016) and shows how Identity Management in Red Hat Enterprise Linux (IdM) and related technologies can help customers to address PCI DSS requirements to achieve and stay compliant with the standard. If you need a copy of the PCI DSS document it can be acquired from the document library at the following site: www.pcisecuritystandards.org

In October of 2015 Red Hat published a paper that gives an overview of the PCI DSS standard and shows how Red Hat Satellite and other parts of the Red Hat portfolio can help customers to address their PCI compliance challenges. In this post I would like to expand on this paper and drill down into more detail about

Continue reading “Identity Management and Related Technologies and their Applicability to PCI DSS”

Announcing Red Hat Enterprise Linux Atomic Host 7.2.6

Red Hat Enterprise Linux Atomic Host is a small footprint, purpose-built version of Red Hat Enterprise Linux that is designed to run containerized workloads. Building on the success of our last release, Red Hat’s Atomic-OpenShift team is excited to announce the general availability of Red Hat Enterprise Linux Atomic Host 7.2.6. This release features improvements in rpm-ostree, cockpit, skopeo, docker, and the atomic CLI. The full release notes can be found here. This post is going to explore a major new feature

Continue reading “Announcing Red Hat Enterprise Linux Atomic Host 7.2.6”

Thinking Through an Identity Management Deployment

As the number of production deployments of Identity Management (IdM) grows and as many more pilots and proof of concepts come into being, it becomes (more and more) important to talk about best practices. Every production deployment needs to deal with things like failover, scalability, and performance.  In turn, there are a few practical questions that need to be answered, namely:

  • How many replicas do I need?
  • How should these replicas be distributed between my datacenters?
  • How should these replicas be connected to each other?

The answer to these questions depends on

Continue reading “Thinking Through an Identity Management Deployment”

.NET Core on Red Hat Enterprise Linux

In November 2015, I blogged about the announcement to bring .NET to RHEL from the .NET Core upstream project to enterprise customers and developers, both as an RPM and as a Linux container.  That was quite a moment for the industry and, quite frankly, for me as well, having participated in the discussions that led to the significant announcement with Microsoft.  Since then, we have been in tight collaboration to make sure this day would actually arrive.  Despite the usual challenges with a relatively new open source project, the project was

Continue reading “.NET Core on Red Hat Enterprise Linux”

Red Hat at DockerCon 16 in Seattle

If you’re heading to DockerCon 16 next week in Seattle, connect with us to see why Fortune 500 organizations trust Red Hat for enterprise deployments. Red Hat subject matter experts will be onsite to walk you through real-world use cases for securely developing, deploying and managing container-based applications. 

Attend the State of Container Security Session

Join two of Red Hat’s Docker contributors discussing the state of container security today. Senior Software Engineer Mrunal Patel and Thomas Cameron, Global Evangelist of Emerging Technology are presenting on how you can secure your containerized microservices without slowing down development.

Continue reading “Red Hat at DockerCon 16 in Seattle”

In Defense of the Pet Container, Part 1: Prelude – The Only Constant is Complexity

It’s been just over three years since Solomon Hykes presented the world with the (so far) most creative way to use the tar command: the Docker project. Not only does the project combine existing container-technologies and make them easier to use, but its well-timed introduction drove an unprecedented rate of adoption for new technology.

Did people run containers before the Docker project? Yes, but it was harder to do so. The broader community was favoring LXC, and Red Hat was working on a libvirt-based model for Red Hat Enterprise Linux. With OpenShift 2, Red Hat had already been running containers in production for several years – both in an online PaaS as well as on-premise for enterprise customers. The model pre-Docker however was fundamentally different from what we are seeing today: rather than enabling completely independent runtimes inside the containers, the approach in

Continue reading “In Defense of the Pet Container, Part 1: Prelude – The Only Constant is Complexity”

Red Hat Delivers High Performance on Critical Enterprise Workloads with the Latest Intel Xeon E7 v4 Processor Family

Not long ago, Intel introduced a new Xeon processor platform to enable faster computing for the enterprise world. Codenamed Broadwell, this architecture brought additional cores to the chip and many improvements, from faster memory support to various security enhancements. As with three generations of Intel Xeon processors before this one, these benefits span beyond simple increases in transistor counts or the number of cores within each processor.

Today, Intel launched the Intel Xeon E7 v4 processor family, a high-end, enterprise-focused class of processors based on Broadwell architecture and targeted at large systems with four or more CPUs. Accompanying the launch are several new world record industry-standard benchmarks; this is where things like increased memory capacity or larger on-chip caches benefit overall system performance, resulting in the highest reported scores on various standard benchmarks. The Xeon E7 v4 launch, along with other announcements like it, typically send a ripple of innovation throughout Red Hat’s partner ecosystem in the form of new and improved performance results. The ability to support these partners is of paramount importance to Red Hat and, as a result, Red Hat Enterprise Linux is often selected by these ongoing benchmarking efforts.

Here is how Red Hat Enterprise Linux scored this time:

Continue reading “Red Hat Delivers High Performance on Critical Enterprise Workloads with the Latest Intel Xeon E7 v4 Processor Family”