As more businesses journey to the cloud, they need ways to easily deploy and manage their critical workloads securely across public clouds, private clouds, and on-premises environments. This is particularly crucial when faced with the ongoing demands to support remote workforces.
The IBM public cloud has been rebuilt on a foundation of open source innovation, security leadership, and enterprise-grade infrastructure, which makes it easier for clients to rapidly develop new applications and reducesthe complexity in managing teams and technologies. And this is why our public cloud has become the preferred destination for businesses to run their most complex workloads.
Today we’re taking this a step further by announcing enhancements to Red Hat OpenShift on IBM Cloudwith the availability of OpenShift 4.3 – and we’re the first major cloud provider to offer this. The effort is jointly engineered and supported by IBM and Red Hat.
Most notably for our clients, we’ve added unique security and productivity features designed to help eliminate substantial time spent on ongoing maintenance like updating, scaling, securing and provisioning. We’re delivering the resiliency needed to handle unexpected surges in use, as well as protection against attacks that lead to breaches or outages and potential productivity losses. Now development teams can focus more on what matters – accelerating cloud native application development so they can drive new, competitive capabilities.
With this fully cloud managed offering, the master for your clusters is protected by IBM Cloud’s unique architecture, configuration and tools. Below are the technical benefits designed to help save time, reduce outages, and boost security.
·     Protect your Master with Automated Recovery
We’re automating recovery so you don’t lose time with customer support and other tasks that you might have otherwise had to do yourself (like strategy, staffing, storage.)
By continuously backing up etcd, we’re minimizing the threat of data loss in the unlikely case of a complete master outage. Masters are by default highly available, and you can further protect your master from a single data center failure by adding multizone clusters. So, if one data center goes down there is no impact to availability because IBM Cloud runs an active-active-active master.
·     Full Admin Access with Built-in Protection
Only Red Hat OpenShift on IBM Cloud provides cluster-admin access without the risk of an admin being able to take down the master. Â Master nodes for Red Hat OpenShift on IBM Cloud are physically network-isolated from the worker nodes. Therefore the master nodes are not accessible from any of the worker nodes within the cluster (network diagram).
With this new functionality, you’re no longer faced with recovery as the only viable solution to an outage, and your access is not limited either, as you might experience with other offerings. This means better access to controls and easier cluster management.
·     Increase Productivity by Autoscaling the Master
Red Hat OpenShift on IBM Cloud provides autoscaling masters with an industry-leading  99.99% SLA in multi-zone regions. This means your workloads can expand quickly, while you don’t worry about capacity. You can also autoscale your workersto meet your app’s capacity needs.
For example, in the heat of delivering a big feature, admins might overlook manually scaling the master, and without this new functionality, you’d have no SLA and your admins would be faced with scaling the master components as your grow – leading to a big loss in productivity.
·     Automate Worker Management and Provisioning Based on Workload Needs
Red Hat OpenShift on IBM Cloud provides total control over worker node provisioning and flexibility with worker pools, so you no longer worry about over- and under-provisioning your apps. IBM automates the worker management and provisioning to help ensure you’re matching workloads with the proper resources.
Other vendors may limit your ability to provision more node types and flavors, so you can’t easily automate how and when users get resources. Now you can easily mix node types and flavors to realistically match workloads that require a mix of data, compute, and services.
·     Managed Security with Red Hat OpenShift on IBM Cloud
When your CISO, NetOps admin, or DevSecOps admin comes to your door, you know that you’ve got another security and certification mountain to climb.
The master and its components (compute, networking, and storage) are continuously monitored by IBM Site Reliability Engineers (SREs). They apply the latest security standards in order to detect and remediate malicious activities, and work to help ensure reliability and availability of Red Hat OpenShift on IBM Cloud. Plus they follow relevant cybersecurity practices from the Kubernetes master benchmark that is published by the Center of Internet Security (CIS). Review IBM’s responsibilities for security.
No other cloud vendor helps you as much as IBM with OpenShift security and compliance, which includes chores for PCI, HIPAA, ISO27K, SOC1, and SOC2 Type 2.
These benefits were born from common enterprise use cases we’ve solved for our customers: security, resiliency, and productivity. In Red Hat OpenShift on IBM Cloud, we’ve leveraged the experience we’ve gained from running Kubernetes for years — now with 20,000+ clusters in production.
Additionally, with OpenShift 4.3, users can access the following new capabilitiesas-a-service:
·     Operators: Focus on app development with automated updates and health checks of your tools deployed into OpenShift
·     Knative: Serverless app development for event-based workloads
·     Service Mesh: Microservices management for distributed componentized applications
·     Increased security: Built-in authentication, auditing and secrets management
The IBM Developer Advocacy Program also shared their perspective on the advancements made to Red Hat OpenShift on IBM Cloud. You can view the blog here.
Additionally, to support today’s announcement and reinforce IBM’s continued commitment to driving open source innovation, IBM Research unveiled two container-based open-source projects that will enable confidentiality of code and data. You can read more about Encrypted Container Images and Trusted Service Identity here.
Get started today:
·     If you have questions or comments, engage our team via Slack. You can register hereand join the discussion in the #openshift channel on https://ibm-cloud-success.
·     Learn more about Red Hat OpenShift on IBM Cloud
·     Check out a free cluster for a quick test driveor do a tutorialon Red Hat OpenShift 4.3 on IBM Cloud
