 Good morning. Good afternoon. Good evening. Wherever you're handling from welcome to another episode of red hat enterprise Linux presents here on OpenShift TV I am Chris short Executive producer of OpenShift TV. You notice there are two people here today. They both have White or taupe ish backgrounds, but one of them happens to be my good friend John Spinks Scott it's your show. I'll let you do all the introductions, but there I'll I'll save a story for after that Oh good good to know that there's a history and stories to go along with that. Yes, I'll be plugging you in later for that So today we're joined by John Spinks. Who's a technical contributor in the red hat management products? I Guess business unit. Yeah, and so we're going to be talking about the suite of products that red hat produces to help give you better insight and Better control over your red hat products specifically red hat enterprise Linux. So John, I'll let you take away your own introduction there Yeah, as mentioned, I handle several products within the management business unit We work a lot with our friends over the ansible side for any sort of automation, but the primary Model that we work in is the products I work with help to manage rel So I focus primarily on red hat insights red hat smart management and that smart management subscription includes red hat satellite So all those little bits and bobbles are my day-to-day life and we're Happy to talk a little bit about all the ways that our product helps us support your product Nice welcome. Yes, indeed So for those people who haven't looked at red hat insights for a while Concurrent with the rel 8.3 launch there was a really significant expansion of what was made available as part of insights So Johnny you want to tell us a little about those changes and some of the new stuff that people may not see We'll do we'll do history hour with red hat insights because there's a lot that goes on in that space I was just thinking I'm like wow Summit last year that almost a year ago. There's been a lot that's happened since then So I'm actually going to go back a little bit past that is we've had a product out there called red hat insights It's actually been around now for I think around six years and its original goal in life was Hey, when you call up red hat and you open a support ticket There's a very high chance that we already know about the issue that you've hit I think the number as we've done research internally the number is something like 85 percent of all customer cases Like another customer has hit it already So insights was originally made kind of like what you might have with your your storage systems Where it's got a call home functionality and we basically say if we detect there's an issue We can tell you about the issue hopefully before you hit it So the idea is predictive analytics So we can let you know about something that's going to happen as well as Prescriptive analytics where we want to tell you how to fix it. So years ago when this was first created it Cost extra money. So it was an extra thing that you needed to buy for each rel host you had to manage That's been a long time ago For now for I think two years the way that insights actually works is it is part of your rel subscription So anybody that's watching this right now if you have rel you have insights and that's true whether it's a You know rel plus smart management premium support subscription or if you've got one of the new developer subscriptions You have insights if you have rel. It's really that simple. There's there's no charges. I got to do was activated Right. So what we did back at summit last year is we took that original idea of hey Let's just predict things and we said what else do people really want to do with the rail systems and It's awareness of issues that may happen in vulnerability like hey, what are all the CVE's that are present in my environment? Compliance issues if you use an open scap and you've got to adhere to HIPAA, you know, how do my systems compare to you know HIPAA compliance? Drift how do I go ahead and compare? system a that I just promoted from Development to production to system B that's been running in production for six months, you know compare those two systems together So there's a lot of those kind of capabilities where we've gone way beyond just the normal Hey, these are things that we detect might be happening in your environment Or if we've tried to make it a full suite of here's all the things that you can do With managing rel from wall from one place if you've got a thousand systems all registered to insights or more From one single console you can see the entire impact across your estate So a lot of us for breath a lot of these features or some of them like CVE reporting or update reporting that was built into satellite and has been in Red Hat satellite for a long time But now with this expansion of insights Customers that are not using smart management and therefore not satellite Can also leverage these features if they register their systems with with insights So right and and John I remember you telling me about a case where like insights found You know an incompatibility between like a version of Oracle database and the kernel that was running and like Tell that story. Yeah, because that I think is the best insight story I've heard and so it's been around Yeah, that's one of the older stories We have to was one of the customers that's been using it for a really long time and they were they were trying out Insights and at the same time that they were going through the evaluation. They they had cases open with red hat They had cases open with Oracle because they're they're rack database just was having issues It was mostly performance issues But they're like hey, what how do we fix these things and they were going through the support processes and it was kind of I was not involved in these cases So I'm here in this story second hand for this part of it But you know, it was a lot of back and forth try this try that and the count rep was like hey Let's let's get this insights thing a try and just see what it finds And we hook it up configure it and it finds a total of 10 issues and they're kind of across all different areas Some of them are Rel issues some of them are say networking issues or kernel issues some of them are actually Oracle issues So when we talk about insights, it's not just that rel layer that we're looking at We're looking at these some of the applications as well nowadays. We look at hypervisors We look at cloud-based services if you're running on AWS or Azure, you know We have recommendations available for those environments as well, but for this particular issue. They found 10 different problems between rel and Oracle and when they fix that set of issues and part of what insights does is it will detect the issues for you And then it recommends how to fix it. It actually generates an ansible playbook for you So they just went in click click click generate playbook Fix the issues. Of course, you know, they