Red Hat Bolsters RHEL Atomic Host Security
One of the issues that hampers adoption of containers is concerns about security. Red Hat recently moved to allay some of those fears by adding support for a Security-Enhanced Linux (SELinux) module, which originally was developed for Red Hat Enterprise Linux (RHEL), available on a lightweight distribution of Linux favored by organizations deploying containers.
Steve Almy, product manager for RHEL 7.4, says RHEL Atomic Host now includes support for SELinux as a mechanism for implementing security policies. In addition, Red Hat is making available a technology preview of LiveFS on RHEL Atomic Host to install security updates without having to reboot the operating system. Those enhancements where delivered as part of RHEL 7.4 becoming generally available.
While Red Hat dominates when it comes to Linux distributions in the enterprise, the company finds itself in a pitched battle when it comes to lightweight distributions of operating systems. Rivals ranging from CoreOS and Canonical to Microsoft and VMware. Almy says one of the strengths of the Red Hat approach to RHEL Atomic Host is that all the investments Red Hat makes in RHEL, including SELinux and LiveFS, eventually find their way into RHEL Atomic Host whenever possible. Those additional security capabilities should go a long way to allay ongoing security concerns relating to the deployment of containers in production environments.
Other new capabilities being included in RHEL Atomic Host include support for OverlayFS, a mount file system, and full support for the overlay2 storage graph driver. In addition, full support for package layering using rpm-ostree as a means of adding packages such as monitoring agents and drivers to the host operating system is now also included.
Reliance on lightweight versions of operating systems is on the rise because many of the higher-level functions provided by traditional operating systems are being moved into the container itself. That approach makes it easier to package applications to run just about anywhere.
Almy notes that many IT organizations will deploy both RHEL and RHEL Atomic Host side by side. Because of that requirement, those organizations will benefit from the ongoing investments Red Hat is making in IT automation. In the latest instance of RHEL, for example, Red Hat is making available a technology preview of system roles, which provides a common management interface through which an automated workflow created using the Red Hat Ansible automation can be reused across a distributed RHEL environment.
It’s unclear whether most containers are going to be deployed on bare-metal servers running lightweight distributions of Linux or will continue to be deployed mainly on top of virtual machines. To be sure, IT operations teams will contend with a mix of both for some time to come. The issue from a DevOps perspective then becomes determining the most efficient means of managing an IT environment that is becoming more complex with each passing day.
