Kubernetes / Storage

Red Hat’s OpenShift Updates Focus on Data Encryption and Storage

16 Jan 2020 10:21am, by

This week, Red Hat offered a tandem launch of OpenShift 4.3, the latest version of its enterprise Kubernetes platform, alongside OpenShift Container Storage 4.2, which brings to fruition the company’s 2018 acquisition of cloud data management provider NooBaa.

Between the two releases, the focus lands squarely on the data — from the OpenShift point of view, the features address data security, with the addition of Federal Information Processing Standard (FIPS) compliant encryption and support for encryption of etcd among other enterprise security features, while OpenShift Container Storage 4.2 introduces a multicloud gateway via NooBaa that provides a single Amazon Web Services’ Simple Storage Service (S3) endpoint.

“What we’re trying to do is really solve a similar set of challenges — effectively what we’re solving for customers is portability, simplicity, security and scale. These are challenges for customers that are deploying applications and containers, and customers that are adopting hybrid cloud, OpenShift, and OpenShift Container Storage,” said Irshad Raihan, director of product marketing with Red Hat Storage in an interview. “Our attempt is to make it as seamless as possible, so an OpenShift user doesn’t really have to be a storage expert to be able to provision and manage storage for their applications. Traditional storage … wasn’t able to adapt to the scale and the agility of the cloud native modern application, especially as you factor in things like mobile.”

OpenShift Container Storage 4.2 is built on Ceph, Rook, and NooBaa technologies, providing a single Amazon Web Services Simple Storage Service (S3) endpoint to code to, giving developers access to file, block, and object storage, with initial support for AWS and VMware, both on-premises and in the cloud. In addition to the S3 endpoint, OpenShift Container Storage 4.2 also brings with it built-in data protection features, such as encryption, anonymization, key separation and erasure coding.

“This is a big differentiator for us to be able to provide that highly-scalable object storage. Under the covers, what’s running under OpenShift Container Storage is Ceph technologies,” said Raihan. Ceph “has been deployed to some of the most demanding workloads, and the next set of these massive applications coming to OpenShift are these data-centric, data-hungry applications. Being ready to serve up the scale that they need puts us in a really good spot.”

On the OpenShift 4.3 end of things, the addition of FIPS means that enterprises and government organizations handling extremely sensitive data and workloads can now use OpenShift and be compliant with regulations, but that is not the only security-focused feature in the latest release: Support for encryption of the etcd datastore used by OpenShift will help to better secure secrets and config maps stored at rest in ectd, and network bound data encryption can be used to remotely enable encrypted volumes to protect against physical theft of host storage.

Additionally, Red Hat has opened up OpertorHub.io to host private operators. Previously, operators needed to pass certain requirements, much like an app being submitted to an app store, but now private operators can be shared internally, which will be of use to customers with air-gapped installations. OpenShift 4.3 is based on Kubernetes 1.16 and also comes with a number of features in trial and going GA, most notably including the addition of application monitoring with Prometheus, which debuts in trial with this release.

In the end, Karena Angell, principal product marketing manager for OpenShift Container Storage, said the launch is focused on making things easier for the developer, especially when dealing with persistent storage.

“We have really tried to make it simplified. In this 4.2 release, the focus has really been on simplifying storage, which in the past has always been an issue, and providing that abstraction layer for existing storage as well. With that API, being able to, instead of hard coding your S3 API into your config files, now we can keep that up and out of your config files. You don’t have to worry about it when you’re pulling it down on-premises or keeping it in the cloud or moving to a cloud provider, not having to go through those hoops, you write to a single API,” said Angell.

Amazon Web Services, Red Hat and VMware are sponsors of The New Stack.

Feature image via Pixabay.

A newsletter digest of the week’s most important stories & analyses.

View / Add Comments

Please stay on topic and be respectful of others. Review our Terms of Use.