Mastering Multicluster Kubernetes with Red Hat OpenShift Platform Plus

As enterprises expand their containerized environments, managing and securing multiple Kubernetes clusters becomes both a necessity and a challenge. Red Hat OpenShift Platform Plus, combined with powerful tools like Red Hat Advanced Cluster Management (RHACM), Red Hat Quay, and Red Hat Advanced Cluster Security (RHACS), offers a comprehensive suite for multicluster management, governance, and security.

In this blog post, we'll explore the key components and capabilities that help organizations effectively manage, observe, secure, and scale their Kubernetes workloads across clusters.

Understanding Multicluster Kubernetes Architectures

Modern enterprise applications often span across multiple Kubernetes clusters—whether to support hybrid cloud strategies, improve high availability, or isolate workloads by region or team. Red Hat OpenShift Platform Plus is designed to simplify multicluster operations by offering an integrated, opinionated stack that includes:

Red Hat OpenShift for consistent application platform experience

RHACM for centralized multicluster management

Red Hat Quay for enterprise-grade image storage and security

RHACS for advanced cluster-level security and threat detection

Together, these components provide a unified approach to handle complex multicluster deployments.

Inspecting Resources Across Multiple Clusters with RHACM

Red Hat Advanced Cluster Management (RHACM) offers a user-friendly web console that allows administrators to view and interact with all their Kubernetes clusters from a single pane of glass. Key capabilities include:

Centralized Resource Search: Use the RHACM search engine to find workloads, nodes, and configurations across all managed clusters.

Role-Based Access Control (RBAC): Manage user permissions and ensure secure access to cluster resources based on roles and responsibilities.

Cluster Health Overview: Quickly identify issues and take action using visual dashboards.

Governance and Policy Management at Scale

With RHACM, you can implement and enforce consistent governance policies across your entire fleet of clusters. Whether you're ensuring compliance with security benchmarks (like CIS) or managing custom rules, RHACM makes it easy to:

Deploy policies as code

Monitor compliance status in real time

Automate remediation for non-compliant resources

This level of automation and visibility is critical for regulated industries and enterprises with strict security postures.

Observability Across the Cluster Fleet

Observability is essential for understanding the health, performance, and behavior of your Kubernetes workloads. RHACM’s built-in observability stack integrates with metrics and logging tools to give you:

Cross-cluster performance insights

Alerting and visualization dashboards

Data aggregation for proactive incident management

By centralizing observability, operations teams can streamline troubleshooting and capacity planning across environments.

GitOps-Based Application Deployment

One of the most powerful capabilities RHACM brings to the table is GitOps-driven application lifecycle management. This allows DevOps teams to:

Define application deployments in Git repositories

Automatically deploy to multiple clusters using GitOps pipelines

Ensure consistent configuration and versioning across environments

With built-in support for Argo CD, RHACM bridges the gap between development and operations by enabling continuous delivery at scale.

Red Hat Quay: Enterprise Image Management

Red Hat Quay provides a secure and scalable container image registry that’s deeply integrated with OpenShift. In a multicluster scenario, Quay helps by:

Enforcing image security scanning and vulnerability reporting

Managing image access policies

Supporting geo-replication for global deployments

Installing and customizing Quay within OpenShift gives enterprises control over the entire software supply chain—from development to production.

Integrating Quay with OpenShift & RHACM

Quay seamlessly integrates with OpenShift and RHACM to:

Serve as the source of trusted container images

Automate deployment pipelines via RHACM GitOps

Restrict unapproved images from being used across clusters

This tight integration ensures a secure and compliant image delivery workflow, especially useful in multicluster environments with differing security requirements.

Strengthening Multicluster Security with RHACS

Security must span the entire Kubernetes lifecycle. Red Hat Advanced Cluster Security (RHACS) helps secure containers and Kubernetes clusters by:

Identifying runtime threats and vulnerabilities

Enforcing Kubernetes best practices

Performing risk assessments on containerized workloads

Once installed and configured, RHACS provides a unified view of security risks across all your OpenShift clusters.

Multicluster Operational Security with RHACS

Using RHACS across multiple clusters allows security teams to:

Define and apply security policies consistently

Detect and respond to anomalies in real time

Integrate with CI/CD tools to shift security left

By integrating RHACS into your multicluster architecture, you create a proactive defense layer that protects your workloads without slowing down innovation.

Final Thoughts

Managing multicluster Kubernetes environments doesn't have to be a logistical nightmare. With Red Hat OpenShift Platform Plus, along with RHACM, Red Hat Quay, and RHACS, organizations can standardize, secure, and scale their Kubernetes operations across any infrastructure.

Whether you’re just starting to adopt multicluster strategies or looking to refine your existing approach, Red Hat’s ecosystem offers the tools and automation needed to succeed. For more details www.hawkstack.com 

Red Hat Insights: Proactively Managing and Optimizing Your IT Environment

In today's fast-paced IT landscape, managing complex infrastructures can be challenging. IT teams face issues ranging from performance bottlenecks and security vulnerabilities to inefficient resource utilization. Red Hat Insights offers a proactive, intelligent solution to address these challenges, helping enterprises maintain a secure, compliant, and optimized IT environment.

What is Red Hat Insights?

Red Hat Insights is a predictive analytics tool that provides continuous, real-time monitoring of your IT infrastructure. It identifies potential issues before they become critical, offering actionable insights and remediation steps. With Insights, IT teams can focus on strategic tasks while reducing downtime and risk.

Key features include:

Proactive Issue Detection: Red Hat Insights leverages advanced analytics to detect potential issues, including security vulnerabilities, misconfigurations, and performance bottlenecks.

Automated Remediation: Once an issue is detected, Insights provides detailed remediation steps and even offers automated playbooks that can be executed via Ansible.

Security and Compliance: Stay compliant with industry standards by continuously monitoring your environment against security baselines and best practices.

Performance Optimization: Identify inefficiencies in your IT environment and receive recommendations on how to optimize performance and reduce resource waste.

Integration with Red Hat Ecosystem: Red Hat Insights seamlessly integrates with Red Hat Enterprise Linux (RHEL), OpenShift, and Ansible Automation Platform, providing a unified approach to IT management.

How Red Hat Insights Works

Data Collection: Insights collects metadata and logs from your systems. This data is lightweight and focuses on system health and configuration details, ensuring minimal performance impact.

Analysis: The collected data is analyzed using Red Hat’s vast knowledge base, which includes decades of experience and input from thousands of customer environments.

Recommendations: Based on the analysis, Insights generates tailored recommendations for your IT environment. These recommendations include detailed descriptions of issues, their potential impact, and suggested remediation actions.

Action: IT teams can take corrective action directly from the Insights dashboard or use Ansible Automation Platform to apply fixes at scale.

Use Cases for Red Hat Insights

Security Management: Ensure your IT environment is protected from known vulnerabilities by receiving timely alerts and recommended fixes.

Patch Management: Simplify the patch management process by identifying critical patches and automating their deployment.

Configuration Drift: Avoid configuration drift by monitoring system configurations and ensuring they remain consistent with defined policies.

Resource Optimization: Improve resource utilization by identifying underused or misconfigured systems.

Compliance Auditing: Maintain compliance with regulatory requirements through continuous monitoring and reporting.

Benefits of Using Red Hat Insights

Reduced Downtime: Proactively address issues before they impact your operations.

