CloudForms

Security and Vulnerability Scanning of Container Images

Posted by

4

security concept with a lock

Overview

In this article we will focus on security and vulnerability strategies for scanning container images. I know, in the past security was always viewed upon as an impedance to the speed of production but hopefully these days are behind us. Having a security breach, as you probably know, is one of the most costly things an organization can endure. It takes years to build up a reputation and only seconds to tear it down completely.

I still see today, many organizations ignoring container images completely because it is often misunderstood. Exactly what is inside a container image? Who should be responsible for it? How does it map to what we have done on servers? Security teams often don’t understand containers or even know what questions to ask. We need to help them and it is our duty to do so. Unfortunately there are not very many tools that can help in broad sense. Containers are new and evolving at breakneck speed. That coupled with the fact that security can negatively impact the speed of a DevOps team (if not done right), it is no wonder we are at square one, in many cases.

Before we dive into more detail, let us review important security aspects of containers.

  • Containers can have various packaging formats, Docker is the most popular today
  • Containers are immutable and as such are image based
  • Container are never updated, any change always results in a new container
  • Container images consist of layers (base, runtime, application)
  • Container images require shared responsibility between dev and ops
  • Containers don’t contain, they are in fact, just processes

For more information I recommend reading about the 10 layers of container security.

Continue reading

OpenShift Showback Reporting using CloudForms

Posted by

7

openshift_logo plus_sign  cf_logo

Overview

One of the most important capabilities of any platform in today’s service driven, pay-as-you-go economy is metering and showback. Without a solid understanding of costs, organizations are in fact unable to provide services. With containers, metering and showback becomes more challenging. If we think about containers simply being processes, then we are basically needing to meter and perform showback at that level of granularity. In addition since OpenShift uses Kubernetes for container orchestration, there are additional concepts that are new. For example, one more more containers run together in what Kubernetes refers to as a Pod. Next Pods are extremely dynamic and their lifetime very short. All of this make metering and showback anything but straight-forward. Thankfully OpenShift and CloudForms have the solution.

Continue reading

CloudForms Installation and Configuration Guide for Red Hat Virtualization

Posted by

8

manageiq-logo-glyph

Overview

In this article we will deploy CloudForms 4.2 on Red Hat Enterprise Virtualization (RHV). We will also show how to configure CloudForms in order to properly manage a RHV cluster and it’s hosts as well as virtual machines.

Before you begin a RHV cluster is needed. If you haven’t set one up, here is a guide on how to build a basic two node RHV cluster.

Continue reading

Deploying CloudForms in the Azure Cloud

Posted by

0

redhat-ms

Overview

In this article we will deploy the CloudForms appliance in the Azure cloud. CloudForms is a cloud management platform based on the opensource project manageiq. Red Hat bought manageiq a few years back and opensourced the software. Originally it was designed to manage VMware but over the years has expanded to many additional traditional as well as cloud platforms. You can use this article as reference for both CloudForms and ManageIQ.

CloudForms can connect to many cloud providers such as RHEV (Red Hat Enterprise Virtualization), VMware, Hyper-V, OpenStack, Amazon Web Services (AWS), Google Cloud Engine (GCE) and Azure. Large organizations don’t have one cloud but many and in addition typically have on-premise, off-premise as well as public. All of these various platforms creates a lot of complexity if not managed right. CloudForms can create a bridge between traditional (mode 1) and cloud native (mode 2) workloads, offering applications a path to switch between these modes. In addition, CloudForms allows an IT organization to act as a cloud broker between the various public platforms. Finally CloudForms can be used to automatically deploy and manage applications across the various cloud platforms. Businesses have choice in platform, flexibility and speed while IT can manage it all centrally applying common policies or rule-sets regardless of where workloads are running.

Continue reading

Detecting Security Vulnerabilities in Docker Container Images

Posted by

5

container_sec

Overview

Containers, especially Docker container images have been on fire of late and it is simple to understand why? Docker container images give your development and operations organizations a major shot of adrenaline. The results are quite impressive. Applications are developed at never before seen speeds and as such organizations are able to deliver innovation to customers much faster. It’s all so easy, just get on Docker Hub, download a container and run it. So why isn’t everyone already doing this? Unfortunately it is not quite that simple. Enterprises have many other requirements such as security. Once IT operations gets involved they typically start asking a lot of questions. Who built this container? How is the container maintained? Who provides support for the software within the container? Does the software running within the container adhere to our security guidelines? How can we run security compliance checks within containers? How do we update software within containers?
Continue reading

Governing the Cloud with CloudForms

Posted by

1

Overview

In a previous article it was stated that cloud in not a technology but rather an architectural methodology of resource governance that utilizes underlying virtualization technologies. Since cloud is more about the methodology, the technology platforms such as VMware vCenter, Red Hat Virtualization Management (RHEVM), Microsoft System Center, Amazon EC2 and OpenStack can change as application requirements or life cycles change. An application may start on a virtualization platform like VMware but over time move to a cloud platform such as OpenStack. It could even have components serviced by both. This is the exact concept behind what Gartner talks about when they refer to Bi-Modal IT. Gartner also says 50% of companies will screw this up. A bridge is definitely needed for managing applications between these various platforms. Red Hat CloudForms is exactly that bridge. It allows us to create an abstraction above the virtualization platforms so that governance and business process can remain consistent across the cloud.
Continue reading