Red Hat is pushing forward its efforts to bring Docker container applications into enterprise deployments by providing new programs that aim to help developers and partners build and deploy containerized applications.
Red Hat was one of the first big vendors to back the open-source Docker container application virtualization effort, and started its initiative to enable certified containers in March 2014. The announcement is about the delivery of the certification via the Red Hat Connect for Technology Partners program, according to Subhendu Ghosh, senior technology product manager at Red Hat.
The partner program is the initial way in which Red Hat engages with independent software vendors (ISVs) for various technology segments, including OpenStack, containers and Red Hat Enterprise Linux, he said.
“The Container Zone within Red Hat Connect is the specific vehicle for ISVs to work with us,” Ghosh said. “Within this zone, ISVs are provided the tools required to build these containers and also the certification tools and services to actually achieve Red Hat container certification.”
Certification is an important mark of authenticity and security that confirms that a specific containerized application is secure, is free of known vulnerabilities, is unmodified, draws from known content sources and works as intended on Red Hat infrastructure, Ghosh said.
Red Hat already certifies ISV applications to run on Red Hat Enterprise Linux (RHEL) and maintains the existing certification criteria for Red Hat Enterprise Linux ISV apps for the certified container apps, Ghosh said. With certified containers, ISVs can include more than one application or tool inside a given container, he added.
Additionally, Red Hat will inspect the container to verify that a RHEL platform image is used as the starting layer, the platform hasn’t been tampered with and the container does not incorporate any platform packages that contain known vulnerabilities.
“Once these criteria are met, Red Hat will sign the container’s layers with Red Hat’s signing key, finalizing the certification process,” Ghosh said.
Security can often be a moving target, with new vulnerabilities regularly being discovered in existing software. Red Hat is aiming to make certified containers secure against known vulnerabilities and threats, Ghosh said. Essentially, the certification provides a proof point that a given containerized application is protected against a known litany of issues/threats/malware at that point in time, he added.
“As part of the Red Hat container certification, we will proactively notify our partners when there are updates to their Red Hat Enterprise Linux dependent packages or layers so that they can keep their images up to date,” Ghosh said. “A particular emphasis is placed on security updates so that partners can provide security updates to certified containers as soon as new threats are identified.”
In addition to the container certification effort, Red Hat is also making a container development kit (CDK) available to its partners. Currently the Red Hat CDK is only available to ISVs through Red Hat Connect for Technology Partners, according to Ghosh. The company is looking at making the collection of tools available to the wider development community.
Looking inside the CDK, Ghosh said that it includes Red Hat Enterprise Linux images, developer tools, Vagrant files and plug-ins, and documentation. Vagrant is a popular open-source tool for building development environments.
“Rather than starting from scratch, developers using Windows, Mac, and Fedora and other Linux distributions can take advantage of pre-configured images and pre-tested Vagrant files to make installing Red Hat Enterprise Linux containers and developing container-based applications as quick and easy as possible,” Ghosh said.
Currently, one of the primary places for Docker container users to find applications containers is on the Docker Hub public registry. Red Hat is now set to add another option with the new Red Hat Container Registry.
“There are a plethora of other registries/repositories to draw free container images from, but these do not house Red Hat certified containers,” Ghosh said.
In contrast, Ghosh emphasized that the Red Hat container registry will only host certified and supported containerized applications.
“Our ultimate goal with our registry is to provide a central location for container images that are supported, secure and certified to run on Red Hat infrastructure,” Ghosh said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
