Red Hat Insights Technical FAQ

Updated -

Q: What is Red Hat Insights?
A: Red Hat® Insights provides proactive analytics with remediation guidance for Red Hat Enterprise Linux® (RHEL) environments. Insights is now available as part of active RHEL subscriptions for versions 6.4 and higher. Using more than 1,000 (and growing!) rules, it automatically scans RHEL systems to identify potential risks in the areas of performance, scalability, availability and security. This service is continually updated to include new rules and features that make administration easier. Regardless of whether the RHEL deployment is on premises, in the cloud or on private clouds, Insights helps proactively identify and remediate threats to avoid outages and unplanned downtime.

Note that as of May 2019, Insights is included with active Red Hat Enterprise Linux subscriptions for version 6.4 and above. Full details are available in the supported versions of Red Hat Enterprise Linux document.

Q: How do I install Red Hat Insights?
A: The installation process generally follows three basic steps:

  • Register your hosts or environments
  • Review the analytics results
  • Remediate issues

More information, including registration details, is available at Getting Started page

Q: Will Insights be included with all Red Hat Enterprise Linux versions, or are there exclusions?
A: Insights is available with all active RHEL subscriptions versions 6.4 and above - including RHEL 8. For versions of RHEL below version 8, you will install the Insights client, then register it. RHEL 8 includes the Insights client already, so you do not need to install it, but will need to register it. Note that embedded versions of Red Hat Enterprise Linux will not include Insights. See complete details on this page: Supported Versions of Red hat Enterprise Linux.

Q: What types of risks does Red Hat Insights identify?
A: Insights proactively identifies security, performance, availability and scalability issues. It leverages more than 1,000 rules that are derived from Red Hat’s extensive experience in supporting clients. Insights uniquely makes deep Red Hat knowledge that is used in identifying and solving issues in RHEL environments available when and where needed so you know where to focus your attention. It also provides remediation guidance for each issue and integrates with other Red Hat products such as Red Hat Ansible® to help you automate remediation steps.

Q: Where do I access Red Hat Insights?
A: Red Hat Insights is hosted on cloud.redhat.com. Existing Insights users who have already installed the Insights client can proceed directly to the analytics dashboard on this cloud site. New users or existing customers who want to register additional systems should begin on the Getting Started page for detailed instructions on registering hosts.

Q: If I use RHEL from a public cloud provider can I still access Insights?
A: Yes. Insights will be bundled with RHEL as a value of the subscription or service instance. You are able to run Insights regardless of where you are running your RHEL workload including on premise, or on public or private clouds. You must have a Red Hat customer portal ID and a Red Hat account number to access Insights. Full details are available here.

Q: Can I choose to use Insights through access.redhat.com instead of cloud.redhat.com?
A: No. All existing Insights customers who were using Insights on access.redhat.com have been moved to cloud.redhat.com. There is no longer an option to use Insights on access.redhat.com.

Q: On which environments and cloud deployments does Red Hat Insights identify issues?
A: Insights works on any RHEL environment (except embedded RHEL) and identifies issues associated with this operating system across a range of deployment options including on-premises (including virtual) and public or private cloud.

Q: What connectivity does the server need to use Insights?
A: Ensure active network connection to:

  • https://api.access.redhat.com:443
  • https://cert-api.access.redhat.com:443

Q: What is the design principle behind data collection in Insights?
A: The design principle with Insights is simple: collect only the minimum data that is needed for analysis and issue identification. Complete volumes of system information such as core dumps or full log files are avoided. Insights, by default, does not collect personal information.

Q: What information does Red Hat Insights collect?
A: Red Hat Insights collects metadata about the runtime configuration of a system. The data collected is a fraction of what would be collected through an sosreport during a support case. Examples of information that may be collected includes a line of a log file matching a rule, host configuration metadata, and runtime information.

Q: Is the data collected by Insights static or dynamic?
A: As new Insights rules are identified, there may be a need for additional metadata collection to meet the information requirements of the rule, so it is dynamic. The Red Hat Insights client, upon running, downloads the json configuration file here to determine what new metadata is needed for rules. This process can be disabled and instead manually updated via rpm version; however, this may cause you to miss out on new health checks which depend on recently added rules and information required for that rule until you perform a manual update.

Q: How can I see what information has been collected?
A: Before any data is sent, you have the option to inspect and redact data. The insights-client -- no-upload command lets you view the metadata that has been collected. This will let you look at the exact information that Insights is sending to Red Hat. Details are available in these two articles: System Information Collected by Red Hat Insights - Red Hat Customer Portal and How can I see what data is collected by Red Hat Insights.

Q: Can some information be excluded from collection?
A: Yes; see the article on Opting out of sending metadata from Red Hat Insights Client. You can remove host names and IP addresses from the data file using specific commands and you can also blacklist certain capabilities, patterns, keywords and more.

