The pandemic has highlighted the physical supply chain challenges, leading organizations to acknowledge dynamic supply assurance as an essential capability for their business. In the coming years, companies reliant on supply chains, including consumer packaged goods (CPG) and retail businesses, will prioritize supply chain optimization to address significant industry issues. The need for convenience and personalized experiences, growing concern over the environmental impact of consumption, and uncertainty surrounding trade disruptions and cost fluctuations are among the obstacles that can be overcome through the implementation of more connected, flexible, and sustainable supply chains.

By adopting the latest digital technologies, supply chain leaders can create the necessary flexibility to accommodate emerging consumption models, presenting a significant opportunity for driving change.

Here are some examples of business outcomes and key performance indicators (KPIs) that companies have realized through the implementation of supply chain optimization:

• $4.2 million in new profit from improved order management
• $6.4 million in savings from improved supply chain operations
• Planning Analytics improvements reduced budgeting efforts by 63% and forecasting efforts by 70%​

Given the criticality and relevance of the subject matter, we plan to release a series of eight articles. These articles will highlight real-world examples sourced from various analysts and organizations such as Gartner, McKinsey, Harvard Business Review, IDC, and IBM Institute for Business Value, all of which are anchored in customer implementations of IBM and Red Hat. Each article will commence with an explanation of the business problem, along with an overview of the obstacles and business drivers that organizations encounter. They will then offer:

• An action guide based on The Action Guide in the Own your transformation survey of 1500 CSCOs across 24 industries
• An overview of the solution
• A detailed schematic(s) of the use cases and a list of the technology used in the solution

Supply chain optimization

Numerous entities, including retailers and manufacturers, are currently investigating methods to promptly comprehend and respond to market shifts. They aim to balance safeguarding margins, optimizing store and warehouse capacity, and fulfilling delivery demands. These sourcing choices have the potential to substantially boost profits, particularly during peak periods. Furthermore, organizations are contemplating ways to establish more environmentally responsible footprints by redefining their approach to sustainability on an enterprise-wide scale.

Demand risk

Demand risk can be viewed from two perspectives: understock and overstock.

Understock pertains to inadequate inventory levels to meet the current demand. This encompasses a shortage of inventory for immediate or upcoming use to fulfill the demand. The outcome is unsatisfied customers who are either unable to place an order due to product unavailability or receive incomplete order fulfillment. This situation commonly referred to as “stock out,” typically results in a loss of 4% to 8% of total sales. It is also a missed opportunity to engage customers in alternative ways, such as through upselling or cross-selling. Key performance indicators (KPIs) related to understock or stock-out situations include inventory turnover rate, days on hand, and lead time (the duration required to procure additional inventory from a supplier).

Overstocking, on the other hand, implies having a surplus of inventory beyond current and future demand requirements. This leads to supplementary expenses for storage, bookkeeping, and potentially disposing of the excess inventory at a discounted rate or even destroying it. While the consequences of understocking are typically evaluated in terms of customer satisfaction and loss of future prospects, overstocking has a direct influence on the company’s bottom-line costs and profitability. Pertinent key performance indicators (KPIs) associated with overstocking include holding costs, dead stock (items in stock that fail to sell), and inventory turnover rates.

Loss and waste management

When it comes to lose and waste management in the context of inventory optimization, a crucial aspect is dealing promptly with unforeseen or unplanned circumstances that lead to inventory items becoming damaged or spoiled. If the situation is addressed and resolved within a specific timeframe, there may be an opportunity to salvage the product. However, in other instances, the damage is irreversible, and the item must be deemed unusable. Such incidents causing damage or spoilage are usually unforeseeable and beyond the control of the business. They are external factors that cannot always be anticipated or prevented.

To underscore the significance of inventory optimization for all types of businesses, we will concentrate on two primary scenarios involving unforeseen exceptions:

1. Environmental exceptions, such as power outages or temperature fluctuations, that can result in potential spoilage and impact the saleability of the product.
2. Product contamination or recall incidents, such as a foreign object or bacterial contamination may have occurred earlier in the supply chain or processing stages.

Product timeliness

At some point, food items and ingredients as well as manufactured goods and parts will reach their expiration date or become unusable due to decay and deterioration. These measures can be quantified. In the food industry, there are different types of dates and labels found on the packaging, each with its own meaning. The USDA and FDA have defined a range of standard labels and their corresponding explanations, which are detailed in Michigan State University’s guide on Expiring Products – Food & Ingredients.

With a few exceptions, most food products don’t have an expiration date. Instead, terms like “best if used by,” “use by,” “sell by,” “freeze by” and “guaranteed fresh” are used to indicate the optimal period during which the product should be consumed or frozen to maintain its best quality. These labels don’t necessarily reflect food safety standards, although many stores will avoid selling products past their sell-by date in the U.S.

