Red Hat OpenShift -- Innovation without limitation.pdf

Bring big ideas to life with the hybrid cloud platform
open to any app, team, or infrastructure
Innovation
without limitation
Presenter’s Name
Title
Presenter’s Name
Title
1

ABOUT THIS PRESENTATION
HOW DOES IT FIT WITH
OTHER CONTENT
WHAT IS THE OVERALL
OBJECTIVE
WHO IS THE TARGET
AUDIENCE
Overview of Red Hat OpenShift
OpenShift Technical Overview
OpenShift Roadmap and more ...
Provide an overview of OpenShift
Explain our value prop and differentiation
Generate interest for a more in-depth demo or workshop
Decision makers interested in containers and Kubernetes
Who want to understand what OpenShift can do for them
Represent app dev, IT operations, and architecture teams

Red Hat OpenShift: Innovation without limitation
3
3
Cloud-native
Internet of things
Digital
transformation
Containers
DevOps
Open organization
Open source communities
Kubernetes
Hybrid cloud
Machine learning
AI
Innovation
Security
Automation
business innovation
Every organization in every geography and in
every industry can innovate and create more
customer value and differentiation with
open source technologies and an open culture.
Big ideas drive...
5G

Red Hat OpenShift: Delivering innovation without limitation
But innovating
isn’t always easy
4
Innovation
Innovate at speed.
Flexibility
Flexibility to adapt to market changes.
Growth
Grow new customer experiences
and lines of business.

5
In the banking industry, tech is initiating a new wave of
disruption, forcing banks to innovate at speed
Open banking
transforms how
institutions need to think
about tech and security.1
Everything is mobile:
89% of customers use
mobile banking regularly.2
1
Srinivas, Val, Jan-Thomas Schoeps, Tiffany Ramsay, Richa Wadhwani, Samia Hazuria, and Aarushi Jain. “2020 banking and capital markets outlook: Fortifying
the core for the next wave of disruption.” Deloitte Insights, Dec. 2019.
2
Meola, Andrew. “Digital trends disrupting the banking industry in 2020.” Business Insider, Aug. 2019.

6
In the banking industry, tech is initiating a new wave of
disruption, forcing banks to innovate at speed
Open banking
transforms how
institutions need to think
about tech and security.1
Everything is mobile:
89% of customers use
mobile banking regularly.2
1
Srinivas, Val, Jan-Thomas Schoeps, Tiffany Ramsay, Richa Wadhwani, Samia Hazuria,
and Aarushi Jain. “2020 banking and capital markets outlook: Fortifying the core for the
next wave of disruption.” Deloitte Insights, Dec. 2019.
2
Meola, Andrew. “Digital trends disrupting the banking industry in 2020.” Business
Insider, Aug. 2019.
ANZ Bank deployed a container application
platform to speed development to keep
pace with business growth.3
Accelerated deployment
time by 98%
Improved developer
productivity and
collaboration
3
Red Hat video. “ANZ Bank reduces deployment time by 98%
with container platform.” YouTube, April 2019.

7
1
Bartels, Andrew. “The 2020 To 2021 Tech Market Outlook At A Time Of Global Pandemic And Economic Recession.” Forrester Webinar, April 2020.
Flexibility to adapt has become mandatory for the
shipping industry as demand explodes
eCommerce, cloud
infrastructure, digital
media, pharmaceuticals,
and some transportation
and telecom services will
see increased demand.” 1
Andrew Bartels
Forrester

8
1
Bartels, Andrew. “The 2020 To 2021 Tech Market Outlook At A Time Of Global Pandemic And Economic Recession.” Forrester Webinar, April 2020.
Flexibility to adapt has become mandatory for the
shipping industry as demand explodes
eCommerce, cloud
infrastructure, digital
media, pharmaceuticals,
and some transportation
and telecom services will
see increased demand.” 1
Andrew Bartels
Forrester
UPS built a new open application
platform for stability and availability
Gained high scalability and
availability to support peak demand 2

9
Real-time data analysis
through AI/ML is key to
successful autonomous
driving systems
Auto manufacturers are
becoming IoT platform
and device companies
1
Meola, Andrew. “How 5G and IoT are driving the connected smart vehicle industry.” Business Insider, March 2020.
Data, the “new fuel” of the automotive industry, is driving
new customer experiences and lines of business1

10
Real-time data analysis
through AI/ML is key to
successful autonomous
driving systems
Auto manufacturers are
becoming IoT platform
and device companies
Data, the “new fuel” of the automotive industry, is driving
new customer experiences and lines of business1
The BMW Group ConnectedDrive
platform scales as the data scales
connected cars
12 million
requests per week
1 billion
1
Meola, Andrew. “How 5G and IoT are driving the connected smart vehicle industry.”
Business Insider, March 2020.
2
Red Hat Summit 2019 keynote, 9 May 2019;
3
Red Hat Forum DACH, 14 Jan. 2020.

11
Innovation at speed.
Flexibility to adapt.
New customer experiences
and lines of business.
That’s what hybrid cloud can
deliver.

Hybrid is more than a strategy
It’s a way to bring together your existing hybrid mix of new and old...
Cloud-native and microservices
Java .Net ISV
AI/ML Analytics Serverless
Development, IT processes, and skills
Applications Infrastructure
12

People & Policies
Pipelines & Processes
Developer tools
13

63% 54%
of organizations are already
hybrid today
of those not using hybrid cloud
today plan to within 24 months
Source:
Red Hat, 2020 State of Enterprise Open Source Report.
14
Physical Virtual Private cloud Public cloud Edge

Hybrid delivers the agility to innovate
1. Create and deploy new code, faster
2. Securely connect operations with development
3. Adopt new global delivery models
15

We built Red Hat OpenShift
so any organization
could thrive
in a world of hybrid possibility
16

Automated, full
stack installation
Seamless Kubernetes
deployments
One-click
life-cycle management
Auto-scaling
of resources
Delivering innovation that can transform your business
Increase in sales over 3 years
with new revenue streams1
Source:
1 - Employers centralizes insurance apps on Red Hat OpenShift, March 2021
2 - Turkcell supports AI-powered innovation with Red Hat OpenShift, August 2021
40%
17
70%
Infrastructure cost
reduction for AI workloads2

Supporting the cloud-native application security you need
18
CONTROL
Application Security
➢ Integrate security in your CI/CD Pipeline
➢ Mitigate container runtime vulnerabilities
➢ Automated signing of container images
DEFEND
Infrastructure
EXTEND
Security Ecosystem
➢ Restrict access through trusted identity providers
➢ Isolate applications, environments within a cluster
➢ Validation with established security standards
➢ Utilize a broad security ISV ecosystem
➢ Connect with Red Hat Certified Operators
➢ Develop and deploy securely anywhere

19
Cloud-native apps AI/ML, Functions
Communities of Innovation | Ecosystems of Solutions
Secure & Automated Infrastructure and Operations
Traditional apps
Delivering consistency and flexibility

Start quickly, we
manage it for you
Red Hat OpenShift
Dedicated2
Supporting hybrid usage and buying patterns
A consistent platform no matter how or where you run
Red Hat OpenShift
Service on AWS
Azure Red Hat
OpenShift
Red Hat OpenShift
on IBM Cloud1
Red Hat OpenShift cloud services
Self-managed Red Hat OpenShift
On public cloud, or
on-premises on
physical or virtual
infrastructure3
Source:
2 Red Hat managed service running on user-supplied GCP infrastructure
3 See docs.openshift.com for supported infrastructure options and configurations
You manage it, for
control and flexibility
20

Your choice of OpenShift
Self-managed Red Hat OpenShift editions
21
Includes:
● Enterprise Kubernetes
runtime
● Red Hat Enterprise Linux
CoreOS immutable container
OS
● Administrator console
● OpenShift Virtualization
Adds:
● Developer console
● Log management and
metering/cost management
● Red Hat OpenShift Serverless
(Knative)
● Red Hat OpenShift Service Mesh
(Istio)
● Red Hat OpenShift Pipelines &
Red Hat OpenShift Gitops
(Tekton, ArgoCD)
Adds:
● Red Hat Advanced Cluster
Management for Kubernetes
● Red Hat Advanced Cluster
Security for Kubernetes
● Red Hat OpenShift Data
Foundation Essentials
● Red Hat Quay
Essential enterprise
Kubernetes Infrastructure
Opinionated application
development platform
Manageability and consistency across
hybrid and multi cloud with advanced
security for DevSecOps

Red Hat OpenShift Platform Plus
Enabling hybrid and multi-cloud deployments
22
Node layer
Router layer
Cluster n
Multi-cluster layer
Cluster 1
Node Node Node
Pod Pod Pod
Node Node Node
Pod Pod Pod
OpenShift Routing
OpenShift Application Nodes
OpenShift Application Nodes
OpenShift Routing
East/West
Observability ⠇Discovery ⠇Policy
⠇Compliance ⠇Configuration
⠇Workloads
Multicluster Management
Declarative security ⠇ Container vulnerability
management ⠇ Network segmentation ⠇ Threat
detection & response
Cluster Security
Image management ⠇Security scanning
⠇Geo-replication Mirroring ⠇Image builds
Global Registry

With a broad partner ecosystem
23
Storage Networking Security Databases Runtimes DevOps Big Data AI/ML
...

