Red Hat Cloud Access Reference Guide
Red Hat Subscription Management Documentation Team
rhsm-docs@redhat.comAbstract
Making open source more inclusive
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.
Chapter 1. Red Hat Cloud Access program overview
The Red Hat Cloud Access program is designed to provide subscription portability for customers who want to use their Red Hat product subscriptions in the cloud.
Red Hat Cloud Access provides the following customer benefits:
- Cloud Access is available with most Red Hat subscriptions at no cost.
- You keep all the benefits of a Red Hat subscription and maintain your existing support relationship with Red Hat.
- You have flexibility and choice for how and where you use your Red Hat products.
- You have access to value-add features and capabilities, like gold images and Azure Hybrid Benefit for Linux.
1.1. Cloud Access product eligibility
Subscription portability is a feature included with most Red Hat products and is key to creating open hybrid cloud infrastructures built on Red Hat technologies.
Most Red Hat products are cloud-ready by default but the nature of multi-tenant public clouds (a wide range of providers, differing technologies/platforms, and shared infrastructures) as well as a customer’s limited access to those infrastructures can create technical challenges that customers should be aware of.
The following examples are general guidelines to help you understand Cloud Access product eligibility:
- Your subscription term must be active.
- The subscription is available to use in the cloud, that is, it is not currently in use elsewhere.
- The subscription has a cloud compatible unit of measure, depending on your cloud provider and the instance type you are deploying. Some examples of cloud units of measure are core, core band, managed node, RAM, storage band, vCPU, or Virtual Node/Guest.
- The Red Hat product you are deploying on the cloud is technically suitable for use in a multi-tenant public cloud infrastructure.
Examples of products and subscriptions that are not eligible include the following:
- Virtual Datacenter or other unlimited RHEL guest subscriptions that require virt-who
- Red Hat Virtualization products; nested virtualization is not supported
- Subscriptions that have a physical unit of measure such as socket or socket-pair
- Subscriptions for Red Hat-hosted offerings
These guidelines are not definitive, and Red Hat product and subscription eligibility change over time as we introduce new products and subscription types. It is also a good idea to refer to the Red Hat product documentation for any specific details about the product’s use on a public cloud infrastructure.
If you are unsure about the eligibility of your Red Hat products for public cloud use, contact your Red Hat account manager.
1.2. Unit conversion for Red Hat Cloud Access-eligible subscriptions
To understand your subscription usage in the cloud, you need to be able to count based upon the unit of measure associated with each subscription as well as understand the relationship between subscriptions and entitlements.
Each Red Hat subscription includes at least one entitlement that can be used to register a system with Red Hat subscription management tooling. Red Hat subscriptions used in virtualized environments like the public cloud may include an additional number of entitlements.
For example, a single Red Hat Enterprise Linux Server (RHEL) (Physical or Virtual Node) subscription includes 1 physical entitlement or 2 virtual entitlements. When a subscription of this type is used on physical, bare metal hardware, it entitles a single physical RHEL server. When it is used in a virtualized environment like the public cloud, it entitles up to 2 virtual RHEL servers.
Unit conversions differ widely depending upon the Red Hat product, subscription type, and deployment environment, but the following table contains some general guidelines.
Table 1.1. Red Hat Cloud Access Unit Conversion Table
| Physical or Virtual Node | 1 physical node or 2 virtual nodes | 2 virtual nodes |
| System | typically sockets or cores | 1 virtual node |
| Core or vCPU | cores | vCPUs (typically 2vCPU:1Core) |
| Core Band | groups of cores (for example, 2, 4, 16, 64, 128) | vCPUs (typically 2vCPU:1Core) |
| Socket | socket, socket-pair, cores | N/A |
Additional resources
See the Red Hat Subscription Manager user interface inside the Red Hat Customer Portal for entitlement quantities, units of measure, and related details for each of your Red Hat product subscriptions.
See Appendix 1 of the Red Hat Enterprise Agreement for more details about units of measure, conversions, and counting guidelines for Red Hat products.
1.3. Cloud Access provider eligibility
Red Hat has a large ecosystem of Certified Cloud and Service Provider (CCSP) partners, where Cloud Access customers can use their eligible subscriptions. The Red Hat Ecosystem Catalog contains details about our featured providers (Alibaba, AWS, Google Cloud Platform, IBM Cloud, and Microsoft Azure) as well as other providers with certified cloud images and instance types.
Consider these recommendations when you chose a Cloud Access provider:
The provider must have a supported mechanism for customers to import their virtual machine images into the provider’s environment.