Perfect order

Efficiently managing inventory is crucial for any business that deals with physical goods and is responsible for maintaining, repairing and operating supplies. The inventory management process comprises various procedures that impact the company’s bottom line, such as ordering, receiving, storing, tracking, and accounting for all the goods sold. This process is a vital component of supply chain management. In this use case, we will examine how a company can respond to an imperfect order and improve customer responsiveness by:

• Intelligent promising
• Optimization of user expectations with improved demand forecasting
• Automated responses

Intelligent order

Last-mile delivery also referred to as last-mile logistics, is the transportation of goods from a central distribution hub to the final delivery destination, typically the customer’s door. The primary objective of last-mile delivery logistics is to efficiently and accurately deliver packages to customers. The last mile can be particularly challenging, especially for bulky or large items, as it involves getting the goods from a transportation hub to their ultimate destination, which may include installation and configuration. Delivery is a crucial aspect of ensuring a positive customer experience. Intelligent ordering involves utilizing inventory management systems and artificial intelligence (AI) to optimize last-mile delivery processes.

This approach can lead to the following benefits for businesses:

• Decreased waste
• Order optimization
• Reduced cost

Consumers benefit with:

• Delivery promises fulfilled
• Proof of delivery

Sustainable supply chain

Balancing the need to operate a financially-sustainable business with the imperative to protect the planet provides an opportunity for companies to differentiate themselves. With the Earth rapidly warming, businesses in various industries have adapted their business models to ensure a sustainable future that balances profit with environmental responsibility. To achieve this, companies are re-evaluating their supply chains, switching to more sustainable source materials, and scrutinizing travel requests. In the quest to reduce emissions, consumption, and waste, businesses are exploring all options.

Some examples of how businesses are integrating sustainability into their operations include:

• Enhancing energy management efficiency by adopting renewable energy sources and monitoring carbon footprint.
• Installing infrastructure that minimizes carbon emissions conserves water resources and eliminates waste.
• Operating agile and efficient supply chains that support circular economy, minimize waste generation, promote sustainable consumption and preserve natural resources.
• Facilitating sustainable development by evaluating potential risks, enhancing resilience, and complying with relevant regulations and development objectives.

Summary

The concept of supply chains has progressed from being a relatively specialized matter concerning manufacturing companies and retailers to one that even consumers are highly cognizant of. This series will delve into the subject matter and provide details on various aspects of enhancing supply chains.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

The conservation of energy and sustainability has become a paramount concern for service providers across the globe. In order to adhere to national climate action plans’ long-term net neutrality objectives or combat escalating energy costs, service providers are exploring alternatives to reduce their energy consumption and establish a sustainable, eco-friendly operation.

It makes sense for them to concentrate on their network to lower energy usage since a significant amount of carbon emissions stem from the electricity consumed by mobile network base stations, communication station premises, and data centers. Moreover, as the rollout of 5G persists and communication traffic volumes increase over time, additional energy consumption is expected.

High energy-consuming network architectures

Traditional methods for reducing energy consumption in data centers involve adjusting workload resources based on their demand through auto-scaling and dynamic scheduling. However, this approach is challenging to apply in service provider networks where cloud-native network functions (CNFs) are typically assigned specific CPU cores and granted specialized access to system resources to optimize their performance. The 5G core UPF is one example of such CNF.

In the 5G UPF, polling and the implementation of the data plane development kit (DPDK) serve as crucial methods to ensure deterministic performance. However, polling is not affected by the load level of the 5G UPF. As a result, the associated CPU cores are continuously operating at their maximum capacity, even when the UPF is not in use or receiving minimal traffic. This means that 5G UPFs always consume the highest amount of power possible.

Innovative reduction of energy consumption

Intracom Telecom has integrated a new functionality called the frequency feedback loop (FFL) into its NFV-RI™ solution to address the energy impact of polling in DPDK workloads. FFL assesses current demand and selects the most efficient CPU frequency accordingly. It also accurately predicts the short-term fluctuations in the traffic load of a DPDK-based CNF. By adjusting the CPU core frequency, FFL can reduce energy consumption without compromising packet delivery. This innovation opens up possibilities for reducing power consumption and thereby minimizing carbon emissions.

Unlike traditional energy-saving techniques, FFL can be implemented seamlessly in a 5G UPF without any modifications to CNFs or the need to overhaul deployment and traffic management. FFL operates without compromising performance, as it maintains low latency and prevents packet loss. Additionally, FFL has minimal resource overhead and only utilizes less than 50% of a single CPU core.

How Red Hat and Intracom Telecom can help

Collaborating together, Red Hat and Intracom Telecom have developed a completely integrated and certified solution that combines NFV-RI and Red Hat OpenShift. This integration streamlines deployment and ensures a stable implementation in service provider environments. By utilizing NFV-RI on OpenShift, 5G UPF workloads can efficiently utilize power management features to optimize overall energy consumption.