And the services and partners to guide you to success
24
RED HAT OPEN INNOVATION LABS
RED HAT CONTAINER ADOPTION PROGRAM
CATALYZE INNOVATION
IMMERSE YOUR TEAM
EXPERIMENT
Rapidly build prototypes,
do DevOps, and be agile.
Bring modern application
development back to your team.
Work side by side with experts
in a residency-style engagement.
FRAMEWORK FOR SUCCESSFUL CONTAINER
ADOPTION AND I.T. TRANSFORMATION
Mentoring, training, and side-by-side collaboration
SYSTEM INTEGRATORS
Or work with our ecosystem of certified systems integrators, including…

Realizing business value from a hybrid strategy
return on investment over 5 years
636%
to payback
10 months
lower 5-year cost of operations
54%
higher application developer productivity
20%
more new features per year
3x
higher revenue per year per organization
US$21.6 million
less unplanned downtime
71%
more efficient IT infrastructure teams
21%
Source:
IDC White Paper, sponsored by Red Hat, "The Business Value of Red Hat OpenShift", doc # US47539121, February 2021.
Red Hat OpenShift: Delivering innovation without
limitation
25

Bringing results to customers across industries and use cases
26

27
Container platform
market share leader
R E D H A T O P E N S H I F T
7.7%
VMware
15%
Mirantis
47.8%
3.9%
Rancher
Labs
1.2%
Canonical
24.4%
Other
Source: Who’s Winning in the Container Software Market, IT Pro Today, Jun 29, 2021.
47.8%
Red Hat OpenShift

OpenShift is the platform
built for cloud native
application development and
deployment across the hybrid
cloud
28

Red Hat OpenShift is for every innovator
Ready for IT operators
▸ Automate processes. Reduce complexity.
▸ Operate more securely from end to end.
Empowering developers
▸ Code fast with familiar tools.
▸ Rapidly deliver without roadblocks.
Proven for business leaders
▸ Choose a platform to power business today.
▸ Create a cloud strategy for the future.
29

What is happening
in your world?
30

CONFIDENTIAL Designator
APPENDICES
32

● OpenShift Editions (OKE, OCP, OPP)
● What’s new with OpenShift 4.9?
● OpenShift Virtualization
● Azure Red Hat OpenShift
● OpenShift Dedicated
● Red Hat OpenShift Windows for
Containers
● What’s included with an OpenShift
subscription
Included Appendices
● Addressing the OpenShift vs. “Vanilla”
Kubernetes Myth
● Comparing OpenShift vs Community
Projects
● Docker support in OpenShift
● Getting started with Red Hat OpenShift
● Red Hat on Red Hat
● Press and analyst coverage

● Red Hat Customer References (updated often)
● Edge computing with OpenShift
● OpenShift Service Mesh
● OpenShift Serverless
● OpenShift on IBM Z/LinuxONE and Power
● Previous intro slides
External Appendices

Appendix: OpenShift Editions
Aligning OpenShift Kubernetes Engine (RHOKE),
OpenShift Container Platform (RHOCP) and
OpenShift Platform Plus (RHOPP)
35

OpenShift is trusted enterprise Kubernetes
Kubernetes
release
OpenShift
release
...
Production
Ready
● Hundreds of defect and performance ﬁxes
● 200+ validated integrations1
● Certiﬁed container ecosystem
● 9-year enterprise life-cycle management
● Red Hat is a leading Kubernetes contributor since day 1
1 - Certified OpenShift Operators

Start quickly, we
manage it for you
Red Hat OpenShift
Dedicated2
Supporting hybrid usage and buying patterns
A consistent platform no matter how or where you run
Red Hat OpenShift
Service on AWS1
Azure Red Hat
OpenShift
Red Hat OpenShift
on IBM Cloud1
Managed Red Hat OpenShift services
Self-managed Red Hat OpenShift
On public cloud, or
on-premises on
physical or virtual
infrastructure3
Source:
1 In preview as of 1/1/2021. Also available as Red Hat OpenShift Dedicated managed service running on user-supplied AWS infrastructure.
2 Red Hat managed service running on user-supplied GCP infrastructure
3 See docs.openshift.com for supported infrastructure options and configurations
You manage it, for
control and flexibility
37

Comparing Options for Self-Managed OpenShift
Built from Kubernetes, RHEL CoreOS and automated operations
Includes:
● Core security options and
capabilities
● Standard infrastructure
services, Kubernetes ingress
control object
● Integrated monitoring
● Web-based administrator
console
Adds:
● Full set of advanced cluster and
network services
● Key scalable application services
and features (service mesh)
● Integrated developer console
and suite of developer services
(Serverless, Pipelines, GitOps)
Adds:
● Full set of advanced hybrid
cloud visibility (RHACM)
● Full-stack security integration
across the hybrid cloud
(RHACS)
● Consolidate application
registry services (Quay)
Essential enterprise
Kubernetes Infrastructure
Opinionated application
development platform
Manageability and consistency across
hybrid and multi cloud with advanced
security for DevSecOps

Red Hat open hybrid cloud platform
39
• Service mesh | Serverless
• Builds | CI/CD pipelines
• GitOps | Distributed Tracing
• Log management
• Cost management
• Languages and runtimes
• API management
• Integration
• Messaging
• Process automation
• Databases | Cache
• Data ingest and preparation
• Data analytics
• AI/ML
• Developer CLI | IDE
• Plugins and extensions
• CodeReady workspaces
• CodeReady containers
Developer services
Developer productivity
Kubernetes cluster services
Install | Over-the-air updates | Networking | Ingress | Storage | Monitoring | Log forwarding | Registry | Authorization | Containers | VMs | Operators | Helm
Linux (container host operating system)
Kubernetes (orchestration)
Cluster security Global registry
Multicluster management
Data services*
Data-driven insights
Application services*
Build cloud-native apps
Platform services
Manage workloads
* Red Hat OpenShift® includes supported runtimes for popular languages/frameworks/databases. Additional capabilities listed are from the Red Hat Application Services and Red Hat Data Services portfolios.
** Disaster recovery, volume and multicloud encryption, key management service, and support for multiple clusters and off-cluster workloads requires OpenShift Data Foundation Advanced
Observability | Discovery | Policy | Compliance |
Configuration | Workloads
Image management | Security scanning |
Geo-replication Mirroring | Image builds
Declarative security | Container vulnerability
management | Network segmentation |
Threat detection and response
RWO, RWX, Object | Efficiency |
Performance | Security | Backup |
DR Multicloud gateway
Cluster data management

Understanding OpenShift
Kubernetes engine only or fully-featured hybrid cloud foundation?
▸ Same foundation for the OpenShift Experience
▸ Core capabilities vs. Core plus advanced services

OpenShift Kubernetes Engine
Foundational Enterprise Kubernetes Offering That Runs Anywhere
Explore the benefits of Enterprise Secured
Kubernetes with an active ISV ecosystem
across infrastructure providers
Core feature set aligns to DIY, *KS, or lower
end preferences
Core Kubernetes functionality with RHEL
CoreOS immutable architecture

42
Install | Over-the-air updates | Networking | Ingress | Storage | Monitoring | Logging | Registry | Authorization | Containers | VMs | Operators | Helm charts
* Red Hat OpenShift® includes supported runtimes for popular languages/frameworks/databases. Additional capabilities listed are from the Red Hat Application and Data Services portfolio.
▸ Core instance of OpenShift
▸ Focused on installation of Kubernetes and RHEL CoreOS as the foundation to deploy containers
▸ OpenShift automated installation experience and Day 2 operations
▸ Introduction to the OpenShift experience without the headache of DIY or xKS
▸ For App, Dev & Platform services or multicluster management, RHOCP or RHOPP are best

Core instance of OpenShift
Focused on installation of Kubernetes and
RHEL CoreOS as the foundation to deploy
containers
OpenShift automated installation experience
without additional App, Dev & Platform
services layer included with OCP
Intended as an introduction to the OpenShift
experience

Containers are Linux
● OpenShift built from RHEL CoreOS
Security is at the heart of the Linux platform
that OpenShift is built upon
● Linux namespaces, SELinux, CGroups,
and Secure Computing Mode to isolate
and protect containers
Full installation integration with Kubernetes
● Immutable infrastructure is the
foundation to OpenShift
Red Hat Enterprise Linux & RHEL CoreOS
Foundation is Red Hat Enterprise Linux

Fully compliant, upstream Kubernetes
● Red Hat is one of the leading
contributors to Kubernetes
Enterprise lifecycle support
● Each release includes defect,
performance, and security fixes
Fully integrated enhancements
● Deployed with the components you
need to build, deploy and manage
containerized applications
Red Hat Enterprise Linux & RHEL CoreOS
Kubernetes
Built with certified Kubernetes

