 Good morning, good afternoon, good evening and welcome to another episode of Level Up Hour where we consider all things containers, Kubernetes OpenShift. So we have a really, really interesting episode today. And in fact, it is our 50th episode, so it needs to be extra special. I am joined today by my co-host, Scott McBrion. Scott, how are you doing? Doing great, Randy. Loving this Red Hat Enterprise Linux 9 beta day. Who knew? You knew. So is it available? Is it ready? It is. It is. You can log into the Red Hat Customer Portal on the downloads page. If you select the product variant of Red Hat Enterprise Linux beta, you will see 9.0 is available for download. It's on the download page. Download. Download page. Well, that makes a lot more sense, doesn't it? So look, we've got a great episode today. It's a little bit different than most of our Level Up episodes, but in fact, I think it will be of great interest to our audience because today we have Mr. John Spink, Senior Principal Technical Marketing Manager, say that five times, who's going to talk about Red Hat Insights. And Red Hat Insights is a remarkable capability within Red Hat Enterprise Linux that I think people, if they're not familiar with it, really should be familiar with it. So before we launch into that, let me just remind everybody, look, like, subscribe, share, let everybody know we are here. And so with that being said, John, tell us what Red Hat Insights actually is. Hey, Randy. Hey, Scott. Great to be on the show today. And I am Technical Marketing Manager for Insights. And for anybody not familiar, it is a managed service whose purpose is to continually analyze platforms and applications in order to help you manage your hybrid cloud environments. But when we say platforms, it works for RHEL, as you mentioned. It's also available on OpenShift and Ansible Automation Platform. But the idea here is we can take a look at your system essentially with Red Hat's glasses on and give you our experience supporting the product that you're using and say, hey, is it in a best practice configuration? Are there any vulnerabilities? How many subscriptions are you consuming? And we can get you all of that information in an easy to consume manner. All right. And so, you know, you made mention of the fact that actually this is not exclusively a Red Hat Enterprise Linux feature, although that is where it began. How long has Insights been something available for OpenShift and Ansible? I'll answer the unasked question first. Well, we've had it around for about six years. So it's been out there for a while. It's pretty stable. We only recently announced it officially for both OpenShift and Ansible Automation Platform, but it's been available within OpenShift on On-Command Cluster Manager for probably about a year and a half to two years. So it's been available out there. It's just been hidden and a little bit in the background. And at summit this year, actually, we made the announcement that it's available for all of our major platforms. Again, REL, OpenShift, Ansible Automation Platform. Right. Well, so here's the question. To get this capability to, you know, look with the Red Hat glasses at, you know, all of your systems that are running, you know, these particular platforms and so on. How exactly does it work? I mean, how does that actually manifest itself? I mean, I can imagine sort of a portal that would give me that information. How does that information actually get collected? Collected, it varies a little bit depending on the platform that you're using because there are differences in the platforms themselves and the way that they're operating. So we're going to have to handle each platform individually. So REL is the oldest. It's been around the longest. It uses a client. That client is installed by default on most versions of REL. So it's in there. It's part of the package. So if it's not installed, you have to YUM install or DNF install it. And if you're using a newer version where it's already installed, you just turn it on. Insights-client-register. And that's going to start the process of collecting facts and metadata on the system itself. We upload a collection packet. The average size last I looked was around 384 KB. So very small size that we're looking at. And we do an analysis on that actually in the cloud and give back to you the data. It's, of course, fully supported by our GDPR practices. You have full control and can see everything that's collected and you can redact or remove anything that you have even greater concerns about. So if you're like, hey, I don't want anything about my host name going out, that's a simple switch. Yes, no. If you don't want anything about maybe a particular string command pattern, you've got the ability to redact that as well. And you can do it either in a file or you can use YAML to do it. Okay. So you actually have a certain amount of control over what's coming in here. And you need not fear that everything that you might not, you might not want to have showing up in some report or visible in some way is going to be visible. So it sounds very customizable. And you can do that collection on your side without ever sending anything to Red Hat, look at it, inspect it, and then go, yeah, cool. Yeah, that's no big deal. I mean, we have to run commands like, you know, what's your uptime? You know, what version of rel is this? What packages are installed and running and what are the versions of those packages? So again, it's kind of metadata level. But we need to know things like that if we're going to, for example, look for an issue where a certain version of the kernel and a certain version of a package over time will collide and maybe cause some downtime or cause some issues. Like we need to know those version numbers so we can give you that analysis and say, hey, there's a potential issue in the making and you should be aware of it. And hopefully we give that to you before you encounter any downtime or trying to stop that 3AM phone call. Yeah, yeah. Well, so in some ways it's the CIS admins dream to have that level of insight and so on. But it's also a bit of a change. So what sort of, you know, adoption have we seen if we're looking first with that longer term Red Hat Enterprise Linux, you know, use case, has it been widely adopted? It's been pretty well adopted. We still have an awareness issue. People just don't know what it is. And part of that is it's not something we sell. It's included with your rel subscription. So we don't have a normal selling motion where we're like, hey, go buy this thing. And that encourages maybe sales to push it a little bit higher because they get a commission based off of it. We're not in that model. We're in a model where there's something that is a feature of what you've already bought. And this is true for rel, for OpenShift, for Ansible. If