went through other change control processes and love love them But you know, so they fix the issues But that resolved not oh that resolved not only the rel issues that were detected But it resolved those Oracle problems that were going on and you know in close exclusive cases Yeah, it's wonderful as rel is like you don't run rel just because you're like hey I want to run rel like yeah, let's go run rel like you've got a business workload that you depend upon and you want to Make sure that that's running at its peak and that's kind of what happened in this case We have another one that you may not have heard about Chris This is a newer one a tam told me about as they were working with one of their customers. They were evaluating insights And customers like dude, I think your software is broken What do you mean? It's like it's telling me that there's a bonding problem and we don't use network bonding here So this is obviously just a fluke Well, you know, we're detecting this for a reason. Let's look into it a little bit more and Come to find out that one of the admins fat fingered a nmcli command partially enabled network bonding and had they not run insights They never would have even known about this thing. So I mean, it wasn't causing any real issues at this point But it was just a funny conversation that they're like, yeah, you're detecting something. We don't use so this is obviously a false positive and Configuration management tool of some sort that maybe I've worked on before The fact that can detect drift is pretty funny. That's interesting. Yeah, so You're telling us about advisor and then we talked about some of the additional tools So I know that you're not supposed to love your children more than the others But in this case, which child do you love the most John? I'm a bad one to ask for favorite song because I don't I don't pick a lot of favorites in life But if you really think about the reason that most people choose a favorite Anything be it a favorite child a favorite peeps the topping a favorite service within insights they're choosing it because it Meets a need it builds a comfort. It feels a hole in their life. So I think for insights there are a number of services now and It's depends on what your need is so I'm gonna list through the services we have we have advisor, which is the Service that tells you about recommended issues. It tells you about press best practices It's the one that original prescriptive predictive one. I was talking about earlier There's also vulnerability which handles, you know, all the CVEs. So it lets you know about any CVE that's impacting within your real estate Compliance open SCAP type compliance HIPAA PCI DSS Patch what patches are applicable Drift has my system drifted and what does it state a newer one is policies where we basically say I Want to create my own internal requirements and that could be something like we don't allow wire shark like period If wire sharks installed in the system, like I want to be flagged to know about it or a more common one maybe like Leave the firewall on if somebody turns a firewall off alert me because they've done a bad thing And by a firewall you mean s a Linux And then we've got a Subscription watch or subscriptions, which is just keeps track of your subscription utilization within red hats If you have no idea how many rel or open shift subscriptions that you're consuming it keeps track of that information for you so out of that big long list I'd say Probably the two I like to show the most frequently our vulnerability because everybody cares about CVEs. They care about security Even for customers that already have you know, you may be thinking I've got false this I've got Nexus I've got a security scanner already. Don't care what we hear from a lot of folks is a Lot of times a security team will run that audit They'll run that scan and they go to the sys admin and say here's our big list of issues that we've detected Prove they're real or dis prove that they're real right now having this vulnerability service We can go through and say, you know, okay, give me the list Okay, a system ABCD what CVEs exist or conversely You get that email about a new CVE that came out and your boss sends you an email or sends you a text and says hey What's her exposure risk? I need to know like my bosses are asking me CVE 1 2 3 4 5 How many systems have we got exposed? I need to know ASAP I wanted in 20 minutes Go into insights type in the CVE number export you add a list. You're done. I think it's really just that fast and so One quibble on that. Mm-hmm. It only shows CVEs that Red Hat has Mitigated already right so it could be that we get an email that says CVE 1 2 3 But Red Hat hasn't mitigated against it and so vulnerability will show it yet But the Red Hat yet product security portal will You put that in there and it will tell you whether it's remediated or not And if it is remediated then you can go to a vulnerability service and see a crush your whole population Who has it who doesn't have it? Yeah And it's but just that kind of inventory and capability massively helpful I do want to plug one other resource that's coming up next week So next week there is a red hat events webinar with product security specifically probe on how we grade CVEs and vulnerabilities and the work that we do to work with like lighter and other Entities to make sure that we're in sync about what that is. So If you're interested in how Red Hat grades Vulnerabilities and how that's different from or may be different from what you're seeing from different data sources next week February 17th There's a webinar you can find it on the Red Hat events page with probe Okay And in part of that I'm sure they're going to talk about the customer security and awareness program where they create something They call security rules for particular CVEs where they actually go a little bit more in depth And it's not just hey, what information does might or publish about it or It actually goes in and says hey particular to Ralph here's some additional impacts that you might not know about Here's some related CVEs that this might affect those security rules are highlighted on Red Hat site They're also highlighted within insights itself. So we we do do another level of Detail and analysis on certain CVEs that are identified as hype impact So now that I've nitpicked on on vulnerability a little bit, sorry, I did also want to like talk a little bit about Compliance because in terms of children I love in in insights world like I'm an uncle so I get to choose So let me cover my second favorite and then we'll go back to the compliance of that school because I did say to I don't want to lose my Don't want to lose my second but because it wasn't going to be compliance. Sorry well I like compliance because for a lot of those regulated industries like health care For for the plants is worth digging into. Yeah. Well for a number of years. We've offered OpenScap Scanning tools. Yeah, but it produced the reports locally on the box And then you had to