►
Description
A show that features the people and technology that make Red Hat Enterprise Linux into the the world’s leading enterprise Linux platform.
A
Good
morning,
good
afternoon,
good
evening,
wherever
you're
hailing
from
welcome
to
another
episode
of
red
hat
enterprise,
linux
presents
here
on
openshift
tv,
I
am
chris
short
executive
producer
of
openshift
tv.
You
notice.
There
are
two
people
here
today.
They
both
have
white
or
taupe-ish
backgrounds,
but
one
of
them
happens
to
be
my
good
friend,
john
spanx,
scott.
It's
your
show
I'll.
Let
you
do
all
the
introductions,
but
there
I'll
I'll,
save
a
story
for
after
that.
B
Oh
good
good
to
know
that
there's
history
and
stories
to
go
along
with
that.
A
B
C
Yeah,
as
mentioned,
I
handle
several
products
within
the
management
business
unit.
We
work
a
lot
with
our
friends
over
the
ansible
side
for
any
sort
of
automation,
but
the
primary
model
that
we
work
in
is
the
products
I
work
with
help
to
manage
rel.
So
I
focus
primarily
on
red
hat
insights,
red
hat,
smart
management
and
that
smart
management
subscription
includes
red
hat
satellite.
So
all
those
little
bits
and
bobbles
are
my
day-to-day
life
and
we're
happy
to
talk
a
little
bit
about
all
the
ways
that
our
product
helps
us
support
your
product.
B
Nice
well
welcome,
yes,
indeed,
so
for
those
people
who
haven't
looked
at
red
hat
insights
for
a
while
concurrent
with
the
rel
8.3
launch,
there
was
a
really
significant
expansion
of
what
was
made
available
as
part
of
insights.
C
We'll
do
we'll
do
history
hour
with
red
hat
insights,
because
there's
a
lot
that
goes
on
in
that
space.
I
was
just
thinking,
I'm
like
wow
summit
last
year
that
almost
a
year
ago,
there's
been
a
lot.
That's
happened
since
then,
so
I'm
actually
going
to
go
back
a
little
bit
past.
That
is,
we've
had
a
product
out.
There
called
red
hat
insights.
C
It's
actually
been
around
now,
for
I
think
around
six
years
and
its
original
goal
in
life
was
hey
when
you
call
up
red
hat
and
you
open
support
ticket,
there's
a
very
high
chance
that
we
already
know
about
the
issue
that
you've
hit.
I
think
the
number
as
we've
done
research
internally.
The
number
is
something
like
85
percent
of
all
customer
cases
like
another
customer
has
hit
it
already.
C
So
insights
was
originally
made
kind
of
like
what
you
might
have
with
your
your
storage
systems,
where
it's
got
a
call
home
functionality,
and
we
basically
say
if
we
detect
there's
an
issue.
We
can
tell
you
about
the
issue.
Hopefully
before
you
hit
it,
so
the
idea
is
predictive
analytics.
So
we
can
let
you
know
about
something.
That's
going
to
happen
as
well
as
prescriptive
analytics,
where
we
want
to
tell
you
how
to
fix
it
so
years
ago,
when
this
was
first
created,
it
cost
extra
money.
C
So
it
was
an
extra
thing
that
you
needed
to
buy
for
each
rel
host.
You
had
to
manage
that's
been
a
long
time
ago
for
now,
for
I
think
two
years,
the
way
that
insights
actually
works
is
it
is
part
of
your
rel
subscription.
So
anybody
that's
watching
this
right
now.
If
you
have
rel,
you
have
insights
and
that's
true
whether
it's
a
you
know,
rel
plus
smart
management,
premium
support
subscription
or
if
you've
got
one
of
the
new
developer
subscriptions.
C
C
Let's
just
predict
things,
and
we
said
what
else
do
people
really
want
to
do
with
the
rail
systems
and
it's
awareness
of
issues
that
may
happen
in
vulnerability
like
hey?
What
are
all
the
cves
that
are
present
in
my
environment?
Compliance
issues,
if
you
use
an
open,
scap
and
you've
gotta
adhere
to
hipaa.
You
know
how
do
my
systems
compare
to
you
know
hipaa
compliance
drift.
How
do
I
go
ahead
and
compare
system
a
that?
I
just
promoted
from
development
to
production,
to
system
b.
That's
been
running
in
production
for
six
months.
C
You
know,
compare
those
two
systems
together,
so
there's
a
lot
of
those
kind
of
capabilities
where
we've
gone
way
beyond
just
the
normal
hey.
These
are
things
that
we
detect
might
be
happening
in
your
environment,
whereas
we've
tried
to
make
it
a
full
suite
of
here's
all
the
things
that
you
can
do
with
managing
rel
from
wall
from
one
place.
So
if
you've
got
a
thousand
systems
all
registered
to
insights
or
more
from
one
single
console,
you
can
see
the
entire
impact
across
your
estate.
B
B
A
lot
of
these
features,
or
or
some
of
them
like
ce
reporting
or
update
reporting
that
was
built
into
satellite
and
has
been
in
red
hat
satellite
for
a
long
time.
But
now,
with
this
expansion
of
insights
customers
that
are
not
using
smart
management
and
therefore
not
satellite
can
also
leverage
these
features
if
they
register
their
systems.
With
with.
C
So
it's
been
around
yeah,
that's
one
of
the
older
stories
we
have
too
was
one
of
the
customers.
That's
been
using
it
for
a
really
long
time
and
they
were
they
were
trying
out
insights
and,
at
the
same
time
that
they
were
going
through
the
evaluation.
They
they
had
cases
open
with
red
hat.
They
had
cases
open
with
oracle
because
their
their
rac
database
just
was
having
issues.
It
was
mostly
performance
issues
but
they're
like
hey
what?
C
How
do
we
fix
these
things
and
they
were
going
through
the
support
processes,
and
it
was
kind
of
I
was
not
involved
in
these
cases.
So
I'm
hearing
this
story
secondhand
for
for
this
part
of
it,
but
you
know
it
was
a
lot
of
back
and
forth.
Try
this
try
that
and
the
account
rep
was
like
hey.
Let's,
let's
get
this
insights
thing
a
try
and
just
see
what
it
finds
and
we
hook
it
up,
configure
it
and
it
finds
a
total
of
10
issues
and
they're
kind
of
across
all
different
areas.
