Red Hat Lightspeed Frequently Asked Questions
This page includes frequently asked questions (FAQs) for Red Hat Lightspeed (formerly Red Hat Insights). Note that some of the common components that Red Hat Lightspeed leverages are actually features of the Hybrid Cloud Console, so we have also included FAQs for the Hybrid Cloud Console. Red Hat Lightspeed Information and Resources For additional Red Hat Insights Resources, refer to the Red Hat Lightspeed Information and Resources page.
Platform specific FAQs:
We also have a some platform specific Frequently Asked Questions for Red Hat Lightspeed:General Red Hat Lightspeed Frequently Asked Questions
Red Hat Lightspeed 101
Q: What is Red Hat Lightspeed?
A: Red Hat Lightspeed (formerly Red Hat Insights) supercharges Red Hat subscriptions with AI-powered capabilities, trusted predictive analytics, and advanced management features that’s woven across a hybrid cloud experience. Teams gain visibility into their business, operations and security risks to proactively identify and mitigate issues across their infrastructure before it impacts their bottom line. Businesses improve infrastructure resilience, operational efficiency, and team productivity by working faster and smarter with Red Hat Lightspeed.
You can access these Red Hat Lightspeed Hosted on the Hybrid Cloud Console. Portions of Red Hat Lightspeed are available inside of Red Hat Satellite, with all data processed locally on the Satellite Server.
Q: Do I have access to Red Hat Lightspeed?
A: Red Hat Lightspeed is included with any Red Hat Ansible Automation Platform, Red Hat OpenShift, and Red Hat Enterprise Linux subscriptions as part of your value of subscription. NOTE: The renaming of Red Hat Insights to Red Hat Lightspeed does not impact any of the other existing Lightspeed-related products. Red Hat Lightspeed is different from RHEL Lightspeed, OpenShift Lightspeed, and Ansible Lightspeed. This answer is specific to Red Hat Lightspeed, formerly known as Red Hat Insights.
Q: How do I get Red Hat Lightspeed?
A: Red Hat Lightspeed is included with Red Hat subscriptions such as Ansible Automation Platform, Red Hat Enterprise Linux, and Red Hat OpenShift. There is no separate item to buy. The benefits of Red Hat Lightspeed are only available with Red Hat subscriptions.
Q: Do I need a Red Hat account to use Red Hat Lightspeed?
A: Yes, you need a Red Hat account and you will need to have connected systems registered to Red Hat.
Q: Can I use two-factor authentication with Red Hat Lightspeed?
A: Red Hat Lightspeed leverages the existing Red Hat SSO mechanisms on console.redhat.com and the customer portal. You can use two-factor authentication using OTP or Google Authentication, please see the following for implementation details Two Factor authentication (2FA) for Red Hat Customer Portal.
Q: Does Red Hat Lightspeed work with CentOS / Fedora / Ubuntu / Windows / etc?
A: Red Hat Lightspeed primarily works with Red Hat platforms.
There is limited support for adding CentOS 7 hosts to Red Hat Lightspeed for the purposes of converting them to Red Hat Enterprise Linux.
Through the Red Hat Lightspeed Tasks service you can perform a pre-upgrade analysis and even convert a CentOS 7 host to RHEL.
For more information please see the videos on Pre-conversion Analysis and Conversions.
Outside of converting systems to RHEL, there are no plans to support other vendors or other linux distributions.
Q: Is the purchase of Satellite required for Red Hat Lightspeed?
A: Generally, No. Satellite is not required for use with Red Hat Lightspeed however it complements Red Hat Lightspeed when used with Red Hat Enterprise Linux by allowing action and remediation at scale. However, If you wish to use Red Hat Lightspeed with the analytics processed on premise using the Satellite Server, this capability does require a Red Hat Satellite subscription.
Q: Does Red Hat Lightspeed have APIs available? A: Yes, Red Hat Lightspeed has a full set of APIs. Refer to the API documentation for full information [login required for API docs]. You can also refer to the Red Hat Lightspeed API cheat sheet.
Q: How do I know if I have access to a specific service in Red Hat Lightspeed or the Hybrid Cloud Console?
A: The My User Access view will show you the Roles that you have in the Hybrid Cloud Console.
Q: How do I get additional permissions in the Hybrid Cloud Console?
A: An Organizational Administrator (Org Admin) or a user with the User Access administrator role has the permission to change access for users and groups on the Hybrid Cloud Console. By default only an Org Admin can elevate or reduce your access. These changes are made in the User Access section of the Hybrid Cloud Console. For full details refer to the User Access Configuration Guide for Role-based Access Control (RBAC) Guide.
Red Hat Lightspeed Connectivity Options
Q: What connectivity options are available with Red Hat Lightspeed?
