Cloud Management Services for RHEL

News

Cloud Management Services for RHEL delivers advanced management capabilities for RHEL in the hybrid cloud.

Cloud management services

Compliance

Assess, monitor, report, and remediate your security compliance issues, in the public or private cloud, quickly and securely. OpenSCAP compliance report uploads are available for all supported versions of RHEL 6, 7, and 8, managed by Red Hat Subscription Manager (RHSM) or Satellite 6.4 and later.

New Features

  • Triage and filter rules more effectively
  • Filter and sort systems using the "Severity" field for policy rules in the system view, which allows you to identify the severity of each rule included as part of a policy and to focus on triaging the most important issues

  • Set business objectives for each policy in order to accurately tie security compliance to business impact

Resources

Vulnerability

Assess, monitor, report, and remediate known threats, in the public or private cloud, quickly and securely.

New Features

  • Reduce noise and focus on critical systems with the option to exclude systems from a Vulnerability analysis
  • Set a business risk for specific CVEs to bring attention to high-severity issues and manage the risk of these issues based on business needs

  • Set business objectives for each policy in order to accurately tie security compliance to business impact

Resources

Drift Analysis / System Comparison

Compare system facts across hosts to make your troubleshooting faster and more efficient.

New Features

  • System Comparison Baselines enable users to define how a system configuration should look and easily compare hosts to this ideal baseline
  • CSV downloads via the API

  • Access System Comparison through a new Drift Analysis menu 

Resources

Get Started with Cloud management Services for red hat enterprise linux

Register

Register your systems with Cloud Management Services for RHEL.

Review

Identify the connected RHEL hosts you are interested in analyzing.

Remediate

View your results at cloud.redhat.com or via Satellite integration.

Guidance for installing Cloud Management Services for RHEL on RHEL systems managed by Red Hat Subscription Manager (RHSM)

Preinstallation checks:

  • Cloud Management Services for RHEL can be used on all Red Hat-supported versions of Red Hat Enterprise Linux, version 6.4 and later.
  • You must register all Red Hat Enterprise Linux (RHEL) systems with Red Hat Subscription Manager to receive  necessary updates and to resolve software dependencies.
[root@server ~]# subscription-manager register --auto-attach
  1. 1

    Install the client and register your systems to Cloud Management Services for RHEL

    Install the insights-client package and register your systems to Cloud Management Services for RHEL.

    Automated Installation
    Use a configuration management tool to automate installation and registration.

    • Ansible
    • Puppet
      If you are using Red Hat Satellite’s configuration management provided by Puppet this process can be automated by applying the preinstalled Puppet class access_insights_clients. This class can be imported from the Puppet Master into the appropriate Puppet environment and applied to hosts that you wish to subscribe to Red Hat Insights. For more information on this topic, refer to the Creating a Host Group chapter in the official Satellite 6 User Guide.

    Manual Installation 
    Perform the following steps to install the client on a RHEL system and register the system to Red Hat Insights:

    1. Install the client on the RHEL system.
    Note: This step is not required on RHEL8 systems.

    [root@server ~]# yum install insights-client
    2. Register the system to Cloud Management Services for RHEL.
    ​​[root@server ~]# insights-client --register
    Important: If you have a web-based proxy between your system and the Internet, you can configure the insights-client to connect through it. For more information, refer to How to access Red Hat Insights through a firewall/Proxy.
  2. 2

    Set up Compliance and OpenSCAP

    The Compliance service relies on OpenSCAP scans and reporting. Compliance users must first install OpenSCAP packages and run an OpenSCAP scan. 

    Users who are new to OpenSCAP should perform the following actions, at a minimum, in order to use the Compliance service:
    1. Install the following OpenSCAP packages:

    • Openscap-scanner:
    yum install openscap-scanner -y
    • openscap-content: pre-built profiles
    yum install scap-security-guide -y
    

    Note: For more information about OpenSCAP scanner installation, see the OpenSCAP Getting Started guide

    2. Run the following command to see available profiles:

    oscap info /usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml

    Note: Change /ssg-rhel7-xccdf.xml as appropriate for your operating system.

