Red Hat Network Subscription Management

Red Hat Subscription Management 1

for managing subscriptions and systems through the Customer Portal

Abstract

This guide provides a quick-start look into subscriptions and system management in the Red Hat Customer Portal.
Effective asset management requires a mechanism to handle the software inventory — both the type of products and the number of systems that the software is installed on. The subscription management service of Customer Portal Subscription Management provides that mechanism and gives transparency into both global allocations of subscriptions for an entire account and specific subscriptions assigned to a single system.
This guide gives a quick view into using Customer Portal Subscription Management to manage your subscriptions and systems. For more information on the Red Hat Subscription Manager local tools and subscription concepts in general, see the Subscription Management Guide.

1. What We Mean by "Managing Subscriptions"

Many software companies base access to their products on licenses that are sold. At Red Hat, our software is already available under a GNU Public License v2, which allows general access to our source. Our products are available through subscriptions, which define services that we deliver (such as content delivery, updates, knowledgebase, and support levels) for these products. Our subscriptions are granted to individual servers and this entitles the server to receive support.
Customer Portal Subscription Management Subscription Management establishes the relationship between the product subscriptions that you have available and the elements of your IT infrastructure where those subscriptions are allocated. Customer Portal Subscription Management is one means to manage systems in connection with subscriptions.
Customer Portal Subscription Management

Figure 1. Customer Portal Subscription Management

An IT administrator has to know what products he has available, where these product subscriptions are assigned, and what systems are being managed. For this, Red Hat has a subscription management service through Customer Portal Subscription Management Subscription Management, which is managed locally (an individual system) or globally (all servers in the environment) through Red Hat Subscription Manager. The ultimate goal of subscription management is to allow administrators to see where their products are allocated within their infrastructure. There are several reasons for this:
  • First, to make sure that all of the products on your systems have valid and active subscriptions, so administrators can maintain compliance with any regulatory requirements (like PCI-DSS or SAS-70) and internal mandates.
  • Next, to help with procuring the right number and type of software products for the infrastructure. Over-subscribing a system or purchasing too many subscriptions for what your environment actually uses can cost your business money. Tracking used and available subscriptions and managing expirations and renewals more effectively can possibly lower your IT budget.
  • Last, subscription management makes it easier for you to know what products your systems need to access and to make sure they are assigned the right subscriptions.
Customer Portal Subscription Management is the web version of Red Hat Subscription Manager. It provides an organization-wide method to track the software products and subscriptions deployed across an account, such as what systems are being managed, the effective contract dates for subscriptions, and where subscriptions are attached. Customer Portal Subscription Management helps give a view into subscriptions and products in the infrastructure — it does not limit installations or provide proactive enforcement of installations.

1.1. The Subscription Process

Subscription management is a way of identifying and creating relationships between the systems in your IT environment and the software products that you have available through Red Hat.
Subscription management is the way of defining a relationship between the subscriptions that a company has, its local machines, and the products installed on those machines:
  1. An account buys a subscription to a product, which gives them access to Red Hat's Content Delivery Network, errata and patches, upgrades, and support.
    A subscription defines a quantity, meaning the number of systems that are allowed to have access to the product and all its support services because of that subscription.
  2. A server is added, or registered, to the inventory for the subscription management service. This means that the subscription service can manage the server and attach it subscriptions.
  3. A subscription is attached to a system, so that the system is entitled to support services and content for that product.
Customer Portal Subscription Management allows administrators to add and remove units (managed systems, domains, and other entities) to the inventory, and to attach subscriptions to those units. Local Red Hat Subscription Manager tools are available on Red Hat Enterprise Linux systems to manage that specific system by registering it and attaching or removing subscriptions. (Since the GUI and subscription-manager are limited to the local machine, they cannot be used to manage other systems in the inventory.)

1.2. Hosted Services and On-Premise Subscription Management Applications

The simplest way to attach subscriptions and deliver content is for local systems to connect directly to Red Hat's hosted network.
However, for large environments, highly-secure environments, and many other situations, that hosted arrangement is not feasible. Companies need a way to attach subscriptions and deliver software content locally.
In that case, an organization entry with an on-premise subscription management application organization is added to the inventory in Customer Portal Subscription Management. A block of subscriptions attached to that organization. The list of attached subscriptions is defined in a manifest which outlines all of the subscriptions, products, and content repositories for that organization (and, therefore, for all of the systems it manages). The subscription management application then directly manages all of the systems and units at its local site.
This has performance benefits by lowering bandwidth, and it offers significant management benefits to administrators by allowing local and flexible control over subscription management.

1.3. Customer Portal Subscription Management and RHN Classic

Some of the processes with subscription management may sound familiar, and there is a reason — subscriptions could be assigned to systems in previous releases of Red Hat Network. In RHN Classic, access to subscriptions was based on access to channels, or content delivery streams. Customer Portal Subscription Management manages subscriptions by looking at the available and installed products for a system. This treats both subscriptions and systems as individual entities, rather than opaque blocks defined by access to channels.
Customer Portal Subscription Management provides transparency both into what products are installed on a system (when using local Red Hat Subscription Manager tools) and what subscriptions are available to a system. This helps IT administrators to maintain software inventories and to plan their infrastructures in a way that wasn't possible under the traditional channel-based system.