you've already paid us for the subscription, you have this, but you have to turn it on. It's almost in some way like I don't get a car with one of those remotes. And if you like hit the unlock button and then hold it down, it will roll down your windows. But you're only going to find out about that if you really delve through the documentation and read it. It's one of these little kind of hidden features. And we don't want it to be hidden. We want it to raise the awareness and let people know that this is something that anybody has access to and can use. Documentation, what's that? So, John, were your ears burning yesterday because I was actually having a very serious discussion with someone about insights, specifically the vulnerability service for rel. We were talking about how when you first log into insights on the Red Hat Enterprise Linux product dashboard, it will show you the vulnerabilities that are outstanding for your system population and grade them by how severe they are. And one of the newest features that I really like is it tells you if there's known exploits in the wild for those. So, like, even amps up your attention even more. And then you can also get reports on, like, which CVEs are out there, but also which systems are susceptible to which ones. So, like, it looks pretty hot. If any of you have ever been in that situation where the security team comes to you, your manager comes to you, whoever, and says, we saw on the news or we read online about this new vulnerability and we need to know now how many of our systems are impacted. That used to be a real slog. I mean, log into every system one at a time or, you know, go write a script and says, hey, I'm looking for the presence of this package. Oh, gosh, if we got there, thousands of systems that takes a long time versus if you have something like insights in place, your systems are registered. Click a link, print out the report. Here you go. And then we even take it to the next level and we'll tell you how you actually fix that and even create an Ansible Playbook for you. So we can show that off here in just a few minutes, Stu. Ooh, that sounds kind of like a demo, doesn't it? Well, so before we get to that, let's just sort of clarify and reiterate something about this is, again, it comes with, and you know, it's really ironic to me that the thing that comes with it might be free. That might not actually have as much awareness as something that we have somebody selling as an add on. So, yeah, you know, take advantage of this. It comes with, you know, these platforms. And so let's look a little bit at how to get started with that because it's a little bit different for these different platforms because they're essentially different things, right? Absolutely. They form different functions and it shouldn't shock anybody that it's going to require a slightly different process to get started. Yeah, so, Ralph, I mentioned a little bit about it. There's a client that's available on the host. You have to register with that client. So it's 100% an opt-in process for Ralph. Ansible works very much the same way on your Ansible Tower or your Ansible controllers. They're rail based on the back end. So it's a very similar process. If you want information about the tower or the controllers themselves, you need to register those hosts to insights. If you want information about the actual automation that you're performing on those devices within the controller UI, you have to go in and flip the switch and turn it on. And what that starts doing is gathering the analytics about the automation that you're performing and reports that information up to us. And again, that gives you visualization of what you're doing in terms of automation and, you know, how many jobs are successful, failed, and then ROI information even about, hey, you've been doing this much information. This much automation, we estimate that it's worth this much an hour in savings and you've saved this many thousands or hundreds of thousands of dollars. So all of that can be gleaned from the analytics of Ansible. OpenShift is a little bit different because it expects with OpenShift 4 a connected experience. There's remote health checks, remote monitoring, and an insights operator. And all of that is connected essentially by default because we expect with OpenShift you're opting into that higher level of analytics and a connected experience where we can tell you ahead of time, hey, your cluster is not quite working the way it should. There's something going on. We can inform you of that. And that's very similar to Model. I used to work for a storage company previous to this and they had an automatic support type operation. It worked very much the same way where if you have a hard drive started to fail, you get one in the mail. I mean, it just shows up on your front door. It's a very similar model that we're following with OpenShift. So one of the things that I found interesting here is the idea that if there is some sort of corrective action that needs to be taken by insights is that it'll actually hand you back an Ansible playbook. Now is that something that will apply across all platforms or is it something that just applies for Red Hat Enterprise Linux? Right now it's primarily for REL and Ansible because, again, Ansible relies on REL as a back end for the tower or the controller. I started to call it automation, but it's not end-to-end automation. But it creates that playbook for you where it can give you the intelligence to prescriptively say this is what you need to do to fix it. So we just generate a playbook. And on REL, if you also have a satellite or if you have a smart management subscription, you can actually run that playbook right from insights. So it even goes beyond creating the playbook for you to if you have appropriate permissions, it lets you execute that playbook. All right. Well, yeah, so it's very interesting to see how these particular three platforms are sort of evolving in parallel side by side, sometimes in a very complimentary way, you know, especially something like Ansible as the means to actually perform these improvements. Both on itself and on REL. And I would expect at some point that this becomes something that we see in terms of OpenShift as well, right? Yeah, I should mention as well the Ansible changes. Some of the new services were announced at Ansible Fest. They're not actually live right now. They're in production, but they're in what we call beta. So they're available to everybody today. And when we, again, jump into the demo, I'll show you how you can turn on the beta mode and you can see everything that's coming because it's out there. It's available. They just won't flip the switch and turn it into production until Ansible Automation Platform 2.1 gets released sometime soonish. Yeah. All right. Well, so I'm just wondering, is