Enterprise open source software company Red Hat launched the latest of its Kubernetes offerings this week with the introduction of OpenShift Platform Plus at the company’s Red Hat Virtual Summit. Calling the platform “a complete Kubernetes stack out of the box,” Red Hat OpenShift Platform Plus intends to provide all that is needed to build, deploy, and run any application wherever OpenShift, Red Hat’s Kubernetes platform, is able to run.
More specifically, OpenShift Platform Plus bundles together Red Hat Advanced Cluster Security for Kubernetes (ACS), Red Hat Advanced Cluster Management for Kubernetes (ACM), and Red Hat Quay into a single offering.
If you’re looking at Red Hat’s Kubernetes offerings, there is an apparent hierarchy moving from more do-it-yourself bare bones to fully-featured offerings. At the base, there is Red Hat OpenShift, of which there are now three offerings. First, there is Red Hat OpenShift Kubernetes Engine, which delivers Kubernetes on a foundation of Red Hat Enterprise Linux CoreOS. Moving up, Red Hat OpenShift Container Platform adds developer and operations tooling for application development and modernization. Finally, OpenShift Platform Plus builds on that with these additional tools as part of a single bundle.
“Before this, you could buy OpenShift and do the add-ons of ACM, ACS, and Quay. What this does is it simplifies the portfolio and offering quite a bit. Customers, when they’re doing multicluster, when they’re doing hybrid or multicloud, those are the pieces that we think made the most sense to put into it,” said Stu Miniman, Red Hat’s director of market insights, cloud platforms. “And OpenShift Platform Plus will also be the vehicle for us to potentially add other pieces in the future. So, not pre-announcing any acquisitions, but if we made another acquisition, that would make sense to put into it.”
Already, OpenShift Platform Plus is the consolidation of two previous products that came to Red Hat through acquisitions. First, ACM comes by way of the company’s own acquisition by IBM, where it first came to life as IBM’s Cloud Pak for Multicloud Management, and was later announced in 2020 as part of OpenShift 4.4. Next, ACS is actually the realization of Red Hat’s acquisition of StackRox just four months ago.
“What previously was known as StackRox is now ACS: that’s secure supply chain, secure infrastructure, secure workloads, Kubernetes-native,” said Miniman. “Red Hat has over two decades of experience in securing the operating system, we’ve got more than five years of experience of securing Kubernetes itself, and this is enhanced security on top of that from that StackRox acquisition.”
When Red Hat acquired StackRox earlier this year, it purchased a security platform that added a “shift left” component to its security offering. With ACS, Red Hat OpenShift Platform Plus works to secure the supply chain, offers cloud security posture management (CSPM), which looks to identify and remediate risky cloud configurations, and also works to secure workloads by enforcing a zero-trust security posture.
Miniman emphasized that ACS would still be offered separately as a standalone product, noting that half of StackRox customers were already Red Hat customers, but nearly three-quarters of them were using Amazon Web Services, Microsoft, or Google offerings of cloud-based Kubernetes. As for whether or not ACS would be provided as open source, Miniman said that “when we made the acquisition, we reaffirmed our statement always that our goal is always to be 100% open source” but that they aren’t quite there yet with OpenShift Platform Plus. He said that there would be some news around Kubelinter, an open source static analysis tool that was released by StackRox around the time of the acquisition, that would be announced at Kubecon in a few weeks time, again emphasizing the importance of open source in terms of security for Red Hat.
“One of the biggest things you need to be more secure is you need to be up to date. In the open source world, one of its biggest strengths is how fast it can move. What we have found in building our solutions is, there have been exploits to Kubernetes that we have not been exposed to sometimes because of what we either do with the operating system level or how we configure things at the Kubernetes level,” said Miniman. “We don’t have any concerns about ‘oh, hey, if we open source it, does it become less secure?’ No, quite the opposite. We think that open source is a great way to do things secure.”
Overall, Miniman described OpenShift Platform Plus as providing all the pieces necessary in a single location, something that is uncommon currently.
“If you look at the way cloud services are acquired and managed, usually you don’t kind of have this masterpiece,” said Miniman. “You usually more pick and choose the pieces that you want, and you pay for them as needed and on-demand.”
Looking ahead, Miniman said that Ansible, Red Hat’s open-source software provisioning, configuration management, and application-deployment tool, might make an appearance in OpenShift Platform Plus, and that the company would be working on making the ACS experience more seamless with the rest of its products.
“You know, we’ve renamed it, we’ve got the color scheme right, but the GUIs look a little bit different than the rest of our portfolio,” said Miniman, “so, we’re working to not only get the look and the feel, but deeper and tighter integration between this full offering over time.”
Amazon Web Services, IBM and Red Hat are sponsors of The New Stack.