NoteLook for CCSP partners offering Image Upload in the cloud ecosystem catalog.
If image upload is not possible, Cloud Access customers need to use Red Hat gold images or have the ability to convert an on-demand PAYG Red Hat image or instance to BYOS.
NoteCloud Access gold images are available on AWS, Azure, and Google. The Azure Hybrid Benefit for Linux provides a PAYG-to-BYOS conversion capability for Red Hat Cloud Access customers.
- The provider should be a TSANet member and collaborate with Red Hat when necessary to solve common customer issues.
Red Hat strives to help customers successfully deploy and use Red Hat products across their hybrid cloud infrastructures. The Cloud Access product eligibility and provider guidelines help ensure customer success. We urge customers to follow them.
Customers choosing to deploy Red Hat products outside of these guidelines should be aware of the following conditions:
- The product or subscription may not work as designed.
- Product performance may be degraded.
- Product features and capabilities may be limited.
- Red Hat may not be able to provide the expected level of support. See Red Hat’s third-party support policy for more details.
Chapter 2. Getting started with Cloud Access
The Cloud Access program has recently been redesigned to create a better experience and deliver more value for customers using Red Hat products in the cloud.
The redesign Cloud Access experience includes the following priorities:
- Less onboarding friction makes it easier for customers to get started.
- More value-add capabilities help customers manage their RHEL deployments across their hybrid cloud infrastructures.
The redesigned program offers the following customer benefits:
- A new onboarding experience for value-add services includes gold images, instance auto-registration, and advanced RHEL subscription usage reporting.
- Customers no longer need to register or enable their Red Hat subscriptions for Cloud Access.
- Customers have more freedom in choosing a cloud provider destination.
Cloud Access customers now have an expanded set of options to choose from. We encourage customers to start with the option that best suits their needs, but there is no reason why customers cannot choose multiple options or make different choices as their needs change over time.
The following sections describe the options available and the experience customers can expect for each option.
2.1. Option 1: Frictionless
This option provides choice and flexibility without any specific onboarding requirements. It is designed for customers who want to get started quickly with the least amount of help from Red Hat.
Option 1 is best for customers with the following priorities:
- You have active and unused Red Hat subscriptions that you want to use in the cloud.
- You are able to build and maintain virtual machine images and understand how to import those images into your cloud choice.
- You do not need or want to use gold images.
- You do not want help tracking Red Hat subscription usage in the cloud.
- You understand and comply with the eligibility guidelines for Red Hat product and cloud providers.
2.2. Option 2: Subscription tracking and gold image access
This option provides choice and flexibility with a minimal set of onboarding requirements. It is a traditional Cloud Access experience that features a more curated experience to help customers match their Red Hat products to appropriate cloud providers, allows customers to keep track of their subscription usage in the cloud and provides access to gold images.
Option 2 is best for customers with the following priorities:
- You have active and unused Red Hat subscriptions that you want to use in the cloud.
- You want a single place to view and manage their Red Hat subscriptions and intended entitlement usage across your hybrid cloud infrastructures.
- You do not want to worry about Red Hat product and cloud provider eligibility guidelines.
- You want an easy way to request access to gold images.
- You want to manage this environment using an API rather than the user interface.
Procedure
- Go to the Cloud Access Customer Interface on the Red Hat Customer Portal and sign in to your Red Hat account.
- New Cloud Access customers need to add a new provider by clicking Enable a new provider.
- Select one of the certified providers from the drop-down list, enter the provider account information, and then enter the entitlement quantity for each product you intend to use on the provider’s infrastructure.
Click Enable.
NoteThe product enablement process allows you to keep track of the entitlements and providers you intend to use and does not alter or affect the underlying product subscriptions in any way.
Once the new provider has been added, you will see the provider, along with the product entitlements and provider account information that you entered on the main Cloud Access user interface page. You can change or update this information as your cloud strategy changes.
Existing Cloud Access customers will see all of the providers that have been previously added, can make changes to their existing providers, or add additional providers and products as necessary.
2.3. Option 3: Advanced RHEL management
This option is built around Red Hat’s management, automation, and IT optimization services that are hosted on Red Hat Hybrid Cloud Console. It features a simplified onboarding experience for customers using RHEL in the cloud and automatic connection of RHEL (8.3.1+) instances into Red Hat.
Option 3 is best for customers with the following priorities:
- You have active and unused RHEL subscriptions that you want to use in AWS and Azure.
- You want a single place to view your actual RHEL subscription usage across your hybrid cloud infrastructures.
- You have enabled simple content access.