Fully automated installation, anywhere
● Operator model maintains immutable
installation and updates
Core Cluster services deployed using
operators
● Monitoring, Registry, Networking,
Router, OpenShift Virtualization, Helm
Foundation of a Kubernetes installation
● Stable, secure installation to support
deployment of containers
Automated installation on hybrid cloud infrastructures

OpenShift Kubernetes Engine Highlights
▸ Same service level agreements, bug fixes, and common
vulnerabilities and errors protection as OCP
▸ Same security options and default settings
▸ Standard infrastructure services support, including Kubernetes
ingress control object
▸ Full access to the integrated monitoring solution
▸ Web-based administrator console
▸ Support for OpenShift Virtualization

OpenShift Container Platform
Complete platform for containerized application deployment
Trusted Enterprise Kubernetes
● Immutable infrastructure with RHEL CoreOS
and Kubernetes
Empowering Developers to Innovate
● Integrated with developer workflows to get
applications to production sooner
Cloud-like Experience Everywhere
● Complete set of advanced services to enhance
controls, monitoring and interfaces

Delivering the full capabilities of OpenShift
● Same Kubernetes foundation of OKE
with a broad set of advanced services
Enhancing the user experience for managing
and deploying containers
● Advanced cluster, network
management tools
Extending the experience to developers
● Developer console designed to
integrate with how developers deploy
code
Built to deploy and manage applications

50
• Log management
• Cost management
• API management
• Integration
• Messaging
• Data ingest and prep
• Data analytics | AI/ML
• Data management & resilience
Developer services
Install | Over-the-air updates | Networking | Ingress | Storage | Monitoring | Logging | Registry | Authorization | Containers | VMs | Operators | Helm charts
Data services*
Platform services
Manage workloads
* Red Hat OpenShift® includes supported runtimes for popular languages/frameworks/databases. Additional capabilities listed are from the Red Hat Application and Data Services portfolio.
Built to deploy and manage applications
▸ Expanded platform services (service mesh, serverless, pipelines, GitOps)
▸ Full developer console and services
▸ Enhanced application and data services

Expanded Platform services
● OpenShift Service Mesh (Istio)
● OpenShift Serverless (Knative)
● OpenShift Pipelines (Tekton)
● Jenkins CI/CD service
● Full Stack Log Management
● Metering
Expanded platform services capabilities included

Enhanced Application services
● Supported SCL image runtimes for
popular programming languages,
runtimes and databases (Java, Tomcat,
Python, Node.js, Postgres, Ruby,
MariaDB & more
● Ability to add advanced middleware
services via Red Hat and IBM (requires
additional add-on bundles)
● Certified Operator-based services
from our ISV ecosystem
Integrated services for deploying cloud-native applications

Enhanced Data services
Integrated services for deploying cloud-native applications

Integrated Developer services
● OpenShift Developer Console and odo
CLI to simplify developer usage
● CodeReady Workspaces on OCP for
cloud native app dev & collaboration
● CodeReady Containers to provide an
OCP local experience on your laptop
● OCP IDE plugins for popular IDEs like
VSCode and IntelliJ
Platform of choice for cloud-native developers

OpenShift Platform Plus
Complete platform for deploying, managing and protecting applications across the hybrid cloud
Centralized visibility across the hybrid cloud
● Advanced hybrid cloud foundation
management tools (ACM)
Secure the application codebase
● Global application and container registry with
security scanning services (Quay)
Elevating multicluster security
● Kubernetes-native security with integration
across the hybrid cloud (ACS)

OpenShift Platform Plus Highlights
▸ Consistent user experience, management and security across
hybrid infrastructure
▸ Comprehensive tools for cloud-native application development
▸ Built-in security across the entire application lifecycle with a
global container registry
▸ Kubernetes-native multicluster security with active threat
detection and remediation
▸ End-to-end management and observability

➢ Consistent user experience,
management and security across
hybrid infrastructure
➢ Comprehensive tools for cloud-native
application development
➢ Built-in security across the entire
application lifecycle with a global
container registry
➢ Kubernetes-native multicluster security
with active threat detection and
remediation
➢ End-to-end management and
observability
Complete hybrid cloud foundation to deploy and manage cloud-native applications

Red Hat Advanced Cluster Management for
Kubernetes
➢ Enables organizations to manage their
Kubernetes clusters with consistency
across the hybrid cloud
➢ Centrally set policies to automatically
configure and maintain consistency of
security controls required by
regulatory, industry or corporate
standards
➢ Automate application deployments
using placement policies that are
integrated into existing CI/CD pipelines
and governance controls
Including critical multicluster management tools for hybrid visibility

Red Hat Advanced Cluster Security for
Kubernetes (formerly StackRox)
➔ Kubernetes-native workload protection
and cloud security posture
management to enable you to “shift
left”
➔ Extend scanning and compliance into
development (DevSecOps)
➔ Leverage built-in Kubernetes CSPM to
identify and remediate risky
configurations
➔ Maintain and enforce a “zero-trust
execution” approach to workload
protection
Injecting security from day-one

A distributed and highly available container
image registry for the enterprise
➢ Control access of the registry with
multiple identity and authentication
providers
➢ Integrate with vulnerability detectors
(like Clair) to automatically scan your
container images
➢ Streamline your CI/CD pipeline with
build triggers, git hooks, and robot
accounts
Managing your stable of code across the hybrid cloud

ODF description
➢ A
➢ B
➢ C
XXXXX

Comparing the OpenShift Options
▸ Core security options and
capabilities
▸ Standard infrastructure services
support, including Kubernetes
ingress control object
▸ Full access to the integrated
monitoring solution
▸ Web-based administrator
console
Both built from Kubernetes, RHEL CoreOS and automated operations
▸ Core features of OKE
▸ Full set of advanced cluster and
network services
▸ Key scalable application services
and features (service mesh)
▸ Integrated developer console
and suite of developer services
(serverless, pipelines)
▸ Core features of OCP
▸ Full set of advanced hybrid cloud
visibility (ACM)
▸ Enabling full-stack security
integration across the hybrid
cloud (ACS)
▸ Consolidate application registry
services (Quay)

Fully Automated Installers ✔ ✔ ✔
Over the Air Smart Upgrades ✔ ✔ ✔
Enterprise Secured Kubernetes ✔ ✔ ✔
Kubectl and oc enhanced command line ✔ ✔ ✔
Operator Lifecycle Manager (OLM) ✔ ✔ ✔
Administrator Web console ✔ ✔ ✔
OpenShift Virtualization (CNV) ✔ ✔ ✔
User Workload Monitoring ✔ ✔
Metering and Cost Management SaaS Service ✔ ✔
Platform Logging ✔ ✔
Developer Web Console ✔ ✔
Developer Application Catalog ✔ ✔
Source to Image and Tekton Builders ✔ ✔
OpenShift Service Mesh
(Kiali/Jaeger/OpenTracing)
✔ ✔
OpenShift Serverless (Knative) ✔ ✔
OpenShift Pipelines (Tekton) ✔ ✔
Embedded Component of IBM Cloud Pak and RHT
MW Bundles
✔ ✔
OpenShift Comparison
64

Appendix:
What’s new with
OpenShift 4.9?
65

Confidential
Edge computing with Red Hat OpenShift
OpenShift 4.9 (based on Kubernetes 1.22 and CRIO 1.22) and ACM 2.4
66
New Edge Capabilities
▸ Providing flexibility and manageability at scale
▸ Simplifying the initial deployment and ongoing management
▸ Enabling the business to deploy containerized workloads even to the most remote
locations
Manage OpenShift
Anywhere
▸ Helping developers manage and scale multiple platforms
▸ Providing the flexibility and freedom to manage OpenShift clusters across managed,
on-prem, bare metal or public clouds
▸ Supporting business initiatives, no matter how diverse the environment is
Additional capabilities
of the 4.9 release
▸ Kubernetes 1.22: Adding alerts to inform users about apps and pods impacted before the
upgrade
▸ Expanding support across different infrastructures, including support for Azure Stack Hub
▸ Load balancing in bare metal deployments
OpenShift release schedule going forward: 3 times a year (matching Kubernetes)

67
Edge and
Single-node
OpenShift

Meet single node OpenShift
68
C W
Single node OpenShift
CAPABILITIES
▸ Full Kubernetes capabilities in a single node
▸ Operational independence with combined control and worker
nodes
▸ Smaller hardware footprint for smaller spaces
▸ Minimum hardware requirements of 8 cores and 32GB RAM
BENEFITS
▸ Consistent functionality across the architecture - it’s OpenShift
▸ Support locations with intermittent connectivity to a central site
▸ Lower operational costs power/cooling, size of hardware

69
Central data center
Cluster management and application
deployment
Kubernetes node
control
Regional data center
Edge
CONFIDENTIAL designator
Single node
edge servers
Low bandwidth or
disconnected sites.
C W
Site 3
W
Site 2
C
C W
Site 1
Remote worker
nodes
Environments that are
space constrained
3 Node Clusters
Small footprint with
high availability
Legend:
C: Control nodes
W: Worker nodes

