In my previous article I wrote about how it was possible to move from checkpoint/restore to container migration with CRIU. This time I want to write about how to actually migrate a running container from one system to another. In this article I will migrate a runC based container using runC’s built-in CRIU support to checkpoint and restore a container on different hosts.
I have two virtual machines (rhel01 and rhel02) which are hosting my container. My container is running Red Hat Enterprise Linux 7 and is located on a shared NFS, which both of my virtual machines have mounted. In addition, I am telling runC to mount the container
Continue reading “Container Live Migration Using runC and CRIU”
This post continues my series dedicated to the use of Identity Management (IdM) and related technologies to address the Payment Card Industry Data Security Standard (PCI DSS). This specific post is related to requirement eight (i.e. the requirement to identify and authenticate access to system components). The outline and mapping of individual articles to requirements can be found in the overarching post that started the series.
Requirement eight is directly related to IdM. IdM can be used to address most of the requirements in this section. IdM stores user accounts, provides user account life-cycle management
Continue reading “PCI Series: Requirement 8 – Identify and Authenticate Access to System Components”
A few weeks ago, I wrote a blog on removing capabilities from a container. But what if you want to add capabilities?
While I recommend that people remove capabilities, in certain situations users need to add capabilities in order to get their container to run.
One example is when you have a app that needs a single capability, like an Network Time Protocol (NTP) daemon container that resets the system time on a machine. So if you wanted to run a container for an ntp daemon, you would need to do a
--cap-add SYS_TIME. Sadly, many users don’t think this through, or understand what it means to add a capability.
Continue reading “Container Tidbits: Adding Capabilities to a Container”
This is my sixth post dedicated to the use of Identity Management (IdM) and related technologies to address the Payment Card Industry Data Security Standard (PCI DSS). This specific post is related to requirement seven (i.e. the requirement to restrict access to cardholder data by business need to know). The outline and mapping of individual articles to the requirements can be found in the overarching post that started the series.
Section 7 of the PCI DSS standard talks about access control and limiting the privileges of administrative accounts. IdM can play a big role in addressing these requirements. IdM provides several key features that are related to access control and privileged account management. The first one is
Continue reading “PCI Series: Requirement 7 – Restrict Access to Cardholder Data by Business Need to Know”
On August 24th of this year Red Hat announced the newest release of Red Hat Virtualization (RHV) 4.0.
Just two months later the Red Hat Cloud Suite tooling (known as the Cloud Deployment Planner) was updated to provide you with
Continue reading “Quick Guide: How to Plan Your Red Hat Virtualization 4.0 Deployment”
Red Hat IT makes extensive use of our own product offerings to effectively manage and to scale our large IT infrastructure. Red Hat Virtualization plays a key role in Red Hat’s overall IT infrastructure, as mentioned in a recent blog by the head of our IT Platform Operations team, Anderson Silva: Red Hat Keeps the Lights on with Red Hat Virtualization
Continue reading “Red Hat IT runs OpenShift Container Platform on Red Hat Virtualization and Ansible”
Two weeks ago, I attended ARM TechCon, the annual developer conference showcasing the latest offerings from ARM and its partners. There were a lot of new products (new and improved processor cores, radios and other IP), announcements with key themes around IoT (Internet of Things), mobile, security, automotive functional safety, and embedded software development. This was the first TechCon after ARM was acquired by Softbank for $32B this summer, so there was great interest in hearing what Masayoshi Son (Chairman & CEO of Softbank) would say in his first public appearance with ARM. Masayoshi Son talked about
Continue reading “Observations from ARM TechCon 2016”
Today we are pleased to announce the release of Red Hat Certificate System 9.1 and Red Hat Directory Server 10.1, both supported on Red Hat Enterprise Linux 7.3.
Red Hat Certificate System, based on the open source PKI capabilities of the Dogtag Certificate System, is designed to provide Certificate Life Cycle Management (i.e. to issue, renew, suspend, revoke, archive/recover, and manage the single and dual-key X.509v3 certificates needed to handle strong authentication, single sign-on, and secure communications).
Red Hat Directory Server is an open source LDAP-compliant server that centralizes application settings, user profiles, group data, policies, and access control information in a network-based registry based on the 389 Directory Server project. The Red Hat Directory Server simplifies user management by eliminating data redundancy and automating data maintenance. Red Hat Directory Server also improves security, enabling administrators to store policies and access control information in the directory for a single authentication source across enterprise or extranet applications.
What’s New in Red Hat Certificate System 9.1
Certificate System 9.1 has introduced
Continue reading “Now Available: Red Hat Certificate System 9.1 & Red Hat Directory Server 10.1”
Red Hat Virtualization offers a flexible technology for high-intensive performance and secure workloads. Red Hat Virtualization 4.0 introduced new features that enable customers to further extend the use case of traditional virtualization in hybrid cloud environments. The platform now easily incorporates third party network providers into the existing environment along with other technologies found in next generation cloud platforms such as Red Hat OpenStack Platform and Red Hat Enterprise Linux Atomic Host. Additionally, new infrastructure models are now supported including selected support for hyperconverged infrastructure; the native integration of compute and storage across a cluster of hosts in a Red Hat Virtualization environment.
Continue reading “Red Hat Virtualization: Bridging the Gap with the Cloud and Hyperconverged Infrastructure”