Improved Security: Minimize security risks by keeping your systems updated and compliant.

Operational Efficiency: Automate routine tasks and focus on high-value initiatives.

Cost Savings: Optimize resource utilization and reduce unnecessary expenditures.

Scalability: Manage large, distributed environments with ease using automated tools and centralized dashboards.

Getting Started with Red Hat Insights

Enable Insights on RHEL: Red Hat Insights is included with your RHEL subscription. To enable it, register your systems with Red Hat Subscription Management and install the Insights client.

Access the Insights Dashboard: Once enabled, you can access the Insights dashboard through the Red Hat Hybrid Cloud Console. The dashboard provides an overview of detected issues, recommendations, and actions.

Integrate with Ansible: Enhance your remediation process by integrating Insights with Ansible Automation Platform. This allows you to execute playbooks directly from the Insights interface.

Conclusion

Red Hat Insights empowers IT teams to proactively manage and optimize their environments, reducing risks and improving operational efficiency. By leveraging predictive analytics, automation, and integration with Red Hat’s ecosystem, enterprises can ensure their IT infrastructure remains resilient and agile in the face of evolving challenges.

Whether you're managing a small infrastructure or a large, complex environment, Red Hat Insights provides the tools and intelligence needed to stay ahead of issues and maintain peak performance.

Start your journey towards a smarter, more proactive IT management approach with Red Hat Insights today.

For more details www.hawkstack.com

Migrating Virtual Machines to OpenShift: Tools and Techniques

As organizations shift to cloud-native architectures, migrating traditional virtual machines (VMs) to containerized platforms like OpenShift becomes crucial. OpenShift, a Kubernetes-based platform, offers scalability, flexibility, and developer-friendly features. However, moving from VMs to OpenShift requires careful planning and the right tools. Here’s an overview of key tools and techniques for a successful migration.

Tools for VM Migration

OpenShift Virtualization: OpenShift's native virtualization allows organizations to run VMs directly within the OpenShift environment. This tool enables you to transition VMs to containers with minimal disruption. It supports a variety of guest operating systems, simplifying the migration process.

Containerization Tools (e.g., Podman, Docker): These tools can be used to containerize applications running on VMs, making them ready for OpenShift. By converting applications into containers, organizations can leverage OpenShift's orchestration and scaling capabilities.

Red Hat Migrate2Container: This tool helps migrate legacy workloads from VMs to containers, offering automated assessments, planning, and execution. It reduces the complexity of the migration process and provides best practices for moving applications.

Techniques for Migration

Lift and Shift: This technique involves migrating VMs directly to OpenShift without significant changes. OpenShift Virtualization simplifies this process, allowing VMs to run alongside containerized workloads.

Re-platforming: In this approach, you convert VMs into containerized applications. This may involve breaking down monolithic applications into microservices and optimizing them for cloud-native environments.

Re-factoring: For more complex migrations, re-factoring involves redesigning the applications to fully exploit OpenShift’s capabilities, ensuring greater performance and scalability.

Migrating VMs to OpenShift can be a smooth transition with the right tools and strategies. By leveraging OpenShift’s native virtualization and containerization tools, organizations can embrace the future of cloud-native computing.

For more details visit www.hawkstack.com

OpenShift AI with tailored Red Hat Training and Certification

OpenShift AI with tailored Red Hat Training and Certification

HomeUncategorizedOpenShift AI with tailored Red Hat Training and Certification

MLOps and AI at Scale

Red Hat OpenShift AI provides an integrated MLOps platform designed for building, training, debugging, deploying, and monitoring predictive and baseline models with application intelligence at scale in the cloud. This solution is designed to accelerate AI/ML innovation, increase workflow consistency, and provide clarity in implementing AI across an enterprise

Key Features of Red Hat OpenShift AI

Red Hat OpenShift AI simplifies the development and deployment of AI/ML projects, offering a consistent and accessible workflow. This platform is powered by open-source tools, containers, and DevOps standards, ensuring scalable and reliable AI solutions. The combination of these components is referred to as MLOps

Red Hat's Approach to AI/ML

Red Hat's focus on open tools and platforms is organized into three key pillars:

1. Build: Develop AI/ML applications using Red Hat’s open-source ecosystem. 

 2. Deploy: Leverage containerization and DevOps methodologies to deploy these applications efficiently.

 3. Scale: Ensure scalability for enterprise-grade AI applications

Red Hat OpenShift AI Training: Course AI267

To help professionals better understand and utilize Red Hat OpenShift AI, Red Hat offers the Build and Deploy AI/ML Applications (AI267) course. This course covers:

● Training and deploying AI/ML models.

● Implementing best practices in machine learning and data science.

● Managing and troubleshooting data science pip

Red Hat Certified Expert OpenShift AI Certification

Red Hat is also launching a new certification, the Red Hat Certified Expert OpenShift AI (EX267), which will be available in late 2024. Passing this exam will not only certify your ability in AI-powered applications but also contribute to the Red Hat Certified Architect (RHCA) designation. However, before attempting this exam, it’s recommended to complete the Red Hat OpenShift Developer II (DO288) course.

Free Training for AI/ML Beginners

For those new to AI/ML, Red Hat provides a free, on-demand course called the Red Hat OpenShift AI Technical Overview (AI067). This course introduces the features of Red Hat OpenShift AI, helping participants understand how the platform can be used to develop enterprise-ready, hybrid AI solutions.

Tailored AI/ML Training Solutions

Whether you’re an experienced AI/ML professional or just starting out, Red Hat offers training and certification paths that are customizable to align with your business or personal goals. If you have specific needs, Red Hat’s experts are available to assist with personalized training solutions. Amritatechnologies

Conclusion

Red Hat OpenShift AI offers a comprehensive MLOps platform that integrates AI/ML workflows with enterprise-grade security, scalability, and repeatability. With tailored courses like AI267 and certifications such as EX267, professionals can gain the skills needed to build, deploy, and manage AI solutions efficiently. The platform’s use of open-source tools and DevOps standards ensures consistency and flexibility for AI projects. Free training options provide an accessible entry point for beginners. Red Hat’s focus on customizable training paths supports both individuals and teams in meeting their AI/ML goals. Overall, OpenShift AI accelerates innovation while maintaining operational excellence.

Red Hat Openshift Virtualization Unlocks APEX Cloud Platform

Dell APEX Cloud Platform

With flexible storage and integrated virtualization, you may achieve operational simplicity. In the quickly changing technological world of today, efficiency is hampered by complexity. The difficult task of overseeing complex systems, a variety of workloads, and the need to innovate while maintaining flawless operations falls on IT experts. Dell Technologies and Red Hat have developed robust new capabilities for Dell APEX Cloud Platform for Red Hat Openshift Virtualization that are assisting enterprises in streamlining their IT systems.

Openshift Virtualization

Utilize Integrated Virtualization to Simplify and Optimize

Many firms are reevaluating their virtualization strategy as the use of AI and containers picks up speed, along with upheavals in the virtualization industry. Red Hat OpenShift Virtualization, which offers a contemporary platform for enterprises to operate, deploy, and manage new and current virtual machine workloads together with containers and AI/ML workloads, is now included by default in APEX Cloud Platform for Red Hat OpenShift. Operations are streamlined by having everything managed on a single platform.

