Red Hat Releases Container-Centric OS with Docker, Kubernetes Integrations
Red Hat today released its Red Hat Enterprise Linux 7 (RHEL 7) Atomic Host container-focused offering, alongside the first update to its main enterprise product, Red Hat Enterprise Linux, which now moves into version 7.1. The release of RHEL 7 Atomic Host into general availability from public beta recognizes the increased competition in the container-optimized, minimalist operating system market. As more businesses and enterprises seek to take advantage of the microservices and multi-host benefits of a distributed, containerized application architecture environment, Red Hat is hoping to replicate the sort of uptake it sees with its main enterprise RHEL offering.
The new release integrates with core Docker tools, including support for container images in Docker format. RHEL 7 Atomic Host also leans on the Kubernetes framework to enable orchestration at scale.
“Atomic Host is all about how to architect container applications in the enterprise,” says Mark Coggin, senior director of product marketing at Red Hat. “Being optimized means we are taking the core aspects of RHEL 7 and turning it into a host platform. The critical pieces needed to manage applications and containers are running on top of this host.”
While creating a big focus on being unique in the space, several of the features included in RHEL 7 Atomic Host are available in other operating systems also specifically designed for container use. Red Hat argues they are unique to offer atomic upgrades, that is, a feature which automatically upgrades the operating system with the latest security patches while enabling sysadmins to have the flexibility of rolling back any upgrades should they choose to.
But Brandon Philips, CTO at competitor CoreOS, says this was a central tenet in the initial creation of CoreOS:
“The basic idea is that we have an operating system that could update itself.”
Philips points to the automatic updates as an important security feature that still allows control for IT managers. In the past, patches, updates and security fixes would often need to be manually installed by IT managers. Recent security responses to viruses like Shellshock showed the difficulties of keeping IT managers around the global regularly updated with new security issues. At that time, Digital Ocean, for example, wrote to their customers about the security risk: 52.1 percent opened the email, which is a great response rate for these types of emails, but that means just under half their customers may not be aware of the security concerns. “Software will never be 100% secure, so you have to design to support the infrastructure. The cognitive load of updating the machines and in what order is a real headache.” The idea of automatic security updates is to reduce this cognitive load.
Like Red Hat’s Atomic Host release, CoreOS still enables IT managers to remain in charge and roll back from any automatic updates: “This leads to a few nice characteristics,” says Philips.
“We can cryptographically verify the system on disk. This is unique to CoreOS.”
Red Hat will be hoping Atomic Host can mimic in the container environment the market share their enterprise product — Red Hat Enterprise Linux 7 — commands in the broader enterprise landscape. Red Hat Enterprise Linux is the operating system used in four of the top ten supercomputers, as measured by the Top500 project, and Red Hat themselves say they are used by 90 percent of Fortune 500 companies.
Fighting to reign the container operating system market may require some catch up, however. Dustin Kirkland, Cloud Solutions product manager from Canonical’s Ubuntu, believes they have the upper hand.
“I am very proud of our position in the Docker ecosystem,” Kirkland said. “We are proud of our leading system. The velocity of Ubuntu matches the velocity of the container ecosystem. The whole concept of containerizing apps is something that is evolving at a cloud and lightening pace, and matches our pace with Ubuntu.
“If you go to Docker Hub, almost two million Ubuntu images have been launched in Docker. That’s more than five times the next most common. This is because of Ubuntu’s velocity, and we are also very small. Speed and security is everything, and having a small image is essential to that.”
While competitors like Ubuntu and CoreOS are keen to stake their container claims, Lars Herrmann, senior director of systems design and engineering at Red Hat, believes the technologies built-in to RHEL 7 Atomic Host make their product more secure, more flexible and more portable. Two of those features are the inclusion of SELinux and the creation of super privileged containers. This feature creates additional security provisions that can be set to inform how a container accesses the host and other containers.
“Containers do not contain. RHEL 7 and RHEL 7 Atomic host are the only products integrating with SELinux, and that creates and locks the container into an isolated environment. In addition, super-privileged environments are unique to RHEL 7 Atomic Host. You can give explicit permission to what runs in a container. It is highly flexible, and easily encapsulated into the command line at the front end, so it is feature-rich but easy, and ultimately secure.”
This year is already seeing the widening of the container discussion beyond Docker, and the rush to be at the forefront of the operating system-of-choice for container environments is on in earnest with the new release of Red Hat Enterprise Linux 7 Atomic Host.