C
C
Nowadays
we
look
at
hypervisors,
we
look
at
cloud-based
services,
so
if
you're
running
on
aws
or
azure,
you
know
we
have
recommendations
available
for
those
environments
as
well,
but
for
this
particular
issue
they
found
10
different
problems
between
rel
and
oracle
and
when
they
fix
that
set
of
issues
and
part
of
what
insights
does
is
it
will
detect
the
issues
for
you
and
then
it
recommends
how
to
fix
it.
It
actually
generates
an
ansible
playbook
for
you,
so
they
just
went
in
click.
Click
click
generate
playbook
fix
the
issues.
C
As
wonderful
as
rel
is
like
you,
don't
run
rel
just
because
you're
like
hey,
I
want
to
run
rail
like
let's
go
run
rail
like
you've,
got
a
business
workload
that
you
depend
upon,
and
you
want
to
make
sure
that
that's
running
at
its
peak
and
that's
kind
of
what
happened
in
this
case.
We
had
another
one
that
you
may
not
have
heard
about
chris.
This
is
a
newer
one.
A
tam
told
me
about,
as
they
were
working
with
one
of
their
customers.
They
were
evaluating
insights
and
customers
like
dude.
C
I
think
your
software's
broken.
What
do
you
mean?
It's
like
it's
telling
me
that
there's
a
bonding
problem
and
we
don't
use
network
bonding
here.
So
this
is
obviously
just
a
fluke.
Well,
you
know
we're
detecting
this.
For
a
reason,
let's
look
into
it
a
little
bit
more
and
come
to
find
out
that
one
of
the
admins
fat
fingered,
a
nmcli
command,
partially
enabled
network
bonding
and
had
they
not
run
insights,
they
never
would
have
even
known
about
this
thing.
C
B
So
you're
telling
us
about
advisor,
and
then
we
talked
about
some
of
the
additional
tools,
so
I
know
that
you're
not
supposed
to
love
your
children
more
than
the
others,
but
in
this
case
which
child
do
you
love
the
most
john.
C
I'm
a
bad
one
to
ask
for
favorite
songs.
I
don't
I
don't
pick
a
lot
of
favorites
in
life,
but
if
you
really
think
about
the
reason
that
most
people
choose
a
favorite
anything,
be
it
a
favorite
child,
a
favorite
peeps
topping
a
favorite
service
within
insights,
they're,
choosing
it
because
it
it
meets
a
need.
It
builds
a
comfort
it.
It
fills
a
hole
in
their
life.
So
I
think
for
insights.
C
There
are
a
number
of
services
now
and
it's
depends
on
what
your
need
is.
So
I'm
going
to
list
through
the
services
we
have,
we
have
advisor,
which
is
the
service
that
tells
you
about
recommended
issues.
It
tells
you
about
best
practices,
it's
the
one
that
original
prescriptive
predictive
one
I
was
talking
about
earlier,
there's
also
vulnerability
which
handles
you
know
all
the
cves.
So
it
lets
you
know
about
any
cve,
that's
impacting
within
your
real
estate,
compliance
openscap
type,
compliance,
hipaa,
pci,
dss
patch.
What
patches
are
applicable
drift?
C
A
newer
one
is
policies
where
we
basically
say
I
want
to
create
my
own
internal
requirements,
and
that
could
be
something
like
we
don't
allow
wireshark
like
period
if
wireshark's
installed
in
the
system
like
I
want
to
be
flagged
to
know
about
it
or
a
more
common
one
may
be
like
leave
the
firewall
on.
If
somebody
turns
a
firewall
off
alert
me
because
they've
done
a
bad
thing
right
and
by.
C
And
then
we've
got
a
subscription
watch
or
subscriptions,
which
is
just
keeps
track
of
your
subscription
utilization
within
red
hats.
If
you
have
no
idea
how
many
rel
or
openshift
subscriptions
that
you're
consuming
it
keeps
track
of
that
information
for
you
so
out
of
that
big
long
list,
I'd
say
probably
the
two
I
like
to
show
the
most
frequently
are
vulnerability,
because
everybody
cares
about
cves.
They
care
about
security,
even
for
customers.
That
already
have
you
know
you
may
be
thinking.
I've
got
qolsys.
I've
got
nexus.
I've
got
a
security
scanner
already,
don't
care.
C
What
we
hear
from
a
lot
of
folks
is
a
lot
of
times.
A
security
team
will
run
that
audit
they'll
run
that
scan,
and
then
they
go
to
the
sys
admin
and
say
here's
our
big
list
of
issues
that
we've
detected
prove
they're,
real
or
disprove
that
they're
real
right.
So
by
having
this
vulnerability
service,
we
can
go
through
and
say.
C
B
That
says
cve123,
but
red
hat
hasn't,
mitigated
against
it
and
so
vulnerability
will
show
it
yet.
But
the
red
hat
yeah
product
security
portal.
Will
you
put
that
in
there
and
it
will
tell
you
whether
it's
remediated
or
not?
And
if
it
is
remediated,
then
you
can
go
to
the
vulnerability
service
and
see
it
crucial
population.
B
Many
ways
I
do
want
to
plug
one
other
resource.
That's
coming
up
next
week
so
next
week
there
is
a
red
hat
events
webinar
with
product
security,
specifically
krobe,
on
how
we
grade
cves
and
vulnerabilities
and
the
work
that
we
do
to
work
with,
like
mitre
and
other
entities
to
make
sure
that
we're
in
sync
about
what
that
is.
B
So,
if
you're
interested
in
how
red
hat
grades
vulnerabilities
and
how
that's
different
from,
or
maybe
different
from
what
you're
seeing
from
different
data
sources
next
week
february,
17th
there's
a
webinar,
you
can
find
it
on
the
red
hat
events
page
with
krobe,
okay,.
C
And
then
part
of
that,
I'm
sure
they're
going
to
talk
about
the
customer
security
and
awareness
program
where
they
create
something
they
call
security
rules
for
particular
cves,
where
they
actually
go
a
little
bit
more
in
depth.
And
it's
not
just
hey
what
information
does
mitre
publish
about
it
or
it
actually
goes
in
and
says
hey,
particular
to
rel.
Here's
some
additional
impacts
that
you
might
not
know
about.
Here's
some
related
cves
that
this
might
affect
those
security
rules,
are
highlighted
on
red
hat
site
they're
also
highlighted
within
insights
itself.