it that time, Stabby, is it the time that we gird our allowance that we prepare for impact and maybe maybe have a demo? A live demo? What could possibly go wrong? What could possibly go wrong? John? I did not burn any incense this morning. We'll do our best. I'm ready. Anytime. Anytime. All right. So what I have on the screen right now is I have gone to Red Hat's Hybrid Cloud. This is cloud.redhat.com. If you're not familiar with it, it uses the exact same credentials as what you might use to file a support case or go view a knowledge-based article. It's the access.redhat.com Red Hat SSO. So it's the exact same thing. So I've just gone to cloud.redhat.com. There's a bunch of information on this page about insights, about getting started. But we're going to start all the way up in the upper right-hand corner here. There's a console log on screen and I want to highlight that for you. So it's right there. I'm going to click on that. I logged in earlier today. My SSO is probably still cached, so it didn't prompt me for a username or a password. If I hadn't done that, it would have said, hey, what's your Red Hat login ID? And again, that's the same one that you would use elsewhere on a Red Hat property just to log in. So here I am on the main page of the Hybrid Cloud console. You can see on my left-hand navigation bar over here, this is showing me all of these different platforms. So I've got application services, OpenShift, Rel, and Ansible Automation Platform. Now, not everything here is insights, but insights is present within all of those different platforms. So there's some stuff here that's not insights too. Within this UI, I do want to point out the little gear icon up here in the top. This is where our settings menu is. So if I go to that settings menu, I mentioned earlier that some stuff is in beta. And we've got two different environments here for insights. There's a beta environment and a production environment. We treat them both like production from a developer standpoint because they're available to you all of the time. But if I click at any point, use the beta release, it's going to show me whatever the latest is. So you should see a visual UI change right there as I switch to the beta mode. We're trying to make this even more instinctive, intuitive to use, and maybe a little bit less wordy so we can get all of the findings across the HyperCloud console to you easily and quickly. I'll pause there. Questions so far? I think I'm with you so far. All right. Folks, if you have any questions, please put them in the chat and let us know. So let's continue on. Before I dive into the platforms, I want to talk just a little bit more about what it takes to get on this console. You just have to have that SSO login. And within the settings menu itself, so I'm going to go to that gear again and I'm going to go to settings. Within this, we do have role-based access control. So I can see here under my user access what I have access to. I'm logged on here because I want to be able to show you everything. I've got pretty much full access so I can see all of the different services across all the different platforms here. But within user access, there is concepts of users, roles, and groups. The users are the same users that your account has. So anybody within your organization that has a Red Hat SSO can access this. And then within the groups, what you probably want to do if you want to restrict this access is go into that default access group and say you only want a certain subset of your population that has a credential to access this console. You can go into the default access and you can remove some of this access. So you don't want them to have access to compliance or advisor. And I can talk a little bit more about what those services are in a moment. My very question is, what are the kinds of access control that we can implement? Because the mind races with the kinds of things that you might want to do. Correct. Yeah. And so by default, most things are open to you because we do want to encourage users of insights. But the big one that's not available to you unless you opt into it, unless you have somebody go in and create you an access is remediation because we don't want you to be able to actually take actions on these hosts like physically manipulate them in any way unless you've been exclusively granted that permission. So that is not part of our default access. But if you go into the roles, there's a pretty good list of roles here. So for most of the services and capabilities, they're listed on here and you may even see some that aren't currently available because we also have the concept of private beta. So I've got a few things that you'll see later on, but you may not have access to and that's okay. And that's expected. Well, kudos for having something called an approval approver. So one thing I'd like to point out, especially with the Red Hat SSO system. So there's there's basically like two sets of settings. One is the inside settings that John is showing us that are separate from the account settings in the organization. So as an organizational administrator for a Red Hat set of accounts, you can choose things like can this person open support cases? Can this person download product? Can this person register systems with subscription manager? And those settings are independent of the inside settings. So you can actually grant someone. In fact, in the lab that we linked in the chat earlier, the user account that's used in that lab has no privileges for subscription Red Hat services downloads, but can access the insights console and look at insights data and pull reports and things like that. So between the two, you can set some really fine grained controls over how much access someone within your Red Hat organization should have. My other user, I tried switching to a different tab didn't even have user management, but I've got a higher level permissions here on access.redhat.com. So my user has it. The other demo user that I had open another tab did not. So yeah, within this, I can go into a particular user and I can give them that access that Scott's talking about. So we can go in here and actually give them different levels of access inside of access.redhat.com. And this is 100% separate from what I was doing over on insights. So if I scroll down to the bottom here. The reason that you have the user management field, John, is because this account that you're using right now is an org administrator. Correct. Which means that you can manage the organization, including adding and disabling user accounts with the data organization. Yeah, so this particular user I'm looking at is, you know, pretty limited user. They don't have a whole lot of access to things, but I could absolutely change their permissions to let them open support cases or do any of these other items. But