- Advertisement -Image Credit To Dell

APEX Cloud Platform

Adaptable Infrastructure for All Tasks

Having the appropriate infrastructure to handle your workload needs is essential for a successful virtualization strategy. An increased selection of storage choices is now available with APEX Cloud Platform for Red Hat OpenShift to accommodate any performance demands and preferred footprint. Block storage is needed by the APEX Cloud Platform Foundation Software, which offers all of the interface with Red Hat Openshift Virtualization.

For clients that want a smaller footprint, Dell have added PowerStore and Red Hat OpenShift Data Foundation to the list of block storage choices available from PowerFlex. In order to avoid making redundant expenditures, customers may use the PowerStore and PowerFlex appliances that are already in place.

Customers may easily connect to any of Their business storage solutions for additional storage to meet their block, file, and object demands. This is particularly crucial for the increasing amount of AI workloads that need PowerScale and ObjectScale’s file and object support.

Support for a range of NVIDIA GPUs and Intel 5th Generation Xeon Processors further increases this versatility and improves performance for your most demanding applications.

- Advertisement -

Continuity Throughout Your Red Hat OpenShift Estate

Red Hat OpenShift 4.14 and 4.16 support is now available in the APEX Cloud Platform, adding a new degree of uniformity to your Red Hat OpenShift estate along with features like CPU hot plug and the option to choose a single node for live migration to improve OpenShift Virtualization. This lessens the complexity often involved in maintaining numerous software versions, streamlining IT processes for increased productivity.

Red Hat Virtualization

Overview

Red Hat OpenShift includes Red Hat OpenShift Virtualization, an integrated platform that gives enterprises a contemporary way to run and manage their virtual machine (VM) workloads, both new and old. The system makes it simple to move and maintain conventional virtual machines to a reliable, dependable, and all-inclusive hybrid cloud application platform.

By using the speed and ease of a cloud-native application platform, OpenShift Virtualization provides a way to modernize infrastructure while maintaining the investments made in virtualization and adhering to contemporary management practices.

What advantages does Red Hat OpenShift virtualization offer?

Simple transfer: The Migration Toolkit for Virtualization that comes with Red Hat Openshift Virtualization makes it easy to move virtual machines (VMs) from different hypervisors. Even VMs can be moved to the cloud. Red Hat Services offers mentor-based advice along the route, including the Virtualization move Assessment, if you need practical assistance with your move.

Reduce the time to manufacture: Simplify application delivery and infrastructure with a platform that facilitates self-service choices and CI/CD pipeline interfaces. Developers may accelerate time to market by building, testing, and deploying workloads more quickly using Red Hat Openshift Virtualization.

Utilize a single platform to handle everything: One platform for virtual machines (VMs), containers, and serverless applications is provided by OpenShift Virtualization, simplifying operations. As a consequence, you may use a shared, uniform set of well-known corporate tools to manage all workloads and standardize the deployment of infrastructure.

A route towards modernizing infrastructure: Red Hat Openshift Virtualization allows you to operate virtual machines (VMs) that have been migrated from other platforms, allowing you to maximize your virtualization investments while using cloud-native architectures, faster operations and administration, and innovative development methodologies.

How does Red Hat OpenShift virtualization operate?

Included with every OpenShift subscription is Red Hat Openshift Virtualization. The same way they would for a containerized application, it allows infrastructure architects to design and add virtualized apps to their projects using OperatorHub.

With the help of simple, free migration tools, virtual machines already running on other platforms may be moved to the OpenShift application platform. On the same Red Hat OpenShift nodes, the resultant virtual machines will operate alongside containers.

Update your approach to virtualization

Virtualization managers need to adjust as companies adopt containerized systems and embrace digital transformation. Teams may benefit from infrastructure that enables VMs and containers to be managed by the same set of tools, on a single, unified platform, using Red Hat Openshift Virtualization.

Read more on govindhtech.com

EX210: Red Hat OpenStack Training (CL110 & CL210)

In CL110, equips you to operate a secure, scalable RHOSP overcloud with OpenStack integration, enhancing troubleshooting skills. In CL210, gain expertise in scaling and managing Red Hat OpenStack environments, using the OpenStack Client for seamless day-to-day operations of enterprise cloud applications.

Overview of this Training | CL110 & CL210 Red Hat OpenStack Administration I | CL110 Training | KR Network Cloud

The course CL110, Red Hat OpenStack Administration I: Core Operations for Domain Operators, educates you on how to run and maintain a production-ready Red Hat OpenStack Platform (RHOSP) single-site overcloud. The skills that participants will gain include managing security privileges for the deployment of scalable cloud applications and building secure project environments for resource provisioning. Integration of OpenShift with load balancers, identity management, monitoring, proxies, and storage are all covered in the course. Participants will also improve their Day 2 operations and troubleshooting skills. Red Hat OpenStack Platform 16.1 is in keeping with this course.

Red Hat OpenStack Administration II | CL210 Training | KR Network Cloud The course CL210, Red Hat OpenStack Administration II: Day 2 Operations for Cloud Operators, is designed for service administrators, automation engineers, and cloud operators who manage Red Hat OpenStack Platform hybrid and private cloud environments. Participants in the course will learn how to scale, manage, monitor, and troubleshoot an infrastructure built on the Red Hat OpenStack Platform. The main goal is to set up metrics, policies, and architecture using the OpenStack Client command-line interface so that enterprise cloud applications can be supported and day-to-day operations run smoothly. For further information visit our Website: krnetworkcloud.org

Google Cloud transforms your business with top-notch AI, ML, and multicloud solutions. Experience global infrastructure, data cloud, and open cloud capabilities for smarter decisions. Visit the website for more insights.

body { margin: 0; padding: 20px; font-family: Arial, sans-serif; } h1, h2, h3, h4, h5, h6 { color: #333; } p { line-height: 1.5; margin-bottom: 20px; } a { color: #007BFF; text-decoration: none; } a:hover { text-decoration: underline; } section { margin-bottom: 40px; }

Accelerate Your Digital Transformation with Google Cloud

Overview

Google Cloud is a leading technology solution provider, offering a wide range of services to help businesses of all sizes accelerate their digital transformation. Whether you are just starting your journey or are well on your way, Google Cloud has the expertise and technology to help you solve your toughest challenges.

Learn more

Key Benefits

Top reasons businesses choose Google Cloud

Enterprise-ready AI

Run your apps wherever you need them with multicloud

Build on the same infrastructure as Google with global infrastructure

Make smarter decisions with unified data using Data Cloud

Scale with open, flexible technology with Open Cloud

Protect your users, data, and apps with robust security

Connect your teams with AI-powered apps for Productivity and collaboration

Reports and Insights

Curated C-suite perspectives in Executive insights

Read what industry analysts say about Google Cloud in Analyst reports

Browse and download popular whitepapers in Whitepapers

Explore case studies and videos in Customer stories

Solutions

Google Cloud offers a wide range of industry-specific solutions to address the specific needs and challenges of different sectors. Here are some of the key solutions:

Retail: Analytics and collaboration tools for the retail value chain

Consumer Packaged Goods: Solutions for CPG digital transformation and brand growth

Financial Services: Computing, data management, and analytics tools for financial services

Healthcare and Life Sciences: Advance research and empower healthcare innovation

Media and Entertainment: Solutions for content production and distribution operations

Telecommunications: Hybrid and multi-cloud services to deploy and monetize 5G

Games: AI-driven solutions to build and scale games faster

Manufacturing: Migration and AI tools to optimize the manufacturing value chain

Supply Chain and Logistics: Enable sustainable, efficient, and resilient data-driven operations

Government: Data storage, AI, and analytics solutions for government agencies

Education: Teaching tools to provide more engaging learning experiences

Application Modernization

Google Cloud provides comprehensive solutions for modernizing your business applications. Whether you need to assess, plan, implement, or measure software practices and capabilities, Google Cloud has you covered.