B
So
now
that
I've
nitpicked
on
vulnerability
a
little
bit,
I
did
also
want
to
like
talk
a
little
bit
about
compliance
because
in
terms
of
children,
I
love
in
insights
world,
like
I
I'm
an
uncle,
so
I
get
to
choose
which
ones
I
like
the
most.
C
B
Well,
I
like
compliance,
because
for
a
lot
of
those
regulated
industries
like
healthcare
for.
B
Well,
for
a
number
of
years,
we've
offered
openscap
scanning
tools,
but
it
produced
the
reports
locally
on
the
box,
and
then
you
had
to
like
do
that
on
every
single
box.
And
then
you
had
to
get
the
results
somehow,
and
I
think
that
the
compliance
tool
offered
through
insights
gives,
like
a
great
population,
wide
view
without
having
to
go
out
and
touch
every
single
box
to
get
the
individual
box
view.
C
There's
also
some
some
other
really
cool
things
that
the
compliance
service
does.
So
we
will
go
ahead
and
dig
into
this.
One
is
so
the
compliance
service,
one
of
the
nice
things
about
it
is
it
creates
the
compliance
policy
through
cloud.redhead.com
itself
right
through
insights.
So
if
you're
going
to
go
in,
you
know
you're
going
to
create
a
diesel
stag
or
you're
going
to
use
the
standard
system
security
guide,
you
go
into
compliance,
you
click
new
policy.
C
It
gives
you
the
option
to
do
some
level
of
tailoring
right
there
within
insights.
You
don't
have
to
go,
dig
out
to
scap
workbench
or
anything
like
that.
You
can
customize
that
policy
right
inside
of
insights.
It
doesn't
do
direct
rule
editing
of
like
the
in-depth
values
yet,
but
it
does
allow
you
to
disable
certain
rules
that
don't
seem
important
to
you
or
if
they
don't
matter
to
your
organization,
you
can
unselect
those
rules
or
you
can
add
additional
rules
that
are
just
part
of
the
ssg.
C
That
may
not
originally
been
part
of
that
policy
from
there.
You
then
select
the
host
that
you
want
to
apply
the
policy
to,
and
then
you
get
all
your
centralized
reporting
right
inside
of
insight.
So
it's
like
it's
not
just
go
to
host
a
and
look
at
the
pci
results
for
host
a
and
then
go
to
host
b
and
look
at
host
b.
You
can
look
at
it
from
that
policy
level
and
say
I
care
about
pci
compliance
across
my
entire
estate.
C
What
is
my
percentage
passing
and
failing
across
all
my
rel
and
then,
which
particular
rules
aren't
being
passed
right
now
and
hey
just
like
for
the
remediation
there's
ansible
playbooks
in
there
to
resolve
those
issues
as
well?
Not
all
of
them
a
little
bit
less
for
compliance
than
it
is
for
like
vulnerability
or
advisor
just
due
to
the
nature
of
what
it
is,
but
for
still
a
lot
of
these
issues,
we
generate
that
playbook
for
you
all
you
gotta
do
is
run
it.
B
You
can
choose
not
to
apply
a
piece
of
guidance
as
long
as
you
document,
why
you're
not
applying
it
and
have
approval
of
not
applying
it
right
and
so
having
having
the
ability
to
do
that,
so
that
you're
not
constantly
looking
at
a
dashboard,
that's
all
yellow
or
all
red,
and
you
expect
it
to
be
all
yellow
or
all
red
like
that.
B
That's
where
do
you
find
the
things
that
are
broken
if
it's
all
broken
right,
yeah,
so
being
able
to
turn
that
off
so
that
you
can
really
concentrate
on
those
issues
that
become
more
critical
is
is
key
to
any
tool.
C
And
there's
a
couple
pieces
of
that
that
we've
took
taken
into
insights
as
well.
You
know,
generally
speaking,
a
lot
of
customers
that
have
these
compliance
issues.
They
know
they're
not
going
to
get
a
100
passing
rate
if
you're,
using
like
the
full
you're,
not
modifying
pci
or
you're,
not
modifying
hipaa.
You
know,
because
you
have
to
run
your
business
on
a
computer.
You
know
that
you're
not
going
to
get
100
compliance,
so
we
allow
at
a
policy
level
you
to
say
hey.
C
I
do
expect,
though,
that
my
baseline
is
somewhere
around
like
90
percent
or
95,
and
if
I
exceed
that
threshold
alert
me
like,
let
me
know-
and
so
we
can
say,
95
is
probably
considered
passing
for
us.
You
can
still
delve
down
into
the
individual
systems
if
you
want
to,
but
it
doesn't
show
up
on
your
dashboard
as
a
giant
failure
just
because
there's
a
rule
in
there
that
you
haven't
managed
to
adhere
to
yet.
A
B
Yeah,
it's
been
a
draft
for
for
a
while
yeah.
B
C
Yeah
there's
another
thing
with
compliance
that
a
lot
of
people
just
simply
aren't
aware
of,
and
it's
that
the
the
ssg
version
is
actually
fairly
well
tied
to
the
version
of
rel
that
you're
running
and
that's
not
a
widely
known
thing.
So,
if
you,
if
you're
just
you
go,
do
a
yum
update,
you're
running
a
little
bit
older
rail
box,
you're
running
like
a
rel,
you
know
7,
7
or
something
you
just
go,
do
a
yum
update
and
that
updates
your
security
guide
to
the
latest.
C
So
now,
that's
I
think
in
the
rel
docs
I
know
what's
in
the
inside
stocks,
because
the
compliance
team
within
insights
went
through
an
absolute
ton
of
work
to
try
to
map
those
together
and
get
a
nice
table
in
place.
So
insights
will
let
you
know
if
you're
out
of
compliance
with
the
version
of
ssg,
that's
on
the
host
compared
to
the
version
of
rail.
C
Yeah
there's
two
components
that
the
insights
compliance
service
needs
and
one
is
openscap
needs
to
be
installed
and
then
the
other
is
the
ssg,
the
real
security
guide,
so
those
two
components
get
installed
along
with
insights
and
insights
itself,
even
though
we
haven't
mentioned
it.
If
you're
rel7,
it's
two
commands
and
if
you're
rail,
eight
it's
one
so
we've
we've
made
the
effort,
fifty
percent
less
in
rel
eight
just
so
you
have
a
better
experience
and
that's
just
yum
install
insights,
client.
