What are user namespaces? Sticking with the apartment complex analogy, the numbering of users and groups have historically been the same in every container and in the underlying host, just like public channel 10 is generally the same in every unit in an apartment building.
But, imagine that people in different apartments are getting their television signal from different cable and satellite companies. Channel 10 is now different for for each person. It might be sports for one person, and news for another.
Historically, in the Linux kernel, there was a single data structure which held users and groups. Starting in kernel version 3.8
Continue reading “What’s Next for Containers? User Namespaces”
The promise of Docker is that it simplifies application deployment, allows greater application density on hosts, and features a portable format that offers unparalleled flexibility over standard packaging. But one thing Docker doesn’t get you is the simplicity of `yum install foo` to install an application. Nor can Docker define or process a directed graph of container orchestration dependencies. We aim to change that.
Continue reading “Announcing “Yum + RPM for Containerized Applications” — Nulecule & Atomic App”
Today, we are pleased to announced the general availability of Red Hat Directory Server 10, the latest version of Red Hat’s open source, network-based registry server. Built on the technologies delivered by the 389 Directory Server project, Red Hat Directory Server offers a Lightweight Directory Access Protocol (LDAP)-compliant server that centralizes critical application information, simplifies user management and enhances security across an entire organization.
As a tool for building business applications, Red Hat Directory Server provides
Continue reading “Red Hat Directory Server 10 Now Generally Available”
Two-factor authentication, or 2FA, is not something new. It has existed for quite some time and in different forms. What is a ‘factor’? A factor is something you have, something you know, or something you are. For example, if we combine a PIN that you know, with your fingerprint, we get a 2FA based on biometrics. In practice, biometric solutions are not often used because it’s not especially difficult to steal someone’s fingerprint (…and it is quite hard to revoke or replace your finger). The more practical approach to two-factor authentication is to combine something you know, a PIN or password, with something you have.
Something you have often comes in form of
Continue reading “Identity Management and Two-Factor Authentication Using One-Time Passwords”
Identity Management (IdM) in Red Hat Enterprise Linux includes an optional Certificate Authority (CA) component. This CA is the same CA included with the Red Hat Certificate System (RHCS). If they’re the same, what is the relationship between IdM and RHCS? Is there a secret plan to replace one with another? This post reviews some of the details associated with each of the offerings and explores different use cases – indicating where you might choose to use one solution over the other.
Continue reading “Identity Management and Certificates”
In the identity management server space Red Hat has two offerings: Identity Management (IdM) in Red Hat Enterprise Linux and Red Hat Directory Server (RHDS). This article is dedicated to helping you understand why there are two solutions and how to chose the best one for your environment.
Before diving in too deep
Continue reading “Identity Management or Red Hat Directory Server – Which One Should I Use?”
As many specialists in the security world know – the RSA Security Conference is one of the biggest security conferences in North America. This year it was once again held in San Francisco at the Moscone Center. Every year the conference gets bigger and bigger, bringing in more and more people and companies from all over the world.
If you attended – you may have noticed that Red Hat had a booth this year. Located in the corner of the main expo floor (not far from some of the “big guys” like: IBM, Microsoft, EMC, CA Technologies, and Oracle) we were in a great location – receiving no shortage of traffic. In fact, despite staffing the booth with six Red Hatters we didn’t have any “down time” – everyone seemed to be interested in what Red Hat has to offer in security.
Over the course of the conference I made a few interesting observations…
Continue reading “RSA Security Conference 2015 in Review: Three Observations”
With every new Intel Xeon processor generation, the benefits typically span beyond simple increases in transistor counts or the number of cores within each processor. Things like increased memory capacity per chip or larger on-chip caches are tangible and measurable, and often have a direct effect on performance, resulting in record-breaking scores on various standard benchmarks.
There is, however, more to every new processor family launch than meets the eye. These new chips often send a ripple of innovation throughout our ecosystem of partners, forcing them to re-evaluate and re-visit existing performance results and break the status quo. The ability to support these partners is of paramount importance to Red Hat and, as a result, Red Hat Enterprise Linux is often being selected by our partners to support their ongoing benchmarking efforts.
Yesterday, Intel launched the Intel Xeon E7 v3 processor family with several new world record industry-standard benchmarks. Red Hat Enterprise Linux was used in nearly one-third of all results. The following table captures these leading results
Continue reading “Red Hat Delivers Leading Application Performance with the Latest Intel Xeon Processors”
Here on the Red Hat Enterprise Linux Blog we’ve dedicated a number of posts to containers and a variety of associated Red Hat solutions. Whether you’re seeking to deploy Red Hat Enterprise Linux 6 applications on Red Hat Enterprise Linux 7 as containers, hoping to better understand how atomic updates work, or are simply out to learn all you can about Red Hat Enterprise Linux Atomic Host – there’s likely a post (here) with the information you need. However, we’ve yet to really explore container orchestration. To this end, I invite you to read this new post from Red Hat’s own Joe Fernandes. Joe talks about Kubernetes, Google’s tool for managing clusters of Linux containers, its progenitor (i.e Google’s Borg), and how Red Hat is building on top of Kubernetes to bring web-scale container infrastructure to enterprise customers.
If you’re working with container images on Red Hat Enterprise Linux 7.1 or Red Hat Enterprise Linux Atomic Host, you might have noticed that the search and pull behavior of the included docker tool works slightly differently than it does if you’re working with that of the upstream project. This is intentional.
When we started the planning process for containers in RHEL 7.1, we had 3 goals in mind:
- Give control over the search path to the end-user administrator
- Enable a federated approach to search and discovery of docker-formatted container images
- Support the ability for Red Hat customers to consume container images and other content included as part of their Red Hat Subscription
The changes we implemented, which are documented on the Red Hat Customer Portal, affect three different areas of the tool:
Continue reading “Understanding the Changes to ‘docker search’ and ‘docker pull’ in Red Hat Enterprise Linux 7.1”