Advanced Computing in the Age of AI | Tuesday, May 21, 2024

OpenShift Emerges as Focus of IBM Cloud Plans 

The basis of IBM’s hybrid cloud strategy revolves around its assertion that about 80 percent of enterprise workloads have yet to migrate to the cloud. First articulated by ex-CEO Ginni Rometty, that strategy was emphasized again this week by Rometty’s successor, Arvind Krishna, while discussing the company’s quarterly results.

Eyeing those mission-critical workloads, IBM’s is leveraging its 2018 acquisition of Red Hat with upgrades to its OpenShift hybrid cloud platform as a way to boost application container and cluster security while advancing cloud-native development.

The one bright spot in IBM’s quarterly financial results announced this week was surging cloud demand similar to what other cloud providers report as customers shift to multi-cloud strategies. Krishna noted that IBM continues to focus on untapped workloads with a combination of Watson AI tools and expanded cloud services via OpenShift. Krishna said IBM has doubled the number of OpenShift customers since completing its acquisition of Red Hat last year.

The company said more than 2,200 customers are using Red Hat and IBM container tools.

Capitalizing on that momentum, IBM released the latest version of Red Hat OpenShift on Friday (April 24), incorporating security features for managing “complex” workloads across hybrid cloud deployments. Along with tapping critical workloads that have yet to migrate to the cloud, IBM also is highlight expanding requirements for security to support remote workers during the pandemic.

Hence, OpenShift 4.4 running on IBM’s cloud infrastructure adds security features like encrypted application container images and a “trusted identity” service. The encryption feature ensures that container images remain secure while the identity service secures data processed by container images.

As more enterprises move to microservices, most rely on the authentication features within the Kubernetes cluster orchestrate, including passwords, certificates or API keys. “The problem with the Kubernetes [security] is that once [keys] are stored, they would be also available to administrators, cloud operators or anyone with access to this namespace,” IBM said in a blog post announcing the latest release of OpenShift.

Indeed, security monitors discovered a vulnerability last summer in which a Kubernetes server API permitted access and deletion of “custom resources.” The security flaw allowed intruders to access cluster-wide resources with only standard role-based access control permissions.

IBM said its “workloads identity” approach plugs such security gaps“ by ensuring only attested services are able to obtain credentials.”

“We’ve added unique security and productivity features designed to help eliminate substantial time spent on ongoing maintenance like updating, scaling, securing and provisioning,” IBM added.

The OpenShift release also emphasizes the growing shift toward cloud-native development, including automation tools for application management and provisioning along with automated recovery.

Among the new OpenShift “capabilities-as-a-service” are a serverless app development tool for event-based workloads called “Knative” and a service mesh for managing microservices used to deliver distributed applications.

About the author: George Leopold

George Leopold has written about science and technology for more than 30 years, focusing on electronics and aerospace technology. He previously served as executive editor of Electronic Engineering Times. Leopold is the author of "Calculated Risk: The Supersonic Life and Times of Gus Grissom" (Purdue University Press, 2016).