Note

Customer Portal Subscription Management is certificate-based because each system is issued a public-key infrastructure (PKI) certificate which identifies it to the subscription service and to the CDN (an identity certificate). When a new subscription is attached to a system, Customer Portal Subscription Management issues a entitlement certificate which contains the subscription information. When a product is installed, then Customer Portal Subscription Management issues a product certificate which identifies that unique product installation on that system.
Using certificates simplifies the process for managing individual subscriptions and products for a system while making the process more secure.
Customer Portal Subscription Management and RHN Classic are mutually exclusive. A system is either managed under one subscription management service or the other, not both, but these systems do "work together." If a system is registered with Customer Portal Subscription Management, then there won't be any errors registered in the legacy RHN Classic tools, and vice versa. Both services will recognize the subscriptions granted to the system.

1.4. A Quick Reference of Subscription-Related Terms

system
Any entity — a physical or virtual machine — which is in the subscription service inventory and which can have subscriptions attached to it.
subcriptions
A subscription defines the products that are available, the support levels, the quantities (or number) of servers that the product can be installed on, architectures that the product is available for, content repositories which supply the product, and other information related to the products.
attach
Assigning a subscription to a system.
utilization
A summary of the total number of subscriptions available to an organization, and the total number of subscriptions that are attached to Customer Portal Subscription Management, RHN Classic, and different subscription management applications.
overusage
A state for an organization when they have more subscriptions attached than they have purchased. This can occur when infrastructures are using both Customer Portal Subscription Management and RHN Classic to register systems, since they draw from the same subscription pools but use separate tallies.
service level preference
A preference based on what service level to use for installed products.
release preference
A preference that restricts products and updates to a specific operating system minor release.
organization or subscription management application organization
A local subdivision that contains a subset of subscriptions. This is a way to define a subscription structure that reflects the IT environment. An organization can be aligned with a physical location or an organizational division in a company.
hosted
Subscription and content services provided by Red Hat, rather than an on-premise application.
available
A subscription which has quantities that have not been attached to a system yet.
Customer Portal Subscription Management
The hosted subscription management service. In this service, subscriptions are managed based on the product (and verified through issued certificates), rather than access to channels.
CDN
The Content Delivery Network.
channel
A collection of packages based around a software product, a group of related products, or a version of product. The channel-based way of defining subscriptions is used only by RHN Classic.
compatible
Available and active subscriptions which match the architecture of the system.
unit
Any entity — a physical or virtual machine, a domain, or a person — which is in the subscription management service inventory and which can have subscriptions attached to it.
content
Software downloads and updates.
Content Delivery Network (CDN)
The Red Hat-hosted content repositories and technology to deliver software, updates, and packages.
entitlement certificate
A certificate that contains a list of subscriptions for a system, including information about the products and quantities, content repositories, roles, and different namespaces.
identity certificate
A certificate which is issued to a system when the system is registered with the subscription management service. This certificate is used to authenticate and identify the system to the subscription management service.
inventory
A list of units (systems, domains, people, or applications) which have been registered to the subscription management service and a list of all subscriptions (current, expired, and future) which have been purchased by an organization.
license
A legal statement that defines how software can be used. Red Hat products are licensed under GPLv2. A subscription determines how many instances (quantities) or a product can be updated through Red Hat content streams and will be provided support but they do not restrict the ability to install or use software products.
product
The individual software product, like Red Hat Enterprise Linux or Directory Server.
product certificate
A certificate that is generated and installed on a system once a product is installed. This contains information about the specific system that the product is installed on (such as its hardware and architecture) and the product name, version, and namespace. This identifies that specific product installation to the subscription management service and CDN.
register (verb)
To add a system (physical or virtual) to the subscription management service inventory.
RHN Classic
The traditional RHN system. This will be available for a few years but is being phased out.
status
Whether all of the products installed on a system are fully covered with active subscriptions.
Subscription Manager
A set of tools used to view and attach subscriptions and to manage systems in the inventory. There are two Subscription Manager tools:
  • Subscription Manager GUI which is installed on the local system and manages that local system. It can be opened by running subscription-manager-gui or in the System => Administration menu.
  • Subscription Manager CLI which is also installed on the local system and manages that local system. Different operations can be invoked by running subscription-manager command. This tool can also be used to script interactions for subscriptions, such as for kickstart installations.
subscription management service
The backend server which interacts with the individual systems by creating an inventory of systems. It also keeps the inventory of subscriptions, including contracts, quantities, and expiration dates. When a new system is registered, when subscriptions are attached, and when products are installed. The subscription management service manages the changes and issues a corresponding certificate to the system to mark the change. The subscription management service also defines rules for products, such as hardware/architecture restrictions, to help with attaching subscriptions.
X.509 certificate
A specific certificate standard that is used to determine the format of certificates used for SSL communication and within a public key infrastructure. This is used to delineate the certificates used by the new subscription management service from the Satellite certificates used in the RHN Classic system.