IBM Boosts Security and Productivity with Red Hat OpenShift 4.3 on IBM Cloud

4 min read

As more businesses journey to the cloud, they need ways to easily deploy and manage their critical workloads securely across public clouds, private clouds, and on-premises environments.

This is particularly crucial when faced with the ongoing demand to support remote workforces.

The IBM public cloud has been rebuilt on a foundation of open source innovation, security leadership, and enterprise-grade infrastructure, which makes it easier for clients to rapidly develop new applications and reduce the complexity in managing teams and technologies in a secured environment. And this is why our public cloud has become the most secure and open public cloud for business.

Today, we’re taking this a step further by announcing enhancements to Red Hat OpenShift on IBM Cloud with the availability of OpenShift 4.3—and we’re the first major cloud provider to offer this. The effort is jointly engineered and supported by IBM and Red Hat.

Most notably for our clients, we’ve added innovative security and productivity features designed to help minimize time spent on ongoing maintenance like updating, scaling, securing, and provisioning. We’re engineered to deliver the resiliency needed to handle unexpected surges in use and protection against attacks that lead to breaches or outages. Now, development teams can focus more on what matters—accelerating cloud native application development so they can drive new, competitive capabilities.

Benefits of Red Hat OpenShift 4.3 on IBM Cloud

With this fully cloud managed offering, the master for your clusters is protected by IBM Cloud's architecture, configuration, and tools. Below are the technical benefits designed to help save time, reduce outages, and boost security.

Protect your master with automated recovery

We’re automating recovery so you don’t lose time with customer support and other tasks that you might have otherwise had to do yourself (e.g., strategy, staffing, or storage.)

By continuously backing up etcd, we’re mitigating the threat of data loss in the unlikely case of a complete master outage. Masters are, by default, highly available, and you can further protect your master from a single data center failure by adding multi-zone clusters. So, if one data center goes down, there is no impact to availability because IBM Cloud runs an active-active-active master.

Full admin access with built-in protection

Red Hat OpenShift on IBM Cloud is the only commercial offering that provides cluster-admin access without the risk of an admin being able to take down the master. Master nodes for Red Hat OpenShift on IBM Cloud are physically network-isolated from the worker nodes. Therefore, the master nodes cannot be accessed from any of the worker nodes within the cluster. 

With this new functionality, you’re no longer faced with recovery as the only viable solution to an outage, and your access is not limited either. This means better access to controls and easier cluster management.

Increase productivity by autoscaling the master

Red Hat OpenShift on IBM Cloud provides autoscaling masters with 99.99% SLA with the high availability setting of multi-zone regions. This means your workloads can expand quickly, while you don't worry about capacity. You can also autoscale your workers to meet your app's capacity needs. 

For example, in the heat of delivering a big feature, admins might overlook manually scaling the master. Without this new functionality, you’d have no SLA and your admins would be faced with scaling the master components as your grow—potentially leading to a big loss in productivity.

Automate worker management and provisioning based on workload needs

Red Hat OpenShift on IBM Cloud provides total control over worker node provisioning and flexibility with worker pools, so you no longer worry about over- and under-provisioning your apps. IBM automates the worker management and provisioning to help ensure you’re matching workloads with the proper resources.

You might find that other vendors may limit your ability to provision more node types and flavors, so you can't easily automate how and when users get resources. Now, you can easily mix node types and flavors to realistically match workloads that require a mix of data, compute, and services. 

Managed security with Red Hat OpenShift on IBM Cloud

When your CISO, NetOps admin, or DevSecOps admin comes to your door, you know that you've got another security and certification mountain to climb. 

The master and its components (compute, networking, and storage) are continuously monitored by IBM Site Reliability Engineers (SREs). They apply the latest security standards in order to detect and remediate malicious activities and work to help ensure reliability and availability of Red Hat OpenShift on IBM Cloud. Review IBM's responsibilities for security

Users will continue to benefit from IBM Cloud's leadership in security. Red Hat OpenShift on IBM Cloud provides chores for PCI, HIPAA, ISO27K, GDPR, SOC1, and SOC2 Type 2.

Additional capabilities and services

These benefits were born from common enterprise use cases we've solved for our customers: security, resiliency, and productivity. In Red Hat OpenShift on IBM Cloud, we've leveraged the experience we’ve gained from running Kubernetes for years—now with 20,000+ clusters in production.

Additionally, with OpenShift 4.3, users can access the following new capabilities as-a-service:

  • Operators: Focus on app development with automated updates and health checks of your tools deployed into OpenShift.
  • Knative: Serverless app development for event-based workloads.
  • Service mesh: Microservices management for distributed componentized applications.
  • Increased security: Built-in authentication, auditing, and secrets management.

The IBM Developer Advocacy Program also shared their perspective on the advancements made to Red Hat OpenShift on IBM Cloud. You can view the blog here.

Additionally, to support today’s announcement and reinforce IBM’s continued commitment to driving open source innovation, IBM Research unveiled two container-based open-source projects that will enable confidentiality of code and data. You can read more about Encrypted Container Images and Trusted Service Identity here.  

Get started today

Be the first to hear about news, product updates, and innovation from IBM Cloud