Red Hat and Intracom Telecom have released a reference architecture to expedite the assessment and implementation of their joint solution. The reference architecture outlines a simple and replicable process for enhancing the energy footprint of the 5G UPF. It includes instructions for installation and deployment, configuration options, and Helm charts for the open-source components utilized as reference workloads (such as 5G UPFs and traffic generators).

The reference architecture also encompasses two prevalent 5G data center scenarios:

• Centralized 5G core deployments with fully-loaded UPF nodes
• 5G edge deployments with mixed-workload nodes

Both of these use cases rely on the distribution of the open mobile evolved core (OMEC) 5G UPF. In each of them, the overall savings in server power are reported for a real-world 24-hour traffic pattern. The fully-loaded use case delivers more than 25% savings, while the mixed-workload use case achieves more than 15%.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Private 5G networks are becoming more prevalent due to the rise of edge computing and macroeconomic trends that are driving service providers to reconsider how they operate networks and facilitate applications for faster results, better connectivity, and efficiency. Service providers desire the flexibility and independence provided by private 5G networks to embrace new advancements, from Industry 4.0 manufacturing and smart infrastructure to the cloudification of radio access networks (RAN).

Private 5G networks allow service providers to take a more significant role in an enterprise’s crucial business operations by providing a platform that hosts the private network as well as business applications that can run at the edge. This results in a reduction of the network’s footprint, an increase in its flexibility and manageability, and a decrease in the total cost of ownership.

Standardizing on an open platform for private 5G

To build a private 5G network, four main pillars must be considered: control, coverage, capacity, and autonomy. These pillars involve the ability to manage devices and functionalities within the network, expand service coverage to remote areas, provide high-capacity bandwidth for applications, and operate independently from public networks to enhance security and resilience.

Red Hat’s perspective is that a shared cloud-native platform is the essential element for unlocking each of these pillars. This platform allows service providers to create solutions using standardized components to meet present network requirements and accommodate future advancements.

Red Hat OpenShift has been equipped with a low latency kernel, optimized performance features, and a fast-data path to fulfill the prerequisites of private 5G networks and applications. This platform is capable of scaling from a single node to multiple nodes, ensuring consistent performance across various deployment scenarios on a hybrid cloud. Red Hat OpenShift serves as a universal platform that provides flexibility to cater to 5G connectivity and edge workloads for industrial applications, enabling service providers to deliver more than just spectrum allocation for private 5G networks.

Adding value by using a skilled ecosystem

Red Hat OpenShift features a network of proficient and certified partners that provide networking and operational functionalities for applications, which are managed concurrently on a unified platform. Red Hat has partnered with Airspan to authenticate Airspan’s cloud-native network functions (CNFs) for interoperability and lifecycle management on Red Hat OpenShift, thereby facilitating the creation of private 5G solutions.

To promote the development of private 5G, we have implemented a decomposed radio access network (RAN) utilizing Airspan small cells and cloud-native radio access software in Red Hat’s 5G telco lab in Boston. We have also employed Druid Raemis for the private enterprise core, to showcase a comprehensive demonstration of an end-to-end private 5G network as part of our partnership efforts.

Red Hat OpenShift’s cloud-native infrastructure was established using zero-touch provisioning, encompassing Airspan Control Platform (ACP), and RAN Software for Airspan’s distributed unit (DU) and central unit (CU). Certified CNFs for Red Hat OpenShift was also integrated into the system. Additionally, Red Hat OpenShift incorporates features like low latency kernels, time synchronization, and SR-IOV, which enhances efficiency and connectivity. The physical infrastructure was constructed utilizing 3rd Gen Intel Xeon® Scalable processors, Intel vRAN Accelerator ACC100 Adapter, Intel Ethernet Controller E810, and components of Intel’s FlexRAN™ Reference Architecture for Wireless Access to ensure a smooth operation.

However, Red Hat has collaborated with other partners and customers, including Casa Systems, Intel, and Telenor Sweden, who provide supplementary networking and operational features for applications that are managed together on the same platform. This approach can be implemented in various architectures, expanding the scope of a private 5G network to serve its intended purpose effectively.

In addition to telecommunications, Red Hat furnishes essential infrastructure that is employed in thousands of specific industry and horizontal environments with independent software vendors (ISVs). This encompasses industrial solutions that enhance wireless connectivity, promoting the development of forward-thinking warehouse and manufacturing facilities. The highest value of business transformation can be attained through close cooperation among all partners operating on the uniform platform of Red Hat OpenShift.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

When it comes to product security and compliance, there appear to be plenty of leaders. However, the definition of “leadership” can vary depending on the person, organization, or industry. In practical terms, what characteristics should an IT security leader possess? What actions should they take, and what should they avoid doing? And, most importantly, why are these actions significant?