CAMP Program: Improve your software delivery capabilities using DORA

Modernize Traditional Applications: Analyze, categorize, and migrate traditional workloads to the cloud

Migrate from PaaS: Cloud Foundry, Openshift: Tools for moving your containers to Google's managed container services

Migrate from Mainframe: Automated tools and guidance for moving mainframe apps to the cloud

Modernize Software Delivery: Best practices for software supply chain, CI/CD, and S3C

DevOps Best Practices: Processes and resources for implementing DevOps in your organization

SRE Principles: Tools and resources for adopting Site Reliability Engineering in your organization

Day 2 Operations for GKE: Tools and guidance for effective Google Kubernetes Engine management

FinOps and Optimization of GKE: Best practices for running reliable and cost-effective applications on GKE

Run Applications at the Edge: Guidance for localized and low-latency apps on Google's edge solution

Architect for Multicloud: Manage workloads across multiple clouds with a consistent platform

Go Serverless: Fully managed environment for developing, deploying, and scaling apps

Artificial Intelligence

Add intelligence and efficiency to your business with Google Cloud's AI and machine learning solutions. Whether you are looking to implement conversational AI, document processing, or product recommendation, Google Cloud has the right tools for you.

Contact Center AI: AI model for speaking with customers and assisting human agents

Document AI: Automated document processing and data capture at scale

Product Discovery: Google-quality search and product recommendations for retailers

APIs and Applications

Speed up the pace of innovation without coding using Google Cloud's APIs, apps, and automation tools. Whether you want to attract new developers and partners, modernize legacy applications, or simplify open banking compliance, Google Cloud has you covered.

New Business Channels Using APIs: Attract and empower an ecosystem of developers and partners

Unlocking Legacy Applications Using APIs: Cloud services for extending and modernizing legacy apps

Open Banking APIx: Simplify and accelerate secure delivery of open banking compliant APIs

Databases

Migrate and manage enterprise data with security, reliability, high availability, and fully managed data services. Whether you are looking to simplify your database migration life cycle or run SQL Server virtual machines on Google Cloud, Google Cloud's database solutions have got you covered.

Database Migration: Guides and tools to simplify your database migration life cycle

Database Modernization: Upgrades to modernize your operational database infrastructure

Databases for Games: Build global live games with Google Cloud databases

Data Cloud

Unify data across your organization with Google Cloud's open and simplified approach to data-driven transformation. Whether you need to migrate and manage enterprise data, generate instant insights from data, or innovate and optimize your SaaS applications, Google Cloud has the data solutions you need.

Data Warehouse Modernization: Jumpstart your migration and unlock insights with data warehouse

Data Lake Modernization: Services for building and modernizing your data lake

Spark on Google Cloud: Run and write Spark where you need it, serverless and integrated

Smart Analytics: Generate instant insights from data at any scale with a serverless, fully managed analytics platform

Business Intelligence: Solutions for modernizing your BI stack and creating rich data experiences

Data Science: Put your data to work with Data Science on Google Cloud

Marketing Analytics: Solutions for collecting, analyzing, and activating customer data

Geospatial Analytics and AI: Solutions for building a more prosperous and sustainable business

Startups and SMB

Google Cloud offers tailored solutions and programs to accelerate startup and SMB growth. Whether you are a startup looking for proven technology or an SMB exploring solutions for web hosting, app development, AI, and analytics, Google Cloud has the right tools to fuel your growth.

Startup Solutions: Grow your startup and solve your toughest challenges using Google’s proven technology

Startup Program: Get financial, business, and technical support to take your startup to the next level

Small and Medium Business: Explore solutions for web hosting, app development, AI, and analytics

Software as a Service: Build better SaaS products, scale efficiently, and grow your business

Featured Products

Compute Engine: Virtual machines running in Google’s secure data center for increased flexibility

Cloud Storage: Secure, durable, and scalable object storage

BigQuery: Data warehouse for business agility and insights

Cloud Run: Fully managed environment for running containerized apps

Google Kubernetes Engine: Managed Kubernetes service for running containerized apps

Vertex AI: Unified platform for machine learning models and generative AI

Vertex AI Studio: Build, tune, and deploy foundation models on Vertex AI

Vertex AI Search and Conversation: Build generative AI apps for search and conversational AI

Apigee API Management: Manage the full life cycle of APIs with visibility and control

Cloud SQL: Relational database services for MySQL, PostgreSQL, and SQL Server

Cloud SDK: Command-line tools and libraries for Google Cloud

Cloud CDN: Content delivery network for delivering web and video

See all products

AI and Machine Learning

Vertex AI Platform: Unified platform for ML models and generative AI

Vertex AI Studio: Build, tune, and deploy foundation models on Vertex AI

Vertex AI Search and Conversation: Generative AI apps for search and conversational AI

Dialogflow: Lifelike conversational AI with virtual agents

Security

Security Analytics and Operations: Solution for analyzing petabytes of security telemetry

Web App and API Protection: Threat and fraud protection for your web applications and APIs

Security and Resilience Framework: Solutions for each phase of the security and resilience life cycle

Risk and compliance as code (RCaC): Solution to modernize your governance, risk, and compliance function with automation

Software Supply Chain Security: Solution for improving end-to-end software supply chain security

Security Foundation: Recommended products to help achieve a strong security posture

Smart Analytics

Data Warehouse Modernization: Jumpstart your migration and unlock insights with data warehouse

Data Lake Modernization: Services for building and modernizing your data lake

Spark on Google Cloud: Run and write Spark where you need it, serverless and integrated

Smart Analytics: Generate instant insights from data at any scale with a serverless, fully managed analytics platform

Business Intelligence: Solutions for modernizing your BI stack and creating rich data experiences

Data Science: Put your data to work with Data Science on Google Cloud

Marketing Analytics: Solutions for collecting, analyzing, and activating customer data

Geospatial Analytics and AI: Solutions for building a more prosperous and sustainable business

Datasets: Data Source: https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-autoscaler&sa=U&ved=2ahUKEwi4p8uF6LSGAxUGEGIAHXy-COYQFnoECAEQAw&usg=AOvVaw3TCeRPJFwEWgadT3N9Z0Eu

Introduction to Openshift - Introduction to Openshift online cluster

Introduction to Openshift – Introduction to Openshift online cluster OpenShift is a platform-as-a-service (PaaS) offering from Red Hat. It provides a cloud-like environment for deploying, managing, and scaling applications in a secure and efficient manner. OpenShift uses containers to package and deploy applications, and it provides built-in tools for continuous integration, continuous delivery,…