- You want your RHEL instances on AWS and Azure to automatically connect to value-add services like Insights.
- You want access to gold images (AWS and Azure only).
Procedure
Go to the Hybrid Cloud Console and sign in to your Red Hat account.
NoteThe Hybrid Cloud Console view may look different for new and existing customers. Those customers already using Red Hat’s hosted services see a summary of their connected systems and links to more detailed system information and other recommendations. New customers will find links to help them learn more about the available services.
Create a connection between your Red Hat account and your cloud provider account in the Sources application.
- Navigate to the Configure section.
- Click Connect with Sources.
- Choose Cloud Sources.
- Click Add source.
Select the cloud provider you want to use and click Next.
NoteGold images via Cloud Sources are only available on AWS and Azure currently.
For an AWS source
-
Enter a descriptive name for the source, for example,
AWS_prod, and click Next. - Select the configuration mode you want to use, provide your AWS access key ID and secret access keys, and click Next.
Select the RHEL management bundle application and click Next.
NoteCost Management is only used for Red Hat OpenShift Container Platform.
- Review the details and click Add to finish the AWS source creation.
For an Azure source
-
Enter a descriptive name for the source, for example,
Azure_build, and click Next. Select the RHEL management bundle application and click Next.
NoteCost Management is only used for Red Hat OpenShift Container Platform.
- Follow the steps to create an offline token.
Download and run the Ansible commands, substituting your Azure instance host name/IP address and your offline token.
NoteYou can run the Ansible commands on any machine with
ansible-galaxyinstalled that also has access to an Azure instance running inside your Azure account/subscription.- When the Ansible commands complete successfully, click Next.
- Review the details and click Add to finish the Azure source creation.
You can use the Sources configuration dashboard to view, modify, or remove any of your cloud sources. It also provides links where you can learn more about related Red Hat services, such as Insights and Subscriptions.
Additional resources
- See Understanding and getting your AWS credentials for more details.
- See Azure Instance Metadata Service (Windows) for more details.
- For more details about configuring sources for Red Hat services and related applications available on the Red Hat Hybrid Cloud Console, see the Red Hat Cloud Platform documentation.
Chapter 3. Understanding gold images
Red Hat gold images are cloud-ready Red Hat virtual machine (VM) images available in select Red Hat CCSP environments for Cloud Access customers as an alternative to using their own custom images for BYOS use cases in the cloud. Gold images are built and maintained by a trusted source and are available only to Cloud Access customers.
Gold images can be used to quickly deploy Red Hat instances in the cloud without having to build, maintain, and import their own images into the cloud provider’s environment.
3.1. Getting access to gold images
Gold images are available as a no-cost benefit to Red Hat Cloud Access customers. To get access to gold images, customers must have a matching Red Hat product subscription and must connect their cloud provider accounts to Red Hat through either the Cloud Access user interface or Cloud Sources on cloud.redhat.com as described in Chapter 2, Getting started with Cloud Access.
Example 1
You want to use a Red Hat Enterprise Linux Server (Physical or Virtual Node) subscription on Azure.
- The RHEL Server subscription is a “match” for the RHEL gold images.
- Once the customer has completed the cloud connection step, the Azure account (that is, Subscription ID) provided will be granted access to all RHEL gold images available on Azure.
Example 2
You want to use a Red Hat JBoss Web Server subscription on AWS.
- The JBoss Web Server subscription is a “match” for the JBoss Web Server gold images.
- When you complete the cloud connection step, the AWS account provided grants access to all JBoss Web Server gold images available on AWS.
3.2. Image types
Gold images are primarily built for RHEL BYOS use cases in AWS, Azure, and Google, but there are additional gold images built for Red Hat Middleware, Red Hat Storage, and RHEL for SAP use cases in AWS only.
Gold image types and availability will expand over time to meet customer needs.
3.3. Updates and patches
Options for delivering updates and patches to cloud instances deployed from gold images vary by image type and cloud provider.
AWS gold images
- AWS gold images are preconfigured to use the Red Hat Update Infrastructure (RHUI) running in EC2.
- You can continue to use RHUI as the main update source for the cloud instances deployed from gold images without actually attaching Red Hat product subscriptions to those instances.
- Optionally, you can disable RHUI and manage your cloud instances with Red Hat Satellite or Red Hat Subscription Management.
When choosing the RHUI option, be aware of the number of active Red Hat product subscriptions in your account and be careful to not over-deploy Red Hat cloud instances in AWS.
Azure gold images
- RHEL 8.4 (and newer) gold images are preconfigured to use RHUI in Azure.
