The recent discovery of a protocol flaw on Samba server (see CVE-2016-2118) raises once again the question of managing security and compliance of systems. How can we identify easily which systems are affected? And, how can we validate that these environments are correctly patched?
As you have probably noticed by now, the attack on OpenSSL known as DROWN – Decrypting RSA using Obsolete and Weakened eNcryption has recently been discovered. Red Hat Product Security have provided patches for OpenSSL and recommend to apply them to affected systems.
In this post, we will discuss how Red Hat CloudForms and ManageIQ can assist in identifying environments at risk of the DROWN OpenSSL cross-protocol vulnerability. In addition, CloudForms can audit your environments and validate that the patches have been applied.
How can Red Hat CloudForms help?
CloudForms provides a policy based compliance check which can be used to verify software and configuration of servers and validate security requirements. These policies are created as a combination of an event, a condition and an action, and use a scope (usually set to infrastructure or guests) to determine if the policy needs to run. Additional information on using policies can be found in the product documentation: Defining policies and profiles.
Of the many improvements and feature enhancements made to Cloud Forms 4.0, one focus was on performance and scalability. One of the first tasks a Cloud Forms Administrator performs while managing a Hybrid cloud is inventory of the environment. Also known as refresh, this task is essential to managing various environments and provides valuable information on every object within the Cloud Forms VMDB.
A recent post here http://cloudformsnow.com/2015/11/08/red-hat-cloudforms-4-0-public-beta-2/ detailed how in CloudForms 4.0 due in Dec15 will introduce a new Self Service UI. This article is a brief first glimpse at the UI.
Thought I would write a blog about CloudForms 4.0, which I am the Product Manager for. I am mega proud and thankful of the engineering effort in the community and at Red Hat. Here are some insights into whats in the drop, whats coming for General Release in early December.
If you have been keeping up-to-date with the ManageIQ sprints on youtube (https://www.youtube.com/user/ManageIQVideo) you would have seen some mega additions to the platform, also the community has a changelog for their Capablanca release that serves as the base for Red Hat CloudForms 4.0 here https://github.com/ManageIQ/manageiq/blob/master/CHANGELOG.md
Here is the 2nd session I performed at Red Hat summit, the CloudForms Roadmap.
Now, half of the deck contains the current 3.2 functionality, and is clearly labelled NOW, reason for this was because the amount of features we delivered in 3.2 and it GA’d only last week we felt it prudent to review that. After that section is the FUTURES, which has all the exciting stuff we are working on.
Here are my slides from Red Hat Summit, its a repeat of the OpenStack Summit presentation with two important things!
- The videos are now all up individually on youtube.
- It now includes the Heat/Cloudformations orchestration demonstration.
Today, Wednesday 20th May 2015 I presented the following deck to OpenStack Summit @ Vancouver. Its all ManageIQ branded, e.g. the upstream to Red Hat CloudForms. The videos have NO audio as I spoke over, if I get the audio sometime I will update! UPDATED…… you can watch the OpenStack show video of the presentation – HERE
Here is a lab I put together for a recent event, it was well received and I think it is very valuable to the ManageIQ and CloudForms user bases.
In the lab you will GET and POST RESTapi actions. Its a basic look at some common use cases such as,
- Query a VM’s hardware inventory.
- Query the VMS for any who are tagged with “Function/Database”
- Show the tags on a specific VM
- Create new Category and Tag in the appliance
- Assign a Category/Tag to a VM
- Provision a VM
- Query the status of the Provision request.