Manage clusters and deployments, all the way till the edge with ACM 2.4
70
CAPABILITIES
▸ Manage up to 2000 clusters with the RHACM hub
▸ Zero Touch Provisioning (Tech Preview): Leverage RHACM with Assisted Installer
▸ Hub-side Policy Templating: Reduce the number of policies for high scale management scenarios
BENEFITS
▸ Provides management capabilities for the entire OpenShift deployment to help ease the operational strain of
managing a scaled out architecture
▸ Enables the scale needed for edge use cases, including SNO
▸ Ensures ease of deploying and provisioning of clusters at scale

71
Validated Patterns : Simplifying the creation of edge stacks
Bringing the Red Hat portfolio and ecosystem together - from services to the infrastructure
Blueprint as code From POC to production
Open for collaboration
Highly reproducible
Go beyond documentation using GitOps
process to simplify deployment
So that you can scale out your
deployments with consistency
Ensure your teams are ready
to operate at scale
Anyone can suggest improvements,
contribute to it

Red Hat Advanced Cluster Management for Kubernetes
2.4 themes ( GA in Nov )
73
Better Together Management at the
Edge
Manage OpenShift
Everywhere
Cluster lifecycle support:
Microsoft Azure Gov
RHACM Hub on IBM Power and Z
TP Central Infrastructure
Management (CIM) for bare
metal deployments
RHACM Hub deploying
RHACS (Stackrox) Central via
GRC Policy
Support for OpenShift GitOps
(ArgoCD) ApplicationSets
Drive notifications from GRC
Compliance into 3rd party
incident management tools
Observe cluster health metrics
for non-OCP (GKE, EKS, GKE,
AKS, IKS)
Service Level Objectives
(SLO) can be defined on the
Grafana dashboard
Target 2K management scale&
IPv6 Dual Stack support
TP Zero Touch Provisioning
Single Node OpenShift
management (SNO)
Hub-side Policy Templating
Business Continuity
RHACM Hub backup and restore
TP Leverage ODF (aka OCS) and
RHACM for stateful workloads
Persistent Volumes replication using
volSync (Scribe

What's Next in OpenShift
Strengthening footprint across infrastructures, platforms and bare metal
75
CAPABILITIES
▸ Expanding support across different infrastructures and platforms, including support for Azure Stack Hub and AWS in China
▸ Adding load balancing capabilities in bare metal deployments
▸ Adding SR-IOV support to enable the fastest communication possible between a pod and the outside world
▸ Remote-write of cluster monitoring metrics
BENEFITS
▸ Enables fast communication required for SNO use cases, high bandwidth apps, streaming data
▸ Allows replication of time-series data to a remote location for long-term storage and historical analysis; as well as for aggregating
metrics across multiple clusters

Appendix:
What’s new with
OpenShift 4.8?
76

What's new in OpenShift 4.8
INSTALLER
FLEXIBILITY
NEXT-GEN
DEVELOPER TOOLS
FEATURE
GRADUATION
AWS use pre-existing IAM roles
AWS use STS tokens
Azure use existing resource group
Kubernetes 1.21 & CRI-O 1.21
Vertical Pod Autoscaler (GA)
Scheduling Profiles (TP)
CronJobs (GA)
PodDisruptionBudget (GA)
IPv6 Single & Dual Stack (GA)
OpenShift GitOps (GA)
OpenShift Pipelines (GA)
OpenShift Serverless functions (TP)
OpenShift 4.8

● OpenShift Pipelines 1.5 GA on OCP 4.8
● Auto-pruning PipelineRuns and TaskRuns
● Pipeline as code with GitHub (Dev Preview)
○ Event filtering
○ Task resolution
○ Trigger on approved users and groups
○ Pull-request commands
○ GitHub Checks API
○ GitHub and GitHub Enterprise
● Ability to customize default ClusterTasks and Pipeline templates
● Numerous enhancements in Dev Console
OpenShift Pipelines
PM: Siamak Sadeghianfar

OpenShift GitOps
PM: Siamak Sadeghianfar
● OpenShift GitOps 1.2 GA on OCP 4.8
● Argo CD auth integrated out-of-the-box with
OpenShift via RH SSO
● Simplified Argo CD privilege configuration
● Enhanced environments view in Dev Console
● RHACM and Argo CD integrations
○ RHACM imports clusters to Argo CD’s
○ Argo CD application roll-up in RHACM
○ Argo CD application in RHACM Topology

OpenShift Serverless functions Tech Preview
80
Create
Build
New Knative Service on the Cluster
Source code
Build Packs
Knative CLI +
Func Plugin
Knative CLI +
Func Plugin
Java
Node.js
Go
Deploy
Cluster
Container
Registry
Knative CLI +
Func Plugin
Create, Build, and Deploy Applications Quickly
OpenShift Serverless Functions allows users to consume
events via functions based APIs and provide a simplified
programming model for developers and data scientists alike.
▸ Simplified deployments
▸ Reduced programming complexity
▸ Secure, consistent programming models
▸ Quarkus, Node.js, Python, Go and Spring Boot.
▸ Kafka Event source for Event driven Serverless apps
PM: Naina Singh

IPv6 Single / Dual Stack Support
PM: Marc Curry, Deepthi Dharwar
● IPv6 single/dual stack is supported in OpenShift 4.8 (k8s 1.21)
with OVN.
● Single Stack
○ Either an IPv4 or IPv6 address is assigned to the pod
interface
● Dual Stack
○ Both IPv4 and IPv6 addresses assigned to the interface
● Simple install-time configuration
○ Modify “install-config.yaml ” to specify IPv6 subnets in addition to IPv4.
● Post-install configuration:
○ Edit “network.config.openshift.io” config to add secondary
“(machine|cluster|service)Network” values, and they will get rolled out correctly.
● Restrictions / Caveats / Notes
○ OVN only, no plans to support in openshift-sdn
○ Supported platform at GA: Bare Metal IPI (other platforms TBD)
pod eth0
192.168.12.3
2001:db8:0:12
IPv4
IPv6
IPv4 Host
IPv6 Host

Vertical Pod Autoscaling (GA)
PM: Gaurav Singh
Description
● Recommends values for CPU and memory requests based on
historical trends
Things to remember
● VPA required pod eviction for applying recommended resource
setting
● Default set to minimum of 2 pod deployment but can be
conﬁgured to 1 pod
Modes
● Off : Recommendation mode
● Initial : Assigns resource requests on pod creation and never
changes them later.
● Recreate : Applies recommended changes to the pod by
evicting them when the requested resources differ signiﬁcantly
● Auto : Same as recreate .

Appendix:
What’s new with
OpenShift 4.7?
83

Application Modernization Announcement
84
Messaging Pillars
Provides tools to modernize
applications, which enables a
flexible environment
● Windows Containers on
vSphere
● Migration Toolkit for
Virtualization (MTV - Tech
Preview)
A consistent management
experience, all in a single control
plane
● OpenShift Virtualization 2.6
Allowing businesses to accelerate
innovation as they move along
their hybrid cloud journey.
● OpenShift GitOps (Tech
preview)

85
Stability - A primary theme for OpenShift 4.7
Install and upgrades
● Better installer checks and diagnostics
● Block upgrades if pools are degraded
● Do not declare upgrade complete if pools are degraded
Observability
● Network stability: improve x.509 error outputs
● New metrics and dashboards for Pipelines, storage, and networking
Miscellaneous
● etcd disaster recovery improvements
● Improve maintainability and usability of disconnected Operators
● Improve docs for bring-your-own load balancer and DNS for OSP deployments

86
GENERALLY AVAILABLE
Continuous automated compliance
OpenShift Compliance Operator - Declarative Security Compliance
● Scan cluster nodes (RHCOS) and Kubernetes components using industry standard baselines
○ New baselines utilizing the CIS Kubernetes benchmark guide
○ Red Hat Advanced Cluster Manager 2.2+ integration
● CIS OpenShift benchmark released to community for comment January 2021
● Compliance Operator was Generally Available with OpenShift 4.6

87
GENERALLY AVAILABLE
Encrypted SDN communication
OVN IPSec encrypts pod-to-pod traffic between
nodes
● Ensure data plane traffic is confidential,
authenticated, and has not been tampered
○ AES-256-GCM encryption
● IPSec connection from each node to each other
node
○ Keys are automatically rotated
● Configured during installation
apiVersion: operator.openshift.io/v1
kind: Network
metadata:
creationTimestamp: null
name: cluster
spec:
networkType: OVNKubernetes
serviceNetwork:
- 172.30.0.0/16
defaultNetwork:
type: OVNKubernetes
ovnKubernetesConfig:
ipsecConfig: {}

88
TECH PREVIEW
OpenShift Assisted Installer
A streamlined, interactive install
experience
● Simplified installation for full-stack
automated (IPI) deployments
○ No dedicated bootstrap node
● Avoids common errors and issues by
validating pre-requisites before
beginning
○ Host resource requirements,
network connectivity, host disk
performance, etc.
● Intelligently pre-selecting options
based on infrastructure
● Find and fix install issues faster with
real-time progress monitoring with
error reporting and handling
4.7 Tech-Preview
Supported
and
upgradable deployed
clusters