this is separate from what I'm doing over here. Right. So cool. Well, I know we delved in kind of deep to our back, but it was level up our so we wanted to make sure that we were showing you some of these a little bit more advanced things. While I'm in here before I leave, I do want to highlight that we also have sources. So if you're a public cloud user, you can set up integration with your public cloud provider from right here as your Google AWS that enables some advanced features such as gold images. If you have appropriate subscription, it enables auto registration. And of course it enables use for insights and our services within it. So integration is also going to I don't have any setup right now, but it's going to allow you to set up web hooks or do some other kind of advanced integration. So if I wanted, for example, a slack notification whenever I got a an issue popping up inside of insights, I could do that through a web hook here. And then notifications is where you're going to do email notifications. I want to know anytime I get a new issue, new recommendation, I want an email notification. I can do that here as well, both for rail and open shift. And one of those integrations that would be potentially interesting, especially to the system admin crowd is, you know, you could tie it into service now, especially if you're like a service now driven org. So that that's what the web hook stuff is for as well or get a variety of other places. And future growth we're looking on in some some built in integrations, particularly, you know, potentially with like a service now type, but that's future that's not today. But it's something that we're definitely looking into like can we build into some of these really common workflows and make it a lot easier so you don't have to go the web hooks route can we build in a native service now type integration but that's all future state. Right, but even with the present state it is something that's possible it just requires a little bit of sweat equity to get it going. Correct. Cool. So, all right. So we talked about some of the advanced features before we talked about some of the basic features but you guys have it. We like that. All right, I've gone back to the main page here I'm logged in I'm still in beta mode. So let's go ahead and go into red hat enterprise Linux. And what we're going to talk a little bit about is one of our services that actually crosses all three platforms, the advisor service. The advisor service is the og service within insights. It used to just be one service that was advisor. It's purpose in life is essentially to prevent that 3am phone call to identify issues that might pop up before you know, let you know about them before you you have any problems so it's got a big integration with our support team. It's a rule based type engine where I think of it as a if this than that type model where if we know a situation might exist we can look for it, we can identify it and we can let you know about before it's impacting within the space. Everything is a is part of insights and we have split these up into operations security and business if you look on those tabs across the right so we've kind of taken those out and parse them into themes hopefully to make them a little bit easier to find and a little bit more of interest and then the dashboard itself, there is a lot going on here because there's a lot of different things that we're finding inside of insights. So again, vulnerability by scroll down compliance remediations patch. These are all different services that we have within insights, but I'm going to look at this advisor service and what it's telling me over here on the right hand paddle. I've got two incidents detected. We within insights call an incident something that is actively affecting your system right now so this is not a potential problem this is an actual problem that's occurring so those are probably something you want to address. Pretty quickly, and then by total risk we've got a nine important five moderate issues and then I can see them by category down here as well so that just gives me a little bit of a way to parse this information that is presented to me from that advisor service. Going over to the left bar. If I expand out advisor. There's three different areas. I can view this from the perspective of a recommendation. So if I want to look at a particular support issue I can start there and see how many systems are impacted by that issue. Or I could go to a systems view. Maybe I want to look at a specific system and see what issues exist. Or I could look at topics and topics are essentially things like. Let me look at all the issues having to do with SAP or Microsoft SQL server or even answer automation platform. So I'm going to start with the recommendations view. It's probably the most common. This is that high level where it's going to tell me about incidents. If I scroll down the list here. I've got three top level areas I can look at. My biggest improvement here around is around availability. This affects three systems. It's one of the incidents so it's actively affecting my issues. There's also some important stability issues that are shown up here so we can see what they are and we can also see whether or not they require a reboot just at a very top level. So again this is trying to guide you a little bit into these are the most impactful issues that you can deal with right now. And if I scroll down the list some something I want to highlight as well again more advanced users here. If I look within the advisor service systems impacted one or more. This is my default filter that is applied essentially to all the services inside of insights because what we want to show you is what is actually affecting you. If it doesn't affect you do you really care to a point. But we do get a lot of people that say how many recommendations are there and where can I see the total list maybe I want to search to see if there's an open SSH issue or something of that nature. If you do ever want to see the whole list this flag right here systems impacted you just click the little X that clears the filter and it's going to show you everything. So within the advisor service we've currently got 1059 enabled recommendations and I say enabled because it's also possible for you to disable some of them notice I still have an enabled filter here. So if I wanted to see the full list I could clear that filter out as well and then I see everything I don't know if I have any disabled or not. I had a couple so we've got 1073 total recommendations within the advisor service. I'm going to turn that back on systems impacted one or more because I really only care about the ones that are currently impacting my systems and I'm just going to take a quick look at these. Notice I have the name I can expand one of the name