Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Getting started with Red Hat Lightspeed with FedRAMP
How to start using Red Hat Lightspeed
Abstract
Chapter 1. About Red Hat Lightspeed
Red Hat Lightspeed can discover relevant insights, recommend tailored, proactive, next actions, and automate tasks. Using Red Hat Lightspeed, customers benefit from the experience and technical knowledge of Red Hat Certified Engineers, to identify, prioritize and resolve issues for business operations.
As a SaaS offering, Red Hat Lightspeed is regularly updated. Regular updates expand the Red Hat Lightspeed knowledge archive in real time to reflect new IT challenges that can impact the stability of mission-critical systems.
Chapter 2. Installing Red Hat Lightspeed on RHEL systems
To register your RHEL systems in Red Hat Lightspeed, you need to install the insights-client and register your systems. This section describes different methods for installing and registering Red Hat Lightspeed on RHEL systems.
You can use other supported methods to register and install Red Hat Lightspeed, too. A registration assistant is also available to guide you through the process of registering and installing Red Hat Lightspeed. You can also use the remote host configuration (RHC) tool. The installation method you choose can depend on several factors, including whether:
- You are connecting to Red Hat for the first time
- You use a certain version of RHEL
- You want to do an automated installation or a manual installation
2.1. Installing Red Hat Lightspeed on Red Hat Enterprise Linux Satellite-managed hosts
To install Red Hat Lightspeed on Red Hat Enterprise Linux hosts managed by Red Hat Satellite, see:
2.2. Registering and configuring Satellite Server integration with FedRAMP
Before you can use Red Hat Lightspeed with your server, you need to connect your servers to the Satellite Server. The Satellite Server enables your servers to communicate with Red Hat Lightspeed.
An IP address-based allow list restricts network access to the Red Hat Lightspeed service. This ensures that only the servers and ports that you specify can connect to the Satellite Server.
Red Hat Lightspeed subscription services are currently not available in the FedRAMP environment. Red Hat continuously evaluates service offerings, and will announce any updates or expansions to the FedRAMP environment as they become available.
The following requirements are in addition to existing Satellite Server connectivity requirements to the Red Hat Content Delivery Network and Red Hat Subscription Management (RHSM) for software updates. For more information about connectivity requirements, refer to How to access Red Hat Subscription Manager (RHSM) through a firewall or proxy.
Prerequisites
-
The Satellite Server must be able to connect to the domain
mtls.console.stage.openshiftusgov.com, using the HTTPS protocol on port 443. You must provide a static public egress IP address (or address range) from which Satellite traffic will originate.
NoteContact Red Hat Support to set up the public egress IP address.
The public egress IP address is an additional IP address on the primary network interface of your server.
- You are logged in to the Hybrid Cloud Console (https://console.openshiftusgov.com) as an Organization Administrator.
-
You have administrator
sshaccess to the Satellite server. -
You are logged in to the Satellite Server using
ssh.
Procedure
- From the main menu, navigate to Inventory > Configure Satellites. The Configure Satellites page displays.
- Click Generate Token to create the registration token for your organization.
- Copy the token.
Open a terminal window on your Satellite Server and enter the following command:
# hammer organization listThe system returns your organization ID. Make note of it for the next step.
Copy the command shown in Step 3 on the Configure Satellites page. Paste it into the terminal. Substitute the organization ID for
<organization_id>.# SATELLITE_RH_CLOUD_URL=https://mtls.console.openshiftusgov.com org_id=<organization_id> foreman-rake rh_cloud:hybridcloud_registerThe system returns a prompt for the token that you generated.
Paste the generated token that you copied at the prompt and press Enter.
The system returns a success message. You can now register the system with Satellite and run
insights-client.
2.3. Managing trusted IP addresses with an IP allowlist
Before you can connect Red Hat Lightspeed to your Satellite servers, you need to configure an allowlist that contains a trusted IP address (or range of IP addresses). You can configure the allowlist in two ways:
- Provide the trusted IP address (or addresses) to Red Hat stateside support during onboarding. Support uses the IP addresses to configure an allowlist for Red Hat Lightspeed. This allowlist allows network traffic from your Satellite-controlled environment into Red Hat Lightspeed. To configure the allowlist, contact stateside support through ServiceNow and mention that you want to connect your satellite servers to Red Hat Lightspeed.
- If you have not created the allowlist during onboarding, use the IP allowlist in the Manage Satellites page in the Red Hat Hybrid Cloud Console to manually add trusted IP addresses.
2.3.1. Adding trusted IP addresses to an allowlist
You can use Manage Satellites to create an allowlist, or add an IP address (or a range of IP addresses) to an existing allowlist. Adding IP addresses enables additional FedRAMP users in your organization to access the Red Hat Hybrid Cloud Console.
Manage Satellites allows only IPv4 addresses. It does not support IPv6 addresses.
To add a range of IP addresses, use CIDR notation (for example, 226.167.71.76/32).
Prerequisites
- You have Organization Administrator permissions.
- You are logged in to the Hybrid Cloud Console.