    3. For each profile, run the following command each time you wish to run a scan:

    [root@server ~]# oscap xccdf eval --profile PROFILE_NAME_HERE --results /var/lib/insights/latest-compliance-report.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml

    Note: `oscap xccdf eval...` can only evaluate and produce a report for one profile at a time. If you have multiple policies you want to evaluate, run the command once for each of your policies, passing the name of the policy to the `--profile` argument.

    4. Send the results to the Compliance service:

    sudo insights-client --verbose --payload report.xml --content-type application/vnd.redhat.compliance.something+tgz
  3. 3

    View your results

    After registration, the client will initiate its first upload to cloud management services for analysis. You can view the results for a single system, and for your infrastructure of registered systems, in the Cloud Management Services for RHEL console.

Guidance for installing Cloud Management Services for RHEL on systems managed by Satellite

Preinstallation checks:

  • Red Hat Insights can be used on all Red Hat-supported versions of Red Hat Enterprise Linux, version 6.4 and later.
  • Subscribe RHEL Hosts to the Satellite server. This step is typically already performed as part of Satellite host configuration. Only RHEL hosts registered to the particular Satellite server will have reports available in the Satellite UI.
  • Satellite organizations with Red Hat Insights must be operating in Connected mode. Any firewalls or proxies through which the Satellite server communicates to Red Hat must allow https communications to https://cert-api.access.redhat.com.
  • Following client installation, users of the Compliance cloud management service must follow the instructions in section, Set up Compliance and OpenSCAP, to upload data to the Compliance service.
  • OpenSCAP compliance report uploads are available for all supported versions of RHEL 6, 7, and 8, managed by Red Hat Subscription Manager (RHSM) or Satellite 6.4 and later.
  1. 1

    Verify connection to Red Hat Insights.

    Verify that the Satellite server can successfully communicate with Red Hat Insights. In the Satellite UI, navigate to Insights > Manage. Verify under Insights Engine Connection that the status is Connected and the Account Number field displays the correct information for your organization.

  2. 2

    Install the client and register your system to Cloud Management Services for RHEL

    Install the insights-client package and register your systems to Cloud Management Services for RHEL.

    Automated Installation

    Use a configuration management tool to automate client installation and system registration.

    • Ansible
    • Puppet 
      If you are using Red Hat Satellite’s configuration management provided by Puppet this process can be automated by applying the preinstalled Puppet class access_insights_clients. This class can be imported from the Puppet Master into the appropriate Puppet environment and applied to hosts that you wish to subscribe to Red Hat Insights. For more information on this topic, refer to the Creating a Host Group chapter in the official Satellite 6 User Guide .

    Manual installation

    Perform the following steps to install the client and register a system manually:

    1. Install the client on the RHEL system.
    Note: This step is not required on RHEL8 systems.

    [root@server ~]# yum install insights-client
    2. Register the system to Cloud Management Services for RHEL.
    [root@server ~]# insights-client --register
    For Compliance users, follow the instructions in Set up Compliance and OpenSCAP to upload OpenSCAP data to the Compliance service.
  3. 3

    View your results

    After registration, the client will initiate its first upload to cloud management services for analysis. You can view the results for your infrastructure of registered systems in the Cloud Management Services for RHEL console.

Additional Information


Assign Red Hat Insights roles to users
By default, only administrators can view Insights Report and Configuration screens. However, you can give non-admin users access to the Insights screens by assigning them the appropriate roles as follows:

  • To give users access to all Insights screens, including the Manage screen, assign them the Insights Admin role. Users must also be granted the view_content_host permission.
  • To give users Insights report and rule viewing access, assign them the Insights Viewer role. These users must also be granted the view_content_host permission.

For more information on roles, refer to the official Satellite 6 documentation.

Configure Compliance to upload OpenSCAP data
The Compliance service requires the use of data provided by OpenSCAP. To set this up, follow the instructions in Set up Compliance and OpenSCAP

Guidance for installing Cloud Management Services for RHEL on systems hosted in the public cloud

Preinstallation checks:

  1. 1

    Deploying Cloud Management Services for RHEL on existing RHEL systems managed by Red Hat Cloud Access (RHCA)

    The following guidance is for users who wish to deploy Cloud Management Services for RHEL on an existing Red Hat Enterprise Linux (RHEL) system managed by Red Hat Cloud Access (RHCA) in the public cloud. This procedure involves the following tasks:

    1. Install the client package on each system.

    [root@server ~]# yum install insights-client

    2. Register the system.

    ​​[root@server ~]# insights-client --register

    3. For Compliance users, follow the instructions in Set up Compliance and OpenSCAP to upload OpenSCAP data to the Compliance service.