you know any of the names here I get just a little bit more information from this view. You can see how old it is what category it is all the way over here on the right. It also tells me whether or not there's an ansible playbook available to resolve this issue. So this one I'm highlighting it's an incident it's actually happening right now. I'm going to select it to go into a little bit more detail. This is going to show me which systems are affected by this issue. So if I scroll down the list here I've got five total systems and notice they vary across different operating systems. So here it's not telling me how to fix it because the actual particulars of how to fix this issue will probably differ between a real eight to system in a real seven three system. So if I want to know how to fix this issue I'm going to have to go one level deeper select that specific host. And now this is going to give me that prescriptive level of information about this issue. And particularly the steps to resolve it and we can either resolve it using a simple yum update or alternatively we can go into the SSHD config here and we can change from the lines and restart the service. So you've got two different ways that you could potentially fix this issues here. For this particular version of Ralph. So I mean I love the very tailored guidance on a release basis because things do tend to change just a little bit from even you know one dot release to another. But I also like the fact that it's it still leaves the control in your hands as to whether you're actually going to jump in with that fix or not because as we know there's always side effects right. And you want to be able to have that opportunity to go OK this sounds like a good idea I see I see the issue that's being raised. Let me think about the particular maybe sometimes even ill advised I don't know things that we might be doing in our environment that will get all blown up. If I take this step and it goes gives me as that person looking at this report the opportunity to go OK let me think about this let me think it through. You know I'm not going to have to research you know some of that in this particular case Arcane SSHD config. You know changes that I would need to do it's telling me what to do but at least it lets. So I sort of cut ahead on the research part and now it's really is this something that actually has an impact that I need to think about OK I think this is good I hit go. Absolutely. And by research do you mean Google and Stack Overflow just just ask for a friend. Well yeah exactly. Did your research there's there's your integration that you need John is you have a Stack Overflow integration with insights. We don't have that one we do have a link to our Red Hat Knowledge Base article but we don't go to Stack Overflow. So the knowledge base is a good resource for everybody to know about. For sure. So I do want to show you the next step of this is I've showed you hey here's how you look at a specific machine and how you address it. But I'm just going to fix all of these systems and we can do it by just clicking the checkbox. I've selected all five systems and I can click this remediate button over here. And what this is going to do is actually create a playbook for me. All right so create a level up fix it. I'm going to review the systems this is just what we looked at their five systems that are selected. Click next. It's going to summarize for me what I need to do in order to resolve this it's also going to tell me that I do not require a reboot. So if I submit this what I've essentially just done is created a playbook within the insights context. So this playbook I can see it from within the UI. I click the hyperlink and it just redirected me on the left hand side if I scroll down there's a remediation section. And within this particular playbook I can again scroll down here's one action across five different systems. Now if I want to I could go and add a bunch of other actions in here so I want to fix a lot of things I want to do like a quarterly patching cycle I could add all of the things here. But what I'm going to do for this particular issue is there's a download playbook button over here in the upper right I'm going to click that. What it's going to do is download for me a playbook in a zip format. And I'm waiting for my utility to extract it. All right. And then I'm going to open the YAML file. And hopefully this is visible on your screen but this is the playbook that I just generated. And I can see the information about it. Here's the host that I selected. We do include in the event that you're going to run this playbook from Insights there is a signature involved so we can compare the signature and make sure that this playbook has not been modified. So somebody's not gone in and put something malicious in here. We can also we get our diagnosis information from the Insights client. We update our cloud init package in this case. If we need to enable any repos we would do that. We have a mix of rail seven and rail eight in this playbook so we're handling both of these individually. And then at the end what we do is we run Insights again that generates a new collection sends it on to Insights and that way we can see in the UI that we've cleared up that issue. So I can take that playbook after downloading it and I can use that playbook on my own if I want to. So I at this point if I've got the playbook locally I use Ansible locally on my you know my host my system. I can do that. You can also if you're a user of Ansible tower automation controller. You can sync the playbooks over to your automation controller and that way you've got those playbooks over there and you can run them outside of this environment. Yeah so there's a lot of flexibility and how you choose to take action how you you know how you manage the different systems that might be impacted by this and so on. A lot of flexibility. John I noticed that there's also the execute playbook button exposed in your interface but that needs a little bit extra stuff right. Yes. So the execute playbook button is the only thing that I will talk about today that requires an additional subscription. So everything else I've touched everything else you see in this UI is all part of Insights is all part of either your rail subscription your Ansible Automation Platform subscription or your open shift subscription. The only exception to this is the execute playbook button. It requires a smart management subscription so many customers probably already have this if they're already using a satellite for example you've already got smart management you've got everything you need. And what you would want to do is click this little dock link on how to use cloud connector so smart management currently includes two components. It includes satellite and it includes cloud connector so