like do that on every single box and then you had to get the results somehow And I think that the compliance tool offer through insights gives like a great population wide View without having to go out and touch every single box to get the individual box view There's also some some other really cool things that the compliance service does so we will go ahead and dig it into this one is So the compliance service one of the nice things about it is It creates the compliance policy through cloud.redhat.com itself right through insights so if you're gonna go in you know, you're gonna create a desist egg or you're gonna use the Standard system security guide you go into compliance. You click new policy It gives you the option to do some level of tailoring right there within insights You don't have to go dig out to scap workbench or anything like that You can customize that policy right inside of insights It doesn't do direct rule editing of like the in-depth values yet but it does allow you to disable certain rules that don't Seem important to you or if they don't matter to your organization You can unselect those rules or you can add additional rules that are just part of the SSG that May not originally been part of that policy From there you then select the host that you want to apply the policy to and then you get all your centralized reporting right Inside of insight so it's like it's not just go to host a and look at the PCI results for host a and then go to host B and look at host B You can look at it from that policy level and say I care about PCI compliance across my entire estate What is my percentage passing and failing across all my rel? and then which particular rules aren't Being passed right now and hey just like for the remediation There's ansible playbooks in there to resolve those issues as well not all of them a little bit less for Compliance that it is for like vulnerability or advisor just do the nature of what it is But for still a lot of these issues we generate that playbook for you and I get to do is run it well and The idea that you can disable rules for things also pretty important because a lot of the security standards They have guidelines, but for example, this is stag You can choose not to apply a piece of guidance as long as you document why you're not applying it and have approval of Not applying it right and so having having the ability to do that So that you're not constantly looking at a dashboard. That's all yellow or all red And you expect it to be all yellow or all red like that. That's where do you find the things that are broken if it's all broken, right? Yeah, so being able to turn that off so that you can really concentrate on those issues that become more critical as Key to any tool and there's a couple pieces of that that we've took taken into insights as well, you know Generally speaking a lot of customers that have these compliance issues They know they're not going to get a hundred percent passing rate if you're using like the full you're not modifying PCI or you're not modifying HIPAA, you know because you have to run your business on a computer You know that you're not going to get a hundred percent compliance So we allow it a policy level you to say hey I do expect though that my baseline is somewhere around like 90 percent or 95 percent and if I exceed that threshold Alert me like let me know and so we can say 95% is probably considered passing for us You can still delve down into the individual systems if you want to but it doesn't show up on your dashboard is a giant failure just because There's a rule in there that you haven't managed to adhere to yet And by the way, I just dropped the link to it the rel 8 this is dig just got released so That'll definitely help some folks Yeah, it's been a draft for a while I think it shows up right now in draft already and in the compliance service, but I gotta see one of the installers It's that insights. Yeah, it's all for a three two, but a four is a is soonish so Yeah, there's another thing with compliance that a lot of people just simply aren't aware of and it's that the The SSG version is actually fairly well tied to the version of rel that you're running and that's not a widely known thing So if you if you're just you go do a yum update you're running a little bit older rel box you're running like a rel no 7-7 or something you just go do a yum update and that updates your security guide to the latest You may actually be getting incorrect information about Your passing status about your compliance status because that it is pretty well matched the version of rel to the version of SSG, but that wasn't Greatly documented documented until recently here So now that's I think in the rel docs. I know what's in the insights docs because the compliance team Within insights went through an absolute ton of work to try to map those together and get a nice table in place So insights will let you know if you're out of compliance with the version of SSG That's on the host compared to the version of rel And SSG for those of us who don't know is what? system security guide Thank you. Not the other thing. Yeah Yeah, there's two components that the insights compliance service needs and one is OpenScap needs to be installed and then the other is the SSG the real security guide So those two components get installed along with Insights and insights itself even though we haven't mentioned it if you're rel 7 it's two commands and if you're rel 8 it's One so we've we've made the effort 50% less in rel 8 just so you have a better experience and that's just yum install insights client It's part of the base rel repo and then register insights client dash dash register So in case people are curious how much data is actually sent home So the data itself is really metadata like I want to hammer that point pretty hard because I think a lot of times And this is probably our biggest issue with getting people to adopt insights is because it does call home Most of what it looks at is system profile type information and then depending on The rule like if we're you know, you're running an Amazon We're gonna collect a couple of system facts about Amazon We're gonna collect a couple system facts about SAP or sequel. We're not looking at user names. We're not looking at passwords We're not looking at your data because we don't care we need that stuff But basically what we're looking at is system facts in terms of sizing and upload last time I Ran the stats. I think an average upload was 384k So I mean it's tiny in scope and it's really important to note that you have 100% control of anything sent to Red Hat so if you If you say hey IP addresses and host names not allowed to leave my property full stop easy Like it's it's actually those two IP address and host names. That's a a Client configuration you change the value from no to yes, and it's obfuscated if it's something more complex like hey My core my core. We don't allow The name my core to leave our domain period full stop or we have Service Athena that we're building