Red Hat Enterprise Linux Atomic Host Opens New Possibilities for Red Hat Storage Customers

Ready to adopt Red Hat Enterprise Linux Atomic Host? I recommend you visit the Red Hat Storage Blog to learn more about how Red Hat Storage with Ceph & Gluster are compelling storage options for containerized environments.

Red Hat Storage

By Sayan Saha, Sr. Manager, Product Management, Storage & Data Business, Red Hat.

This week Red Hat announced the general availability of Red Hat Enterprise Linux Atomic Host – a host environment optimized to run containerized applications with a minimal footprint. Red Hat Enterprise Linux Atomic Host simplifies maintenance using image-based update and rollback and includes orchestration toolsets such as kubernetes for managing containers across a cluster of hosts. The new Red Hat Enterprise Linux Atomic Host inherits the industry-leading hardware ecosystem, reliability, stability and security the industry has come to expect from Red Hat Enterprise Linux.

What this means for Red Hat Storage customers

This announcement is significant for Red Hat Storage customers on multiple fronts. Workloads running in containers require persistent storage for application code and data. Given the rapid growth in the number of containers within today’s IT shops, software-defined storage has an advantage over traditional storage…

View original post 432 more words

Active Directory and Identity Management (IdM) Trusts – Exactly Where Are My Users?

As this is my sixth post on Identity Management I thought it would (first) be wise to explain (and link back to) my previous efforts.  My first post kicked off the series by outlining challenges associated with interoperability in the modern enterprise.  My second post explored  how the integration gap between Linux systems and Active Directory emerged, how it was formerly addressed, and what options are available now.  My third post outlined the set of criteria with which one is able to examine various integration options.  And my most recent entries, post four and five, reviewed options for direct and indirect integration, respectively.

Delving deeper into the world of indirect integration (i.e. utilizing a trust-based approach) – two of the biggest questions are often: “Where are my users?” and “Where does authentication actually happen?” As opposed to a solution that relies upon synchronization

Continue reading “Active Directory and Identity Management (IdM) Trusts – Exactly Where Are My Users?”

Overview of Indirect Active Directory Integration Using Identity Management (IdM)

The main alternative to direct integration of Linux/UNIX systems into Active Directory (AD) environments is the indirect approach – where Linux systems are first connected to a central server and this server is then somehow connected to AD. This approach is not new. Over the years many environments have deployed LDAP servers to manage their Linux/UNIX systems (using this LDAP server) while users were stored in AD. To reconcile this issue and to enable users from AD to access Linux systems – users and their passwords were routinely synchronized from AD. While this approach is viable – it’s also quite limited and prone to error. In addition, there is little value in having a separate LDAP server. The only reason for such a setup is to have a separation of duties between Linux and Windows administrators. The net result is that the overhead is quite high while the value of such an approach is quite low.

When IdM (Identity Management in Red Hat Enterprise Linux based on FreeIPA technology) emerged, many environments were either considering direct integration or were “in-process” with respect to adoption. How, exactly, does IdM work? IdM provides

Continue reading “Overview of Indirect Active Directory Integration Using Identity Management (IdM)”

Overview of Direct Integration Options

As mentioned in my previous post there are multiple ways to connect a Linux system to Active Directory (AD) directly. With this in mind, let us review the following list of options…

  • The legacy integration option: this is a solution where (likely older) native Linux tools are used to connect to an LDAP server of your choice (e.g. AD).
  • The traditional integration option: this is a solution based on Samba winbind.
  • The third-party integration option: this is a solution based on (proprietary) commercial software.
  • The contemporary integration option: this is a solution based on SSSD.

Legacy Integration Option

In the case of the legacy integration option (see figure above), a Linux system is connected to AD using LDAP for identity lookup and LDAP or Kerberos for authentication. It pretty much solves the problem of basic user authentication. That said, such a solution has the following significant limitations:

Continue reading “Overview of Direct Integration Options”

What’s Moving in the World of POWER?