those are your two you put them together and that enables this execute playbook button. So what that really means is on the satellite itself. You just enable cloud connector it's a built in playbook that's on the satellite host already. You click it it does everything it needs to do on the satellite end and then it creates a connection basically a web socket between your satellite and insights. When you click this execute playbook button. What it's going to do is it's going to review the systems I've got five total systems listed here three of them are connected via my satellite. Two of them are not so on these three systems that are connected. I can go ahead and run this playbook and I can fix these things right now. For the two that are directly connected. I'm going to have to somehow either connect them to the satellite so I can run this or I'm going to have to go and run that playbook manually on those systems or fix them using the directions that I showed you earlier. I'm just going to close that screen for now but that gives you additional capability to fix all the things that insights finds from one place. And that requires smart management so just to you know clarify what's been clarified is that when we're talking about insights itself it comes with comes with the platforms that it supports. Smart management is an additional subscription but that's what's going to provide the capabilities to actually do the fixing from from one place in the way that you just described. Am I correct? Correct because you need that satellite piece and that satellite piece is included with smart management so you've got your satellite running. It's super easy to connect the two and enable this. This is also where that our back comes into play. You don't want just anybody to be able to make changes on a system. So you've got to give that person the remediations administrator capability or otherwise even if you have the right subscription this button won't be available to you. Right. Okay, dare we wander into additional demos here because so far so good. I'm ready. Let's do it. Let's talk a little bit just super quick about all the items on this left hand side because there is a ton of stuff and insights. And if you hear anything of interest you want to know more about just stop me and ask. But the drift service is essentially there for the purpose of I want to compare a system to another system or I want to compare a system to a baseline. So this is your standard operating environment kind of methodology but super simplified where I know I expect a system to look like this. Let's compare to how it actually looks like and you can even compare it to historical profiles. So you come in Monday morning and something's not working in a work perfectly fine on Friday. You can compare the status of the system on Monday versus Friday and see exactly what changed from like a package level that doesn't go down to the file level though it's like a package metadata type level. So there's a certain irony here in that I think the more you actually use insights and the capabilities that you have probably less drift you're going to have but at the same time it also has the ability to track that drift and help you correct when it does happen. Any system you use is going to have drift. Absolutely. And one of the nice things that was a recent feature of this is you can now actually subscribe systems to the baseline. I've for this particular one which I call baseless because I have a very poor sense of humor and I subscribe three systems to it and then I get notified in my email. I think once a week or is it once a day I don't remember but whenever a system dress off of it I get a notification telling me that you know hey this system is changed from the baseline and I can go in here and inspect it and see what's happening. Image builder this is one of the things that's in a private beta so not everybody is going to see it. So we're not going to talk about it a whole lot but the idea here is that you can create an image and use that image in the public cloud. So this is very similar to your on-prem image builder. Inventory this is a list of all of the hosts that you have registered to your insights environment. This is my lab test environment. I do get other people using this with workshops and stuff so I'm only at 20 systems right now but it will balloon up or down just depending on the usage. And from this inventory you could actually go into a host and if you wanted to see specific findings from any of the services or some of the specific facts that we collect you can see it all from here. So if you want to go in and say hey what's my advisor results we already talked about advisor. I can see exactly what the advisor results are for this particular host. And John just to reiterate something that you said earlier we collect those facts but people can choose what facts to share with us right. Yes, so within that collection that you're doing on insights. We will definitely be able to say hey you know I don't want anybody to know about my networking stack. You can hide your entire networking stack problem there becomes we can't give you any insights into what's going on in that networking stack. We had a one of the technical account managers or teams that we have it right now told me a story about one of their customers that was testing out insights. They got a notification about network bonding like your network bonding is misconfigured and the customer is like you guys need to check your software we don't use network bonding so this is obviously a false positive. And he went, let's look into this it's reporting this for a reason let's dig in a little bit and figure out why. Turns out that one of the admins had accidentally typed in in a CLI command and partially enabled network bonding and didn't even realize it. So I'll. It's it's those things that you don't anticipate like you know we're all human we all make mistakes, but having something out there kind of watching your system and doing those little checks. You know you should do but you really don't have time for that's one of the big advantages of insights. Alright, I'm going to jump into the security theme real quick this is where we get a lot of interest and quite frankly this is what draws a whole lot of people to insights it was that conversation that we had a little bit earlier talking about. CVE is and hey I want to know what systems are affected by any common vulnerabilities and exposures. This one of the new features is the known exploit feature where we can identify if any of your systems are affected by a CVE that have a known exploit. This does not mean that you have been exploited. This means that the particular CVE has a public exploit available that somebody could potentially take advantage of. So this is a little bit higher impact so we definitely