89
GENERALLY AVAILABLE
Automatic application scaling
Horizontally scale Pods automatically based on memory
and/or CPU utilization
● Memory-based autoscaling new with OpenShift 4.7
○ CPU scaling added with OCP 4.3
● Adds second vector for fully supported metrics-based
Pod scale up/down
● Proactive action taken based on administrator-defined
metrics, not reactive to application performance
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: resize-hpa
namespace: resize
spec:
scaleTargetRef:
apiVersion: apps/v1beta1
kind: Deployment
name: image-resizer
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: memory
targetAverageUtilization: 60

90
TECH PREVIEW
OpenShift GitOps
Multi-cluster configuration management using Argo CD
● GitOps provides declarative configuration for cloud native
applications, including code, components, and infrastructure,
deployed to OpenShift
○ Deploy applications and configure OpenShift clusters faster and with
predictability
● The GitOps Operator provides a simple and quick way to deploy the
capability into any cluster, with automated Argo CD lifecycle
management
● Opinionated bootstrapping for end-to-end GitOps workflows with the
GitOps Application Manager CLI
Sync
Monitor
Detect
drift
Take
action

Appendix:
What’s new with
OpenShift 4.6?
91

92
OpenShift is Proven
Extended support options
provide expanded options for
lifecycles
OpenShift is Ready
Bare metal IPI automates
provisioning for non-virtualized
systems, giving more options for
easy deployments
OpenShift is Empowering
User workload monitoring
provides a standardized set of
tools to track performance
OpenShift 4.6

Run Red Hat OpenShift on IBM Z or Power
93
More performance
Combine the speed and security of IBM Z, LinuxONE or Power
Systems with the data locality benefits of running cloud native
applications the on same hardware as mission critical workloads
More choice
Cloud native app development on IBM Z, LinuxONE or Power
Systems in your own data centers with the simplicity, speed and
consistent experience of Red Hat OpenShift

Kubernetes 1.19
Scheduling
● Customize the behavior of the Kube-scheduler
● Scheduler Profiles
● Pod Topology Spread constraints
Storage
● Immutable Secrets and ConfigMaps
● CSI Storage Capacity management (alpha)
Control Plane & Security
● Automatically track and act on the features not
making Stable
● Warning mechanism for use of deprecated APIs
● AppProtocol to Services and Endpoints
● kubelet client TLS Certificate bootstrap and
rotation
● NodeRestriction admission controller
Misc
● Structured Logging proposal
CRI-O
1.19
Kubernetes
1.19
OpenShift
4.6
94
Blog: https://www.openshift.com/blog/kubernetes-1.19-arrives

Supported Infrastructures for Red Hat OpenShift 4.6
Full Stack Automation (IPI) Pre-existing Infrastructure (UPI)
Bare Metal
IBM Power Systems
95
Bare Metal
Newly added
vSphere 7.0
support
added

Zone-1
C
Zone-2
W
W
Zone-3
W
W
W
Shared supervisor nodes for sites without
capacity for control plane functionality
● Very small on-site compute, as little as one
node
● Supervisors are centrally located, workers
are distributed and remote
● Reliable, but not low latency or high
throughput, network requirement
● No limit on worker count at remote sites
● DaemonSets and static pods are used to
prevent evictions for transient network
failure
96
W
Remote Worker Nodes
Central control, distributed execution

Application Monitoring and Troubleshooting
97
Red Hat OpenShift monitoring, for your applications
● Dedicated monitoring stack managed by the
OpenShift Operator
● Configure monitoring for your custom services or
infrastructure services not covered by the
out-of-the-box cluster monitoring stack
● Access metrics and alert information through a
single, multi-tenant interface
● Improved discoverability of alerts in topology and
Monitoring
Monitor your applications with the Red Hat OpenShift Cluster Monitoring service

98
Red Hat OpenShift-native, event-driven applications
Event driven applications, via OpenShift
Serverless Eventing, are generally easier to
maintain, and deploy and scale independently, all
based on events received
● Sources connect to external systems and
convert events from the native type to cloud
events
● Brokers connect multiple event sources
○ Built-in Event filtering
○ Routing based on event types or
attributes
○ Multiple event types
○ Multi-tenant
● Channels send events to multiple destinations
○ Event fanout to multiple subscribers
○ Same event type
○ Single-tenant
Brokers
Channels

Appendix:
Red Hat OpenShift
Virtualization

1. Need for a better modernization
strategy for virtual machine
(VM)-based workloads
OpenShift and Kubernetes crossing to early majority in IT
adoption
Two emerging trends
100
2. Desire for a single architecture for
all workloads
Kubernetes supports stateful
applications, and organizations desire
to reduce costs by adopting a single
cloud-native platform.
An all-or-nothing approach to
containerization is too slow, so
organizations have a large investment
in virtual machines.

Red Hat OpenShift and OpenShift Virtualization:
Kubernetes-first innovation to managing VMs
101
● Accelerate application delivery with a
single platform that can manage “mixed
applications” with the same tools and
teams.
● Add VMs to new and existing applications.
● Modernize legacy VM applications over
time, or maintain them as VMs.
Modernize workloads and support mixed applications consisting of VMs, containers, and serverless

It is about managing both VMs and containers
102
VMs have been built for decades, and they
will not go away overnight.
Virtual machines
Containers solve certain use cases and will
continue to rise, but some VMs will remain.
Containers
VMs and containers will be used to build
applications, and some might even be built
on both.
Applications

What’s in it for Operations?
103
Modernize and simplify your datacenter
Modernize operational models
OpenShift can provide the technology
foundation for a cultural shift to new
operating models like site reliability
engineering (SRE)
Kubernetes skills development
Motivate your team and provide career
progression with training and skills
development from Red Hat
Save on cost and innovate
Keep the VMs and leverage the scale
advantages of Kubernetes. Apply the
cost savings to fund innovation.
Maintain opex investments
Retain your infrastructure investment
by repurposing existing hardware for
OpenShift.
Consistency of management
With OpenShift support for VMs,
containers, and serverless, you can
align your DevOps team on a simpler
architecture to manage

All applications—old and new—can benefit
from a unified control and DevOps pipeline.
Teams can choose the applications they want
to refactor or containerize when the time is
right.
What’s in it for Developers?
104
Consistent developer experience (across VMs, containers, serverless)
Windows apps in OpenShift
Windows VMs can be brought into OpenShift
as-is (and maintained if they’re older
Windows Server), or refactored to use
Windows Containers and Windows Server
2019
Refactor VMs on your schedule
Unified tools, process and pipelines for all apps
Application environments consist of VMs, containers,
serverless and more. Development teams can now
leverage the same tools, pipelines, and platform for
building, managing and diagnosing issues with all
apps.

Optional section marker or title
Development and delivery
105
It’s a Kubernetes-native infrastructure component
OpenShift Virtualization is a collection
of Kubernetes-native applications,
extending Kubernetes in the right way
using CRDs, CNI, and CSI.
Driven by Operators
Kubernetes-native and -friendly
OpenShift Virtualization is an
Operator-driven infrastructure
component no different than other
OpenShift operators, simplifying
operations.
Open source
OpenShift Virtualization is enterprise
software and is built on the open
source KubeVirt project.

OpenShift Virtualization
guiding principles
106
VMs consume resources from where
Kubernetes is providing them–pods.
VMs live in pods
VMs have their specific functionality, thus a
dedicated API to expose them.
Dedicated API to acknowledge
differences
For usability virtualization features have to be
solved in a Kubernetes-native way.
Kubernetes-native before virtualization
features

Cluster services
Automated Ops ⠇Over-the-air updates ⠇Monitoring ⠇Logging ⠇Registry ⠇Networking ⠇Router ⠇Virtualization ⠇OLM ⠇Helm
107
Red Hat Enterprise Linux & Red Hat Enterprise Linux CoreOS
Kubernetes
Developer CLI ⠇VS code
extensions ⠇IDE plugins
Code Ready Workspaces
CodeReady Containers
Service mesh ⠇Serverless
builds ⠇CI/CD pipelines
Full stack Logging
Chargeback
Databases ⠇Languages
Runtimes ⠇Integration
Business automation
100+ ISV services
Platform services Application services Developer services
Manage workloads
Discovery ⠇Policy ⠇Compliance ⠇Configuration ⠇Workloads
Operate
Kubernetes
OpenShift Container Platform with OpenShift Virtualization

Cloud-native
Red Hat OpenShift
AI/ML, Functions...
Traditional
With OpenShift Virtualization you can deliver
mixed applications of VMs, containers, and serverless
108