in the background and we want to make sure that the word Athena never leaves There's a YAML style deny list that you can put into place where you can put certain terms in and it will actually go through the collection It'll pool any references to any of that kind of information There is and Chris, I think you've got a link to the rel security. Sorry the insights security page That's cloud.redhat.com slash security slash insights That is the one-stop shop that we put together. It's our model the trust page We're essentially that tells you everything that we do with data and Insights and it also has a link to our insights FAQ. So that has a ton of information in it So yeah, this it should not be scary. I think that's the number one blocker I had a customer call earlier today with a group of customers our red hat accelerator team Who is their internal advocates for red hat? So they're they're I said internal their customer advocates for red hat Where they go through and essentially they get updates on what goes on and we have them in I think pretty much all geographies many countries And some of them are like, hey, you know, I'm in I'm in Europe. I can't use insights Yeah, oh really you can't I need to go talk to my German banking customer That's actively using insights and see how they did it because Yeah, we do have people for insights and I think all geos. Yep, definitely all geos I can't say all countries for that are a fact and Exactly exactly like I haven't run that stat, but definitely all All industries all kind of all Geographies are using insights So we do not target personally identifiable information I did have one customer challenge us on this and they were like You you gathered my company name and my country that's considered personally identifiable information. We're like, well, that's that's odd We shouldn't have done that. But can we can we get on a call with you and look at this and figure out what happened? Turns out that somebody had created a service With the name of the company and when we gathered the system facts for running services We gathered the name of that service, which happened to be the company name. That would just be an yes, right? So that's when that denialist came into, you know, like rather than just saying hey, you guys messed up You know, if you if you're really that particular about it use this denialist It will it'll scrape the information and it'll validate that it's not in there And you can create like if you're if you're concerned about this your security conscious as you should be You can create an insights collection without sending us any data at all It's covered in that security guide healing too. So you can create the collection You can inspect it for yourself and you can see everything that you know insights is looking at It should not be Scary information. No, it should not be anything that you're concerned about. It's way less than an sos report. Yeah way The only time that we get kind of sizable uploads is if you are using compliance because the compliance report itself gets sent as a payload component That takes the size and blows it up a little bit because I they send that report on to insights That's the only time it really gets sizable, but it's packaged in an envelope So it's not like you're sending xml files over, you know over the wire all right so we pulled you off on a tangent for a while I wanted to return and say What was the second favorite child service? The second one is drift drift is got a few different capabilities, but it's Reason in life is really It worked in development. It doesn't work in production, but the systems are exactly the same Are they Let's check So what drift allows you to do is first of all you can create a baseline And you can create a baseline in a number of ways You can do it completely from scratch where you say I want to self-define every system fact And then we're going to compare those facts to the collection that insights get so it could be architecture So is this x86? It could be that you know kernel version it could be version of sap so you can define those Manually, which is really interesting if you're only interested in a subset of facts Hey identify for me everything that's running rel 8.0 8.1 or 8.2, you know, you can do with that so I want to know about these Um Another way to do it is you can take an existing system and you can create a baseline from it And that's the way I typically do it just because it's it's faster Um, you know all all of us sys admins by nature are a little lazy Um a little efficient. Let's let's say it that way There you go. I like efficiency Efficient. Yeah, so you take maybe you got a gold image going on you got a gold image You run it into insights You make sure that everything's working properly. Uh, and then from that gold image, okay Now this is this is the blessed image that we're going to be creating machines off of from now on Create a baseline from that image and then all you really need to do Is you want to delete the things that wouldn't be unique So you would want to delete the mac address because nobody else should have the same mac address Nobody else should have the same ip address if you're gathering that type of information so little bit of Manipulation of the facts that are connected and you got a baseline usually takes me like less than five minutes Um, once you have that baseline you can compare systems to it. So if you've got um a system that Maybe it was running perfectly fine last week and this week. It's just not running right You can compare it to the baseline and see what's changed. You can also run it to Historical system profiles. Uh, we can go back seven days with insights because we don't keep insights data for very long Maximum today is two weeks that we keep insights data Drift can only go back one week So you can go back and say, you know, this this thing worked perfectly well last wednesday and right what happened and go back compare last wednesday to Monday and then you find out that somebody applied a patch over the weekend and go That's what happened that guy So just being able to have those and any of this information you can export it out into a csv file a json so you can capture these real quick And even though I've talked about using the the GUI and using cloud.redhead.com Everything in insights is fully backed by apis. So if you're getting really massive Comparisons, you probably want to pull that from an api anyway, not from within that UI But drift is really cool because it has some of these features It gives you a good feeling of the facts that are collected by insights So if you like for sap for example, like we capture the sid we capture The sap version and several other sap specific facts If you get a good handle of the facts that we're looking at It makes it a lot easier to go into another service like policies And create your own custom policy, which is based off the facts we collect So once you understand those it's it makes it a lot easier to use some of the other services So you said