want to let you know about it. You'll also see something in here called a security rule. This means that the CVE has a little bit more information where a team within Red Hat has gone in really dug into the issue and determined that hey there's there's more here that we really want to tell you about this could be associated CVE's this could be some real specific behaviors. But this just means that it's a CVE that's impactful and we've done a lot of extra due diligence on it to inform you about what's going on. And just like with advisor like any of these click the box click remediate and we will be fixing this stuff for you. Because vulnerabilities and CVE's tend to be a lot deeper scrutinized we also give you the option here to provide a business risk. So like we say at Red Hat that this particular CVE is moderate but maybe you're like who for us we got to fix this so you're able to go into any of these CVE's provide your own business risk. So we go in here and edit the business risk and say for this one this is high and it's high because boss says so. So that's super important we got to address that one. And then as you actually go through the status of fixing these issues. Maybe boss says so but we got to do a little bit more due diligence on it than that unfortunately. So we can start it out in review that just means we're going through the process of looking more into the CVE. Maybe then once we say it's good we're scheduling it for a patch and then eventually that we're going to resolve this or we could just say hey like we're accepting the risk. We've resolved it just via other mitigation so you've got the options to go in here walk through the CVE remediation steps however you like. So this is one of those those services that gets a lot of interest a lot of scrutiny we've got a ability to generate your own custom reports based off of the CVE. So you can export again boss calls you and say hey I heard about this new thing on the news let's take care of it. You just anticipated my next question which was OK so we have these capabilities for tracking the CVE is mitigating in a way that makes sense for us based on the level of risk all of those kinds of things. Somebody outside of our insights console somebody north of us in the food chain in our in our in our corporate organization. Read something in the paper and says I want to know what we're doing about you know about vulnerabilities here and maybe everything's very well in hand but you need to produce that report. I saw something called executive report that sounds like something that is exactly what you need is well here look at all this this is what we do this is the answer please leave us alone. Yeah Randy Russell stuff right there report Randy Russell. That's it. And there's a few different ways that we can do reporting within insights itself I went back a step to the CVE's any of these view are WYSIWYG what you see is what you get. So if I go in here and I apply a bunch of filters maybe I say like I really only want to see things with security rules and I really only want to see maybe a CVSS that's the common vulnerability scoring system. I only want to see CVSS issues between a six and a 10. So I'm going to put that in here. I wanted to make a comment on that John. So one of the one of the great things about Red Hat is our product security team because they are fantastic. And they're the ones that help determine the CVSS scores. There's a whole bunch of factors that go into them. So for things like importance or critical a lot of times they're remotely executable or remotely vulnerable. Whereas like moderates or lows you have to have local credentials on the system or locally running processes on the system. So there's a whole bunch of decision criteria that go into setting what these scores are. And for a lot of the products I can only speak for well. We do update management. So for example if you're in an extended update or a maintenance phase of support lifecycle for your release. You only get importance in criticals because of those are the ones that we're most concerned about updated. And then if you're in full support you get the whole gamut of stuff. So knowing what the CVSS score is and knowing how important it is to your organization based off of it. Helps determine which ones you should pay really close attention to. And one last side note. There is sometimes a difference between Red Hat's CVSS score and like MITRE's CVSS score. And the reason for that is that our product security team will look at things and go oh this is mitigated by SA Linux. So for us this is a moderate or low even though for someone else this could be a high or important. And security scanning software and things that you might run into in the corporate environment doesn't always account for that differential. So you might pull descriptions just from MITRE and then the risk management officer comes to your desk and is like ahhh. And you could be like no we're cool look it's a moderate so we don't have to care as much. And we do scrape that CVSS database for the CVSS breakdown. You can see it inside the UI here. And I click the little question mark and that actually tells you what all these mean. We know that AV is attack vector, AC is attack complexity. We summarize it right here on the page for you. But you can always click that question mark and get more details about what that breakdown is. But the point I was making within this view what you see is what you get at any point you click this little button. You can export it out to CSV, JSON, PDF. So if you customize this to show what the boss wants you can do it this way. We also have this reports view and we've got the executive report. We've got this report to PDF that's going to show you the top vulnerabilities you have breaking it down by CVSS base scores by other metrics. Let me see if that'll pop open real quick and be good and readable here. So does it have graphs? Because executives they need like pictures. Of course it has graph it's not a great graph but it's got a graph. And then it's summarizing which ones and then I think there's another graph on the second page. There you go. But along with this executive report we know that some people want to see the data in a certain format. We've got the ability to create your own custom report. Again this has got a level of customization to it here where you can include certain CVE levels whether or not it's got flags such as no next point or security rules and then you can create your own PDF report based out of here. And now we're running out of time so super quick compliance looks at regulatory compliance. This is your things like your PCI your HIPAA so you can compare your systems against any of those regulatory compliance. This is probably one of the most full featured open SCAP reporting compliance services that we have