Appendix:
Azure Red Hat OpenShift

110
Empower developers to innovate
Support for traditional, cloud native & serverless tools
Easily connect to hundreds of Azure services
Scale on-demand. Pay as you go
Scale as your application demand changes
Leverage your Azure monetary commits
Enterprise-grade operations, security, and
compliance
SLA: 99.9%, 24*7 premium support
Compliant with PCI DSS, HITRUST, FedRAMP, SOC (ISO, and HIPAA
coming soon)
Jointly engineered,
operated, and
supported by
Microsoft and Red Hat
with an integrated
support experience

111
Running your own Red Hat OpenShift cluster
Responsibilities
User management
Project and quota
management
Application lifecycle
Cluster creation
Cluster management
Monitoring and logging
Network conﬁguration
Software and security updates
Platform support
Customer Microsoft and Red
Hat
Virtual network
Azure DNS
Azure Load
Balancer (Master)
Azure Load
Balancer (Router)
Public IP Public IP Public IP
Azure Active
Directory
OpenShift API/administration console App 1 App 2
User App deﬁnition
Azure VMs (Master)
Scale sets
Azure Premium SSD Managed Disks
Node 1 Node 2 Node 3
api-server · controller-manager · etcd
Azure VMs (Infrastructure)
Scale sets
Azure Premium
SSD Managed
Disks
registry · router
Azure VMs (Application)
Scale sets
Node 1 Node 2 Node N
application pods
Azure Blob
Storage
OpenShift SDN

112
Fully managed clusters with Azure Red Hat OpenShift
Responsibilities
User management
Project and quota
management
Application lifecycle
Cluster creation
Cluster management
Monitoring and logging
Network conﬁguration
Software and security updates
Platform support
Customer Microsoft and Red
Hat
Virtual network
Azure DNS
Azure Load
Balancer (Master)
Azure Load
Balancer (Router)
Public IP Public IP Public IP
Azure Active
Directory
OpenShift API/administration console App 1 App 2
User App deﬁnition
Azure VMs (Master)
Scale sets
api-server · controller-manager · etcd
Azure VMs (Infrastructure)
Scale sets
Azure Premium
SSD Managed
Disks
registry · router
Azure VMs (Applica
Sca
Node 1 Node 2 Node N
application pods
Azure Blob
Storage
OpenShift SDN
Let Microsoft and Red Hat…
Monitor and operate your VMs
Manage all your clusters
Manage environment patches
Secure your nodes

Enhanced Features, Availability and Control
● Full cluster admin - Full cluster admin support for
advanced customization
● Private clusters / Express Route support - Create
fully managed clusters in a custom VNet with no public
endpoints
● Bring your own VNet - Deploy OpenShift 4.3 based
clusters into your own VNet
● Cluster Autoscaling - Automatically adjust the size of
your cluster
● Multi-AZ clusters - Clusters automatically deploy
across three availability zones
Azure Red Hat OpenShift on OpenShift 4 Highlights
Operator Support
● Operator/CRD support - Support for Operators
and Custom Resource Definitions
Improved Developer Productivity
● Developer Productivity tools - Service Mesh,
CodeReady Workspaces, serverless etc.
● Azure Portal Integration - Easily view OpenShift
clusters in the Azure web portal
Regulatory Compliance
● Compliance Certifications: PCI DSS, HiTrust,
FedRAMP High, SOC 2 (Coming soon: ISO etc.)
113

114
Unified support and operations
Jointly engineered, operated, and supported
by Microsoft and Red Hat
• In-portal integrated support experience is available
24x7
• ISO 27001 compliant B2B communication channel
• Co-located support with Red Hat on-site team
• Integrated case systems
• Microsoft and Red Hat security response team
collaboration
Microsoft Help
+ Support
Microsoft
Azure Support
Site Reliability
Engineers
Red Hat
Customer Portal
Red Hat
Support
Cross-team hand
off
Flexibility in
support channels
SSO access to
Red Hat support
Cross-product
support
Case exchange platform

ARO FEATURES
Uniﬁed support
Jointly engineered, operated, and supported by Microsoft and
Red Hat with an integrated support experience
High availability
Multiple masters and infrastructure nodes help ensure your
cluster has no single point of failure
Regulatory compliance
Azure Red Hat OpenShift is compliant with SOC, ISO, PCI DSS,
HIPAA, and more
Persistent storage volumes
Azure Disk is pre-conﬁgured as the default storage class,
providing dynamically provisioned Premium SSD’s on-demand
First party Azure service
Clusters are deployed into your Azure subscription and
included on your Azure bill
Flexible, self-service deployment
Create fully managed OpenShift clusters in minutes
Cluster node scaling
Scale on demand to meet resource demand
Azure Active Directory integration
Use Azure Active Directory to control access to your cluster
with an integrated sign-on experience
Fully managed clusters
Master, infrastructure, and application nodes are managed by
Microsoft and Red Hat; plus, no VMs to operate and no
patching required
Virtual Network integration
Deploy your cluster into a new VNet, then use
VNet peering to connect to your existing VNet and
on-premises networks

116
Get Azure Red Hat OpenShift through your existing Azure subscription
Highly available, fully managed cluster—starting with four application nodes*
Use on-demand pricing or
reserved instances,
whichever suits your
workload and business
needs
On-demand scaling with additional application nodes*
Starts at
$0.171/hour
Use Reserved Virtual Machine instances to save costs ⬤
Choice of standard, high-memory, or high-CPU application nodes ⬤
Integrated support and operations ⬤
Pay through your existing Azure commitment ⬤
99.95% uptime Service Level Agreement (SLA) ⬤
*Price includes the Azure Linux VM costs

AZURE RED HAT OPENSHIFT
117
ARO via Red Hat Product Demo System (RHPDS)
May 2020: added ARO4 Workshop Deployment Capability
● Announce here
Allows SA/SSP to spin up 72-hour ARO3 or ARO 4 clusters through
RHPDS
1. Useful for demoing ARO to customer / prospects
2. PLEASE input SFDC and customer name!
3. Allows navigating / showing of Azure portal resources, AAD
Implemented on our tenant
Full Instructional Lab Guide (23 pages) here
For help finding your Microsoft counterpart: microsoftcosell@redhat.com

ARO vs AKS Resources
ARO -vs- AKS Deck ARO -vs- AKS TCO
ARO Customer Presentations
Check the OneStop first...
AZURE RED HAT OPENSHIFT

Compliance
Compliance
Certifications
OpenShift Dedicated Azure Red Hat OpenShift Managed OpenShift
on IBM Cloud
SOC 2 Type 1 ✓ ✓ Reference ✓
SOC 2 Type 2 CY2020 Q4 ✓ Reference ✓
HIPAA Roadmap Aug 2020 ✓
HiTrust Roadmap ✓
PCI DSS In progress ✓ Reference ✓
ISO 27001 CY2020 Q3 June 2020 ✓
FedRAMP In progress ✓ FedRAMP High In progress

Red Hat associates only
● Updating to OCP 4.3.18 (rolling out to fleet now)
● SOC2 Type 1 certification
● Enhanced administrative capabilities
○ Customer Cloud Subscriptions only by default; can opt in with updated
Enterprise License Agreement
○ Allows installation of any operator
● Private API and application endpoints
● Google Cloud Platform
● EFS (CCS Only)
● OSD POC Program
What’s New in OpenShift Dedicated (OSD)?
OPENSHIFT DEDICATED
121

OpenShift Dedicated on Google Cloud
Same offering as on AWS.
Same management.
Same SLA.
Same price.
Though….
CCS
Private Clusters
Cluster-admin
Network self-service
Are to be added at a future date

Appendix:
Red Hat OpenShift
Windows for Containers

Why run Windows Containers
● Windows Server still enjoys signiﬁcant presence amongst
server operating systems in the data center
● .NET has been and continues to be used widely for
application development
● Traditionally Windows ran largely independent of Linux
● Adoption of microservices and containers requires Windows
to embrace open source and Linux-based technologies
● To fully embrace containers and microservices
Windows-based machines must now:
○ Lift legacy workloads
○ Containerize legacy Windows workloads
○ Strangle the monolith and support hybrid deployments
Background

125
Control plane
Windows traditional .NET
framework containers
Windows application
Linux
container
s
.NET core
container
s
Windows
containers
Linux
containers
Windows
virtual machine
Red Hat OpenShift
virtualization
Red Hat Enterprise
Linux CoreOS
Microsoft Windows
Mixed
Windows
and Linux
workloads
• Run Linux containers on RHEL
• Run .NET core containers on RHEL
• Run traditional .NET framework
containers on Windows
• Run Windows VMs with CNV
(Container Native Virtualization)
• All scheduled and managed
by Red Hat OpenShift
Mixed Windows and Linux workloads

Step OpenShift Feature Use case Advantages Trade Offs
Rehost OpenShift Virtualization Lift & Shift Windows VMs to OpenShift Easy and low friction No benefits of containerization
Refactor Windows Machine Config
Operator
Containerize and run traditional .NET
framework apps on Windows Server
Containers and deploy to Windows
worker nodes on OCP
Benefits of containerization & OpenShift Evolving Windows container
ecosystem, supported only for newer
version of Windows including Windows
Server 2019
Rearchitect RHEL/RHCOS containers Migrate traditional .NET frameworks
apps to .NET Core and deploy to RHEL
containers in OpenShift.
Full benefit of containerization and
OpenShift, highly evolved community
Migration effort involved, time
consuming
Rebuild RHEL/RHCOS containers Build Cloud Native apps using Linux
containers and deploy to
RHEL/RHELCoreOS on OpenShift.
Full benefit of containerization and
OpenShift highly evolved community
Net new development may not be an
option for customers running in
maintenance mode
Use cases for Windows container workloads on OpenShift

127
For more information see the Technical overview deck
Windows Machine Conﬁg Operator Architecture
WMCB
CNI
Kubelet
Kube-proxy
Hybrid-overlay
Payload
Windows machine
config operator
Watches
Windows MachineSet Windows machine
Kube-proxy
CNI
Hybrid-overlay
Kubelet
Windows virtual
machine
Windows machine config bootstrapper (WMCB)
Configures
Installs operator
Results in creation of virtual machines
Cluster admin On cluster OperatorHub
Cluster admin
Copy binaries
configure services

Appendix:
What’s included with a
subscription?