you talked about everything being api backed And one of the other things I wanted to bring up is that the insights team has been doing a ton of work on essentially building in features that allow you to operate at scale and I know that not not everyone Thinks that way like You know sometimes it's like oh, I've got five things Let me just go out and ssh these five boxes But pretty soon you're at like a hundred or a thousand and that strategy doesn't work anymore and so Not only is everything api based so you can query it all and Get it down in a format that you can then filter further But you guys have put in things like tags in the UI The ability to export reports is also tremendous because you'll have somebody that's like hey I need to know what my population is blah blah blah or hey, I'm your auditor and I need to know information about your population and Without the ability to export that stuff. It's like What do you do? All right, you'd have to you'd have to copy and paste and make a doc and like all kinds of other ridiculous things Yeah, one of the things that you know you kind of started out asking about the big change We made at summit last year, but we made we also a lot like our other products. We have releases Every six months, but insights is sass because we're putting out changes Almost constantly. I swear every time I demo insights. I find something new It's usually something small that somebody that doesn't use it as often as I do Probably wouldn't even notice but They're changing things all the time. They're updating. They're adding new features So the tagging capability that you're talking about it really went into effect strongly with our november release That's our our most recent our next one will probably be Some event coming up here in a couple months that we tend to align releases to but the the tag feature is really nice because I can go in and Say hey, I just want to see my systems. I just want to see sap systems I just want to see scott systems and depending on how they're tagged You can go look at them put a filter in place essentially and only look at the systems you care about I will note that that is a Evolving feature. It's a relatively new feature. It was released in november So not every service respects it a hundred percent yet like the compliance service we're talking about earlier It doesn't yet respect that filter, but it will Very soon like that's something that they're actively working on because insights is pretty large in scale in terms of the number of Services and teams that we have so they're not all able to adopt The features as soon as they're released We have to release them at the platform level for for the insights platform And then the services have to adopt them and some are depending on the backlog just a little faster than the others to do it So we're getting to the point where we usually transition off to demo, but I have one last question What's something you see someone doing all the time? In insights are wrong That you'd wish they'd do differently The first one is just activate insights We know about this feature that the three of us chatting right now like it's It's not a secret between The folks that have been working with these products really heavily even within our own Red Hat community Not a lot of people know about it. And then when we actually surveyed our customer bases We did a survey recently anybody that had opened a ticket against rel red hat enterprise linux in the last like Six months or something we surveyed like you open a support case Did you use insights along the process because there's some of the support team are now encouraging use because it can proactively detect a lot of these things So you don't have to call support. We'll tell you about it and we'll tell you how to fix it Still the overwhelming majority I I want to say it was either close to or over 50% of the respondents Still had no idea what insights was So this is something that you have it's part of the value of your existing subscriptions part of what you pay red hat for Really encourage you just to turn this on Use it see what it does it adds an absolute ton of value And I want I do want to add one more thing before we we move topics If you also have smart management, we spent this entire time talking about just insights We haven't talked about smart management or satellite, which are some of the other capabilities that we have Smart management has a play Here as well If you already are a satellite user You can activate insights from within satellite using a remote execution playbook as a System role built right into satellite to turn it on all your systems It will by default proxy all of the information that's gathered through the satellites So you don't have to go in and worry about each Host individually having to go connect or opening firewall ports or anything like that Satellite is already your trusted single point of contact for your network Use it it uses the same port. You don't have to use any open anything new It just happens over port 443 and it just converts it over a you know sends it over to the api Where it gets really cool is in with satellite 6.7 so again roughly some of the year ago we introduced a feature called cloud connector It's part of the smart management subscription So only satellite users today can use this And what it does is create a web socket between cloud.redhat.com And your satellite so as you find these issues we detect that there's There's a vulnerability there's a cv out there and you want to address that as soon as possible You have your estate connected through your satellite Click I want to fix this Click create a playbook Click run the playbook It takes that playbook it sends it on to your satellite And it runs it it uses your capsule infrastructure So it will send it from insights to satellite to capsule to host Uses ansible remote execution on the host and runs that playbook for you There is of course all the security measures are in place You have to have an identified user that's allowed to do that on the satellite side You have to have an identified user that's allowed to do it on the cloud.redhat side And you have to have all of your ssh keys in place. So basically if you're using satellite the only additional step is to Set up cloud connector and identify people on cloud.redhat.com that are allowed to do this Yeah, at some point we we probably need to talk a little bit more about satellite. Maybe that's a future episode So i'm going to just go ahead and share my screen And transition over to demo time So john, uh, you may recall this we we made this, uh Lab together and i'm I think today I think after this show i'm going to go in and i'm going to go ahead and add some user credentials people can use And i'm going to publish it to the main lab dot redhat.com page But for now i'm just going to run through what what scott And i'll use my own credential for logging in and looking at stuff So we talked about how in redhat enterprise links eight A lot of builds for l eight will have