    4. View your system and infrastructure results at cloud.redhat.com.

  2. 2

    Deploying Cloud Management Services for RHEL on existing RHEL systems managed by Red Hat Update Infrastructure (RHUI)

    The following guidance is for users who wish to deploy Cloud Management Services for RHEL on an existing, Red Hat Enterprise Linux (RHEL) system managed by Red Hat Update Infrastructure (RHUI) in the public cloud. This procedure involves the following tasks:

    1. Install the client package on each system.

    [root@server ~]# yum install insights-client

    2. Configure basic authentication in /etc/insights-client/insights-client.conf.
        a. Modify the auto_config= value to FALSE.
        b. Remove <your customer portal username> and enter your Red Hat SSO username.
        c. Remove <your customer portal password> and enter your Red Hat SSO password.
        d. Save the configuration.
     
    Note: To read more about using Red Hat Insights with basic authentication and recommended best practices, visit our documentation.

    3. Register the system.

    ​​[root@server ~]# insights-client --register

    4. For Compliance users, follow the instructions in Set up Compliance and OpenSCAP to upload OpenSCAP data to the Compliance service.

    5. View your system and infrastructure results at cloud.redhat.com.

For cloud marketplace RHEL users who have never interacted directly with Red Hat, follow these steps to get an account established with Red Hat to start using Cloud Management Services for RHEL.

Preinstallation checks:

  1. 1

    Create a Red Hat Customer Portal Login

    In order to use Red Hat Insights, you will need to create a customer portal login if you do not already have one setup.

    To create an account, see Create a Red Hat Login.

  2. 2

    Initialize your Account

    Once an account has been created, the account must be initialized for use with Cloud Management Services for RHEL. Please visit and complete the Red Hat Insights evaluation form

    The initialization of this account may take a couple of minutes or up to an hour before systems can be registered for use. If any errors occur during registration of the Insights client, or usage of cloud.redhat.com redirects to the evaluation form, please attempt again at a later time as account initialization may still be in progress.

    Note: This form refers to this process as an “evaluation” as this step is needed to initialize the new account. Cloud Management Services for RHEL is included as part of Red Hat Enterprise Linux for use and will continue to be free to use after this evaluation expires.

  3. 3

    Verify access to cloud.redhat.com

    To ensure your account has been set up correctly, log into the Cloud Management Services for RHEL console.

    Note: The initialization of the new account could take a couple of minutes or up to an hour before systems can be registered for use. If any errors occur during registration of the client, or if cloud.redhat.com redirects to the evaluation form, account initialization may still be in progress, in which case you will need to try again later.

  4. 4

Topics

Overview of systemd in RHEL 7

systemd

Red Hat Software Engineer, Mohit Agrawal gives an overview of how systemd works in RHEL 7. This is the first in a series on systemd in action.

Run container images

Container images

In this demo, Red Hat Sr. Principal Software Engineer Scott Collier shows how to use Docker containers (the contents of an image and its features) to cat out contents of /etc/host, launch a web server, and bindmounting log files to see activity on host machines.

Update your software

Basic yum usage

Join Red Hat Senior Software Engineer James Antill as he walks through the basics of yum usage. Use cases include using repolist to find out which packages are available for install and which are hidden, finding out which versions of packages are installed on multiple systems with version nogroups, and using yum list to search for latest package releases.

Manage your storage

Storage management

Red Hat Software Engineering Manager, John Harrigan shows how storage management works in Red Hat Enterprise Linux 7, including two new interfaces: System Storage Manager and LibStorageMgmt.

Administer your network

The new graphical NetworkManager tool

In this demo, Dan Williams, Red Hat Sr. Software Engineer, shows you how to manage your network connections using the Network Manager interface.

How can we help you?

Support Cases

Get answers quickly by opening a support case with us.

View Open Cases

Open New Case

Live Chat

Directly access our support engineers during weekday business hours.

Learn more

Call or Email

Speak directly with a Red Hat support expert by phone or through email.

Contact Us