Similar to the concept of leadership, there is no clear-cut answer to this question. Red Hat, with its extensive experience in software and system security, is well-suited to share our perspective on what it means to be a security leader. As an open-source organization, they believe that true security leadership requires active participation. Therefore, it should come as no surprise that we believe participation is an essential starting point for any claim of security leadership.

A security leader helps raise the tide

The saying “a rising tide lifts all ships” holds particular relevance in the realm of software security, particularly in open source. When a foundational technology, such as the Linux kernel, experiences a bug or exploit, or there is a change in compliance requirements, like STIG, it is unlikely to impact only a handful of vendors. Therefore, it is crucial for security leaders to engage in finding, addressing, and analyzing these problems actively. In other words, getting directly involved is essential.

Just as it is not appropriate to label oneself as a leader in an open-source community without having contributed to it, the same applies to security. If an organization only discusses how to address a particular challenge or the need for a specific standard but does not take any action to accomplish the work, it cannot be considered leadership. While discussions are a good starting point, the next step is to document the ideas and convert them into a standard that includes codes, rules, and guidance (e.g., CSAF or CVSS). Leaders take charge of this process and do not wait for others to take the initiative to write it down.

However, leaders are willing to share their knowledge and experience with others. For example, Red Hat recently made its Product Security Incident Response Team (PSIRT) plan, or IRP, open source, making it one of the first organizations to do so. While improving the security of their products is a priority for them, they recognize that the model has even more significant value to the wider security community. RedHat helps to demonstrate its framework to more IT security organizations, as they believe it can contribute to improving the overall security posture of the industry.

By engaging in active participation, security leaders demonstrate another essential trait they must possess – a dedication to establishing common ground.

Security leaders break silos

Customized processes and tools hinder modern IT, creating divisions among operational teams and breaking systems into disconnected parts instead of integrated entities. This applies to product security as well – excessive fragmentation and a lack of commonality can result in an excess of white noise and, potentially, a higher risk of security vulnerabilities being exploited.

Red Hat has been significantly engaged in numerous industry-wide initiatives aimed at developing common standards that provide valuable information, rather than simply generating “more data.” We have actively contributed to the development, maintenance, and evolution of standards such as CSAF, CVE, CVSS, and FIRST, which function effectively across various industries and at scale. To sustain a robust security posture at scale, standardized approaches are necessary. This means that when a bug or exploit is identified, organizations must be able to communicate with all of their vendors using the same terminology.

End-user organizations seldom rely on a single vendor. When a vulnerability is discovered, customers expect all of their vendors to provide them with information. Since the technology and threat landscapes are constantly evolving, these standards cannot remain static. Therefore, security leaders cannot afford to be complacent.

Security leaders don’t idle

Even when security leaders are not in a formal leadership position, they should work behind the scenes. They may provide informal guidance to specific working groups or assist an organization in leading a project to achieve its objectives. Additionally, they monitor emerging trends in IT security, identifying the source of future customer needs or pain points.

At present, the software supply chain is at the forefront of efforts to enhance security, validation, and provenance for the code that ultimately supports systems in production. In response to this need, several industry groups have rallied around the software bill of materials (SBOM), which seeks to provide assurance about the code’s origins, who accessed it, and whether it was altered.

The IT security leaders involved in the SBOM effort, including Red Hat, are exploring how existing work can be adapted to the needs of SBOMs or Vulnerability Exploitability eXchange (VEX). They are examining how the work being done on CSAF, vulnerability exchanges, and other areas can be applied to this emerging field. This is a prime example of IT security leadership in action, addressing emerging challenges that are just beginning to surface.

In this opinion, this is a prime example of security leadership – participating across different industries and functions to develop common standards while continuously moving forward. Red Hat has been implementing this approach in the realm of open source for a while now and has extended it to include open-source security.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

When most people hear the word “sustainability,” they often think of things like using reusable water bottles, composting at home, and using paper straws. They might also imagine “reduce, reuse, recycle” posters or canvas bags at a farmer’s market. However, they might not immediately associate sustainability with data centers. Despite this, sustainability has become an important aspect of government policies, business strategies, and consumer behavior. As a result, tech leaders are developing technologies that allow users to monitor how their software usage affects energy consumption.

Over the past few years, data centers have experienced significant growth in the amount of work they handle, leading to a corresponding rise in energy consumption, which has been increasing by 10-30% annually. As per the International Energy Agency’s report, data centers account for 1-1.5% of the world’s energy consumption. For companies to have a significant environmental impact, it has become essential for IT leaders to examine the efficiency of their equipment and the tools they use to assess the sustainability of their data centers.

Enter: Kepler

The Efficient Power Level Exporter, or Kepler, is an initiative developed by Red Hat’s emerging technologies group in collaboration with IBM Research and Intel. It is an open-source project driven by the community that measures power consumption across multiple platforms. The project’s focus is on reporting, reduction, and regression to help businesses comprehend energy usage better.