CONTAINER INFRASTRUCTURE
● A subscription to run OpenShift application nodes; additional no-charge
subscriptions for your master and infrastructure nodes
● RHEL entitlements for your host machines running OpenShift
● Private container registry
● Supported Docker and CRI-O container runtimes
VALIDATED CONTAINER IMAGES
● Unlimited use of JBoss Web Server (Tomcat) as container images on OpenShift
● Container images that form part of Red Hat Software Collections
● Red Hat Single Sign-On deployed as a container inside OpenShift - for use by
any application
EVERYTHING NEEDED TO SET UP, RUN, AND MANAGE CONTAINERS IN PRODUCTION
INCLUDED WITH OPENSHIFT CONTAINER PLATFORM
129

OPERATIONAL TOOLING
● Log aggregation with Elasticsearch, Kibana, and Fluentd
● Metrics, monitoring, and alerting with Prometheus, Grafana and AlertManager
● Supported software-deﬁned networking (SDN) using Open vSwitch
● Setup, upgrades, and reference architectures with Ansible playbooks
● Service brokers and Ansible playbook bundle
OPTIONAL CAPABILITIES
● OpenShift Service Mesh - installed with Operator
● OpenShift Serverless - installed with Operator
● OpenShift Pipelines - installed with Operator
130
EVERYTHING NEEDED TO SET UP, RUN, AND MANAGE CONTAINERS IN PRODUCTION
INCLUDED WITH OPENSHIFT CONTAINER PLATFORM

Appendix:
OpenShift vs. “Vanilla”
Kubernetes Myths

THE VANILLA KUBERNETES MYTHS
Why IT shops swoon over “Vanilla” Kubernetes and its perceived value
No “vendor lock-in”
Ultimate portability across Kubernetes Clusters
Always on latest version
132

THE VANILLA KUBERNETES REALITY
“Vanilla” Kubernetes is not really vanilla at all
Every vendor operates Kubernetes differently; this matters
Every vendor conﬁgures their Kubernetes distribution differently
No vendor is in lockstep with the latest upstream
* https://medium.com/@jzelinskie/youre-not-running-vanilla-kubernetes-2f2359666bf9
133

KUBERNETES CONFORMANCE
1
3
Interoperability at the API
“The new Certified Kubernetes Conformance Program gives enterprise organizations the
confidence that workloads that run on any Certified Kubernetes Distribution or Platform
will work correctly on any other version,” said Dan Kohn, Executive Director, Cloud Native
Computing Foundation. “The interoperability that this program ensures is essential
to Kubernetes meeting its promise of offering a single open source software
project supported by many vendors that can deploy on any public, private or
hybrid cloud.”
One of the goals of the project has always been consistency and portability.
Kubernetes sits on top of the infrastructure and enables you to describe your workload
in a common format. Kubernetes makes it easy to move workloads from one place
to another, or combine disjointed environments with a shared control plane.
This program gives end users the confidence that when they use a Certified
Kubernetes product they can rely on a high level of common functionality. It gives
Independent Software Vendors (ISVs) confidence that if their customer is using a
Certified Kubernetes platform that their software will behave as expected.
* https://github.com/cncf/k8s-conformance

UPSTREAM KUBERNETES
1
3
Upstream is closest to “Vanilla”
Kubernetes
Kube Native
App
Helmed
App
Kubernetes Ingress
Kubernetes CLI
Kubernetes API
* Not comprehensive. Not even close.

GKE
1
3
Even one of the Kube founders is not “Vanilla”
Container-Optimized OS
GCloud
GCP VPC
Kubernetes
Kube Native
App
Helmed
App
Cloud Storage
Container
Registry
Operations
Suite
GCloud
Console
Kubernetes Ingress
Kubernetes CLI
Kubernetes API
* Not comprehensive. Not even close. GCP only APIs in bold.
GCP Services and other
Googly Things
Productive
Abstractions
GCP Load Balancer
Cloud Build

OPENSHIFT
1
3
Certiﬁed “Pure” Kubernetes and productive abstractions
RHEL
Productive
Abstractions
Ansible/Terraform/Operators
OVN
Kubernetes
Kube Native
App
OpenShift
Red Hat MW
OpenShift Native
App
Operated/Helmed
App
RHT Storage
Quay
Telemetry
(EFK/Profana)
Admin
Console
Kubernetes Ingress OpenShift Routes
Kubernetes CLI OpenShift CLI
Kubernetes API OpenShift API
* Not comprehensive. Not even close. Red Hat or OpenShift only APIs in bold.
Che
Templates/S2I/BC
OpenShift Mesh/Istio
Knative

KUBERNETES CONFORMANCE
1
3
OpenShift is 100% Kubernetes
* Don’t believe me? Check out and repeat the conformance test on your own OpenShift install at https://github.com/cncf/k8s-conformance/tree/master/v1.11/openshift

Appendix:
Community projects vs
enterprise software
products

140
Linux
Container Runtime & Packaging
Networking Security
Storage Registry
Logs &
Metrics
Container Orchestration & Cluster Management
Application Lifecycle Management (CI / CD)
Build Automation Deployment Automation
Service Catalog (Language Runtimes, Middleware, Databases, …)
Self-service
Container Container
Container Container Container
Public
Private
Virtual
Physical
Bring your own middleware, data
& other services. Build out a
service catalog / interface to
enable self-service deployment.
Take existing application build/CI
& deployment tools and evolve to
add container image build & mgt.,
continuous deployment, etc.
Pull Kubernetes or other
orchestration (Mesos, Swarm)
from rapidly moving upstream &
support / maintain yourself. Do all
the work required to integrate it
into your enterprise IT
environment (networking,
storage, registry, security,
logging, metrics, etc.)
Pull Docker container runtime
from rapidly moving upstream
and support, secure and maintain
it yourself.
Support and manage your own
Linux community distro or build
on existing RHEL or 3rd party
commercial Linux offerings.
DIY CONTAINER STACK CHALLENGES
140

Kubernetes OKD* OpenShift
Multi-host container scheduling ✔ ✔ ✔
Self-service provisioning ✔ ✔ ✔
Service discovery ✔ ✔ ✔
Enterprise Linux operating system ✔
Image registry ✔ ✔
Validated storage plugins ✔ ✔
Networking and validated networking plugins ✔ ✔
Log aggregation and monitoring ✔ ✔
Multi-tenancy ✔ ✔
Metering and chargeback ✔
* OKD is the open source project formerly known as OpenShift Origin
CONTAINER INFRASTRUCTURE AND MANAGEMENT
141

Kubernetes OKD* OpenShift
Automated image builds
No developer or
application services
✔ ✔
CI/CD workflows and pipelines ✔ ✔
Certified application services ✔
Certified middleware ✔
Certified databases ✔
200+ certified ISV solutions ✔
* OKD is the open source project formerly known as OpenShift Origin
DEVELOPER EXPERIENCE
142

Kubernetes OKD OpenShift
Community forums and resources ✔ ✔ ✔
Zero downtime patching and upgrades ✔
Enterprise 24/7 support ✔
9 year support lifecycle ✔
Security response team ✔
External review: 10 most important differences between OpenShift and Kubernetes
ENTERPRISE SUPPORTAND COMMUNITY
143

Appendix:
Docker Support in
OpenShift 4

IS DOCKER THE BEST AVAILABLE CONTAINER
ENGINE?
145
Potential limitations surrounding Docker
● Build requires a “big fat” daemon on every host
● Regression for integration with container platforms
Kubernetes/OpenShift
● Build has secret handling issues
● Root/privileged concerns at runtime
● Root/privileged concerns with daemon
● Build requires a running container

146
● Docker, Red Hat et al. June 2015
● Two speciﬁcations
○ Image format
■ How to package an OCI Image with sufficient information to launch
the application on the target platform
○ Runtime
■ How to launch a “ﬁlesystem bundle” that is unpacked on disk
● Version 1.0 of each released July 19th 2017
● Distribution spec started in April, 2018.