View On WordPress

In an OpenShift or OKD Kubernetes Cluster, the ClusterVersion custom resource holds important high-level information about your cluster. This information include cluster version, update channels and status of the cluster operators. In this article I’ll demonstrate how Cluster Administrator can check cluster version as well as the status of operators in OpenShift / OKD Cluster. Check Cluster Version in OpenShift / OKD You can easily retrieve the cluster version from the CLI using oc command to verify that it is running the desired version, and also to ensure that the cluster uses the right subscription channel. # Red Hat OpenShift $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.8.10 True False 10d Cluster version is 4.8.10 # OKD Cluster $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.7.0-0.okd-2021-05-22-050008 True False 66d Cluster version is 4.7.0-0.okd-2021-05-22-050008 To obtain more detailed information about the cluster status run the oc describe clusterversion command: $ oc describe clusterversion ...output omitted... Spec: Channel: fast-4.8 Cluster ID: f3dc42b3-aeec-4f4c-780f-8a04d6951595 Desired Update: Force: false Image: quay.io/openshift-release-dev/ocp-release@sha256:53576e4df71a5f00f77718f25aec6ac7946eaaab998d99d3e3f03fcb403364db Version: 4.8.10 Status: Available Updates: Channels: candidate-4.8 candidate-4.9 fast-4.8 Image: quay.io/openshift-release-dev/ocp-release@sha256:c3af995af7ee85e88c43c943e0a64c7066d90e77fafdabc7b22a095e4ea3c25a URL: https://access.redhat.com/errata/RHBA-2021:3511 Version: 4.8.12 Channels: candidate-4.8 candidate-4.9 fast-4.8 stable-4.8 Image: quay.io/openshift-release-dev/ocp-release@sha256:26f9da8c2567ddf15f917515008563db8b3c9e43120d3d22f9d00a16b0eb9b97 URL: https://access.redhat.com/errata/RHBA-2021:3429 Version: 4.8.11 ...output omitted... Where: Channel: fast-4.8 – Displays the version of the cluster the channel being used. Cluster ID: f3dc42b3-aeec-4f4c-780f-8a04d6951595 – Displays the unique identifier for the cluster Available Updates: Displays the updates available and channels Review OpenShift / OKD Cluster Operators OpenShift Container Platform / OKD cluster operators are top level operators that manage the cluster. Cluster operators are responsible for the main components, such as web console, storage, API server, SDN e.t.c. All the information relating to cluster operators is accessible through the ClusterOperator resource. It allows you to access the overview of all cluster operators, or detailed information on a given operator. To retrieve the list of all cluster operators, run the following command: $ oc get clusteroperators NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE authentication 4.8.10 True False False 2d14h baremetal 4.8.10 True False False 35d cloud-credential 4.8.10 True False False 35d cluster-autoscaler 4.8.10 True False False 35d config-operator 4.8.10 True False False 35d console 4.8.10 True False False 10d csi-snapshot-controller 4.8.10 True False False 35d dns 4.8.10 True False False 35d etcd 4.8.10 True False False 35d image-registry 4.8.10 True False False 35d

ingress 4.8.10 True False False 35d insights 4.8.10 True False False 35d kube-apiserver 4.8.10 True False False 35d kube-controller-manager 4.8.10 True False False 35d kube-scheduler 4.8.10 True False False 35d kube-storage-version-migrator 4.8.10 True False False 10d machine-api 4.8.10 True False False 35d machine-approver 4.8.10 True False False 35d machine-config 4.8.10 True False False 35d marketplace 4.8.10 True False False 35d monitoring 4.8.10 True False False 3d5h network 4.8.10 True False False 35d node-tuning 4.8.10 True False False 10d openshift-apiserver 4.8.10 True False False 12d openshift-controller-manager 4.8.10 True False False 34d openshift-samples 4.8.10 True False False 10d operator-lifecycle-manager 4.8.10 True False False 35d operator-lifecycle-manager-catalog 4.8.10 True False False 35d operator-lifecycle-manager-packageserver 4.8.10 True False False 18d service-ca 4.8.10 True False False 35d storage 4.8.10 True False False 35d Key Columns in the ouptut: NAME – Indicates the name of the operator. AVAILABLE – Indicates operator state if successfully deployed or has issues. TRUE means the operator is deployed successfully and is available for use in the cluster. The degraded state means the current state does not match its desired state over a period of time. PROGRESSING – Indicates whether an operator is being updated to a newer version by the cluster version operator. True means update in pending completion. DEGRADED – This entry returns the health of the operator. True means the operator encounters an error that prevents it from working properly. You can limit the output to a single operator: $ oc get co authentication NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE authentication 4.8.10 True False False 2d14h To get more information about an operator use: $ oc describe clusteroperators Example: $ oc describe co authentication If you’re in a process of upgrading your OpenShift / OKD cluster from one minor version to another, we have a guide dedicated to upgrade shared in the link below: How To Upgrade OpenShift / OKD Cluster Minor Version

Citrix xenapp 6.5 policy not applying

This document does not replace comprehensive product documentation about XenApp and XenDesktop policies. The intended audience for this document is an advanced Citrix administrator who is familiar with HDX concepts, policy templates, and previous versions of the product. We’ve also provided planning guidance to help you determine the right settings for a given use case.

This document provides design considerations when you use these templates to create policies. XenApp and XenDesktop includes HDX policy templates that simplify deployment to users.

Latency and SQL Blocking Query Improvements in XenApp and XenDesktopĮxtending the Life of Your Legacy Web Applications by Using Citrix Secure BrowserĬitrix Universal Print Server load balancing in XenApp and XenDesktop 7.9Īctive Directory OU-based Controller discovery Group Policy management template updates for XenApp and XenDesktop HDX Policy Templates for XenApp and XenDesktop 7.6 to the Current Version

Use Citrix ADM to Troubleshoot Citrix Cloud Native Networkingĭeployment Guide Citrix ADC VPX on Azure - Autoscaleĭeployment Guide Citrix ADC VPX on Azure - GSLBĭeployment Guide Citrix ADC VPX on Azure - Disaster Recoveryĭeployment Guide Citrix ADC VPX on AWS - GSLBĭeployment Guide Citrix ADC VPX on AWS - Autoscaleĭeployment Guide Citrix ADC VPX on AWS - Disaster RecoveryĬitrix ADC and OpenShift 4 Solution BriefĬreating a VPX Amazon Machine Image (AMI) in SC2SĬonnecting to Citrix Infrastructure via RDP through a Linux Bastion Host in AWSĬitrix ADC for Azure DNS Private Zone Deployment GuideĬitrix Federated Authentication Service Logon Evidence Overview VRD Use Case Using Citrix ADC Dynamic Routing with KubernetesĬitrix Cloud Native Networking for Red Hat OpenShift 3.11 Validated Reference DesignĬitrix ADC CPX, Citrix Ingress Controller, and Application Delivery Management on Google CloudĬitrix ADC Pooled Capacity Validated Reference DesignĬitrix ADC CPX in Kubernetes with Diamanti and Nirmata Validated Reference DesignĬitrix ADC SSL Profiles Validated Reference DesignĬitrix ADC and Amazon Web Services Validated Reference DesignĬitrix ADC Admin Partitions Validated Reference DesignĬitrix Gateway SaaS and O365 Cloud Validated Reference DesignĬitrix Gateway Service SSO with Access Control Validated Reference DesignĬonvert Citrix ADC Perpetual Licenses to the Pooled Capacity Model Service Migration to Citrix ADC using Routes in OpenShift Validated Reference Design

🚀 Enterprise Kubernetes Storage with Red Hat OpenShift Data Foundation

As enterprises continue to adopt Kubernetes for container orchestration, the demand for scalable, resilient, and enterprise-grade storage solutions has never been higher. While Kubernetes excels in managing stateless applications, managing stateful workloads—such as databases, messaging queues, and AI/ML pipelines—poses unique challenges. This is where Red Hat OpenShift Data Foundation (ODF) steps in as a game-changer.