Kepler employs established cloud-native technologies and methodologies, including extended Berkeley Packet Filter (eBPF), CPU performance counters, and machine learning models. These technologies estimate the power consumption of workloads and export them as metrics. The metrics are utilized for scheduling, scaling, reporting, and visualization, providing system administrators with information about the carbon footprint of their cloud-native workloads.

The Kepler Model Server updates and refines its pre-trained models using node data gathered by Kepler’s power-estimating agents. This enables Kepler to customize its calculations to meet the unique requirements and systems of its users. By leveraging the insights provided by Kepler, business leaders can make more informed decisions about how to optimize energy consumption, address evolving sustainability needs, and achieve their organizational objectives.

The future of Kepler

Collaboration within the open-source community and prioritizing upstream development are crucial for accelerating progress in sustainable innovation. Keeping this in mind, Red Hat is actively working towards contributing Kepler to the Cloud Native Computing Foundation Sandbox. This allows contributors to explore and integrate Kepler into their own use cases, fostering innovation and sustainability in the open-source community.

Kepler has the potential to facilitate various new innovations within the open-source community, empowering service providers to more effectively observe, analyze, optimize, and document the power consumption of cloud-native applications. Some examples of these innovations include:

• Power consumption reporting: The metrics generated by Kepler are time-series data, meaning they can be utilized to construct dashboards that display power consumption at various levels, such as containers, pods, namespaces, or different compute nodes in the cluster.
• Carbon footprint: Users can combine Kepler’s energy consumption metrics with their data center’s power usage effectiveness (PUE) and electricity carbon intensity to estimate the carbon footprint of their workload.
• Power-aware workload scheduler and auto-scaling: Kepler’s metrics can be leveraged by a Kubernetes scheduler to allocate upcoming workloads to the compute node that is expected to enhance performance per watt, thus decreasing power consumption at the cluster level. In a similar manner, Kubernetes auto-scalers can utilize Kepler’s power consumption metrics in their auto-scaling algorithms to determine the necessary resources needed to achieve better energy efficiency.
• CI/CD pipelines: Kepler can also play a role in the software development lifecycle, aiding in the creation of more sustainable software products. For example, Kepler can be integrated into continuous integration and continuous development (CI/CD) pipelines for software testing and release. By utilizing Kepler’s power consumption metrics, developers can measure, analyze, and optimize their software stacks for improved sustainability.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Red Hat OpenShift is a popular choice for many companies as their standard platform for developing and operating all their applications. This helps them avoid a complex, heterogeneous environment and simplifies their operations. With Red Hat OpenShift, they can not only build new cloud-native applications but also migrate their legacy ones to them.

OpenShift offers a major advantage by allowing developers to only need to be familiar with one interface while hiding the complexities of the platform. This can lead to significant improvement in productivity.

Red Hat OpenShift Service on AWS (ROSA)

Some customers who choose OpenShift go a step further in simplifying their setup. They want to eliminate the need to worry about providing and managing the infrastructure for their clusters. Instead, they want their teams to focus solely on developing applications and to be productive right from the start. For these customers, Red Hat OpenShift Service on AWS (ROSA) is a viable option.

ROSA operates entirely on the Amazon Web Services (AWS) public cloud and is jointly managed by Red Hat and AWS. The control plane and compute nodes are fully managed by a team of Red Hat Site Reliability Engineers (SREs), with support from both Red Hat and Amazon. This includes installation, management, maintenance, and upgrades for all nodes.

Deployment options for ROSA

There are two main options for deploying ROSA: in a public cluster or in a private link cluster. In either case, it is recommended to deploy across multiple availability zones for increased resiliency and high availability.

Public clusters are typically used for workloads without stringent security needs. These clusters are deployed in a Virtual Private Cloud (VPC) within a private subnet, which houses the control plane nodes, infrastructure nodes, and worker nodes where applications run. Although the cluster is still accessible from the internet, a public subnet is also required in addition to the VPC.

AWS load balancers (Elastic and Network Load Balancers) deployed in the public subnet enable both the Site Reliability Engineering (SRE) team and users accessing the applications (ingress traffic to the cluster) to connect. For users, a load balancer redirects their traffic to the router service on the infrastructure nodes, which then forwards it to the desired application running on a worker node. The SRE team uses a separate AWS account to connect to the control and infrastructure nodes through various load balancers.

Figure 1. ROSA public cluster

For production workloads with more stringent security requirements, a PrivateLink cluster is recommended. In this case, the Virtual Private Cloud (VPC) housing the cluster only has a private subnet and is inaccessible from the public internet.

The Site Reliability Engineering (SRE) team uses a separate AWS account that connects to an AWS Load Balancer through an AWS PrivateLink endpoint. The load balancer then redirects traffic to the control or infrastructure nodes as necessary. (Once the AWS PrivateLink is established, the customer must approve access from the SRE team’s AWS account.) Users connect to an AWS Load Balancer, which directs their traffic to the router service on the infrastructure nodes, and eventually to the worker node where the desired application is running.