The Insights client also provides a way to Obfuscate hostname and IP information. The actual hostname and IP information is replaced with consistent obfuscated names sufficient for rule analysis.

Q: How does Red Hat Insights secure my data?
A: Your data is encrypted in three key ways: on your host system at the point of collection; in transit across the network; and when it is at rest on Red Hat infrastructure that supports the Insights service. In addition, you may also choose to alter the name chosen to represent the system (eg, apache01.prod instead of a fully qualified domain name). A few other points to note:

  • All communication with Red Hat occurs over encrypted channels using Transport Layer Security (TLS).
  • All TLS traffic with Red Hat servers is verified with a trusted certificate that is bundled with the application, ensuring that communications can not be intercepted, such as by a “man in the middle” attack.
  • The default communication model from client systems to Red Hat servers occurs with mutual TLS or two-way authentication using digital certificates.

Q: Can Ansible Playbooks be run if the hostname is obfuscated?
A: Playbooks rely on the hostname. If the hostname is obfuscated, you will be unable to use the generated playbooks without manual intervention.

Q: How long does Red Hat retain the data collected by Red Hat Insights?
A: By default, the Red Hat Insights client collects and uploads the data once a day. Hence, the collected data will normally be kept for 24 hours. Data uploaded by previous runs will be deleted when the same client uploads new data as part of the daily run. Data from Insights clients that no longer upload new data will be deleted after 14 days from the date of the last data upload.

When Red Hat processes the upload, there may be certain “rules hits” or issues identified. These rules hits are retained for historical reporting purposes and may be used by Red Hat as input into feature enhancements.

Q: What is the impact of the Insights agent and the data collection process on my systems?
A: The Insights agent is designed to be lightweight. It runs as a daily cron job that installs with a default schedule. It also has capabilities that let you customize the schedule for when the data collection agent runs and when the data is uploaded to the Insights service to minimize impacts on your networks and workloads. Note, however, that the collection process is lightweight and the data sets are small.

Q: Are there options to help deploy Insights to a large number of servers?
A: Yes. Insights has scripts available in Puppet, and Ansible to use along with our Getting Started page. If you happen to be managing these systems via a version of Satellite with Insights integration, mass registration of Insights is built in via the bootstrap script provided with Satellite. More information is available here.

Q: How does remediation with Ansible work?
A: When Red Hat Insights identifies an issue, an Ansible playbook is often included. You can optionally execute this playbook to remediate the issue, or you can use the provided remediation guidance to resolve an issue manually or to create your own playbook to execute with Ansible Tower. If you use Insights inside of Satellite, you can use Satellite to generate the playbook and run it.

Q: Can I remediate Insights issues from within Satellite?
A: Yes. Insights is deeply integrated with Red Hat Satellite allowing you to see and remediate issues that Insights found from within Satellite. Either using optional dashboard widgets or by using the Insights menu item on the left hand navigation bar, you can review the identified risks and create a playbook to perform remediation. If you are resolving a rule for which Insights has an Ansible playbook that can be dynamically generated, the playbook can be generated and run from within the Satellite user interface. This allows you to find and fix the issue inside of Satellite. Satellite uses built-in Ansible technology to perform the remediation. The Red Hat Satellite documentationhas additional information on this topic, or you can watch a video.

Q: Can Red Hat Insights support a Docker or Kubernetes environment?
A: Yes. Insights can analyze RHEL, even if it’s within a container.

Q: Is Red Hat Insights available for Red Hat OpenShift?
A: Is this available on Red Hat Openshift?
Today, Insights monitors Red Hat Enterprise Linix configurations and the workloads running on top of it. So, it monitors for a variety of database workloads running on this platform. In the same way, it monitors OpenShift 3 workloads running on top of Red Hat Enterprise Linux. Typically it takes a bit of time for the knowledge base that drives the rules to be developed once the product is in the market. We're planning to provide similar capabilities for Openshift 4.x in the future.

Q: Does Insights have hardware specific rules?
A: Yes. There is a series of rules designed to analyze the interaction between Red Hat Enterprise Linux and hardware including server, network and storage devices as well as cloud platforms. Here are a few examples:

  • Network interface card is not operating at maximum speed due to faulty cable, network interface card, switchport, SFP, etc.
  • Unsupported kernel version on Intel Purley Platform with Intel Skylake CPU
  • Kdump Does Not Work Due To XEN/AWS's Limitation

Q: Does Insights support Red Hat Enterprise Linux running on IBM Power Systems and IBM Z systems?
A:Yes, Insights works on these hardware platforms and provides analysis of general RHEL operations on these platforms.

Q: Where can I get additional information about Red Hat Insights?
A: There are a range of internal and external resources on Red Hat Insights:
- Red Hat Insights product web page
- Red Hat Insights Customer Portal page
- Video Channel: Red Hat Insights
- Blog: Red Hat Insights