Enrolling a client system into Identity Management (IdM) can be done with a single command, namely: ipa-client-install. This command will configure SSSD, Kerberos, Certmonger and other elements of the system to work with IdM. The important result is that the system will get an identity and key so that it can securely connect to IdM and perform its operations. However, to get the identity and key, the system should
In this article I want to talk about a runC container which I want to migrate around the world while clients stay connected to the application.
In my previous Checkpoint/Restore In Userspace (CRIU) articles I introduced CRIU (From Checkpoint/Restore to Container Migration) and in the follow-up I gave an example how to use it in combination with containers (Container Live Migration Using runC and CRIU). Recently Christian Horn published an additional article about CRIU which is also a good starting point.
In my container I am running Xonotic. Xonotic calls itself ‘The Free and Fast Arena Shooter’. The part that is running in the container is the server part of the game to which multiple clients can connect to play together. In this article the client is running on my local system while the server and its container is live migrated around the world.
I recently had the pleasure of linking up with one of my favorite Red Hat colleagues (David “Pinky” Pinkerton) from Australia while we were both in Southeast Asia for a Red Hat event. We both have a propensity for KVM and Red Hat Virtualization (RHV) in particular, and he brought up a fantastic topic – truly segregated networks to support other security requirements. The reason came up because he had a “high security” client that needed to keep different traffic types separated within RHV, as the VMs were used to scan live malware. And that is why I made the comment about the (justifiably) paranoid.
Let’s take a look. |
In the previous post I talked about Smart Card Support in Red Hat Enterprise Linux. In this article I will drill down into how to select the right deployment architecture depending on your constraints, requirements and availability of the smart card related functionality in different versions of Red Hat Enterprise Linux.
Red Hat Product Security was made aware of a vulnerability affecting the Linux kernel’s implementation of the Bluetooth L2CAP protocol. The vulnerability was named BlueBorne and was assigned an ID – CVE-2017-1000251.
Recent Red Hat Enterprise Linux releases see an expansion in support of the smart card related use cases. However customers usually have a mixed environment and standardize on a specific version of Red Hat Enterprise Linux for period of time. It is important to understand the
The open source community and the IT industry as a whole continue to discuss how they can use different hardware architectures to solve hard computational problems and address specific workloads. Customers value choice in their technology implementations, and choice is a key benefit of open source solutions. To best meet these needs, the software ecosystem has to
Increasing Interest in Identity Management
During last several months I’ve seen a rapid growth of interest in Red Hat’s Identity Management (IdM) solution. This might have been due to different reasons.
- First of all IdM has become much more mature and well known. In the past you come to a conference and talk about FreeIPA (community version of IdM) and IdM and you get a lot of people in the audience that have never heard about it.
Continue reading “Evaluating Total Cost of Ownership of the Identity Management Solution”
We’re adopting a new marketing mantra for Red Hat Enterprise Linux: Listen. Learn. Build. Which probably doesn’t seem all that revolutionary. That’s pretty much the mantra of open source. But compare that to how tech marketing usually happens.
There’s a lot of building–assets and advertisements and the whole nine yards. But the listening and learning parts usually happen afterwards, if at all.
So we’re making a conscious effort to explicitly apply the principles of open source to the way that we market our flagship open source technology. We’re starting with the listening part.
And who exactly are we listening to? You.
And what exactly are we listening to you talk about? Your OS adventures.
And what exactly do we mean by “OS adventures”?–
–Actually, here’s a better idea. Instead of telling you what we’re doing and why, let’s show you…
While there is a lot more than just the “Regulatory Technical Standard 25”, abbreviated to RTS 25 from now on, in the EU’s MiFID II regulations, the focus of this blog is all around RTS 25 and achieving compliance with the time synchronisation requirements this entails.