Modularity: Establishing Balance Between Devs and Ops

It’s no secret that to do their jobs well, developers often need to use as many tools as they can get their hands on to build the best application they can. For them, the right tools for the right job may consist of this version of component X and that version of component Y. But for another tool, entirely different versions of the same components might be needed.

For coders, this is usually just a matter of grabbing the different version of software they need off the internet, installing it, and using it to their heart’s content. No problem, right? Perhaps not for the developer, but from a systems administrator’s point of view, such installations can create systems that are very difficult to manage, particularly on the server side, where having software in packages that are supported and auditable is very much the preferred option.

Continue reading “Modularity: Establishing Balance Between Devs and Ops”

UKL: A Unikernel Based on Linux

Unikernels are customized, single address space bootable images composed of an application and the required bare-minimum kernel functionality. Today’s unikernels have demonstrated substantial performance and security advantages over monolithic and microkernels, but none have yet achieved widespread adoption.

The fundamental problem is that today’s unikernels, which have been developed by forking existing operating systems or as clean-slate designs, have abandoned the evolutionary community process that has made Linux such a success.  In this post we describe an alternative approach we are pursuing with the goal of making unikernels a community supported, evolving capability of Linux and and the GNU C LIbrary (glibc).

Continue reading “UKL: A Unikernel Based on Linux”

Seeing the Trees in the Forest: Anomaly Detection with Prometheus

Red Hat’s work within the field of artificial intelligence is primarily taking three directions right now. First, our engineers see the inclusion of AI features as a workload requirement for our platforms, as well as AI being applicable to Red Hat’s existing core business in order to increase open source development and production efficiency. In short, Red Hat thinks AI can be good for our customers and good for us, too.

Second, Red Hat is collaborating with the Mass Open Cloud project to establish the one thing that all AI tools need the most: data. Our team members are working on the Open Data Hub, a cloud platform that lets data scientists spend less time on dealing with infrastructure administration and more time building and running their data models.

The third aspect of Red Hat’s work in AI right now is at the application level. More to the point, how can developers plug in AI tools to applications so that data from those applications can be gathered for storage and later modeling?

Continue reading “Seeing the Trees in the Forest: Anomaly Detection with Prometheus”

Getting Strategic About Security

In this video from the Red Hat Summit 2018, Chief Security Architect Mike Bursell takes an enthusiastic look at three open source security technologies: DevSecOps, serverless computing, and Trusted Execution Environments.

These technologies are examples of where Red Hat’s longview is aimed for the security realm.

Continue reading “Getting Strategic About Security”

A Hub for Open Data at Mass Open Cloud

Open source software is good. Open source plus open data is even better. That makes initiatives such as the Open Data Hub both useful in and of themselves and as a template for maintaining control over your data.

Access to, and the ability to collaboratively build upon, open source code is genuinely useful. If it weren’t, open source software wouldn’t have become such an important part of how technology has developed over the past couple of decades. There are ideological reasons to prefer open source as well, but its effectiveness as a development model has won over the pragmatists.

Continue reading “A Hub for Open Data at Mass Open Cloud”

Building trust in cloud computing with Keylime

The goal of the Keylime project is to connect the features of Trusted Platform Modules (TPMs) and cloud computing. Keylime is a scalable trusted cloud key management system, providing an end-to-end solution for both bootstrapping hardware-rooted cryptographic identities for Infrastructure-as-a-Service (IaaS) nodes and for system-integrity monitoring those nodes via periodic attestation. Keylime extends the attestation capabilities of the TPM into the cloud, allowing tenants to verify that their applications, operating systems, and everything down to the hardware have not been tampered with.

A TPM (Trusted Platform Module) is a chip, present in most modern computers, that can perform various cryptographic statements in a tamper-proof fashion. In particular, through UEFI secure boot, a TPM can be used to verify at boot time that anything from the firmware up through the kernel and applications has not been modified from what the distributor originally shipped.

Continue reading “Building trust in cloud computing with Keylime”

Malleable Metal – Integrating SAN-booting with Foreman

The world of multi-tenant bare metal cloud computing in the datacenter is increasingly important.  With tenants being offered their own servers rather than locked-down VMs or compute services, the potential for innovation is much higher.  Mass Open Cloud aims to offer a multi-tenant cloud where hardware would be shared between organizations, such as universities, with tenants able to access bare metal instances directly. Here’s how we propose to create a standardized architecture to provide a seamless elastic bare-metal experience for Mass Open Cloud and similar environments.

Our solution to the bare-metal-as-a-service problem combines two projects: Mass Open Cloud’s Malleable Metal as a Service (M2) and the Red Hat stewarded Foreman Project.  Where M2 provides the means for provisioning servers, Foreman provides the orchestration and user interface.

Continue reading “Malleable Metal – Integrating SAN-booting with Foreman”

Next Generation Tools for Container Technology

In this video from the 2018 Red Hat Summit, Dan Walsh and Mrunal Patel lead a journey through a set of next generation tools for creating, deploying, and maintaining containers.

This journey covers tools such as CRI-O, Buildah, and Skopeo, which are being developed with other tools by Red Hat and the community into a complete toolchain for developing, operating, and maintaining Open Container Initiative (OCI)-compliant containers.

Continue reading “Next Generation Tools for Container Technology”

Kubernetes and the Platform of the Future

In another installment from the Red Hat Summit track from the Office of the CTO, this video is an informal discussion between Brandon Philips (previously CTO of CoreOS, acquired by Red Hat) and Clayton Coleman (Chief Engineer for OpenShift), interviewed by Steve Watt. They focus on Kubernetes as a platform of the future, identifying interesting trends in the open source ecosystem.

This discussion is a good example of the type of technologists that comprise the modern open source ecosystem, and epitomized by these three from Red Hat. Their backgrounds in real world development and operations combines with a genuine desire to help people that fuels their work in open source communities and product creation.

Continue reading “Kubernetes and the Platform of the Future”

The Future of Storage in Container Space: Part 4

The challenges of maintaining persistent storage in environments that are anything but persistent should not be taken lightly. My recent conversation with Ceph founder Sage Weil certainly made that clear. Thus far, the conversation with Sage has highlighted key areas of focus for the Red Hat Storage team as they look to the horizon, including how storage plans are affected by:

  • Hardware trends (examined in Part 1)
  • Software platforms (reviewed in Part 2)
  • Multi-cloud and hybrid cloud (discussed in Part 3)

In the last segment of our interview, Sage focused on technology that’s very much on the horizon: the emerging workloads. Specifically, how will storage work in a world where artificial intelligence and machine learning begins to shape software, hardware, and networking architecture?

Continue reading “The Future of Storage in Container Space: Part 4”