Note: Hawkular was deprecated as of December 18th, 2017. New releases of ManageIQ won’t include support for Hawkular as a Middleware Provider.
ManageIQ Blog
Container Management with CloudForms – Security & Compliance
This blog is part 4 of our series on Container Management with CloudForms.
This blog post focuses on the security and compliance aspects of managing containerized environments. In a container based infrastructure, the container software is often built directly by developers, usually via continuous integration (CI/CD). Once it comes to deploying this software in production, we need to make sure it is securely validated.
Another challenge is the source of those containers. Developers can use any base images for their builds, including insecure container images downloaded from the Internet. On the other hand, Enterprise IT needs to ensure all containers running in production are built based on trusted and approved sources.
And finally, it is also important to validate that all containers images, as well as containers instantiated from those images, are up to date with respect to security fixes.
CloudForms provides specific capabilities for managing security and compliance for container based infrastructures.
It can enforce policies for container hosts, and marks the nodes that are not compliant (e.g. outdated versions, configuration issues, security risks, etc). Those policies take into account information about the container host itself, but also about any resources that are connected to this host. If needed, it can trigger an action to start automatic remediation. We could for example automatically trigger an update of a package when a new security fix is available.
CloudForms also provides reporting for container sources. For example, it can identify containers that come from untrusted registries.
Finally it can scan the content of container images using OpenSCAP for standardized security checks. When an image is identified as non-compliant, all running containers instantiated from this image can be flagged automatically.
The following video demonstration highlights these capabilities in CloudForms:
Last Week in ManageIQ: How was your last week ?
Hi all!
Using Tags for Access Control
Most systems use Access Control Lists (ACL’s) to manage user’s access to objects. Common examples are ACL’s for file systems, LDAP, Web Servers and many more. Anyone who has had to create ACL rules and maintain them knows how complicated this can be. To make access control easy again, CloudForms uses tags. If the group a user belongs to has the same tag as the accessed object, access is granted, if not, access is denied.
Container Management with CloudForms – Service Health
This blog is part 3 of our series on Container Management with CloudForms.
A second area of concern identified when managing a containerized environment is service health. We need to operate our containers with good performance, reliability, and ensure high enough utilization ratios. In this post, we focus on the container based infrastructure, its on-going resource consumption, and how we can monitor and optimize its health.
Last Week in ManageIQ: Yep
Yep, it’s syncrou here again for another entry in LWIMIQ.
H-release Rearchitecture
The ManageIQ team underwent a rearchitecture investigation during the summer of 2017. In this blog post I’m hoping to give a bit of an overview of why we did this, and some of the preliminary results. We did a lot of research, and there’s no way I can fit all of it in a single blog post, so this is just the first in a series on the rearchitecture efforts.
Container Management with CloudForms – Operational Efficiency
This blog is part 2 of our series on Container Management with CloudForms.
Last Week in ManageIQ: Exploring Budapest while the others are working
Hello everyone, my name is Dávid Halász and I’d like to guide you through the changes we made in the last week.
MiqLdap To SSSD conversion tool
How does one use the miqldap_to_sssd conversion tool?