Managing Patching Compliance Using DROWN OpenSSL Vulnerability as an Example

As you have probably noticed by now, the attack on OpenSSL known as DROWN – Decrypting RSA using Obsolete and Weakened eNcryption has recently been discovered. Red Hat Product Security have provided patches for OpenSSL and recommend to apply them to affected systems.

In this post, we will discuss how Red Hat CloudForms and ManageIQ can assist in identifying environments at risk of the DROWN OpenSSL cross-protocol vulnerability. In addition, CloudForms can audit your environments and validate that the patches have been applied.

How can Red Hat CloudForms help?

CloudForms provides a policy based compliance check which can be used to verify software and configuration of servers and validate security requirements. These policies are created as a combination of an event, a condition and an action, and use a scope (usually set to infrastructure or guests) to determine if the policy needs to run. Additional information on using policies can be found in the product documentation: Defining policies and profiles.

Continue reading “Managing Patching Compliance Using DROWN OpenSSL Vulnerability as an Example”

Cloud Forms 4.0: Inventory Performance Improvements for VMware Providers

Overview

Of the many improvements and feature enhancements made to Cloud Forms 4.0, one focus was on performance and scalability. One of the first tasks a Cloud Forms Administrator performs while managing a Hybrid cloud is inventory of the environment. Also known as refresh, this task is essential to managing various environments and provides valuable information on every object within the Cloud Forms VMDB.

Continue reading “Cloud Forms 4.0: Inventory Performance Improvements for VMware Providers”

Red Hat CloudForms 4.0 Public Beta 2

Thought I would write a blog about CloudForms 4.0, which I am the Product Manager for. I am mega proud and thankful of the engineering effort in the community and at Red Hat. Here are some insights into whats in the drop, whats coming for General Release in early December.

If you have been keeping up-to-date with the ManageIQ sprints on youtube (https://www.youtube.com/user/ManageIQVideo) you would have seen some mega additions to the platform, also the community has a changelog for their Capablanca release that serves as the base for Red Hat CloudForms 4.0 here https://github.com/ManageIQ/manageiq/blob/master/CHANGELOG.md

Continue reading “Red Hat CloudForms 4.0 Public Beta 2”