C
We
need
that
stuff,
but
basically
what
we're
looking
at
is
system
facts
in
terms
of
sizing
and
upload.
Last
time
I
ran
the
stats,
I
think
an
average
upload
was
384
k
wow.
So
I
mean
it's
tiny
in
scope
and
it's
really
important
to
note
that
you
have
100
control
of
anything
sent
to
red
hat.
So,
if
you,
if
you
say,
hey
ip
addresses
and
host
names,
not
allowed
to
leave
my
property
full,
stop
easy
like
it's,
it's
actually
those
two
ip
address
and
host
names.
C
There's
a
yaml
style
deny
list
that
you
can
put
into
place
where
you
can
put
certain
terms
in
and
it
will
actually
go
through
the
collection,
it'll
pull
any
references
to
any
of
that
kind
of
information.
That's
awesome.
There
is,
and
chris
I
think,
you've
got
a
link
to
the
rel
security.
Sorry,
the
insights
security
page,
that's
cloud.redhead.com,
security
insights,
that
is
the
one-stop
shop
that
we
put
together.
C
It's
our
model
of
a
trust
page
where
essentially,
that
tells
you
everything
that
we
do
with
data
and
insights,
and
it
also
has
a
link
to
our
insights
faq,
so
that
has
a
ton
of
information
in
it.
So
yeah
this.
It
should
not
be
scary.
I
think
that's
the
number
one
blocker.
I
had
a
customer
call
earlier
today
with
a
group
of
customers,
our
red
hat
accelerator,
team,
who's,
they're
internal
advocates
for
red
hat,
so
they're
they're.
C
I
said
internal
they're
customer
advocates
for
red
hat
where
they
go
through
and
essentially
they
get
updates
on
what
goes
on
and
we
have
them
in.
I
think
pretty
much
all
geographies
in
many
countries
and
some
of
them
are
like
hey.
You
know
I'm
in
I'm
in
europe.
I
can't
use
insights
yeah.
Oh
really,
you
can't.
I
need
to
go
talk
to
my
german
banking
customer,
that's
actively
using
insights
and
see
how
they
did
it
because
yeah
we've
we
do
have
people
for
insights
in,
I
think
all
geos.
C
Definitely
all
geos,
I
can't
say
all
countries
for
matter
of
fact,
and
probably
a
lot
of
people
exactly
exactly
like.
I
haven't
run
that
stat,
but
definitely
all
all
industries,
all
kind
of
all
geographies
are
using
insights,
so
we
do
not
target
personally
identifiable
information.
I
did
have
one
customer
challenge
us
on
this
and
they
were
like
you.
You
gathered
my
company
name
and
in
my
country,
that's
considered
personally
identifiable
information
right.
Well,
that's
that's
odd.
C
We
shouldn't
have
done
that
like
can
we
can
we
get
on
a
call
with
you
and
look
at
this
and
figure
out
what
happened
turns
out
that
somebody
had
created
a
service
with
the
name
of
the
company
and
when
we
gathered
the
system
facts
for
running
services,
we
gathered
the
name
of
that
service,
which
happened
to
be
the
company
name.
That
would
just.
C
I
mean
that
would
be
all
over
the
place
exactly
so
that's
when
that
deny
list
came
into
you
know
like
rather
than
just
saying,
hey
you
guys
messed
up.
You
know
if
you,
if
you're,
really
that
particular
about
it
use
this
deny
list,
it
will
it'll
script.
The
information
it'll
validate
that
it's
not
in
there
and
you
can
create
like
if
you're,
if
you're
concerned
about
this
you're
security,
conscious
as
you
should
be,
you
can
create
an
insights
collection
without
sending
us
any
data
at
all.
C
C
The
only
time
that
we
get
kind
of
sizable
uploads
is,
if
you
are
using
compliance,
because
the
compliance
report
itself
gets
sent
as
a
payload
component
that
takes
the
size
and
blows
it
up
a
little
bit
because
they
send
that
report
on
to
insights.
That's
the
only
time
it
really
gets
sizable,
but
it's
packaged
in
an
envelope.
So
it's
not
like
you're
sending
xml
files
over.
You
know
over
the
wire
all
right.
B
C
The
second
one
is
drift.
Drift
is
got
a
few
different
capabilities,
but
it's
reason
in
life
is
really
it
worked
in
development.
It
doesn't
work
in
production,
but
the
systems
are
exactly
the
same.
Are
they
let's
check?
So
what
drift
allows
you
to
do
is
first
of
all,
you
can
create
a
baseline
and
you
can
create
a
baseline,
a
number
of
ways.
You
can
do
it
completely
from
scratch.
Where
you
say
I
want
to
self-define
every
system
fact
and
we're
going
to
compare
those
facts
to
the
collection
that
insights
get
so
it
could
be
architecture.
C
So
is
this
x86?
It
could
be
your
kernel
version.
It
could
be
version
of
sap,
so
you
can
define
those
manually
which
is
really
interesting.
If
you're
only
interested
in
a
subset
of
facts,
you're
hey
identify
for
me
everything,
that's
running,
rel8.08.1
or
8.2.
You
know
you
can
do
it
that
way.
So
I
want
to
know
about
these
another
way
to
do
it
is
you
can
take
an
existing
system
and
you
can
create
a
baseline
from
it
and
that's
the
way.
C
C
Efficient
yeah,
so
you
take
it.
Maybe
you
got
a
gold
image
going
on.
You
got
a
gold
image.
You
run
it
into
insights,
you
make
sure
that
everything's
working
properly
and
then
from
that
gold
image.
Okay,
now
this
is
this
is
the
blessed
image
that
we're
going
to
be
creating
machines
off
of
from
now
on,
create
a
baseline
from
that
image,
and
then
all
you
really
need
to
do.
Is
you
want
to
delete
the
things
that
wouldn't
be
unique?
C
So
you
would
want
to
delete
the
mac
address
because
nobody
else
should
have
the
same
mac
address.
Nobody
else
should
have
the
same
ip
address
if
you're
gathering
that
type
of
information,
so
a
little
bit
of
manipulation
of
the
facts
that
are
connected
and
you
got
a
baseline,
usually
takes
me
like
less
than
five
minutes
once
you
have
that
baseline,
you
can
compare
systems
to
it.
C
So
if
you've
got
a
system
that
maybe
it
was
running
perfectly
fine
last
week
and
this
week
it's
just
not
running
right,
you
can
compare
it
to
the
baseline
and
see
what's
changed.
