Why choose Red Hat OpenShift?
Two steps to “enterprise readiness”
When starting out on their containerisation journey, many of our customers look to the open source community – for projects like Docker and Kubernetes – to understand the key concepts, and simply ‘have a play’.
Step 1 – You’ll need more than just Docker
Effective use of containers in corporate environments requires more than just Docker and Kubernetes – you’ll need tools to support developer and operations activities, and the basis for a full continuous integration and continuous deployment (CI/CD) platform.
Red Hat has created OKD (previously OpenShift Origin), an upstream community project to integrate the community projects that are required for a ‘container platform’. Like all community projects, can be downloaded and used for no cost.
Step 2 – What about support, security and stability?
OKD is certainly a better platform option than individual community projects – but companies need guarantees around support service-levels, security, and stability, particularly for strategic technology platforms.
The OpenShift Container Platform (OCP) is an enterprise-ready distribution of OKD, available via annual subscription. Red Hat performs stabilisation testing, and verifies integrations with hardware and software vendors to ensure OCP can be used in production environments. In addition, Red Hat bundles other technologies – such as RHEL and CloudForms – to address critical security and cluster monitoring needs
So what are the OpenShift benefits?
Bundled releases maintained by Red Hat
An OpenShift subscription includes RHEL, CloudForms, JBoss Web Server and Red Hat SSO.
What does this mean?
Provides customers with the necessary components to enable rapid development of applications, and a platform capable of scaling those applications.
Customers get support and maintenance across the full stack of technologies included in the OpenShift subscription, while there is often a lack of Kubernetes support and Docker support.
Container Expertise
As containers have become more prevalent, Red Hat have increased their contribution to the industry standard open source projects required to run containers. Specifically, they are the #2 contributors to Docker and Kubernetes, second only to Docker and Google.
These experts are made available to customers through a Red Hat OpenShift subscription.
What does this mean?
As a customer progresses with containers, they will need access to experts who have ‘real-world’ experience with the complexities of networking, routing, authentication, storage etc – with security as the highest priority.
If a customer uses the community projects (including OKD), they will need to become container experts
Continuous Monitoring & Security
OpenShift includes CloudForms to manage the cluster and its infrastructure – amongst other things, it can be used to detect and respond to environment changes by tracking activities, capturing events, and sensing configuration changes.
For example, it can integrate with container scanning tools, which leverage continuously updated vulnerability databases.
What does this mean?
It has been estimated that ~ 25% of images in official Docker repositories have high priority vulnerabilities.
Use of CloudForms and security scanners (e.g. OpenSCAP) allows customers to add further security capabilities.
Backported Security Patches, Bug Fixes and Enhancements
This is one of the most important differences between Red Hat products and the community projects they are based on. Backporting is where a fix is taken from the most recent version of an upstream community project, and applied to the older version of the package distributed by Red Hat via a subscription.
Most often, backports are for security flaws or bug fixes, but in some cases could include key feature enhancements.
What does this mean?
Using only OKD, customers will have to wait for a new release, just to get a security fix (and will be forced into a full upgrade of OKD).
Or alternatively, they would be manually backporting, patching and maintaining the OKD platform itself (which is not realistically achievable).
Registry, Container Catalog and Support of Container Images
An OpenShift subscription provides access to container images from Red Hat’s Registry and Container Catalog – these images have been tested, secured and verified, and are regularly updated to include, for example, security patches.
3rd party container images provided by software partners are also verified by Red Hat.
What does this mean?
Users of community software, including OKD, will be using community versions of base container images from Docker Hub.
This means that application developers will be developing on top of (unsupported) community container images, which will not be acceptable for many enterprise customers.
OpenShift subscriptions provide additional security, maintenance and support for base operating system container images, and the middleware images that are built upon them.
Known Good Configurations and Reference Architectures
Red Hat provides and maintains documentation on OpenShift’s tested integrations – the most common combinations of technologies that customers wish to use.
In addition, Red Hat provides Reference Architecture Implementation Guides – which combine hard-won knowledge and experience to create a set of best practices for installing and maintaining a high-availability production environment.
What does this mean?
Tested integrations and reference architectures provide a proven starting point for an OpenShift installation – as compared with the challenges and effort associated with installing, configuring and maintaining a community-based container platform.
If you need assistance with your next project using Red Hat technology, simply get in touch with the friendly Tier 2 team today. We’re always happy to help.