In PrivateLink cluster setups, customers often redirect egress traffic from the cluster to their on-premise infrastructure or to other VPCs in the AWS cloud. This can be done using an AWS Transit Gateway or AWS Direct Connect, eliminating the need for a public subnet in the VPC housing the cluster. Even if egress traffic needs to be directed to the internet, a connection (through the AWS Transit Gateway) can be established to a VPC with a public subnet that has an AWS NAT Gateway and an AWS Internet Gateway.

Figure 2. ROSA private cluster with PrivateLink

Connecting to the cluster

The preferred method for the SRE team to access and perform administrative tasks on the ROSA clusters is through the use of AWS Security Token Service (STS). The principle of least privilege should be applied, providing only the necessary roles for a specific task. The token provided is temporary and for one-time use, so if a similar task needs to be done later, a new token must be obtained.

The AWS Security Token Service (STS) is also used when connecting the ROSA cluster to other AWS services, such as EC2 for spinning up new servers or EBS for persistent storage needs.

Summary

Regardless of the type of customer, incorporating DevOps practices and modernizing application deployment through an enterprise Kubernetes platform like OpenShift is beneficial. While customers have the option to host it on-premise and manage it themselves, they can also opt for ROSA which is hosted on the AWS public cloud. ROSA’s ability to interact with a wide range of AWS services enhances the overall value customers can derive from their platform.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Do you plan to bring your high-end workstation, equipped with a top-notch GPU, as a carry-on as the world begins to allow travel again?

As your graphics workstation grows outdated, the thought of replacing all the hardware might be overwhelming. But after investing in new components, you may find that your motherboard can no longer meet your requirements.

To avoid such problems, one solution is to turn to cloud computing. Red Hat and AWS have joined forces to offer Red Hat Enterprise Linux for Workstations on the Amazon Marketplace.

What is Red Hat Enterprise Linux for Workstations?

People appreciate RHEL for its servers due to their known quality and longevity. So, why should your desktop experience be any less?

RHEL for Workstations offers the ability to integrate high-performance graphics hardware, such as NVIDIA GPUs, into your workstation setup. Our workstation offering includes the same deployment options as our server offering: bare metal, virtual, private cloud, or public cloud.

RHEL for Workstations also benefits from the same 10-year lifecycle and enterprise support. Imagine constructing a powerful scientific computing system and having the assurance of support for ten years! Furthermore, our product is accompanied by a continually expanding list of certified hardware and software developed by our partners.

Starting with RHEL 9, we’ve upgraded our RHEL for Workstations offering to GNOME 40.

By combining professional-level hardware, a 10-year support period, the Linux kernel, and a top-notch desktop environment, you can create a highly effective workstation to accomplish your tasks.

How does RHEL for Cloud Workstations work?

To begin using RHEL for Workstations, you must log in to your AWS account, confirm your connection to the desired data center, and avoid exceeding any vCPU quota limitations.

Next, you need to decide which driver makes the most sense for you:

• Tesla Drivers
  • These drivers are mainly intended for compute workloads that utilize GPUs for tasks such as parallel floating-point calculations in machine learning and high-performance fast Fourier transforms in computing applications.
• GRID Drivers
  • These drivers are guaranteed to deliver optimal performance for professional visualization applications that display 3D models and high-resolution videos. GRID drivers can be configured to support two modes. Quadro Virtual Workstations enable access to four 4K displays per GPU. GRID vApps offer RDSH application hosting functionality.

The simplest method to launch an RHEL cloud workstation is by searching the Amazon Marketplace Image (AMI) catalog. Go to EC2, then choose the catalog in the images section.

Once in the catalog, choose “AWS Marketplace AMIs” and enter “RHEL GRID” in the search bar. This will display the most recent version of the image.

Review the price, version, and support agreement, then press continue to proceed. This will take you back to the catalog. Click on “Launch Instance with AMI.”

They are prepared to set up the new RHEL instance. Simply assign it a name and confirm the correct AMI is selected (as a precaution).

You may accept the default options for type, network, and storage, but ensure to select a key pair to facilitate convenient access to the remote machine.

All necessary configuration steps are completed to start the EC2 instance build. Click on “Launch instance” and allow a few minutes for the system to start up and complete the AWS system checks.

How do I connect to my cloud workstation?

Keep in mind during this stage that this is a newly available option and is still being actively developed. There are several settings and configurations that should be considered prior to connect to the RHEL workstation for the first time:

Initially, it’s necessary to review the instance settings and adjust the security group. There should be three settings under the inbound rules.

It’s necessary to click “Edit inbound rules”. Port 22 should be enabled for SSH, and port 8443 should be open for both TCP and UDP. (Please note that, at the time of writing, the default security group does not include 8443/UDP).