You
can
also
run
it
to
historical
system
profiles.
We
can
go
back.
Seven
days
with
insights,
because
we
don't
keep
insights
data
for
very
long
maximum
today
is
two
weeks
that
we
keep
insights.
Data
drift
can
only
go
back
one
week,
so
you
can
go
back
and
say
you
know
this.
C
C
That
guy
so
just
being
able
to
have
those
and
any
of
this
information
you
can
export
it
out
into
a
csv
file,
a
json.
So
you
can
capture
these
real,
quick
and
even
though
I've
talked
about
using
the
the
gui
and
using
cloud.redhead.com,
everything
in
insights
is
fully
backed
by
apis.
So,
if
you're
getting
really
massive
comparisons,
you
probably
want
to
pull
that
from
an
api
anyway,
not
from
within
that
ui.
C
But
drift
is
really
cool
because
it
has
some
of
these
features.
It
gives
you
a
good
feeling
of
the
facts
that
are
collected
by
insight.
So
if
you
like
for
sap,
for
example,
like
we
capture
the
sid,
we
capture
the
sap
version
and
several
other
sap
specific
facts.
If
you
get
a
good
handle
of
the
facts
that
we're
looking
at,
it
makes
it
a
lot
easier
to
go
into
another
service
like
policies
and
create
your
own
custom
policy,
which
is
based
off
the
facts
we
collect.
B
So
you
said,
you
talked
about
everything
being
api
backed,
and
one
of
the
other
things
I
wanted
to
bring
up
is
that
the
insights
team
has
been
doing
a
ton
of
work
on
essentially
building
in
features
that
allow
you
to
operate
at
scale,
and
I
know
that
not
not
everyone
thinks
that
way.
Like
you
know,
sometimes
it's
like.
Oh
I've
got
five
things.
B
Let
me
just
go
out
and
ssh
these
five
boxes,
but
pretty
soon
you're,
like
100
or
a
thousand,
and
that
strategy
doesn't
work
anymore,
and
so
not
only
is
everything
api
based,
so
you
can
query
it
all
and
get
it
down
in
a
format
that
you
can
then
filter
further,
but
you
guys
have
put
in
things
like
tags
in
the
ui.
B
The
ability
to
export
reports
is
also
tremendous
because
you'll
have
somebody
that's
like
hey.
I
need
to
know
what
my
population
is
blah
blah
or
hey.
I'm
your
auditor
and
I
need
to
know
information
about
your
population
and
without
the
ability
to
export
that
stuff.
It's
like
what
do
you
do
right,
you'd
have
to
you'd,
have
to
copy
and
paste
and
make
a
doc
and,
like
all
kinds
of
other
ridiculous
things.
C
Yeah
one
of
the
things
that
you
know
you
kind
of
started
out
asking
about
the
big
change
we
made
at
summit
last
year,
but
we
made
it.
We
also
a
lot
like
our
other
products.
We
have
releases
every
six
months,
but
insights
is
sas
because
we're
putting
out
changes
almost
constantly.
I
swear
every
time
I
demo
insights.
I
find
something
new.
It's
usually
something
small
that
somebody
that
doesn't
use
it
as
often
as
I
do
probably
wouldn't
even
notice,
but
they're
changing
things
all
the
time.
They're
updating,
they're,
adding
new
features.
C
So
the
tagging
capability
that
you're
talking
about
it
really
went
into
effect
strongly
with
our
november
release.
That's
our
our
most
recent.
Our
next
one
will
probably
be
some
event
coming
up
here
in
a
couple
months
that
we
tend
to
align
releases
to.
But
the
the
tag
feature
is
really
nice,
because
I
can
go
in
and
say
hey.
I
just
want
to
see
my
systems.
I
just
want
to
see
sap
systems.
I
just
want
to
see
scott's
systems
and,
depending
on
how
they're
tagged,
you
can
go,
look
at
them.
C
C
Yet,
like
the
compliance
service
we
talked
about
earlier,
it
doesn't
yet
respect
that
filter,
but
it
will
very
soon
like
that's
something
that
they're
actively
working
on,
because
insights
is
pretty
large
in
scale
in
terms
of
the
number
of
services
and
teams
that
we
have
so
they're,
not
all
able
to
adopt
the
features
as
soon
as
they're
released.
We
have
to
release
them
at
the
platform
level
for
for
the
insights
platform,
and
then
the
services
have
to
adopt
them
and
somewhere,
depending
on
the
backlog,
just
a
little
faster
than
the
others
to
do
it.
C
Not
a
lot
of
people
know
about
it
and
then,
when
we
actually
surveyed
our
customer
bases,
we
did
a
survey
recently.
Anybody
that
had
opened
a
ticket
against
rel
red
hat
enterprise
linux
in
the
last
like
six
months
or
something
we
surveyed
like
you,
opened
a
support
case.
Did
you
use
insights
along
the
process
because
this
some
of
the
support
team
are
now
encouraging
use
because
it
can
proactively
detect
a
lot
of
these
things,
so
you
don't
have
to
call
support.
We
will
tell
you
about
it
and
we'll
tell
you
how
to
fix
it.
C
Still,
the
overwhelming
majority,
I
want
to
say
it
was
either
close
to,
or
over
50
percent
of
the
respondents
still
had
no
idea
what
insights
was.
So.
This
is
something
that
you
have
it's
part
of
the
value
of
your
existing
subscription.
It's
part
of
what
you
pay
red
hat.
4,
really
encourage
you
just
to
turn
this
on
use.
It
see
what
it
does.
It
adds
an
absolute
ton
of
value
and
I
do
want
to
add
one
more
thing
before
we
move
topics.
C
C
C
It
will,
by
default
proxy
all
of
the
information
that's
gathered
through
the
satellite,
so
you
don't
have
to
go
in
and
worry
about
each
host
individually
having
to
go
connect
or
opening
firewall
ports,
or
anything
like
that.
Satellite
is
already
your
trusted
single
point
of
contact
for
your
network
use
it.
It
uses
the
same
port.
You
don't
have
to
use
any
open
anything
new,
it
just
happens
over
port
443
and
it
just
converts
it
over.
You
know
sends
it
over
to
the
api
where
it
gets
really
cool
is
in
with
satellite
6.7.
