The VMworld 2016 US event is approaching and Red Hat will be there to showcase our Management portfolio. This includes Red Hat CloudForms which provides unified management for container, virtual, private, and public cloud infrastructures.
With this in mind, we thought it would be a good time to recap how easy it is to deploy Red Hat CloudForms in a VMware virtualized environment. Deploying CloudForms for VMware is very straightforward and consists of three steps to get to an implemented solution that gives full visibility of your VMware infrastructure.
Continue reading “Getting started with managing VMware with Red Hat CloudForms”
The recent discovery of a protocol flaw on Samba server (see CVE-2016-2118) raises once again the question of managing security and compliance of systems. How can we identify easily which systems are affected? And, how can we validate that these environments are correctly patched?
Continue reading “Are your systems affected by BADLOCK Security flaw?”
As you have probably noticed by now, the attack on OpenSSL known as DROWN – Decrypting RSA using Obsolete and Weakened eNcryption has recently been discovered. Red Hat Product Security have provided patches for OpenSSL and recommend to apply them to affected systems.
In this post, we will discuss how Red Hat CloudForms and ManageIQ can assist in identifying environments at risk of the DROWN OpenSSL cross-protocol vulnerability. In addition, CloudForms can audit your environments and validate that the patches have been applied.
How can Red Hat CloudForms help?
CloudForms provides a policy based compliance check which can be used to verify software and configuration of servers and validate security requirements. These policies are created as a combination of an event, a condition and an action, and use a scope (usually set to infrastructure or guests) to determine if the policy needs to run. Additional information on using policies can be found in the product documentation: Defining policies and profiles.
Continue reading “Managing Patching Compliance Using DROWN OpenSSL Vulnerability as an Example”