To connect to your RHEL workstation, navigate to the instance summary and click on “Connect” on the top bar. Follow the instructions for the SSH client, using the key pair we configured earlier.

The steps to achieve optimal connectivity for your cloud instance will become simpler as newer marketplace images are released. Currently, let’s go through the necessary commands to achieve that.

sudo dnf remove $(sudo dnf list installed | grep '@cuda' | awk '{ print $1 }') -y # Remove existing drivers
sudo rm -f /etc/yum.repos.d/cuda-rhel8.repo # Remove the cuda repo
sudo dnf upgrade -y # Update the system packages
sudo dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm # Configure the EPEL repository
sudo dnf install -y make gcc elfutils-libelf-devel libglvnd-devel kernel-devel-$(uname -r) dkms # Install build dependencies
sudo dnf install -y @workstation-product-environment # Install workstation packages
sudo reboot # Reboot to clear out the old drivers

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" # Download the AWS CLI utility
unzip awscliv2.zip # open the archive
sudo ./aws/install # install AWS CLI
aws configure # setup your AWS account
aws s3 cp --recursive s3://ec2-linux-nvidia-drivers/latest/ . # Download the latest NVIDIA driver
chmod +x NVIDIA-Linux-x86_64*.run # add execute permissions to the installer
sudo /bin/sh ./NVIDIA-Linux-x86_64*.run # run the installer
sudo reboot

echo "options nvidia NVreg_EnableGpuFirmware=0" | sudo tee --append /etc/modprobe.d/nvidia.conf # configure the NVIDIA kernel parameters
sudo nvidia-xconfig --preserve-busid --enable-all-gpus --connected-monitor='DFP-0,DFP-1' --flatpanel-properties="Dithering = Disabled" # Disable dithering

sudo firewall-cmd --zone public --add-port 8443/udp # Add 8443/UDP to the firewall
sudo firewall-cmd --runtime-to-permanent # save the firewall configuration

sudo sed -i s/^\#create-session/create-session/ /etc/dcv/dcv.conf # set DCV to create a new session
sudo sed -i s/^'#owner = ""'/'owner = "ec2-user"'/ /etc/dcv/dcv.conf # configure DCV to user (ec2-user in this example)
sudo sed -i s/^\#authentication\=\"none\"/authentication\=\“system\”/ /etc/dcv/dcv.conf # set DCV authentication to system
sudo reboot # one final reboot

To experience the full benefits of your cloud instance, you’ll need to complete a few additional steps, including installing Nice DCV, which is available for Mac, Windows, and Linux. After installing, simply enter the public address of your remote workstation in the DCV View.

After installing Nice DCV, which is available for Mac, Windows, and Linux clients, enter the public address of your remote workstation into the DCV View. Enter your system user and password into the login prompt and your connection to your newly created RHEL cloud workstation will be established, displaying its login screen.

Conclusion

RHEL for Workstations is the perfect solution for professionals in the fields of graphic design, animation, scientific research, or architecture. With this solution, you can bring the stability and security you are used to with RHEL for Server to your cloud-based desktop, giving you access to a GPU-enabled workstation from anywhere and with any hardware.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

“Hardening” as a software concept is a widely used term, but the actual meaning of the practice and its importance for modern IT organizations is not frequently discussed. Hardening is essential for all organizations, even those that utilize specific STIGs or configuration guides.

Hardening is the act of minimizing a system’s vulnerability to attacks, thus improving its overall security. This can be achieved by disabling or eliminating unneeded features or functions, and operating the system with more limitations than its default settings. Another approach might be limiting or completely removing the privileges of a component to access features (such as APIs or files) of another component, ensuring only authorized components are used.

Figure 1: A hardening guide often removes capabilities to limit attack surfaces. In this example, the RHEL STIG limits available cryptographic algorithms and protocols – here removing the potentially unsafe TLS 1.0 and 1.1. 

STIGs serve as a basic guideline for strengthening a system’s security. DISA STIGs are designed to be repetitive and focus on a single product instead of an integrated system, making assumptions about external systems, business processes, and non-technical controls that may not be accurate. The instructions in STIGs are intended to be straightforward for the implementor, usually, a system owner or technical administrator, who is presumed to have a limited understanding of the target product or the security consequences of the controls being implemented. STIGs are written in clear and straightforward language to minimize confusion during application or audit, but exceptions may be necessary if deviations occur.

Figure 2: Multiple weaknesses may be present even when a STIG is applied to the target system. In this example, infrastructure, supply chain, database processes, and enterprise management systems may allow various attack techniques. Often, external processes or tools, or simple human errors, introduce risk to otherwise hardened systems.

