Red Hat brings containers to Enterprise Linux with Atomic Host
Red Hat is joining in on the microservices trend with a newer operating system for running Linux containers.
Twelve years after the debut of Red Hat Enterprise Linux, the open source firm has announced it is adding a container approach to its Enterprise Linux 7 platform. Senior Director of product strategy Lars Herrmann explained how the latest offering aims to help better leverage DevOps.
JAXenter: Can you tell us a bit about the Enterprise Linux 7 Atomic Host and what kind of solution Red Hat is aiming for with it?
Lars Herrmann, Red Hat: It’s important to note that creating containers means both a host platform (in this case Red Hat Enterprise Linux 7 Atomic Host) and the container (in this case built from Red Hat platform images). Both the host and container draw from core components of the operating system, and the subtle but critical point is that the two remain intertwined and interdependent.
Red Hat Enterprise Linux 7 Atomic Host is, at the most basic level, an operating system designed to run Linux containers. This means that the operating system is stripped down to the bare essentials required to run a Linux container, giving it a very small footprint as well as low overhead requirements. Unlike other container-specific operating systems or “hosts,” Red Hat Enterprise Linux 7 Atomic Host is built from Red Hat’s flagship Linux platform, Red Hat Enterprise Linux 7. This means that our container host inherits the hardened, reliable and secure aspects of Red Hat Enterprise Linux 7 while still delivering only the minimum packages needed for a container-based infrastructure.
Can you give us a sense of what kind of audience you’re targeting and some of the use cases?
Our target market for Red Hat Enterprise Linux 7 Atomic Host is any organization looking to implement container-based architecture without sacrificing traditional security and reliability needs.
Additionally, our solution is ideal for enterprises looking to better leverage DevOps; it allows developers more freedom in terms of creating containerized applications while giving operations teams a standardized, secure platform for deployment and maintenance.
DevOps can mean many things, but one of the aspects we embrace is that it creates more clear lines of accountability for the “dev” (developer) teams, and the “ops” (infrastructure operations) team.
Red Hat says that it’s focusing on “mitigation of security concerns” in this project – can you tell us what’s been done in this area?
Obviously, security and, alongside it, provenance are two critical needs that must be addressed before enterprises can fully engage in Linux container-based solutions. This means that containers are built from trusted sources, knowing who built them and ensuring the the resulting container does not have defects or vulnerabilities. Building a container from trusted platform images from Red Hat addresses this exposure. Building a container from random upstream packages and libraries creates risk.
Also part of the focus on securing containers and security overall, Red Hat Enterprise Linux 7 Atomic Host uses SELinux to more fully isolate containers as a default feature, delivering a high level of security for enterprise use cases. Additionally, Red Hat’s container host supports super-privileged containers, essentially allowing a clear, simplified and secure path for management applications to access the host and other containers without opening up new attack surfaces. The host can be extended using super-privileged containers to automate tasks for container updates and inspection, and can also integrate with other security tools used in the enterprise.
Finally, Red Hat is working on a certification program, to validate and certify that the containers have safe/trusted contents, building assurance for the enterprise that they can run them on Red Hat platforms.
Ultimately, by running on Red Hat Enterprise Linux 7 Atomic Host or Red Hat Enterprise Linux 7 as a container host, containerized applications can be built and run using Red Hat Enterprise Linux platform images and Red Hat JBoss as the runtime components. Therefore, the user will benefit from the reliability and security that we provide for all of our platform products.
With regard to this latest offering, where do you see the advantages to Microservices over the monolithic approach?
While Red Hat Enterprise Linux 7 Atomic Host is uniquely suited to supporting microservices and the resulting applications, we are still maintaining our support for more traditional application stacks, thanks to the inclusion of Red Hat Enterprise Linux 6 and 7 platform images for container creation with this offering.
Microservices, do, however, lend themselves to enhanced business agility and operational efficiency over the monolithic model – by being able to weave and reweave complex applications out of basic, container-based services, enterprise can more effectively address evolving IT and business needs without having to worry about repositioning, recoding or porting existing applications.