C
So
again,
roughly
summit
a
year
ago,
we
introduced
a
feature
called
cloud
connector.
It's
part
of
the
smart
management
subscription,
so
only
satellite
users
today
can
use
this
and
what
it
does
is
create
a
websocket
between
cloud.redhat.com
and
your
satellite.
So,
as
you
find
these
issues,
we
detect
that
there's
there's
a
vulnerability,
there's
a
cd
out
there,
and
you
want
to
address
that
as
soon
as
possible.
You
have
your
estate
connected
through
your
satellite
click.
I
want
to
fix
this
click
create
a
playbook.
C
Click
run
the
playbook.
It
takes
that
playbook.
It
sends
it
onto
your
satellite
and
it
runs
it.
It
uses
your
capsule
infrastructure,
so
it
will
send
it
from
insights
to
satellite,
to
capsule
to
hosts
uses
ansible
remote
execution
on
the
host
and
runs
that
playbook.
For
you.
There
is,
of
course,
all
the
security
measures
are
in
place.
You
have
to
have
an
identified
user.
That's
allowed
to
do
that.
C
On
the
satellite
side,
you
have
to
have
an
identified
user,
that's
allowed
to
do
it,
the
cloud.red
hat
side
and
you
have
to
have
all
of
your
ssh
keys
in
place.
So,
basically,
if
you're
using
satellite,
the
only
additional
step
is
to
set
up
cloud
connector
and
identify
people
on
cloud.redhead.com
that
are
allowed
to
do
this.
B
Yeah
at
some
point,
we
probably
need
to
talk
a
little
bit
more
about
satellite.
Maybe
that's
a
future
episode,
so
I'm
going
to
just
go
ahead
and
share
my
screen
and
transition
over
to
demo
time.
So
john.
You
may
recall
this:
we
we
made
this
lab
together
and
I'm
I
think
today
I
think
after
this
show,
I'm
gonna
go
in
and
I'm
going
to
go
ahead
and
add
some
user
credentials.
B
So
we
talked
about
how
in
red
hat
enterprise,
linux
8
a
lot
of
builds
for
l8
will
have
insights
client
already
installed.
If
you
choose
to
do
an
app
base
install
and
that's
the
only
thing
you're
providing
it
is
not
part
of
that.
But
if
you
do
something
like
server
with
gui
and
some
of
the
other
pretty
common
builds,
it
will
be
there
automatically,
but
it's
a
a
yum
install.
It's
like
this
on
red
enterprise
like
seven
as
well
and
then
after
you've
got
it
installed.
C
And
as
you're
going
through
that
on
cloud.redhat.com
itself
under
insights,
there
is
a
register
systems
item
and
that
left-hand
menu
bar
of
insights
and
that's
actually
going
to
walk
you
through
all
these
steps,
and
it's
going
to
ask
you
a
little
bit
more
intelligent
questions
too,
like
hey.
If
you
want
to
do
this
at
scale
first,
it
asks
you
hey.
Are
you
using
subscription
manager
to
do
this
or
are
you
you
know
using
satellite
or
what's
your
what's
your
registration
methodology,
you
know,
how
do
you
want
to
deploy?
Do
you
want
to
do
it
singular?
C
B
So
I'm
going
to
log
into
the
insights
application
on
cloudredhat.com
in
just
a
second
and
so
to
find
this
box
because
they're
all
kind
of
randomly
generated,
I
needed
to
pull
up
the
host
name
for
it,
and
then
I
also
ran
insights
client
status.
This
will
just
report
whether
it's
registered
or
not,
and
we
can
see
that
our
registration
was
successful.
B
My.Redhat.Com
and
I've
I
logged
in
because
I
was
using
it
this
morning
in
a
webinar
that
I
was
doing
so
yay
here
in
the
red
hat
insights.
Tile
is
quick
links
to
the
individual
sub
applications
like
advisor,
which
would
tell
me
any
configuration
or
questionable
or
concerning
things
that
it
found
on
the
system
vulnerability.
We
talked
about
that's
your
security
updates
that
are
outstanding
compliance.
We
talked
about
and
these
others,
so
these
are
quick
links
to
it
and
if
you
just
hit
open,
I
think
it
takes
you
to
advisor.
B
Oh
no,
it
takes
you
to
the
dashboard,
so
this
is
also
newish,
where
it'll
actually
give
you
this
kind
of
snapshot
of.
What's
going
on
with
the
systems
that
you've
got
registered,
that
you
could
take
a
look
at
all
right,
so
let
me
go
to
advisor.
B
B
We
can
see
that
the
ssh
keep
alive
settings
are
something
that
can
cause
problems
and
it's
already
toggled
open.
So
it
tells
me
a
little
bit
more
about
what
the
issue
is
and
why
it
would
be
a
problem
and
then,
as
john
reflected
on
earlier,
here's,
what
we
could
do
to
apply
a
change
that
would
resolve
this
issue
right,
step-by-step
guidance.
B
B
So
this
is,
I
think,
sshd.
D
B
A
A
B
B
That
way,
I
don't
have
to
wait
for
the
already
scheduled
task
of
uploading
information.
I
can
just
do
it
right
now
and
what
I
should
find
is
when
I
return
back
over
to
the
insights
advisor
application
and
reload
it
that
that
should
no
longer
be
displayed
for
the
system.
Why
are
you
smiling
john
speaker,
give
him
the
concern.
B
B
Well,
do
you
remember
when,
when
dorito
was
on
a
couple
weeks
ago,
he
did
the
exact
same
thing
to
me.
He
just
watched
me
slowly.
B
C
So
while
that
runs
jump
back
over
to
the
tab,
real
quick
I'd
like
to
point
out
a
couple
things.
Yes,
sir
earlier
we
mentioned,
I
talked
about
the
customer
security
awareness
program.
I
mentioned
security
rules,
their
cves
that
we've
gone
and
done
a
little
bit
more
introspection
into
they're
notated.
Here
on
the
screen,
the
very
first
one
there
has
that
eyeball
icon
and
that
notates
a
security
rule
for
the
vulnerability
service.
So
that's
telling
us
that
that's
one
that
we've
gone
through
we've
done
a
little
bit
of
extra.
C
Looking
at
and
we've
added
some
more
contextual
information,
that's
important
to
rel.
I
also
want
to
point
out
all
the
way
to
the
right
there.
You
have
two
columns
business
risk
and
status,
so
our
severity
column
is
primarily
set
by
this.