anywhere within Red Hat. The policy service allows you to create your own custom policies. So these are things is the firewall enabled. If somebody turns that firewall off let me know because our corporate policy says that things turned on or conversely do any systems have wire shark enabled. We don't allow that here like nobody sniffing our crap somebody puts a wire shark package on notify me you can create any of those kind of things here as well. And then patch do my systems need patch are there any advisories that are applicable to my systems. If I scroll down we do have the subscription service subscription management is a big pain for a lot of our customers. There's my demo. There's always somewhere along there where it's going to break what could possibly go wrong. This will go wrong. Yes. So within the subscription service we can we can tell you here like what subscriptions am I consuming. Hard refresh fix that and it will actually compare it to your subscription threshold. Look here on October 20th I'm using 19 public rail five virtualized rail no physical rail and I can again export this out. This makes subscription management easy. This is the number of sockets that I'm consuming. And I can even see which systems are you know consuming which socket and even in which public cloud so I can see that tower 383 is in public cloud. It's an AWS it's using one socket and then another beta service we've got is resource optimization. This is letting me know about the systems that are on the public cloud and are they oversized are they undersized are they idling. So this one is in public beta. Very nice. And finally, if you're interested in this one we've we just spent all our time on rail and we didn't even mean to you want to know how to register your systems to red hat to insights. You can go right in here and there's a pretty much a guided step by step choose your own adventure of what version of rail. How do you want to manage the systems and do you want to use something like an ansible playbook to register them. So that's all right there within the UI. And we only touched on rail and I want to make sure that what's what's hasten hasten in these last few minutes to delve into. Oh, I don't know maybe open shift. Yeah, we'll hit up open shift real quick. I do want to highlight I mentioned the advisor service is coming up. I am in beta. So this is a reminder that I'm in beta. So if you're not in beta you will not see some of the things that I have on the left hand navigation. So here I've got the list of all of my open shift clusters. Let me see here I need to search for my. Cluster, I believe it is. So if I go into my ACM hub for TMM within the context of the cluster, I could see a few different things here such as under monitoring. I've detected an issue. So this is part of our remote health checks. We've got high individual control plane CPU going on. And then within the insights advisor service. I can see a couple different issues that insights has found for this particular cluster. We got workloads using deprecated APIs. We've got a system memory issue here. We've exceeded 90% of the reservation and then we've got some Prometheus data. So if I click into any one of these again, view T details and remediation steps. So I can see how to remediate and the reason that we've encountered this issue. So which nodes it's on. So this is that same feel of the advisor service all within the open shift context. Now again, I'm in beta. The next thing I'm going to do is not going to work and that's expected because I'm in beta. What we're trying to do is up level all of these advisor findings. So you don't have to go into each individual cluster and then click the advisor tab. We're trying to bring this into the left hand navigation bar. So we've got advisor listed right here. So if I go into advisor, what we want to see in the future is all the recommendations listed the way that I showed you in rel right now. It's not going to work. It's not done. So this might be the first time that we've had a demo that didn't work, but we intended that. Yes. Just this one was on purpose. And that's because the demo we know exactly what's going to go wrong. Yes, it worked in not working. Exactly. If it had actually worked, that would have messed you up. That would have been train wrecked. Yes, I would not known what to do. So yeah, these two aren't working yet, but we just want to highlight that what we're trying to do here is take all of these findings from the advisor service for open shift. Bring those up and make them easier to consume. If you weren't in the beta context, you would not see this on the left hand nav bar. But since I am, you do. We also have a subscription service here, much like the one that I showed you on the rel end. So it's a little bit different because rel only count sockets. Open shift can count either sockets or cores, depending on your particular subscription. So what I'm doing here, I'm going to, I've got a ton of subscriptions. I'm not consuming anywhere near what I have. So I'm going to remove the subscription threshold and then we can get a better feel for what I'm consuming. So on October 23rd, 31 cores today, 17 cores. And we can change this to a quarterly graph, a monthly graph. So again, this just makes it a lot easier to track your utilization of your subscriptions within Red Hat. The cost management service is another one we got. This one is specific to open shift. I think we're probably going to bring it to rel in the future, but this is, hey, you're using this thing in the public cloud. What's it costing me? Where are my costs? Where are they today? Where are they forecasted to be? So you can see a lot of this information within the cost management tool. So this particular open shift cluster so far has cost me $127.89, but we're only in the third day of the month. So if I forecast that forward to the end of the month based off of previous usage, I'm expecting it to cost me somewhere around $3,300 during the course of the month. Well, yeah, and forecasting costs is actually something that's an ongoing challenge. And so to know that you've actually got it encapsulated like this becomes something that makes life a lot easier for someone somewhere. And again, it's all included in your existing open shift subscription. All right. Well, with that, I think unless you have some more demos you want to show that don't work. I think I've used all the ones that don't work. Well, John, thank you so much for coming and talking to us today. This has been incredibly informative. I'd say I certainly learned a lot about insights that I didn't know previously and hopefully all of our viewers have as well. Stabby, any closing thoughts or comments? Hearing none. Great. All right. Well, again, everybody, like, subscribe and share and join us on the next level up our thanks all.