📦 What is Red Hat OpenShift Data Foundation?

Red Hat OpenShift Data Foundation (formerly OpenShift Container Storage) is a software-defined storage solution designed specifically for OpenShift environments. Built on Ceph and NooBaa, ODF provides a unified storage layer that seamlessly supports block, file, and object storage within your Kubernetes infrastructure.

ODF delivers highly available, scalable, and secure storage for cloud-native workloads, empowering DevOps teams to run stateful applications confidently across hybrid and multi-cloud environments.

🔧 Key Features of OpenShift Data Foundation

1. Unified Storage for Kubernetes

ODF supports:

Block Storage for databases and persistent workloads

File Storage for legacy applications and shared volumes

Object Storage for cloud-native applications, backup, and AI/ML data lakes

2. Multi-Cloud & Hybrid Cloud Ready

Deploy ODF on bare metal, private clouds, public clouds, or hybrid environments. With integrated NooBaa technology, it allows seamless object storage across AWS S3, Azure Blob, and on-premises storage.

3. Integrated with OpenShift

ODF is tightly integrated with Red Hat OpenShift, allowing:

Native support for Persistent Volume Claims (PVCs)

Automated provisioning and scaling

Built-in monitoring through OpenShift Console and Prometheus/Grafana

4. Data Resilience & High Availability

Through Ceph under the hood, ODF offers:

Data replication across nodes

Self-healing storage clusters

Built-in erasure coding for space-efficient redundancy

5. Security & Compliance

ODF supports:

Encryption at rest and in transit

Role-Based Access Control (RBAC)

Integration with enterprise security policies and key management services (KMS)

���� Common Use Cases

Database as a Service (DBaaS) on Kubernetes

CI/CD Pipelines with persistent cache

AI/ML Workloads requiring massive unstructured data

Kafka, Elasticsearch, and other stateful operators

Backup & Disaster Recovery for OpenShift clusters

🛠️ Architecture Overview

At a high level, ODF deploys the following components:

ODF Operator: Automates lifecycle and management

CephCluster: Manages block and file storage

NooBaa Operator: Manages object storage abstraction

Multicloud Object Gateway (MCG): Bridges cloud and on-prem storage

The ODF stack ensures zero downtime for workloads and automated healing in the event of hardware failure or node loss.

🚀 Getting Started

To deploy OpenShift Data Foundation:

Install OpenShift on your preferred infrastructure.

Enable the ODF Operator from OperatorHub.

Configure storage cluster using local devices, AWS EBS, or any supported backend.

Create storage classes for your apps to consume via PVCs.

Pro Tip: Use OpenShift’s integrated dashboard to visualize storage usage, health, and performance metrics out of the box.

🧠 Final Thoughts

Red Hat OpenShift Data Foundation is more than just a storage solution—it's a Kubernetes-native data platform that gives you flexibility, resilience, and performance at scale. Whether you're building mission-critical microservices or deploying petabyte-scale AI workloads, ODF is designed to handle your stateful needs in an enterprise-ready way.

Embrace the future of cloud-native storage with Red Hat OpenShift Data Foundation.For more details www.hawkstack.com 

Mastering OpenShift Administration II: Advanced Techniques and Best Practices

Introduction

Briefly introduce OpenShift as a leading Kubernetes platform for managing containerized applications.

Mention the significance of advanced administration skills for managing and scaling enterprise-level environments.

Highlight that this blog post will cover key concepts and techniques from the OpenShift Administration II course.

Section 1: Understanding OpenShift Administration II

Explain what OpenShift Administration II covers.

Mention the prerequisites for this course (e.g., knowledge of OpenShift Administration I, basics of Kubernetes, containerization, and Linux system administration).

Describe the importance of this course for professionals looking to advance their OpenShift and Kubernetes skills.

Section 2: Key Concepts and Techniques

Advanced Cluster Management

Managing and scaling clusters efficiently.

Techniques for deploying multiple clusters in different environments (hybrid or multi-cloud).

Best practices for disaster recovery and fault tolerance.

Automating OpenShift Operations

Introduction to automation in OpenShift using Ansible and other automation tools.

Writing and executing playbooks to automate day-to-day administrative tasks.

Streamlining OpenShift updates and upgrades with automation scripts.

Optimizing Resource Usage

Best practices for resource optimization in OpenShift clusters.

Managing workloads with resource quotas and limits.

Performance tuning techniques for maximizing cluster efficiency.

Section 3: Security and Compliance

Overview of security considerations in OpenShift environments.

Role-based access control (RBAC) to manage user permissions.

Implementing network security policies to control traffic within the cluster.

Ensuring compliance with industry standards and best practices.

Section 4: Troubleshooting and Performance Tuning

Common issues encountered in OpenShift environments and how to resolve them.

Tools and techniques for monitoring cluster health and diagnosing problems.

Performance tuning strategies to ensure optimal OpenShift performance.

Section 5: Real-World Use Cases

Share some real-world scenarios where OpenShift Administration II skills are applied.

Discuss how advanced OpenShift administration techniques can help enterprises achieve their business goals.

Highlight the role of OpenShift in modern DevOps and CI/CD pipelines.

Conclusion

Summarize the key takeaways from the blog post.

Encourage readers to pursue the OpenShift Administration II course to elevate their skills.

Mention any upcoming training sessions or resources available on platforms like HawkStack for those interested in OpenShift.

For more details click www.hawkstack.com

What is OpenShift AI? Overview and Use Cases

In today’s rapidly evolving technology landscape, organizations are increasingly leveraging artificial intelligence (AI) and machine learning (ML) to drive innovation, enhance decision-making, and optimize operations. However, deploying AI/ML workloads at scale requires a robust and flexible platform capable of handling complex pipelines, massive datasets, and real-time demands. Enter OpenShift AI, a Kubernetes-powered platform designed to simplify the deployment, scaling, and management of AI/ML workloads.

What is OpenShift AI?

OpenShift AI is a specialized solution built on Red Hat OpenShift, the industry-leading Kubernetes container platform. It extends OpenShift's capabilities to streamline AI/ML workflows by providing:

Containerized AI/ML Workloads: Ensures portability and scalability for your AI/ML applications.

GPU Support: Accelerates model training and inference with optimized support for GPU hardware.

Integration with AI/ML Frameworks: Compatible with popular tools like TensorFlow, PyTorch, and Scikit-learn.

End-to-End AI/ML Pipeline Management: From data preparation to model deployment, OpenShift AI simplifies the entire lifecycle.

Key Features of OpenShift AI

Kubernetes-Native Architecture

Runs AI/ML workloads as containers or microservices, making them scalable and resilient.

Seamless Integration with Data Science Tools

Works with OpenShift Data Science for model development and Jupyter Notebooks for collaborative coding.

Resource Efficiency

Optimized for managing GPU and CPU resources to ensure cost-effective training and inference.

DevOps for AI/ML

Supports CI/CD pipelines for AI/ML models, enabling faster iterations and reliable deployments.

Scalability and Multi-Cloud Support

Allows AI/ML workloads to scale seamlessly across on-premises and cloud environments.

Use Cases of OpenShift AI

1. Predictive Analytics

Organizations can use OpenShift AI to process vast amounts of historical data and build predictive models. For example:

Healthcare: Predicting patient outcomes or disease outbreaks.