The
information
that
we're
getting
from
the
databases
on
the
cve,
but
we
do
know
that,
while
we've
set
the
importance
of
severity,
it
might
not
be
important
as
important
to
your
business.
So
something
like
the
third
one
down
there
that's
listed
as
moderate,
maybe
to
your
business.
That's
a
really
really
critical
one.
C
C
But
that
works
too,
he
was
going
to
say,
click
it
itself,
but
yeah.
The
other
thing
that
we've
got
is
the
cve
status.
So
if
you
drop
down
on
the
status
menu,
one
of
the
things
that
we
can
do
here
is
actually
walk
you
through
the
entire
remediation
process
for
cves.
So
the
default
status
is
not
reviewed.
We
haven't
looked
at
this,
but
as
you
actually
go
through
the
point
of
fixing
this
across
your
estate,
you
can
put
in
there
hey.
C
Yeah,
either
way
yeah,
if
you
click
on
that,
that's
going
to
give
you
the
other
information
about
the
cve.
So
a
little
bit
more
detail
view
if
you're
used
to
looking
at
these
kind
of
rules
as
well,
we
put
in
the
cvss
vector
information.
So
if
you're
used
to
looking
at
them,
you
can
see
a
little
bit
more
up,
cvss
effect
3.0
vector
on
the
right.
So
you
can
see
from
there
that
your
attack
vector
is
network.
Your
attack
complexity
is
high.
B
Yeah-
and
it
also
gives
you
this
this
list
of
systems
that
are
registered
to
insights
that
have
this
outstanding
cd
for
them
so
yeah
I
I
was
called
in
a
panic
a
couple
weeks
ago
and
so
he's
like
we're.
Not
using.
Are
we
solar
winds?
Are
we
using
solarwinds?
B
C
Yeah
and
if
you
want
to
go
back
into
one
of
those
cvs
or
that
one
right,
there
is
fine
right
below
cves
there's
a
check
box
like
so
expose
exposed
systems,
click
the
check
box.
That's
on
the
left
of
name,
that's
going
to
select
every
system
that
has
that
cve
and
then
click
that
remediate
button.
C
C
What
this
is
doing
is
telling
you
what
action
we're
taking
in
this
case
we're
fixing
this
particular
cve.
What
the
resolution
is,
if
there's
a
reboot
required
and
the
number
of
systems
impacted,
go
ahead
and
click
create,
and
now
in
the
upper
right
you
get
that
hyperlink
tap
on
test
under
playbook
created.
C
I
want
to
click
it,
but
I
can't
quite-
and
this
is
where
I
was
talking
earlier-
you've
got
that
download
playbook
button.
So
if
you
hit
that
it's
going
to
pull
down
that
yaml
file,
it's
going
to
come
down
in
the
zip,
so
you
have
to
extract
it.
Yeah.
C
That
window,
so
that's
fine,
that's
fine,
don't
worry
about
it,
but
this
is
also
the
place
that
I
was
saying
earlier
that
we
create
that
playbook
for
you.
So
if
you
want
to
do
this
in
a
more
automated
fashion,
here's
how
and
if
you
also
have
that
smart
management
capability
you're
using
satellite,
you
configure
that
cloud
connector
and
that's
where
you
have
that
execute
playbook
button
notice.
It
was
great
out
there
yeah.
I
just
wanted
to
point
that
out.
We
were
waiting
for
those
to
finish
cool.
B
So
it
has
cleaned
up
some.
I
think
it's
still
processing
my
my
upload
of
data.
C
B
C
It
yeah
basically
in
a
short
amount
of
time,
you've
identified.
You
know
several
cdes
and
a
a
best
practice
recommendation
that
existed
on
this
brand
new
box
that
you
spun
up
and
you've
resolved
the
majority
of
them
here
in
just
a
few
quick
moments
and
you've
been
doing
it
manually,
but
you
can
use
that
playbook
method
and
create
that
playbook
and
and
pull
it
down.
Oh.
B
B
All
right
so
just
real,
quick
because
we're
almost
out
of
time
compliance
service.
So
on
this
box
we
don't
have
any
compliance
policies
set,
so
I
don't
have
any
systems
that
are
checking
in
with
that
data,
so
you
could
go
through
and
use
the
wizard
here
to
create
a
new
policy
patch.
B
Let's
take
a
look
at
this
one.
I
think
that
one's
going
to
be
empty
too,
because
I
just
did
a
yum
update
dash
y,
not
only
updating
my
not
only
updating
my
security
related
updates,
but
I
applied
all
the
updates.
So
there's
one
available.
B
I
do
I
love
enhancements,
it's
important
to
note
that
for
red
hat
enterprise,
linux
7,
we
have
essentially
stopped
producing
this
kind
of
update.
We
typically
will
now
only
produce
important
or
critical
security,
errata
updates
for
red
hat
enterprise
like
seven,
because
this
is
it's
in
maintenance
phase
two.
We
also
produce
critical
and
import
security
updates
for
route
six
if
you
are
using
an
extended
lifecycle,
support
add-on.
B
So
if
your
l6
plus
els,
you
can
get
those
but
we're
still
producing
the
full
gamut
of
buffex
enhancement
updates
for
rail
eight
and
before
you
know
it
we'll
be
doing
that
for
real
nine
as
well.
B
Yeah
so
drift
again,
I've
not
configured
any
baselines,
but
we
can
create
a
baseline,
oh
there's,
some
already
in
here
from
some
other
folks
that
have
tried
it
out
and
we
could
do
comparisons
between
boxes
so
and
then
the
playbook
that
john
had
me
create
to
replace
my
very
scot-esque
way
of
doing
things
is
down
here
in
remediations
right
there's
the
test
playbook
that
I
created.
A
C
Smart
management
is
a
standalone
add-in
for
the
rel,
if
you're
already
using
satellite,
take
a
close
look
into
cloud
connector,
because
that
allows
you
to
help
remediate
these
issues
simply
pretty
much
with
a
click
of
a
button
at
scale.
I
do
think
the
satellite
integration
here
is
really
really
tight.
It's
really
solid.
It's
getting
even
more
improved
in
future
releases,
so
there's
mostly
most
of
the
enhancements,
are
going
on
with
this
satellite
insights
integration.
C
On
the
back
end,
a
lot
of
the
engineers
are
either
cross-trained
or
report
up
through
the
same
chain.