Insights client already installed If you choose to do an app base install And that's the only thing you're providing It is not part of that, but if you do something like Server with gooey and some of the other Pretty common builds it will be there automatically But it's a a yum install. It's like this on redhat enterprise like seven as well and then after you've got it installed you just insights client register and It collects and Sends your first batch of system facts Up to the insight service And as you're going through that on cloud redhat.com itself under insights There is a register systems item and that left hand menu bar of insights And that's actually going to walk you through all these steps And it's it's going to ask you a little bit more intelligent questions too like hey if you want to do this at scale Um first I'd ask you hey are you using subscription manager to do this or are you you know using satellite or what's your What's your registration methodology? You know, how do you want to deploy? Do you want to do it singular? Do you want to do it at scale using either puppet or ansible? And then if you choose Manual it's going to give you these commands if you choose puppet or ansible It's going to give you the associated playbook or module So i'm going to log into the insights Application on cloud redhat.com in just a second And so to find this box because they're all kind of randomly generated I needed to pull up the hosting for it And then I also ran insights client status. This will just report whether it's registered or not And we can see that our registration was successful All right, so cloud.redhat.com And I I logged in because I was using it this morning in a webinar that I was doing so yay uh here in the redhat insights tile is quick links to the individual sub applications like advisor Which would tell me any configuration or questionable or concerning things that it found on the system Vulnerability we talked about that's your security updates that are outstanding Compliance we talked about and these others. So these are quick links to it And if you just hit open, I think it takes you to advisor. Oh, no, it connects you to the dashboard Uh, so this is also new-ish Um, where it'll actually give you this kind of snapshot of what's going on with the systems that you've got registered um That you could take a look at All right, so let me go to advisor Uh, actually I want to go to systems And I'm going to find this system. He is ed4f Oh, he's right here at the top And if we pull up the listing for this system, uh, we can see that the ssh keep alive Settings are something that can cause problems and it's already toggled open So it tells me a little bit more about what the issue is and why it would be a problem And then as john reflected on earlier Here's what we could do to Apply a change that would resolve this issue right step by step guidance This one also has a playbook that you can download and execute for it Um, and then if there's more than one way to solve the problem, it usually gives Alternate methods if you would prefer So what i'm going to do is i'm just going to go ahead and apply this Uh remediation that it it recommends. So this is uh, I think sshd so it was um Client keep alive and client alive next count Nope, nope. Maybe it's ssh config It's a live demo. Would you possibly go wrong? Remember we love failure on this show Do we love failure though? I mean, I don't know I'm kind of partial to success. I mean, I You know, it's nice to be able to see how you fix stuff sometimes All right, why ain't a live at all? All right, so that's currently set to zero And the recommended remediation is to set it to 900 And I think it said client live max count should be set to three, which is the default But I'll go ahead and uncomment it to make it explicit All right, so I've made those two changes Save my file. There we go and Um, let me go ahead and re upload my system information That way I don't have to wait for the already Scheduled task of uploading information. I can just do it right now And what I should find is when I return back over to the insights um advisor application and reload it That that should no one abuse plate for the system. Why are you smiling? John's made sure giving the Just wait Go back to your other tab Your current settings are as follow use the following values Oh But it does say you can use the slightly less secure values. So you're okay reading so it was 300 and 300 and zero Okay, all right, let's try this one Scott's found that if I smile too much, I'm just gonna watch the train wreck I would expect nothing less John Svanks Oh look the forest is burning smile Well, do you remember when uh, when jaredo was on a couple weeks ago? He did the exact same thing to me. You just watched me Slowly train like it like the people you invite on the show seem to set you up a lot Yes, I have a sucker for heckling. He totally did it to himself All right, so after I resolved that one, there's no additional things that are required. So no no recommendations are available um Similarly, if I take a look at vulnerability and I look at the same system So I showed on the dashboard that there are 14 CV is available So here they are. I wonder if I just go over here into a This might take a minute So while that runs jump back over to the other tab real quick. I'd like to point out a couple things Yes, sir Earlier we mentioned, uh, I talked about the customer security and awareness program. I mentioned security rules, their cvs that we've gone and done a little bit more introspection into They're notated here on the screen the very first one there has that eyeball icon and that notates a security rule for the Vulnerability service. So that's telling us that that's one that we've gone through. We've done a little bit of extra Looking at and we've added some more contextual information. That's important to rel Also want to point out all the way to the right there. You have two columns business risk and status So our severity column is primarily set by Uh, this the information that we're getting from The databases on the cve But we do know that while we've set the important of severity It might not be Important as important to your business. So something like the third one down there that's listed as moderate Maybe to your business. That's a really really critical one So what we allow you to do is to assign your own business risk to cvs So you can say, yeah, I know red hat says this is moderate, but to us we got to fix this thing So you can actually go through and and set that go ahead and click into one of those cvs if you don't mind But that works too. Yeah, I was gonna say click it itself But yeah, the other thing that we've got is the cve status So if you drop down on the status menu One of the things that we can do here is actually walk you through the entire remediation process for cvs So the default status is not reviewed. We haven't looked at this But as you actually go through the point of fixing this across your estate You can put in