Linux permanently changed the landscape of the datacenter by creating a community approach to rapid innovation. Its introduction and widespread adoption have fueled a shift from closed to open systems, often times providing greater resiliency than other operating environments. Commodity x86 architectures are only one slice of a much larger market for reliable open source enterprise-class systems – and Linux has for many years been a cross-platform operating system. For example, did you know that Red Hat Enterprise Linux also runs on IBM’s Power Systems (POWER) and z Systems architectures? These options give IT organizations flexibility with respect to hardware for workloads and use cases ranging from big data analytics to cloud computing. Ensuring that Red Hat Enterprise Linux runs on IBM’s Power Systems and z Systems architectures gives our customers a broad range of application and deployment choices.

Red Hat Enterprise Linux for Power and Red Hat Enterprise Linux for System z are built

Continue reading “What’s Moving in the World of POWER?”

Aspects of Integration

In my previous post I reviewed the trends related to the integration of Linux systems into environments managed by Active Directory (AD). In this post I will review two integration options, namely: direct integration and indirect integration.

The direct option is, not surprisingly, when your systems are integrated into AD directly (i.e. your Linux systems communicate directly with AD), while the indirect option leverages an intermediary server (see figure below).

Continue reading “Aspects of Integration”

Closing the Integration Gap

This post is the second in a series of blog posts about integrating Linux systems into Active Directory environments. In the previous post we discussed dishwashers and, more seriously, some basic principles. In this post I will continue by exploring how the integration gap between Linux systems and Active Directory emerged, how it was formerly addressed, and what options are available now.

Let’s start with a bit of history… before the advent of Active Directory, Linux and UNIX systems had developed ways to connect to, and interact with, a central LDAP server for identity look-up and authentication purposes. These connections were basic, but as the environments were not overly complex (in comparison to modern equivalents) – they were good enough for the time. Then… AD was born.

Active Directory not only integrated several services (namely: LDAP, Kerberos, and DNS) under one hood, but it also

Continue reading “Closing the Integration Gap”

An Introduction to Interoperability Challenges in the Modern Enterprise

Have you ever purchased a new dishwasher? For those of you who have, you know that the dishes don’t get washed until your “purchase” is picked-up/delivered, the old dishwasher is removed, and the new unit is hooked-up. In fact, until the new dishwasher is hooked-up, it simply doesn’t work. The dishwasher can be smart, stylish, noiseless, and/or energy-efficient… but none of this matters if it’s not properly connected. At the end of the day, if you want to enjoy the luxury of automatic dish washing, one thing is clear: your new dishwasher needs to be hooked-up.

The act of hooking-up a dishwasher is not unlike adding a Linux system to an existing enterprise IT environment. When you deploy a Linux system, it too needs to be “hooked-up”. As the data that flows through your environment consists of different kinds of objects (e.g. users, groups, hosts, and services) the associated identity information is not unlike the water in your dishwasher. Without this identity information

Continue reading “An Introduction to Interoperability Challenges in the Modern Enterprise”

Mysteries of NUMA Memory Management Revealed

The memory subsystem is one of the most critical components of modern server systems–it supplies critical run-time data and instructions to applications and to the operating system. Red Hat Enterprise Linux provides a number of tools for managing memory. This post illustrates how you can use these tools to boost the performance of systems with NUMA topologies.

Continue reading “Mysteries of NUMA Memory Management Revealed”

How Red Hat Enterprise Linux Atomic Host Powers OpenShift Online

The OpenShift Online Technical Operations team was looking forward to the beta availability of Red Hat Enterprise Linux Atomic Host. In fact, they participated in early sprints as part of the Atomic Special Interest Group (SIG) to help make sure Red Hat Enterprise Linux Atomic Host had the operational “beef” to stand high alongside Red Hat’s other enterprise products. Part of this process led to us running the unreleased bits in OpenShift Online prior to the beta announcement.

That said, we’re not using it to run some corner niche of our infrastructure. Instead, we are using the Red Hat Enterprise Linux Atomic Host + Docker combo to run our reverse proxy tier. This means that every API, www.openshift.com, and web console request made to OpenShift Online runs through this tier.

So why all the interest? The small size of Red Hat Enterprise Linux Atomic Host is the

Continue reading “How Red Hat Enterprise Linux Atomic Host Powers OpenShift Online”