Finance: Forecasting stock trends or fraud detection.

2. Natural Language Processing (NLP)

OpenShift AI provides the infrastructure to train and deploy NLP models for applications like:

Chatbots for customer support.

Sentiment analysis for brand monitoring.

Machine translation for global communications.

3. Computer Vision

With GPU-optimized support, OpenShift AI is ideal for computer vision tasks:

Retail: Real-time inventory management using object detection.

Automotive: Training self-driving car systems.

4. Recommendation Engines

By leveraging data pipelines and machine learning models, businesses can build personalized recommendation systems. Examples include:

E-commerce: Suggesting products based on user behavior.

Streaming Services: Recommending shows or movies.

5. Edge AI

OpenShift AI supports edge computing scenarios where data processing and AI inference happen closer to devices. This is critical for:

Manufacturing: Real-time defect detection on production lines.

Smart Cities: Traffic management and predictive maintenance.

Why Choose OpenShift AI?

Unified Platform OpenShift AI combines Kubernetes, AI frameworks, and data science tools into one cohesive platform.

Enterprise-Grade Security Built with Red Hat’s commitment to security, ensuring compliance and safeguarding sensitive AI/ML workloads.

Developer-Friendly Offers seamless integration with existing CI/CD workflows and easy onboarding for data scientists and ML engineers.

Flexibility and Portability Deploy AI/ML models across hybrid, multi-cloud, and on-premises environments without vendor lock-in.

Conclusion

OpenShift AI is more than just a tool; it’s a complete ecosystem for organizations looking to harness the power of artificial intelligence. By simplifying the complexities of AI/ML workflows and providing the scalability of Kubernetes, OpenShift AI empowers businesses to innovate faster and smarter.

Whether you're building chatbots, analyzing data at the edge, or deploying enterprise-scale AI solutions, OpenShift AI provides the foundation you need to succeed in the AI-driven era. For more information visit : https://www.hawkstack.com/ai-machine-learning-services-2/

IBM C1000-143 Practice Test Questions

Now you can pass C1000-143 IBM Cloud Pak for Watson AIOps v3.2 Administrator exam with ease. PassQuestion provides you a number of C1000-143 Practice Test Questions, exactly on the pattern of the actual exam. They are not only helpful for the exam candidates to evaluate their level of preparation but also provide them the opportunity to enhance their weaknesses well in time.  The C1000-143 Practice Test Questions include the latest questions and answers which help you in clearing all of your doubts of the IBM C1000-143 exam. With the help of the C1000-143 practice test questions, you will be able to feel the real exam scenario and pass your exam successfully on your first attempt.

IBM Cloud Pak for Watson AIOps v3.2 Administrator

An IBM Certified Administrator on IBM Cloud Pak for Watson AIOps v3.2 is a system administrator who has extensive knowledge and experience on IBM Cloud Pak for Watson AIOps v3.2 including AI Manager, Event Manager and Metric Manager. This administrator can perform the intermediate tasks related to planning, sizing, installation, daily management and operation, security, performance, configuration of enhancements (including fix packs and patches), customization and/or problem determination.

Exam Information

Exam Code: C1000-143 Exam Name: IBM Cloud Pak for Watson AIOps v3.2 Administrator Number of questions: 65 Number of questions to pass: 46 Time allowed: 90 minutes Languages: English Price: $200 USD Certification: IBM Certified Administrator - Cloud Pak for Watson AIOps v3.2

Exam Sections

Section 1: IBM Cloud Pak for Watson AIOps Overview   11% Section 2: Install the IBM Cloud Pak for Watson AIOps  17% Section 3: Configuration   30% Section 4: Operate the Platform   22% Section 5: Manage User Access Control    8% Section 6: Troubleshoot    12%

View Online IBM Cloud Pak for Watson AIOps v3.2 Administrator C1000-143 Free Questions

Which collection of key features describes Al Manager? A.Al data tools and connections and Metric Manager B.Al data tools and connections and infrastructure automation C.Al models and Chat Ops D.Network management and service and topology management Answer: C

In Event Manager, which event groupings usually occur within a short time of each other? A.Scope-based B.Seasonal C.Temporal D.Topology Answer: C

When a user logs on to any of the components on a Cloud Pak for Watson AlOps deployed cluster and it is too slow or times out, what can be done to resolve the issue? A.Update the Idap-proxy-config ConfigMap and set the LDAP_RECURSIVE_SEARCH to "false". B.Update the platform-auth-idp ConfigMap and set the LDAP_TIMEOUT to a higher value. C.Update the Idap-proxy-config ConfigMap and set the LDAP_TiMEOUT to a higher value. D.Update the platform-auth-idp ConfigMap and set the LDAP_RECURSIVE_SEARCH to "false" Answer: A

When installing Al manager or Event Manager in an air-gapped environment, which registry must the OpenShift cluster be connected to in order to pull images? A.Docker V2 compatible registry running behind B.quay.io C.Red Hat OpenShift internal registry D.docker.io Answer: C

For Al Manager, which type of ChatOps channel surfaces stories? A.Reactive B.Proactive C.Public D.Private Answer: A

What are two valid Runbook types in Event Manager? A.Partial B.Semi-automated C.Initial D.Fully-automated E.Locked-partial Answer: C, D

IBM Cloud Mastery: Banking App Deployment Insights

Hybrid cloud banking application deployment best practices for IBM Cloud and Satellite security and compliance

Financial services clients want to update their apps. Modernizing code development and maintenance (helping with scarce skills and allowing innovation and new technologies required by end users) and improving deployment and operations with agile and DevSecOps are examples.

Clients want flexibility to choose the best “fit for purpose” deployment location for their applications during modernization. This can happen in any Hybrid Cloud environment (on premises, private cloud, public cloud, or edge). IBM Cloud Satellite meets this need by letting modern, cloud-native applications run anywhere the client wants while maintaining a consistent control plane for hybrid cloud application administration.

In addition, many financial services applications support regulated workloads that require strict security and compliance, including Zero Trust protection. IBM Cloud for Financial Services meets that need by providing an end-to-end security and compliance framework for hybrid cloud application implementation and modernization.

This paper shows how to deploy a banking application on IBM Cloud for Financial Services and Satellite using automated CI/CD/CC pipelines consistently. This requires strict security and compliance throughout build and deployment.

Introduction to ideas and products

Financial services companies use IBM Cloud for Financial Services for security and compliance. It uses industry standards like NIST 800-53 and the expertise of over 100 Financial Services Cloud Council clients. It provides a control framework that can be easily implemented using Reference Architectures, Validated Cloud Services, ISVs, and the highest encryption and CC across the hybrid cloud.

True hybrid cloud experience with IBM Cloud Satellite. Satellite lets workloads run anywhere securely. One pane of glass lets you see all resources on one dashboard. They have developed robust DevSecOps toolchains to build applications, deploy them to satellite locations securely and consistently, and monitor the environment using best practices.

This project used a Kubernetes– and microservices-modernized loan origination application. The bank application uses a BIAN-based ecosystem of partner applications to provide this service.

Application overview

The BIAN Coreless 2.0 loan origination application was used in this project. A customer gets a personalized loan through a secure bank online channel. A BIAN-based ecosystem of partner applications runs on IBM Cloud for Financial Services.