there. Hey, is it in review or we've accepted the risk or we've scheduled for patches And you can put in a justification note Just for the status just like you can for the business risk That also helps you later on as you sort it. So yeah, so you want me to click on the cve number? Yeah, either way Yeah, if you click on that that's going to give you the other information about the cve So a little bit more detail view If you're used to looking at these kind of rules as well We put in the cvss vector information So if you're used to looking at them, you can see a little bit more up cvss 3.0 vector on the right so you can see from there that your attack vector is network Your attack complexity is high if you click on the question mark It will you know expand all of those out if you're not as familiar as looking at some of these things But rather than making you go out to the cve database and figure it out for yourself We've just kind of scraped that information and pulled it right here into insights Yeah, and it also gives you this this list of systems that are registered to to insights that Have this outstanding cve for them. So I was called in a panic a couple weeks ago and so he's like we're not using are we Solar winds are we using solar winds? It's like No, but but if there is ever a question on whether, you know I don't know specter Are we susceptible to specter? What systems are suspect susceptible to specter and you can you can find it pretty easily? Yeah, and if you want to go back into one of those cvs or that one right there is fine right below cvs There's a checkbox Like so expose expose systems click the checkbox that's on the left of name That's going to select every system that has that cve and then click that remediate button Pretty much every one has a ansible playbook for vulnerability Type in just a name temp or whatever doesn't matter So rather than going through the way that scott did and either just do a yum update or fix it manually You can also create these playbooks What this is doing is telling you what action we're taking in this case We're fixing this particular cve What the resolution is if there's a reboot required and the number of systems impacted Go ahead and click create And now in the upper right you get that hyperlink tap on test Under playbook created. Yep. I want to click it. I can't quite And then this is where I was talking earlier You've got that download playbook button. So if you hit that it's going to pull down that yaml file It's going to come down in the zip. So you have to extract it Yeah, I'm not sharing that window. So that's fine. That's fine. Don't worry about it But um, this is also the place that I was saying earlier that we create that playbook for you So if you want to do this in a more automated fashion, here's how and if you also have that smart management capability You're using satellite you configure that cloud connector and that's where you have that execute playbook button notice. It was great out there Yeah, I just wanted to point that out when you were waiting for those to finish cool All right, so i'm re uploading my insights data right just so I can Get it more immediately for the sake of demonstration and waiting for its automatic check-in you know Later today when we're not streaming All right, and so now if I go to vulnerability systems So it has cleaned up some I think it's still processing my uh My upload of data Let's try one more time Yeah, only that security rule is left. So there may just be something additional that you need to do for that one Uh, because it is a security rule. Maybe oh, you know what it might be the reboot that the uh Playbook set an automatic reboot Set an automatic reboot. So it may be that it's like a kernel Oh, let's see And it needs to be booted into it Httpd You may need to restart it Yeah, but basically in a short amount of time you've identified, you know several cds and uh A best practice recommendation that existed on this brand new box that you spun up And you've resolved the majority of them here in just a few quick moments And you've been doing it manually, but you can use that playbook method and Create that playbook and and pull it down Don't be a hater. John. Nice. Don't be a hater on my manual tasks. I'm not a hater. I'm just saying You don't have to just type one system at a time. You don't have to be a scat. It's all I'm saying All right, uh, so Just real quick because uh, we're almost out of time Uh compliance service. So on This box we don't have any compliance Uh All I see set so I don't have any systems that are checking in with that data Um, so you could go through and use the the wizard here to create a new policy Hatch Take a look at this one I think that one's going to be empty too because I just did a yum update dash y not only updating my Not only updating my security Related updates, but I applied all the updates. So there's one available enhancement update Looks like You want that one? Did you get picked up? I do I love enhancements. Uh, it's important to note that for um Red Hat Enterprise Linux 7 We have essentially stopped producing this kind of of update. We typically will now only produce important or critical security orata updates Or red hat enterprise like seven because it's it's in maintenance phase two We also produce critical and important security updates for rel six if you are using an extended life cycle support add-on So if you're rel six plus el s you can get those But we're still producing the full gamut of buff x enhancement updates for rel eight And before you know it we'll be doing that for rel nine as well All right. Uh, yeah Yeah So drift again, I've not Configured any baselines, but uh, we can create a baseline. Oh, there's some already in here from some other folks that have tried it out Nice, um, and we could do comparisons between boxes So and then the playbook that john had me create to Replace my very scott-esque way of doing things Uh is down here in remediations right there's the test playbook that I created so yeah, so I do highly recommend anybody who's a satellite user or has smart management already And so it's anybody that's bought either rel plus smart management rel for sap Smart management is a standalone add-in for the rel If you're already using satellite take a close look into cloud connector because that allows you to Help remediate these issues simply pretty much with a click of a button at scale Uh, I do think the satellite integration here is really really tight. It's really solid It's getting even more improved in future releases So there's mostly most of the enhancements are going on With this satellite insights integration on the back end a lot of the engineers are either cross-trained or Report up through the same chain. So there's there's really good work there I did see a note in the chat about the integration with Tower so wanted to talk a minute and chat about that within the satellite ui and within The tower ui there is an insights menu item and again insights has been around for a long time and