A: There are a variety of connection options available. Note that Disconnected options do not have the same set of capabilities that the connected experience provides.
- Direct Connected
- Connected via a proxy server
- Connected via Red Hat Satellite
- Disconnected using Red Hat Satellite
- Connected FedRamp High environment in AWS GovCloud
Q: Will Red Hat Lightspeed work in a disconnected or air-gapped environment?
A: This will depend on the platform. The most full featured experience of Red Hat Lightspeed is available as a Software-as-a-Service (SaaS) offering and requires a connection to the internet either directly or via a web proxy. If a Red Hat Enterprise Linux host is connected via Satellite or a web proxy, then only the Satellite Server or the proxy server would need internet access. However, there are a subset of capabilities available in a disconnected environment. * For OpenShift, an air-gapped environment is supported. Please refer to the documentation and look for the section on "Using remote health reporting in a restricted network". * Using Red Hat Satellite, some capabilities of Red Hat Lightspeed are exposed inside of the Red Hat Satellite user interface with all processing performed locally on the Satellite.
Q: Is Red Hat Lightspeed available in a FedRamp environment?
A: Yes, most capabilities are available in a FedRamp high environment hosted in AWS GovCloud. Usage of Red Hat Lightspeed in FedRamp does require you to have a Red Hat Satellite Server and associated subscription. Not all of the Red Hat Lightspeed services are in the FedRamp boundary at this time.
Q: What network connectivity does the server need to use Red Hat Lightspeed?
A: For Red Hat lightspeed in the Hybrid Cloud Console, Ensure active network connection to:
- https://api.access.redhat.com:443
- https://cert-api.access.redhat.com:443 [needed for Red Hat Lightspeed data upload]
- https://cert.cloud.redhat.com:443. [needed for Inventory upload and Cloud Connector connection]
- https://console.redhat.com/api/ingress
- http://console.redhat.com/openshift [needed to obtain results from Red Hat Lightspeed and present within OpenShift Web Console]
Note that each system can also be proxied through an http proxy. Details on configuring direct or http proxy connections can be found in Accessing Red Hat Lightspeed Through a Firewall/Proxy. If you are using the notification service to integrate with applications such as ServiceNow or Splunk, please also review the article on Firewall Configuration for accessing Red Hat Lightspeed / Console.redhat Integrations & Notifications.
Q: When I delete a system from my environment, is the system removed from Red Hat Lightspeed as well?
A: This may depend on how you delete the system.
- For Ansible Automation Platform and Red Hat Enterprise Linux, Red Hat recommends that you add to any automation or manual steps the “insights-client --unregister” command when you are removing systems. This will properly unregister a system from Red Hat Lightspeed.
- For OpenShift you should archive the Openshift Container Platform cluster. Review the documentation for full details.
Red Hat Lightspeed telemetry, data handling, and application security
Q: Where can I get more information about how Red Hat Lightspeed handles data?
A: Check the Red Hat Lightspeed data and application security page for information and resources on how Red Hat Lightspeed handles data. Some additional questions may be covered below.
Q: Since Red Hat Lightspeed is SaaS - what country is the data stored in?
A: Red Hat Lightspeed runs in an OpenShift Dedicated Cluster running on the US East Coast. This is a fixed instance and cannot be changed or relocated in a different geography.
Q: I need to make sure that my requests stay within the US - what options do I have?
A: If you are just needing to make sure that your web traffic stays within the US, then we do have the option to use these domains instead:
- us.console.redhat.com (taking the place of console.redhat.com)
- cert.us.console.redhat.com (taking the place of cert.cloud.redhat.com and cert.console.redhat.com)
Q: What data is collected with Red Hat Lightspeed?
A: The design principle with Red Hat Lightspeed is simple: collect only the minimum data that is needed for analysis, issue identification, and remediation. Complete volumes of system information such as core dumps or full log files are not collected. Red Hat Lightspeed, by default, does not target personal information.
Q: How does Red Hat Lightspeed secure my data?
A: Your data is encrypted in three key ways: on your host system at the point of collection; in transit across the network; and when it is at rest on Red Hat infrastructure that supports the Red Hat Lightspeed service. In addition, you may also choose to alter the name chosen to represent the system (eg, apache01.prod instead of a fully qualified domain name). A few other points to note:
- All communication with Red Hat occurs over encrypted channels using Transport Layer Security (TLS).
- The default communication model from client systems to Red Hat servers occurs with mutual TLS or two-way authentication using digital certificates.
- AllTLS traffic with Red Hat servers is verified with a trusted certificate that is bundled with the application, ensuring that communications can not be intercepted, such as by a “man in the middle” attack.
- All volumes containing your data at rest are encrypted with Linux Unified Key Setup (LUKS) encryption. More details are available on the Red Hat Lightspeed data and application security page.