147
LXC Initial
release
Aug
‘08
OpenShift
online
May
‘11
Docker
initial
Mar
‘13
OpenShift
Enterprise
3.0
Jun
‘15
OCI
CNCF
Initial
release,
Buildah
Jun
‘17
Moby
Apr
‘17
Sep
‘17
Kubernetes
Mid
‘14
Buildah 1.0
Podman
New logo
May
‘18
buildah.io
podman.io
Sep
‘18
Buildah
Skopeo
Podman
RHEL
May
‘19
Nov
‘15
Mar
‘16
CONTAINER INNOVATION CONTINUES ….

● Built for interfacing with Docker registry
● CLI for images and image registries
● Rejected by upstream Docker ¯
_(ツ)_/¯
● Allows remote inspection of image
meta-data - no downloading
● Can copy from one storage to another
SKOPEO
Image
Repository
Image
Registry
Host
/var/lib/containers
or
/var/lib/docker
SECURITY FEATURES
Share securely
No daemon
Inspect remote images
No pulling potentially malicious images
Non-root copy. Bridge between registries.
148
IMAGE COPY WITH SKOPEO

● @ podman.io
● Client only tool, based on the Docker CLI. (same+)
● No daemon!
● Storage for
○ Images - containers/image
○ Containers - containers/storage
● Runtime - runc
● Shares state with CRI-O and with Buildah!
PODMAN
Images
Image
Registry
Containers
Kernel
SECURITY FEATURES
Run and develop securely
No daemon
Run without root
Isolate with user namespaces
Audit who runs what
149
The new container CLI

150
● Now buildah.io
● Builds OCI compliant images
● No daemon - no “docker socket”
● Does not require a running container
● Can use the host’s user’s secrets.
● Single layer, from scratch images are made
easy and it ensures limited manifest.
● If needed you can still maintain Dockerﬁle
based workﬂow
Base RHEL
OS Update Layer
Java Runtime Layer
Application Layer
Java runtime and
dependencies, and
Application
From scratch,
single layer
From base,
multi-layer
SECURITY FEATURES
Build securely
No daemon
Shrink the attack surface
Fine-grained control of the layers
Run builds isolated
Better secret management
Why use Buildah?

● A Kubernetes thing
● Now part of CNCF! (April 8th)
● OCI daemon
● Implements Kubelet Container Runtime
Interface (CRI)
CRI-O
Container
Host
Container
Container
Container
Kubernetes
READONLY
SECURITY FEATURES
Run securely in a production cluster
No daemon
Read-only containers
Enable fewer capabilities
User namespaces
FIPS mode support
151
OCI AND CRI-O

Appendix:
Getting started with Red
Hat OpenShift

CONTAINER PLATFORM DISCOVERY SESSION
A ONE DAY, NO-COST PLANNING SESSION
GOAL: DETAIL: RED HAT PROVIDES:
To understand the customer’s business
drivers and technical use cases to
propose a solution architecture.
Discussion guided by Red Hat
Consulting Architect
Attendees from both Infrastructure
Operations and Application
Development
Red Hat will provide tailored proposal
for services
Our vision for container platforms
Guided assessment of organizational
readiness for containers and DevOps
using Red Hat Consulting’s “Ready to
Innovate” framework
Application delivery
modernization goals
High-level recommendations
Red Hat container platform
service offerings
153

12 WEEKS
GOAL: A meaningful workload runs in production on a minimally viable container platform managed
by a small team of skilled customer engineers
MILESTONES: ENVIRONMENTS:
● One workload running in production OpenShift container platform
● Production environment with minimum viable operational capability
● End-to-end process for delivering applications to production container
platform demonstrated and captured, including organizational roles and
responsibilities
● Customer Operations team mentored to build OpenShift clusters with
minimal assistance
● Next phase planned with prioritized backlog or story map for
infrastructure, deployment pipeline, and application development.
● Lab OpenShift cluster for
infrastructure testing
● Non-production OpenShift cluster
for development and testing of
containerized applications prior to
their production release
● MVP production OpenShift cluster
CONTAINER PLATFORM PILOT (CAP INC. 1)
154

How we think about the business
What got us here won’t get us there
How we get there:
1. Think business ﬁrst
2. Guide work via a roadmap
3. Adapt based on data
We believe open hybrid cloud will enable us to:
● Match the speed and adaptability demands of
the digital business
● Improve availability, resiliency, and durability
of our digital systems
While we continue to reduce operating expense.
the Why the How

Our approach to digital business
Points of parity Points of
differentiation
Business capabilities
Application and systems
Infrastructure and platforms
Core
Differentiated or
innovative
Buy / Conﬁgure
On
Prem
SaaS
Build
Hybrid cloud

How we identify and prioritize applications
Assess value and readiness of each
application:
● Value criteria
○ Change rate
○ Lifespan
● Readiness criteria
○ Business criticality
○ Business support
○ Architectural gaps
Note: speciﬁc use cases like end-of-life hardware or constraints on operating system upgrades (e.g.) may justify a
re-platforming approach and yield other technical beneﬁts.

OpenShift deployments at Red Hat
Empowering innovation
Why: Innovation
Who: Any associate
What: Single cluster, public
cloud
How much: 1,000+ apps
Why: Enterprise
availability
Who: Mission-critical
systems
What: 3x multi-site
clusters
How much: 125+ apps
Mission-critical workloads
Development & build
pipeline
Why: Development & build
Who: Engineering primarily
What: Single cluster in
datacenter
How much: 689 projects
across 34,530 containers

Open Hybrid Cloud in Action
RDU2
PHX2
Current public cloud
Red Hat colocation or
datacenter
This approach enables
● Application portability
● Resiliency & availability
● Optimized costs
AWS
Multi-site active workloads across the globe for key data and business function services.
(Diagram is illustrative only)

Beneﬁts of OpenShift at Red Hat
Gain
efficiency
Increase
Resilience
Improve
Security
Move Faster
40% acceleration
in time to market
for feature
enhancements due
to automation of
delivery pipeline1
Automatic platform
& image rebuilds
weekly and
automatic CVE-
triggered rebuilds
~55% lower
infrastructure
footprint per
application1
Multi-site-active,
hybrid cloud
deployment = zero
downtime
1
According to Red Hat IT internal data

Appendix:
Industry analyst
comparisons
162

Source: Forrester, The Forrester Wave™ Multicloud Container Development Platforms, Q32020: The Eight Providers That Matter Most and How They Stack Up. Sep 2020.
The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave are trademarks of Forrester Research, Inc. The Forrester Wave is a graphical
representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any
vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgment at the time and are subject to
change.
The Forrester Wave™: Multicloud Container Development Platforms, Q3 2020

Realizing business value from a hybrid strategy
return on investment over 5 years
636%
to payback
10 months
lower 5-year cost of operations
54%
higher application developer productivity
20%
more new features per year
3x
higher revenue per year per organization
US$21.6 million
less unplanned downtime
71%
more efficient IT infrastructure teams
21%
Source:
164

Why OpenShift for business applications?
IDC research: The business value of OpenShift
Red Hat OpenShift has
allowed us to improve our
development practices
so that it’s more
built-for-the-cloud... This
results in faster
development cycles and
makes it cheaper... and
faster to build projects.
Healthcare
“” With Red Hat OpenShift,
we can try out different
things — in the past, if we
had an idea or concept,
we couldn’t just quickly try
it, so the trial and error is
good.
Manufacturing
“” We’ve been able to shorten
our critical applications
release cycles, which used
to be monthly but can now
be done weekly or in some
extreme cases daily hot
fixes.
Media
“”
Source:

Automated, full
stack installation
Seamless Kubernetes
deployments
One-click
Auto-scaling
of resources
Increase in sales over 3 years
with new revenue streams1
Source:
1 - Employers centralizes insurance apps on Red Hat OpenShift, March 2021
2 - Turkcell supports AI-powered innovation with Red Hat OpenShift, August 2021
40%
166
70%
Infrastructure cost
reduction for AI workloads2

Automated, full
stack installation
Seamless Kubernetes
deployments
One-click
Auto-scaling
of resources
100x
Cost reduction for
operating infrastructure
Faster revenue growth
attributed to enabling developer
velocity
Source:
McKinsey & Company. “Driving business outcomes through Developer Velocity,” March, 2020 and “Developer Velocity: How software excellence fuels business performance.” April, 2020.
5x
167

168
Container platform
market share leader
R E D H A T O P E N S H I F T
7.7%
VMware
15%
Mirantis
47.8%
3.9%
Rancher
Labs
1.2%
Canonical
24.4%
Other
Source: Who’s Winning in the Container Software Market, IT Pro Today, Jun 29, 2021.
47.8%
Red Hat OpenShift

Red Hat OpenShift -- Innovation without limitation.pdf

More Related Content

What's hot (20)

Similar to Red Hat OpenShift -- Innovation without limitation.pdf (20)

Recently uploaded (20)

Red Hat OpenShift -- Innovation without limitation.pdf