PCI Series: Requirement 1 – Install and Maintain a Firewall Configuration to Protect Cardholder Data

This article is one of the blog posts dedicated to use of Identity Management (IdM) and related technologies to address the Payment Card Industry Data Security Standard (PCI DSS). This specific post is related to requirement one – install and maintain a firewall configuration to protect cardholder data. The outline and mapping of individual articles to the requirements can be found in the overarching post that started the series.

The first requirement of the PCI standard talks about the firewalls and networking. While Red Hat’s Identity Management solution is not directly related to setting up networks and firewall rules, there are several aspects of IdM that

Continue reading “PCI Series: Requirement 1 – Install and Maintain a Firewall Configuration to Protect Cardholder Data”

Red Hat Federation Story: Ipsilon & Keycloak… a “Clash of the Titans”

Some time ago, two different projects were started in the open source community, namely: Ipsilon and Keycloak. These projects were started by groups with different backgrounds and different perspectives. In the beginning, it seemed like these two projects would have very little in common… though both aimed to include

Continue reading “Red Hat Federation Story: Ipsilon & Keycloak… a “Clash of the Titans””

Getting Started: Using Performance Co-Pilot and Vector for Browser Based Metric Visualizations

Performance Co-Pilot (PCP) is an open source, distributed, metrics gathering and analysis system.  In the latest release of Red Hat Enterprise Linux (i.e. 7.2), we’re not only shipping PCP 3.10.6, but a new browser based dashboard, Vector, which is built on top of PCP, and contributed by Netflix.  Together, they can provide a comprehensive overview of a local, or remote machine.

In this tutorial, we’ll be utilizing two different machines to demonstrate

Continue reading “Getting Started: Using Performance Co-Pilot and Vector for Browser Based Metric Visualizations”

Configuring and Applying SCAP Policies During Installation

Over the past few decades we have seen great advancements in the IT industry.  In fact, the industry itself seems to be growing at an increasingly faster pace.  However, as the industry grows so to does its evil twin – the figurative sum of all threats to IT security.

On the bright side, along with a steady stream of ever-evolving security issues and threats, there has also been a great effort to mitigate and, when possible, entirely eliminate such threats.  This is accomplished by either fixing the bugs that allowed these issues and threats to exist (in the first place) or by fixing the configurations and protectionary mechanisms of systems so as to prevent attackers from finding success.

As 2015 has been no stranger to news stories about data leakages, various security flaws, and new types of malware – one could easily conclude that “the dark side” is winning this seemingly eternal race.

However, taking the complexity of today’s IT solutions into account

Continue reading “Configuring and Applying SCAP Policies During Installation”

Getting the Best of Both Worlds with Queue Splitting (Bifurcated Driver)

The Linux networking stack has many features that are essential for IoT (Internet of Things) and data center networking, such as filtering, connection tracking, memory management, VLANs, overlay, and process isolation. These features come with a small overhead of latency and throughput for tiny packets at line rate.

DPDK (Data Plane Development Kit) allows access to the hardware directly from applications, bypassing the Linux networking stack. This reduces latency and allows more packets to be processed. However, many features that Linux provides are not available with DPDK.

What if there was a way to have ultra low latency and high throughput for some traffic, and full feature-set from Linux networking, all at the same time? This “utopia” is now possible with Queue Splitting (Bifurcated Driver).

Continue reading “Getting the Best of Both Worlds with Queue Splitting (Bifurcated Driver)”

Pushing the Limits of Kernel Networking

Note: The following post was authored by Alexander Duyck before leaving Red Hat earlier this month.  While Alex will be missed, his work continues in the capable hands of the Networking Services team.  To this end, I encourage you to “read on” and learn more about how we’ve turned up the heat on kernel networking with the beta release of Red Hat Enterprise Linux 7.2.


Over the last year I have been working at Red Hat as a part of the Linux Kernel Networking Services Team focused on improving the performance of the kernel networking data path.  Prior to working at Red Hat I had worked at Intel as a driver maintainer for their server drivers including ixgbe.  This has put me in a unique position to be able to provide tuning advice for both the network stack and the Intel device drivers.  Last month, at LinuxCon North America, I gave a presentation that summarizes most of the work that has been done to improve network performance in the last year, and the performance gains as seen by comparing Red Hat Enterprise Linux 7.1 versus an early (alpha) release of Red Hat Enterprise Linux 7.2.  The following is a recap of what I covered.

Continue reading “Pushing the Limits of Kernel Networking”

Now Available: Red Hat Enterprise Linux 7.2 Beta

In March, we announced the general availability of Red Hat Enterprise Linux 7.1, the first update to our Red Hat Enterprise Linux 7 platform.  In addition, we also announced the general availability of Red Hat Enterprise Linux Atomic Host, our first container-optimized host platform. Today, we are pleased to announce the beta availability of Red Hat Enterprise Linux 7.2.

Red Hat Enterprise Linux 7.2 beta includes a number of new features and enhancements – while continuing to provide the stability, reliability, and security required to meet the demands of both modern datacenters and next-generation IT environments.

Interested in learning more?  For more information on the beta release of Red Hat Enterprise Linux 7.2 you can review the release notes in the Red Hat Customer Portal.

Ready to get started?  If you’re an existing Red Hat customer (with an active Red Hat Enterprise Linux subscription), you can access and download Red Hat Enterprise Linux 7.2 beta via the Software & Download Center.