Managing Patching Compliance Using DROWN OpenSSL Vulnerability as an Example

As you have probably noticed by now, the attack on OpenSSL known as DROWN – Decrypting RSA using Obsolete and Weakened eNcryption has recently been discovered. Red Hat Product Security have provided patches for OpenSSL and recommend to apply them to affected systems.

In this post, we will discuss how Red Hat CloudForms and ManageIQ can assist in identifying environments at risk of the DROWN OpenSSL cross-protocol vulnerability. In addition, CloudForms can audit your environments and validate that the patches have been applied.

How can Red Hat CloudForms help?

CloudForms provides a policy based compliance check which can be used to verify software and configuration of servers and validate security requirements. These policies are created as a combination of an event, a condition and an action, and use a scope (usually set to infrastructure or guests) to determine if the policy needs to run. Additional information on using policies can be found in the product documentation: Defining policies and profiles.

Continue reading “Managing Patching Compliance Using DROWN OpenSSL Vulnerability as an Example”

Cloud Forms 4.0: Inventory Performance Improvements for VMware Providers

Overview

Of the many improvements and feature enhancements made to Cloud Forms 4.0, one focus was on performance and scalability. One of the first tasks a Cloud Forms Administrator performs while managing a Hybrid cloud is inventory of the environment. Also known as refresh, this task is essential to managing various environments and provides valuable information on every object within the Cloud Forms VMDB.

Continue reading “Cloud Forms 4.0: Inventory Performance Improvements for VMware Providers”

Red Hat CloudForms 4.0 Public Beta 2

Thought I would write a blog about CloudForms 4.0, which I am the Product Manager for. I am mega proud and thankful of the engineering effort in the community and at Red Hat. Here are some insights into whats in the drop, whats coming for General Release in early December.

If you have been keeping up-to-date with the ManageIQ sprints on youtube (https://www.youtube.com/user/ManageIQVideo) you would have seen some mega additions to the platform, also the community has a changelog for their Capablanca release that serves as the base for Red Hat CloudForms 4.0 here https://github.com/ManageIQ/manageiq/blob/master/CHANGELOG.md

Continue reading “Red Hat CloudForms 4.0 Public Beta 2”

Red Hat Summit CloudForms Roadmap

Here is the 2nd session I performed at Red Hat summit, the CloudForms Roadmap.

Now, half of the deck contains the current 3.2 functionality, and is clearly labelled NOW, reason for this was because the amount of features we delivered in 3.2 and it GA’d only last week we felt it prudent to review that. After that section is the FUTURES, which has all the exciting stuff we are working on.

Continue reading “Red Hat Summit CloudForms Roadmap”

Red Hat Summit OpenStack Management with CloudForms

Here are my slides from Red Hat Summit, its a repeat of the OpenStack Summit presentation with two important things!

  1. The videos are now all up individually on youtube.
  2. It now includes the Heat/Cloudformations orchestration demonstration.

Here are the slides, the videos can be found in links after each relevant slide. Enjoy!

Continue reading “Red Hat Summit OpenStack Management with CloudForms”

OpenStack Summit 2015

Today, Wednesday 20th May 2015 I presented the following deck to OpenStack Summit @ Vancouver. Its all ManageIQ branded, e.g. the upstream to Red Hat CloudForms. The videos have NO audio as I spoke over, if I get the audio sometime I will update! UPDATED…… you can watch the OpenStack show video of the presentation – HERE

Continue reading “OpenStack Summit 2015”

RESTapi – A teach yourself lab!

Here is a lab I put together for a recent event, it was well received and I think it is very valuable to the ManageIQ and CloudForms user bases.

In the lab you will GET and POST RESTapi actions. Its a basic look at some common use cases such as,

  • Query a VM’s hardware inventory.
  • Query the VMS for any who are tagged with “Function/Database”
  • Show the tags on a specific VM
  • Create new Category and Tag in the appliance
  • Assign a Category/Tag to a VM
  • Provision a VM
  • Query the status of the Provision request.

Continue reading “RESTapi – A teach yourself lab!”