BIAN Coreless Initiative lets financial institutions choose the best partners to quickly launch new services using BIAN architectures. Each BIAN Service Domain component is a microservice deployed on an IBM Cloud OCP cluster.

BIAN Service Domain-based App Components

Product Directory: Complete list of bank products and services.

Consumer Loan: Fulfills consumer loans. This includes loan facility setup and scheduled and ad-hoc product processing.

Customer Offer Process/API: Manages new and existing customer product offers.

Party Routing Profile: This small profile of key indicators is used during customer interactions to help route, service, and fulfill products/services.

Process overview of deployment

An agile DevSecOps workflow completed hybrid cloud deployments. DevSecOps workflows emphasize frequent, reliable software delivery. DevOps teams can write code, integrate it, run tests, deliver releases, and deploy changes collaboratively and in real time while maintaining security and compliance using the iterative methodology.

A secure landing zone cluster deployed IBM Cloud for Financial Services, and policy as code automates infrastructure deployment. Applications have many parts. On a RedHat OpenShift Cluster, each component had its own CI, CD, and CC pipeline. Satellite deployment required reusing CI/CC pipelines and creating a CD pipeline.

Continuous integration

IBM Cloud components had separate CI pipelines. CI toolchains recommend procedures and approaches. A static code scanner checks the application repository for secrets in the source code and vulnerable packages used as dependencies. For each Git commit, a container image is created and tagged with the build number, timestamp, and commit ID. This system tags images for traceability.  Before creating the image, Dockerfile is tested. A private image registry stores the created image.

The target cluster deployment’s access privileges are automatically configured using revokeable API tokens. The container image is scanned for vulnerabilities. A Docker signature is applied after completion. Adding an image tag updates the deployment record immediately. A cluster’s explicit namespace isolates deployments. Any code merged into the specified Git branch for Kubernetes deployment is automatically constructed, verified, and implemented.

An inventory repository stores docker image details, as explained in this blog’s Continuous Deployment section. Even during pipeline runs, evidence is collected. This evidence shows toolchain tasks like vulnerability scans and unit tests. This evidence is stored in a git repository and a cloud object storage bucket for auditing.

They reused the IBM Cloud CI toolchains for the Satellite deployment. Rebuilding CI pipelines for the new deployment was unnecessary because the application remained unchanged.

Continuous deployment

The inventory is the source of truth for what artifacts are deployed in what environment/region. Git branches represent environments, and a GitOps-based promotion pipeline updates environments. The inventory previously hosted deployment files, which are YAML Kubernetes resource files that describe each component. These deployment files would contain the correct namespace descriptors and the latest Docker image for each component.

This method was difficult for several reasons. For applications, changing so many image tag values and namespaces with YAML replacement tools like YQ was crude and complicated. Satellite uses direct upload, with each YAML file counted as a “version”. A version for the entire application, not just one component or microservice, is preferred.

Thet switched to a Helm chart deployment process because they wanted a change. Namespaces and image tags could be parametrized and injected at deployment time. Using these variables simplifies YAML file parsing for a given value. Helm charts were created separately and stored in the same container registry as BIAN images. They are creating a CI pipeline to lint, package, sign, and store helm charts for verification at deployment time. To create the chart, these steps are done manually.

Helm charts work best with a direct connection to a Kubernetes or OpenShift cluster, which Satellite cannot provide. To fix this, That use the “helm template” to format the chart and pass the YAML file to the Satellite upload function. This function creates an application YAML configuration version using the IBM Cloud Satellite CLI. They can’t use Helm’s helpful features like rolling back chart versions or testing the application’s functionality.

Constant Compliance

The CC pipeline helps scan deployed artifacts and repositories continuously. This is useful for finding newly reported vulnerabilities discovered after application deployment. Snyk and the CVE Program track new vulnerabilities using their latest definitions. To find secrets in application source code and vulnerabilities in application dependencies, the CC toolchain runs a static code scanner on application repositories at user-defined intervals.

The pipeline checks container images for vulnerabilities. Due dates are assigned to incident issues found during scans or updates. At the end of each run, IBM Cloud Object Storage stores scan summary evidence.

DevOps Insights helps track issues and application security. This tool includes metrics from previous toolchain runs for continuous integration, deployment, and compliance. Any scan or test result is uploaded to that system, so you can track your security progression.

For highly regulated industries like financial services that want to protect customer and application data, cloud CC is crucial. This process used to be difficult and manual, putting organizations at risk. However, IBM Cloud Security and Compliance Center can add daily, automatic compliance checks to your development lifecycle to reduce this risk. These checks include DevSecOps toolchain security and compliance assessments.

IBM developed best practices to help teams implement hybrid cloud solutions for IBM Cloud for Financial Services and IBM Cloud Satellite based on this project and others:

Continuous Integration

Share scripts for similar applications in different toolchains. These instructions determine your CI toolchain’s behavior. NodeJS applications have a similar build process, so keeping a scripting library in a separate repository that toolchains can use makes sense. This ensures CI consistency, reuse, and maintainability.

Using triggers, CI toolchains can be reused for similar applications by specifying the application to be built, where the code is, and other customizations.

Continuous deployment

Multi-component applications should use a single inventory and deployment toolchain to deploy all components. This reduces repetition. Kubernetes YAML deployment files use the same deployment mechanism, so it’s more logical to iterate over each rather than maintain multiple CD toolchains that do the same thing. Maintainability has improved, and application deployment is easier. You can still deploy microservices using triggers.

Use Helm charts for complex multi-component applications. The BIAN project used Helm to simplify deployment. Kubernetes files are written in YAML, making bash-based text parsers difficult if multiple values need to be customized at deployment. Helm simplifies this with variables, which improve value substitution. Helm also offers whole-application versioning, chart versioning, registry storage of deployment configuration, and failure rollback. Satellite configuration versioning handles rollback issues on Satellite-specific deployments.

Constant Compliance

IBM strongly recommend installing CC toolchains in your infrastructure to scan code and artifacts for newly exposed vulnerabilities. Nightly scans or other schedules depending on your application and security needs are typical. Use DevOps Insights to track issues and application security.

They also recommend automating security with the Security and Compliance Center (SCC). The pipelines’ evidence summary can be uploaded to the SCC, where each entry is treated as a “fact” about a toolchain task like a vulnerability scan, unit test, or others. To ensure toolchain best practices are followed, the SCC will validate the evidence.

Inventory

With continuous deployment, it’s best to store microservice details and Kubernetes deployment files in a single application inventory. This creates a single source of truth for deployment status; maintaining environments across multiple inventory repositories can quickly become cumbersome.

Evidence

Evidence repositories should be treated differently than inventories. One evidence repository per component is best because combining them can make managing the evidence overwhelming. Finding specific evidence in a component-specific repository is much easier. A single deployment toolchain-sourced evidence locker is acceptable for deployment.

Cloud object storage buckets and the default git repository are recommended for evidence storage. Because COS buckets can be configured to be immutable, They can securely store evidence without tampering, which is crucial for audit trails.  

Read more on Govindhtech.com

Overview of openshift online cluster in detail

OpenShift Online Cluster is a cloud-based platform for deploying and managing containerized applications. It is built on top of Kubernetes and provides a range of additional features and tools to help you develop, deploy, and manage your applications with ease. Here is a more detailed overview of the key features of OpenShift Online Cluster: Easy Deployment: OpenShift provides a web-based…

View On WordPress