-
Epic
-
Resolution: Done
-
Major
-
None
-
None
-
None
Configuration Management Cloud Service
(based on ACM GRC)
Feature Overview
- Provided a turnkey cloud service offering at console.redhat.com for a Red Hat Configuration Management across connected OpenShift clusters.
- Provide a seamless experience between console.redhat.com that accumulates personalization data about a customer’s connected clusters.
- Enable the customer to define cluster configurations, eg "the bucket of day2", as policy defined YAML.
- Enable the customer to leverage existing policy YAML preferably contained within a code version repository, eg Git/Bitbucket, or a simple import from an Objectstore.
- Provide a compliance dashboard that can read the current state of the fleet and compare it to the desired state of the configuration management policy defined YAML.
- Incorporate popular integrations from ACS, partners and ISVs.
Goals
- Support the release process required for SaaS with the CICD infrastructure. See Getting to CICD for SaaS
- Implement the integration of importing connected clusters to cloud.redhat.com as described in Vision for Red Hat Hybrid Cloud Management Approach
- Deliver first customers with targeted beta program for SaaS RHACM.
- Deliver integrated experience for all customers using RHACM to easily tie into services from cloud.redhat.com.
Requirements
- Launch the cloud service to market.
- Establish continuous delivery cadence in CI/CD
- 99.9% uptime for the service.
- SOC2 compliance at a min.
(Optional) Use Cases
Given ACS is already planning a cloud service, we want this integrated user experience 1. come to cloud.redhat and request to provision an instance of compliance cloud service for their use 2. logon to this compliance service and either provision managed OCP clusters OR import existing managed OCP clusters 3. start deploying policies to managed clusters to operate it in desired config state - one approach is to use this step 3 to deploy ACS agents as well as policies enforced by these ACS agents 4. from the compliance UI view the overall policy posture for all managed clusters (this could use ACM and ACS API under the covers) 5. The policy authoring UI need to support both the ACM policy format and ACS policy format
Questions to answer…
- Can we leverage existing compliance standards for cloud dot and provided additive/delta controls.
Out of Scope
- SRE resources will be staffed out of the cloud dot team
Background, and strategic fit
New business models and hybrid services is one of RH's strategic initiatives. By defining value add services, we can differentiate when compared to hyper scale clouds where we can offer a blend of a customer managed control plane with managed services that allows a customer to accelerate their cloud journey without giving up control.
Assumptions
- ...
Customer Considerations
- Customer is able to leverage value add SaaS services that compliment the on-premises control plane.
- Provides differentiated "point of control" aspects that address the security requirements while giving a transition to the convenience provided in SaaS.
Documentation Considerations
- Full documentation for Managed Services
- is blocked by
-
CMCS-25 Deliver a prototype of GRC Policy based configuration management into console.rh.c (HAC)
- In Progress
-
PD-1158 Research on how Compliance Operator works on OCP & ACM
- Closed
- is related to
-
CMCS-12 Provide a list of available clusters to manage
- To Do
-
CMCS-14 Provide a minimal git repository
- To Do
-
CMCS-15 Bring your own git repository
- To Do
-
CMCS-16 Provide sample policies for configuration management
- To Do
-
CMCS-17 Provide PolicySets for collections of policies
- To Do
-
CMCS-18 Provide visualizations of fleet compliance
- To Do
-
CMCS-19 Provide compliance trend information to the user
- To Do
-
CMCS-20 Provide alerts from non-compliances
- To Do
-
CMCS-21 RBAC for console.rh users
- To Do
-
CMCS-22 [SPIKE] Understand multi tenancy in console.rh
- To Do
-
CMCS-23 [SPIKE] Dynamic plugins
- To Do