So
there's
there's
really
good
work
there.
I
did
see
a
note
in
the
chat
about
the
integration
with
tower,
so
I
wanted
to
talk
a
minute
and
chat
about
that
within
the
satellite
ui
and
within
the
tower
ui.
There
is
an
insights,
menu
item
and
again
insights
has
been
around
for
a
long
time
and
the
word
insights
has
morphed
a
bit
because
it
used
to
just
be
the
service
that
we
now
know
advisor.
C
So,
if
you're
looking
at
insights
within
satellite
or
within
tower,
when
we
say
insights,
what
we
really
mean
is
the
advisor
service.
It's
just
that
one
service.
So
if
you're
inside
tower
you're
looking
at
a
host
from
a
host
context-
and
it's
showing
you
all
of
the
the
feature
all
of
the
recommendations
that
we
have
for
that
host,
that
particular
feature
from
my
understanding
and
I'm
not
on
the
ansible
team.
But
from
my
understanding
that
is
the
portion
that
is
being
deprecated
is
in
the
future
from
within
tower.
C
C
You
will
still
see
those
we're
actually
still
having
all
the
advisor
pieces
listed
within
satellite,
but
it's
just
advisor
all
of
these
other
services
aren't
being
listed
and
for
satellite,
it's
partially
because
we
have
other
ways
to
do
that
inside
of
like
vulnerability
compliance
patch,
all
pretty
much
already
built
in
and
functionality
of,
satellite
drift
is
not
in
satellite
and
it
was
in
an
older
satellite
five.
But
it's
not
there
today.
C
However,
within
tower
one
thing
you
still
can
do,
is
you
can
create
an
insight
sync
job
and
you
can
sync
up
any
playbooks,
like
we
just
created
that
one
remediation
playbook
for
this
job
we
created
in
cloud.redhat.com
tower,
is
still
capable
of
syncing
that
and
there
is
documentation
out
there
on
setting
up
an
insights
project.
I
don't
think
I
grabbed
the
latest,
but
in
our
working
doc
chris,
I
dropped
the
link,
towerdocs
and
insights
if
you
want
to
put
that
one
in
the
chat,
so
that
functionality
is
still
there,
at
least
in
the
near
term.
C
I
am
not
entirely
up
to
date
on
the
roadmap,
but
that
feature
to
my
knowledge
is
planning
to
remain.
At
least
you
know.
In
the
near
term,
because
we
want
to
be
able
to
enable
people
that
are
using
insights
or
creating
ansible
playbooks
to
get
that
information
over
through
tower,
so
you
can
create
the
jobs
on
cloud.redhead.com
and
then
sync
them
over
to
your
tower
side.
C
B
So
I
saw
in
the
chat
and
short
you
already
replied
to
this,
but
jp
date
asked
if
there
was
an
additional
charge
for
for
insights.
No.
We
cannot
stress
that
enough
right.
If
you
have
a
rel
subscription
right
and
remember,
rel
subscriptions
cover
any
version
of
row.
B
C
B
Developer
for
teams
is,
we
said
that
we
were
going
to
make
it
and
and
we're
working
on
making
it.
I
don't
know
if
you
guys
saw
last
week's
episode
with
with
brian
gallagher,
or
I
guess,
two
weeks
ago
episode
with
brian
gallagher.
We
talked
about
the
expanded
developer
program,
one
of
the
things
that
we're
expanding
is
developer
for
teams.
C
But
yeah
I've
been
sticking
my
nose
in
that
one
though,
and
smart
management
is
part
of
that
bundle,
so
you'll
have
satellite,
but
regardless,
if
you
have
rel,
the
only
exclusion
I
know
about
in
all
of
red
hat
is
rel,
embedded
because
embedded
by
nature
has
different
contractual
languages
than
any
other
flavor
of
rel.
Any
other
kind
of
rail
you've
got
insights.
All
you
got
to
do
turn
it
on,
and
it's
really
simple.
C
If
the
the
most
complicated
version
of
it
is
two
commands
absolutely
check
out
that
security
page
that
chris
linked
to
that's,
got
all
of
the
information
on
the
basic
you
know:
how
do
we
detect
your
data
to?
How
do
you
register
to
our
full
faq,
which
I
think
was
like
30
pages
or
something?
Last
time
I
had
enough
in
a
text
document.
B
So
when,
when
we
close
out
john
I'm
going
to
update
this
insights
workshop
to
say
that
it's
a
advisor
workshop,
because
that's
really
what
it
is,
I'm
also
going
to
update
it,
so
that
here
is
originally
designed
to
be
part
of
an
in-person
workshop.
Clearly
we're
not
having
in-person
workshops
anymore.
B
So
I'm
going
to
update
this
screenshot
and
instructions
to
actually
be
a
username
that
people
can
use
and
I'll
change
it
over
periodically
so
that
we
kind
of
keep
it
fresh.
But
yeah,
like
you
know,
we've
already
updated
some
of
these
screenshots
already
to
account
for
some
of
the
new
things
but
yeah.
So
it's
it's
already
out
there
and
it
works,
and
I
just
need
to
provide
folks
a
credential
for
it
and.
C
I
got
one
more
resource
chris.
If
you
don't
mind,
sharon
just
drop
that
in
the
link
we've
done
a
lot
of
different
webinars
on
insights.
We've
been
you
know
ever
since
we
did
that
last
summit
release
we've
been
going
through
in
depth
on
a
lot
of
the
different
services,
so
we
have
a
webinar
library
out
there
they're
all
at
this
point
pre-recorded.
C
I
do
expect
that
we'll
be
spending
some
more
back
up
here
in
the
the
next
month
or
two,
but
if
you
want
to
learn
more
about
just
drift
or
just
policies
or
just
vulnerability,
there's
a
separate
webinar
for
each
one
of
those.
I
think
I've.
I
attended
every
one
of
those.
If
I
didn't
present
on
every
one
of
those,
so
they're
they're
pretty
well
darn
in
depth.
They
cover
a
lot
of
the
how
to's
and
there's
some
really
great
content
out
there.
B
A
C
A
All
right-
and
that
is
all
the
live
streaming
for
today,
folks
so
check
us
out
in
the
morning
we'll
be
talking
about
openshift,
container
storage,
9am
eastern.
I
believe
that
is
1300,
no
1400
utc
and
until
next
time
we'll
see
you
soon
stay
safe
out
there
thanks.