The concept of hardening is a critical aspect of ensuring the security of an IT system. While STIGs offer guidelines as a starting point for system hardening, they concentrate on a single product rather than an integrated system and have numerous implicit assumptions about external systems, business procedures, and non-technical controls. STIGs are meant to be straightforward instructions for the implementor, typically a system owner or technical administrator, and are written in simple terms. However, the ever-evolving landscape of software threats and vulnerabilities means that more needs to be done to ensure security beyond the STIGs. To keep up with these threats, software vendors like Red Hat offer services that help determine which vulnerabilities apply to a system, but deep product expertise is still necessary to fully understand a product’s attack surface. By combining this expertise with other guidance from sources like NIST’s Secure Software Development Framework or OWASP guidelines, suppliers like Red Hat can provide default hardening guidance. This guidance can then be tailored by end-users to meet their specific hardening requirements based on historical attack patterns they have experienced, with the help of documentation in the form of deployment and security guides.

Hardening helps in enhancing the security posture of a system by reducing its attack surface. This is achieved by disabling or removing unnecessary features and functions, limiting privileges, or restricting access to certain system components. The goal of hardening is to limit the opportunities for exploitation, prevent unauthorized changes, reduce the number of active services, and minimize the potential for lasting damage in case of a successful attack. By implementing hardening principles, such as logging and monitoring, it becomes easier to detect security threats or compromises and prevent data breaches.

Figure 3: In this example, we see a hardened default configuration applied to Red Hat Openshift Container Platform’s HAProxy-based ingress controller to provide improved defaults for connection timeouts, secure cookie handling, and forwarding headers (& others not shown).

Hardening plays a crucial role in enhancing the security of a system. Adherence to specific guidelines from organizations, such as the use of DISA’s STIGs by DoD entities, can ensure that the system meets IT security standards and complies with industry regulations, thus providing confidence to system owners that their systems are secure.

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Regardless of their role, title, or position, leaders at all levels can practice leadership, including managers and individual contributors. Transforming or modernizing a business, whether it’s a small team or a large organization, requires a change in multiple areas. What was effective in the past may not be applicable in today’s rapidly changing, volatile, uncertain, complex, and ambiguous world. Leadership is distinct from management, particularly in organizations that embrace open leadership, where every individual can exhibit leadership qualities.

What is open leadership?

Open leadership is a perspective and a set of actions that anyone can take on. Open leaders, as described in The Open Organization, approach leadership with a focus on serving others, whether it be individuals, groups, teams, or the wider organization, in order to achieve a shared goal. They are individuals with strong characters who empower those around them. Open leaders excel in creating organizations that prioritize transparency, inclusivity, adaptability, collaboration, and a sense of community.

Red Hat Open Innovation Labs offers open leadership training sessions as part of its residencies, giving leaders the chance to enhance their open and agile skills needed to effectively lead their product teams. The training helps them to improve their sponsorship and advocacy skills, creating a supportive environment that encourages transformation and advancement.

When executed properly, open leadership fosters a positive organizational culture of involvement based on the principles of the open-source movement. In complex and rapidly changing business environments, leaders must learn to apply open values and principles in their actions and behavior. They must also effectively lead and manage remote and dispersed teams to build trust, promote psychological safety, and motivate their personnel.

About the “Open Leadership for Product Teams” workshop

The Open Leadership for Product Teams workshop is a crucial component of a Red Hat Open Innovation Labs residency and offers leaders practical, hands-on experience in establishing high-performing product teams. Our customer engagement approach is guided by our key leadership principles, which include collaboration, transparency, inclusivity, adaptability, community, agile methodologies, lean ways of working, and design thinking. The workshops are tailored to meet customers’ specific needs and are designed to be interactive, helping participants gain a practical understanding of open leadership and how to lead product teams using open practices. The workshop helps establish a shared language between leaders and managers, as well as the residency team.

Red Hat Open Leadership workshop outcomes

The objectives of our open leadership engagement workshops are to help participants achieve the following four goals:

• A clear grasp of open practices gives participants specific insights on how to enhance their abilities as open leaders.’
• Comprehending the purpose behind open practices and how to encourage transparency, inclusivity, collaboration, community, and adaptability through their application.
• An understanding of how to aid teams in their transition to embracing open, agile, DevOps, and lean product development practices.
• The capability to analyze their current situation and gain fresh insights for enhancing their organizational culture through the adoption of new working practices.

Red Hat, FIWARE, and Hopu power eco-smart cities:

“A team consisting of experts from Red Hat Open Innovation Labs, FIWARE, and HOPU joined forces for a six-week period to develop an open-source platform on Red Hat Openshift. This platform will host both FIWARE’s innovative smart cities solution and HOPU’s Internet of Things (IoT) technology. The objective of this cross-industry collaboration was to create a data solution that cities worldwide could use to become more intelligent and sustainable. By providing an easily deployable, secure, and scalable IoT solution, cities will be able to collect crucial data and harness technology for the betterment of citizens globally.”

 

---

Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com