This post is dedicated to the new SSSD features in Red Hat Enterprise Linux 7.1 that have significance when SSSD is used by itself (i.e. without IdM integration) – for example, when connecting directly to Active Directory (AD) or some other Directory Server.
Control Access to Linux Machines with Active Directory GPO
A common use case for managing computer-based access control in an Active Directory environment is through the use of GPO policy settings related to Windows Logon Rights. The Administrator who maintains a heterogeneous AD and Red Hat Enterprise Linux network without an IdM server has traditionally had to face the challenging task of centrally controlling access to the Linux machines without being able to update the SSSD configuration on each and every client machine.
In Red Hat Enterprise Linux 7.1, the Administrator is (now) able to
Continue reading “New SSSD Features in Red Hat Enterprise Linux 7.1”
The main alternative to direct integration of Linux/UNIX systems into Active Directory (AD) environments is the indirect approach – where Linux systems are first connected to a central server and this server is then somehow connected to AD. This approach is not new. Over the years many environments have deployed LDAP servers to manage their Linux/UNIX systems (using this LDAP server) while users were stored in AD. To reconcile this issue and to enable users from AD to access Linux systems – users and their passwords were routinely synchronized from AD. While this approach is viable – it’s also quite limited and prone to error. In addition, there is little value in having a separate LDAP server. The only reason for such a setup is to have a separation of duties between Linux and Windows administrators. The net result is that the overhead is quite high while the value of such an approach is quite low.
When IdM (Identity Management in Red Hat Enterprise Linux based on FreeIPA technology) emerged, many environments were either considering direct integration or were “in-process” with respect to adoption. How, exactly, does IdM work? IdM provides
Continue reading “Overview of Indirect Active Directory Integration Using Identity Management (IdM)”
In November we announced Red Hat Enterprise Linux 7 Atomic Host Public Beta, a small footprint, container host based on Red Hat Enterprise Linux 7. It provides a stable host platform, optimized for running application containers, and brings a number of application software packaging and deployment benefits to customers.
What are the top 7 reasons to deploy containers on Red Hat Enterprise Linux 7 Atomic Host?
Continue reading “Top 7 Reasons to Use Red Hat Enterprise Linux Atomic Host”
Red Hat Enterprise Linux 7 Atomic Host Beta is an operating platform that is optimized and minimized to run containers. It packages key components of Red Hat Enterprise Linux 7 such as SELinux, systemd, and tuned with the kernel to facilitate running containers in a secure and optimized manner. It also offers Kubernetes and Docker to facilitate the rapid creation, deployment, and orchestration of containers – simplifying the life cycle management of applications and systems.
Containers allow users to put application and all of their runtime dependencies into secure packages that are both easy to deploy and easy to manage. Containers are also portable and images of a given container can be copied and replicated to other systems. Since containers are isolated from each other and are isolated from the host OS, libraries and application binaries can be updated individually without affecting other containers or the host OS (and vice versa).
The following video (below) mirrors the demo as presented
Continue reading “Performance Testing Red Hat Enterprise Linux 7 Atomic Host Beta on Amazon EC2”
Were you able to attend the Red Hat Enterprise Linux roadmap session at this year’s Red Hat Summit? If not, I have some good news – the slides are still available (here). In addition, many of the questions that were asked after the presentation were recorded, sorted, and answered… and are now posted on the Red Hat Summit Blog. Of note:
Continue reading “Red Hat Around the Web: Summit Q&A, NetworkManager 0.9.10, and DevOps (Part 3)”
The advent of any new technology tends to generate a lot of excitement. Over the course of my career, however, I have never experienced “a buzz” like what we are seeing around Linux containers and application packaging and isolation, containerized applications built in the Docker format. From my perspective, the ways in which containers may influence our ever evolving technological ecosystem are, quite possibly, limitless…okay, limitless may be strong, and while “game changing technology” may sound cliche, it’s not far from the truth in this case.
Continue reading “The Application Apartment Complex: Red Hat Enterprise Linux & Linux Containers”
Ever since Red Hat Enterprise Linux added KVM Virtualization as a kernel-based hypervisor to run virtual machines (way back in Red Hat Enterprise Linux 5.4), the operating system took on a dual personality.
Red Hat Enterprise Linux became both a Virtualization host for high density virtual data centers / cloud service platforms, and a guest operating system running on third party hypervisors such as VMware vSphere and Microsoft Hyper-V. As the topic is sufficiently broad, I plan to split my discussion of virtualization into two posts.
Today’s post will discuss Red Hat Enterprise Linux 7 beta as a hypervisor using KVM Virtualization technology and it will highlight a few key enhancements that make Red Hat Enterprise Linux the operating system of choice for modern hybrid data centers. While the features that I will review are inherently those that I find to be the most exciting (note: I’m hoping you will find them to be exciting and useful as well), a complete list is available in the Red Hat Enterprise Linux 7 beta release notes.
Continue reading “KVM Virtualization: Refining the Virtual World with Red Hat Enterprise Linux 7 Beta”
It seems that the daily news is full of the fallout that results when companies fail to protect online identities. The ability to limit access to sensitive applications and information to the right people with the right credentials is critical to ensuring the overall security of your infrastructure; critical… but not always easy.
Until recently, options for centralized identity management for the Linux environment were limited. There was no turnkey domain controller-like solution for the Linux/UNIX environment. Some Linux shops integrated open source tools like Kerberos and DNS to create centralized Linux-based identity management, but this option could be time-consuming to develop and expensive to maintain. Others integrated Linux clients directly into Microsoft Active Directory, but this option limited their ability to take advantage of some useful native Linux functionality like sudo and automount.
Continue reading “Who Goes There? Identity Management in Red Hat Enterprise Linux 7 Beta”