Q: How to make sure that data at rest and transit to Red Hat Lightspeed is secure?
A: This is the default behavior of Red Hat Lightspeed - data is encrypted before it leaves the host and remains encrypted while in transit and at rest.
Q: What information does Red Hat Lightspeed collect for Red Hat Enterprise Linux?
A: Red Hat Lightspeed collects metadata about the runtime configuration of a system. The data collected is a fraction of what would be collected through an sosreport during a support case. Examples of information that may be collected include a line of a log file matching a recommendation, host configuration metadata, and runtime information.
Q: How can I see what information has been collected?
A: Before any data is sent, you have the option to inspect and redact data. The insights-client -- no-upload command lets you view the metadata that has been collected. This will let you look at the exact information that Red Hat Lightspeed is sending to Red Hat. Details are available in these two articles: * Red Hat Lightspeed data and application security * System Information Collected by Red Hat Insight
Q: Can some information be excluded from collection?
A: Yes - you have full control over the data collected by Red Hat Lightspeed.
One of the most common requests is to Obfuscate IP Addresses and Host Names in Red Hat Lightspeed.
If you need to block further information, review the article on setting up a YAML-style denylist configuration for Red Hat Lightspeed Client.
Keep in mind that the more information you redact from Red Hat Lightspeed, the less valuable the findings become.
Q: How long does Red Hat retain the data collected by Red Hat Lightspeed?
A: By default, the Red Hat Lightspeed client collects and uploads the data once a day. Hence, the collected data will normally be kept for 24 hours. Data uploaded by previous runs will be deleted when the same client uploads new data as part of the daily run. Data from Red Hat Lightspeed clients that no longer upload new data will be deleted after 14 days from the date of the last data upload. When Red Hat processes the upload, there may be certain “recommendations hits” or issues identified. These recommendation hits are retained for historical reporting purposes and may be used by Red Hat as input into feature enhancements.
Q: What is the impact of the Red Hat Lightspeed client and the data collection process on my systems?
A: The Red Hat Lightspeed client is designed to be lightweight. It runs as a daily cron job or systemd timer that installs with a default schedule. It also has capabilities that let you customize the schedule for when the data collection agent runs and when the data is uploaded to the Red Hat Lightspeed service to minimize impacts on your networks and workloads. Note, however, that the collection process is lightweight and the data sets are small. To help prevent any runaway processes, in the short time that it runs the Red Hat Lightspeed client is capped at consuming an absolute max of 30% of CPU and 2GB RAM.
Q: I have multiple Red Hat account numbers. How do I enable multi-tenancy with Red Hat Lightspeed so I can see all account numbers in a single view?
A: Red Hat Lightspeed leverages Red Hat Single Sign On (SSO) and the tenancy is based on the individual Red Hat account number. From within the Hybrid Cloud Console you can only see the single account that you are logged into. If you have multiple accounts, one option of interest would be the Splunk integration. Configure the integration through the Splunk Marketplace app on each account and you will be able to see the combined results in your Splunk dashboard.
Red Hat Lightspeed Reporting and Integrations
Q: What reporting does Red Hat Lightspeed offer?
A: Red Hat Lightspeed has a variety of reports available, depending on the service in question. Most pages inside of Red Hat Lightspeed offer an export to CSV or JSON capability for information as presented on screen.
- The Advisor and Vulnerability for RHEL services offer an executive report for download on demand.
- Vulnerability for RHEL offers a customizable CVE report.
- Compliance has a customizable report per compliance policy.
- Additional reporting may be able to be customized using Insight's full suite of APIs.
Q: What kind of alerts/integrations does Red Hat Lightspeed offer?
A: The Notifications service defines how notifications are sent. Examples of notifications are emails, webhooks, or integrations with third party applications such as Splunk, ServiceNow, and Slack. You can define notifications on a per service basis so that, for example, your security team can get slack notifications for vulnerabilities for RHEL while your system administrators have Advisor recommendations for OpenShift and RHEL.
Note: To receive emails you must opt into email notifications in your Red Hat Lightspeed User Preferences.
For details on the integrations, as well as link to blog post examples on the integrations, visit the Red Hat Lightspeed Integrations KB article.
Q: Where can I configure a Webhook?
A: Webhooks are configured in the integrations area under Hybrid Cloud Console settings.
Q: How can we be notified of issues/events that Red Hat Lightspeed finds?
A: The Notification settings allow you to configure behavior groups for notifications. This can be email or it can be sending events to integrations such as webhook, Splunk, ServiceNow, or Slack.
Q: How can we reduce the number of emails received from Red Hat Lightspeed?
A: Each user can adjust notifications settings in the User Preferences page. You can subscribe to receive instant notifications and/or daily summaries.