- RHEL 8.3 (and older) gold images are not configured to use RHUI and will need to be managed with Red Hat Satellite or Red Hat Subscription Management.
Google gold images
- Google gold images are not configured to use RHUI running in GCP.
- You need to manage your Red Hat cloud instances deployed from gold images in GCP with Red Hat Satellite or Red Hat Subscription Management.
3.4. Using gold images on Azure
Gold images can be used to provision RHEL VMs in Azure for BYOS using the standard interfaces: Azure Portal, Azure CLI, or PowerShell Cmdlet. Azure gold images meet the following conditions:
- Built, maintained, and published by Microsoft
- Available in Azure commercial and Government regions but not in China
- RHEL images only
- Not eligible for Azure Hybrid Benefit
Additional resources
Microsoft documentation
3.4.1. Naming and identifying gold images on Azure
There are multiple ways to search for and launch RHEL gold images in Azure. This includes the Azure Portal, Azure CLI, and PowerShell Cmdlet. The naming convention for the Red Hat gold images in Azure is RedHat:[Offering Name]:[Red Hat Product]-[OS Disk Type]-[Azure VM Generation]:[Red Hat Version].[Red Hat Release].[Image Creation Date].
An example gold image Uniform Resource Name (URN) is RedHat:rhel-byos:rhel-lvm8-gen2:8.0.20200715.
3.4.2. Locating gold images in the Azure Portal
- Log in to the Azure Portal using an Azure subscription that has been enabled for Cloud Access.
- Go to Create a Resource > See All.
- You can see available private offers at the top of the page.
- Click View private offers. A Red Hat Enterprise Linux “Bring your own license” offering is available in the list of private offers.
3.4.3. Locating gold images in the Azure CLI
Make sure you are using an Azure subscription that was enabled for Cloud Access.
az account show
Display the list of available RHEL gold images.
az vm image list --publisher RedHat --offer rhel-byos --all
- Find the gold image version you want to use and copy the URN. You need this URN to provision a VM.
3.4.4. Locating gold images in the Azure PowerShell Cmdlet
This example command displays all of the RHEL gold images in the US East region that were shared with the Azure account provided during enrollment in Cloud Access.
Get-AzVMImageSku -Location "East US" -PublisherName RedHat -Offer rhel-byos
3.4.5. Using gold images on Azure
Using the Azure Portal
- View the private offers as described in Steps 3 and 4 of Locating gold images in the Azure Portal
- Click the Create drop-down menu to select the RHEL gold image version you want to use. The remaining provisioning steps are the same as any other RHEL Marketplace image.
Using the Azure CLI
Use the image URN from Step 3 of Locating gold images in the Azure CLI to accept Azure terms (only once per Azure Subscription, per image).
az vm image terms accept --urn RedHat:rhel-byos:rhel-lvm8-gen2:8.0.20200715
Provision a VM using the
az vm createcommand.az vm create -n my-rhel-byos-vm -g my-rhel-byos-group --image RedHat:rhel-byos:rhel-lvm8-gen2:8.0.20200715
3.5. Using gold images on AWS
Gold images can be used to provision VMs in AWS using the standard interfaces: EC2 Console, AWS CLI, and AWS PowerShell Cmdlet.
AWS gold images meet the following conditions:
- Built, maintained, and published by Red Hat
- Available in AWS commercial regions but not in China or GovCloud
- Preconfigured to use the Red Hat Update Infrastructure (RHUI) running in EC2
- RHEL, RHEL for SAP, Red Hat Middleware, and Red Hat Storage images
Additional resources
3.5.1. Naming and identifying gold images on AWS
There are multiple ways to search for and launch RHEL Amazon Machine Images (AMIs) in AWS. This includes the EC2 Management Console, AWS CLI, and PowerShell Cmdlet. The naming convention for the Red Hat AMIs in AWS is listed below.
-
Initial GA AMI release:
[Red Hat Product]-[Version]-[Virtualization Type]_[Red Hat Release Type]-[Release Date]-[Minor Version Release AMI Iteration]-[Subscription Model]-[EBS Volume Type] -
After the initial GA AMI release:
[Red Hat Product]-[Version]-[Virtualization Type]-[Release Date]-[Minor Version Release AMI Iteration]-[Subscription Model]-[EBS Volume Type]
The Red Hat gold images will have the designation of Access in the AMI Name representing the subscription model.
Red Hat gold images are published under the Owner ID 309956199498. You can ensure that you are using official Red Hat gold images by looking for this Owner ID when you choose an image.