the word insights has morphed a bit Because it used to just be the service that we now know advisor So if you're looking at insights within satellite or within tower when we say insights what we really mean is the advisor service It's just that one service So if your insight tower you're looking at a host from a host context And it's showing you all of the the feature all of the recommendations that we have for that host That particular feature from my understanding and i'm not on the ansible team But from my understanding that is the portion that is being deprecated Is in the future from within tower when you select a host that's synced in through an inventory You won't see any of the Insights recommendations you would want to go out to cloud at redhat.com to see those Within satellite you will still see those we're actually Still having all the advisor pieces listed Within satellite, but it's just advisor all of these other services aren't being listed and for satellite It's partially because we have other ways to do that in satellite vulnerability compliance patch All pretty much already built in and functionality of satellite drift is not in satellite and It was in an older satellite five, but it's not there today However within tower one thing you still can do is you can create an insight sync job And you can sync up any playbooks like we just created that one remediation playbook for this job We created it in cloud at redhat.com tower is still capable of syncing that And there is documentation out there. I'm setting up an insights project I don't think I grabbed the latest but in our working doc chris. I dropped the link tower docs and insights if you want to Put that one in the chat So that functionality is still there at least in the near term I am not entirely up to date on the roadmap But that feature to my knowledge is planning to remain at least You know in the near term because we want to be able to enable people that are Using insights are creating Ansible playbooks to get that information over through tower so you can Create the jobs on cloud at redhat.com and then sync them over to your tower side I do feel that the insights and satellite smart management integrate Integration is better, but then again remember that those are the products I work with so Maybe that's a bit of a favorite nation clause there. So hey, maybe So I saw in the chat And sure you already replied to this but jpd8 asked if there was an initial charge for for insights No, we cannot stress that enough If you have a rel subscription, right and remember rel subscriptions cover Any version of rel? Insights is included in that subscription if you have a new developer subscription Which includes 16 entitlements for rel It also gives you insights because insights are part of the entitlement for rel so Anytime you have a rel subscription It also includes access to insights and by insets. I mean this entire suite of of tools that we just showed you And on top of that if you have the new developer for teams That has insights and smart management. So you can even deploy a satellite with developer for teams so the developer for teams is uh We said that we were going to make it And and we're working on making it. I don't know if you guys saw last week's episode with With brian gallagher or I guess two weeks ago episode with brian gallagher. We talked about the expanded developer program One of the things that we're expanding is developer for teams. I know that we are not at the point of Selling it yet, but we're getting there Yeah, I've been sticking my nose in that one though and smart management is part of that bundle So you'll have satellite but regardless If you have rel the only exclusion I know about in all of red hat is rel embedded Because embedded by nature has different contractual languages than any other flavor of rel any other kind of rel you've got insights all you got to do turn it on and Really simple of the most complicated version of it is two commands Um, absolutely check out that security page that chris linked to that's got all of the information on the basic, uh You know, how do we detect your data to how do you register to our full faq? Which I think was like 30 pages or something last time I had it enough in a text document So when when we close out john i'm going to update this insights workshop to say that it's a Advisor workshop because that's really what it is Um, i'm also going to update it so that here is originally designed to be part of an in-person workshop Clearly we're not having in-person workshops anymore Um, so i'm going to update this screenshot and instructions to actually be a username that people can use um, and i'll i'll change it over periodically so that We kind of keep it fresh um But yeah, like and i'll we've already updated some of these uh screenshots already to account for some of the new things But yeah, so it's it's already out there and it works and I'd say to provide folks a credential for it And I got one more resource chris. I don't if you don't mind sharing. I just dropped that in the link We've done a lot of different webinars on insights. We've been you know Ever since we did that last summit release. We've been going through in-depth on a lot of the different services So we have a webinar library out there. They're all at this point pre-recorded I do expect that we'll be spending some more back up here in the The next month or two But if you want to learn more about just drift or just policies or just vulnerability There's a separate webinar for each one of those. I think I've I attended every one of those if I didn't present on every one of those so They're they're pretty well darn in-depth They cover a lot of the the how-tos and there's some really great content out there So if you want to learn more about insights, that's a great resource for you to go to Even without the the hands-on that's gonna Delve deep and all the things nice Short I threw in the direct URL to the insights workshop. I'll also get it cross posted on the main lab.redhat.com page as well but give me about An hour to make all the updates to it and then No, we're come on an hour Yeah, man 45 minutes. I want to make sure it works and like tests and stuff Okay, fine So we're in real world. We actually like, you know, make plan and validate things I'm not sure if I should take that as a slide or Maybe you're just informed It's best practices other people can do it too, but I know for rel we we certainly do You know the phrase best practices is kind of losing its good connotation. So Recommended methods Fair enough. All right, you ready to wrap this thing up Yeah, yeah, John. It was great having you man. We're really good to see you again We're supposed to thank you for coming on, John. Appreciate it All right, and that is all the live streaming for today folks. So Check us out in the morning. We'll be talking about open shift container storage 9 a.m. Eastern I believe that is 1300 No, 1400 DTC And until next time we'll see you soon. Stay safe out there Thanks everybody