3.5.2. Locating gold images in the AWS EC2 Console
When working in the EC2 Management Console, there is a menu item for AMIs under the IMAGES section within the left-side navigation pane. In this view, using the designation of Private images displays the gold images that have been shared with the AWS account provided during enrollment.
When in this section of the EC2 Management Console, it is possible to add a filter of Owner : 309956199498, which limits the displayed AMIs to those that were shared with the AWS account after enrolling in Cloud Access.
It is possible to further filter the list of displayed AMIs by adding an additional filter representing different aspects of the AMI Name that Red Hat uses, such as AMI Name : RHEL, AMI Name :.
An example AMI Name is RHEL-8.3.0_HVM-20201031-x86_64-0-Access2-GP2.
If you use the Launch Instance button from the EC2 Dashboard section of the EC2 Management Console and you select My AMIs, the filter Shared with me filters the listed AMIs to show the gold images that have been shared with the AWS account provided during enrollment.
3.5.3. Locating gold images in the AWS CLI
This example command displays all of the RHEL 8.3 AMIs in the US-East-1 region that were shared with the AWS account provided during enrollment in Cloud Access using the AWS CLI. The AWS CLI Command Reference provides additional documentation regarding available options, commands, subcommands, and parameters.
$ aws ec2 describe-images --owners 309956199498 \ > --filters "Name=is-public,Values=false" \> "Name=name,Values=RHEL*8.3*GA*Access*" \ > --region us-east-1
3.5.4. Locating gold images in the AWS PowerShell Cmdlet
This example command displays all of the RHEL 8.3 AMIs in the US-East-1 region that were shared with the AWS account provided during enrollment in Cloud Access using the AWS Tools for Cmdlet. The AWS Tools for Cmdlet Reference provides additional documentation on the PowerShell cmdlets.
PS > Get-EC2Image -Region us-east-1 `
>> -Owner 309956199498 -Filter `
>> @{ Name="name" ; Values="RHEL*8.3*GA*Access*" }3.6. Using gold images on Google
Gold images can be used to provision RHEL VMs in GCP for BYOS using the standard interfaces: GCP Console, GCP cloud shell, and gcloud CLI.
Google gold images meet the following conditions:
- Built, maintained, and published by Google
- Available in GCP commercial regions
- RHEL images only
The steps below show how to identify the gold images and deploy a RHEL VM from a gold image using the GCP Console UI, GCP Cloud Shell, and gcloud CLI.
Additional resources
3.6.1. Naming and identifying gold images on Google
Once your Google Group(s) has been granted access to the GCP gold images, you will be able to find them in the rhel-byos-cloud google project. This is a special project that limits access to the RHEL gold images for only Cloud Access customers.
The naming convention for Red Hat gold images in GCP is: [Red Hat Product]-[Version]-byos-[Image Creation Date].
Examples:
-
rhel-7-byos-v20210916 -
rhel-8-byos-v20210916
3.6.2. Locating gold images in the GCP Console
Procedure
- Sign in to the GCP Console at Google Cloud Platform using a Google group/account that has been enabled for Cloud Access.
- Create or select the project where you want to deploy the RHEL VM.
Verify you can see the RHEL gold images.
- Open a Cloud Shell.
Enter the following command to list all of the available RHEL gold images:
gcloud compute images list --project rhel-byos-cloud --no-standard-images
3.6.3. Locating gold images in the gcloud CLI
Make sure you are using a Google group/account that has been enabled for Cloud Access:
gcloud info | grep account
Display the list of available Red Hat gold images:
gcloud compute images list --project rhel-byos-cloud --no-standard-images
View details of a specific image:
gcloud compute images describe rhel-8-byos-v20210916 --project rhel-byos-cloud
3.6.4. Creating a new RHEL VM using a Google gold image
Procedure
Using the GCP Console
- Navigate to GCP Console>Home>Dashboard.
- From the Navigation menu, select Compute Engine>VM Instances.
- Click Create Instances.
- Find the Boot Disk section on the VM instance configuration page and click Change
- Select the Custom Images tab.
- Click Select A Project and select the rhel-byos-cloud project.
- From the Images dropdown list, choose the gold image you want to use and click Select.
- Change any other VM instance configuration settings and then click Create.
Using the GCP Cloud Shell or gcloud CLI
- Use the gcloud compute images list command to find the name of the gold image you want to use.
Create a new RHEL VM:
gcloud compute instances create my-rhel8-byos --image rhel-8-byos-v20210916 --image-project rhel-byos-cloud --zone us-east1-b
View details of the new RHEL VM:
gcloud compute instances describe my-rhel8-byos --zone us-east1-b