Procedure
- Click Manage Satellites. The Manage Satellites page displays.
Scroll down the page to the IP Address Allowlist section at the bottom.
Click Add IP Addresses. The Add IP Addresses to Allowlist dialog box displays.
Type an IP address (or range of IP addresses) and click Submit. The IP addresses appear on the allowlist.
2.3.2. Removing IP addresses from the allowlist
Prerequisites
- You have Organization Administrator permissions.
- You are logged in to the Hybrid Cloud Console.
- You have an IP allowlist configured.
- You have added at least one IP address (or range of IP addresses) to the allowlist.
Procedure
- Click Manage Satellites. The Manage Satellites page displays.
- Scroll down the page to the IP Address Allowlist section at the bottom.
Select the IP address you want to remove, and then click Remove. The Remove IP Addresses from Allowlist dialog box displays.
- Click Remove, and then click Submit.
Additional resources
- For more information about the Red Hat Lightspeed onboarding process, refer to Registering and managing Satellite server integration with FedRAMP.
- For more information about using Manage Satellites to connect to Satellite servers, see Registering and managing Satellite server integration with FedRAMP
Chapter 3. Manage user permissions for Red Hat Lightspeed services
Red Hat uses role-based access control (RBAC) to manage user permissions on the Red Hat Hybrid Cloud Console. You can use the User Access feature of Hybrid Cloud Console to control which Red Hat Lightspeed applications on the Hybrid Cloud Console your users can view, operate, and administer. Red Hat provides predefined groups and a set of predefined roles to make it easier for Organization Administrators to assign, restrict, and remove user permissions to Red Hat Lightspeed services.
3.1. User Access overview
The User Access feature is based on managing roles, rather than on individually assigning permissions to specific users. In User Access, each role has a specific set of permissions. For example, a role might allow read permission for an application. Another role might allow write permission for an application.
You can also create custom groups and roles to provide more fine-tuned control over specific features of Red Hat Lightspeed to suit the needs of your organization.
If you are an Organization Administrator, you can use the User Access feature under Identity & Access Management in the Hybrid Cloud Console to:
- Control user permissions and organize roles.
- Create groups that include roles and their corresponding permissions.
- Assign users to these groups, allowing them to inherit the permissions associated with their group’s roles.
All users on your account have access to most of the data in Red Hat Lightspeed.
3.2. Predefined groups in User Access
To make groups and roles easier to manage, the Red Hat Hybrid Cloud Console provides two predefined groups: Default access and Default admin access. You can also create your own custom groups to align with specific personas, job functions, or teams in your organization.
3.2.1. The Default access group
By default, the Default access group is assigned many granular predefined roles, such as Remediations viewer and Inventory Hosts viewer, so that group members have basic visibility. Because all users in your organization are members of the Default access group, they inherit all permissions assigned to that group. The Default access group is automatically updated by Red Hat.
If your Organization Administrator modifies the Default access group, the group is automatically renamed to Custom default access. Once converted, this group is no longer automatically updated by Red Hat.
3.2.2. The Default admin access group
The Default admin access group contains only users who have Organization Administrator permissions. This group is automatically maintained, and users and roles in this group cannot be changed.
The Default admin access group includes many (but not all) predefined roles that provide update and delete permissions. The roles in this group usually include administrator in their names.
3.3. Predefined roles assigned to groups
The Red Hat Hybrid Cloud Console provides predefined roles that bundle permissions across multiple Red Hat Lightspeed applications to align with common user personas. Use the predefined roles if you want to reduce the administrative effort required to manage user permissions, and your use case aligns with the permissions included in these roles.
If you want to have more control over specific features of Red Hat Lightspeed and your use case does not align with the permissions included in the predefined roles, you can create custom roles.
You can also use the predefined roles as a starting point to create custom roles that are tailored to your specific use case. For example, you can use the predefined granular roles to create custom roles that provide more fine-tuned control over specific features of Red Hat Lightspeed.
Across the Red Hat Lightspeed product documentation, the Prerequisites section for each procedure lists which predefined roles provide the permissions needed to use the features in that procedure. For example, if a procedure requires permissions to view and manage remediations, the Prerequisites section for that procedure lists the Remediations administrator or other valid role as a recommended predefined role to use for that procedure.
3.4. Check your permissions
If you try to access Red Hat Lightspeed applications in the Red Hat Hybrid Cloud Console and see a message stating you do not have permission, you can verify your current permissions and the roles or groups you are assigned to.
Only users with the Organization Administrator role can view the permissions of other users in the User Access settings and manage user permissions to Red Hat Lightspeed services. For more information, see the Configure user permissions section.
Prerequisites
- You are logged in to the Red Hat Hybrid Cloud Console.
Procedure
- In the Hybrid Cloud Console, click the Settings icon (⚙), then navigate to My User Access.
- If you try to access Red Hat Lightspeed features and see a message that you do not have permission to perform this action, contact your Organization Administrator or the User Access administrator for your organization to request the permissions required to access those features and complete the actions you want to perform.
Results
All of the applications that you have permissions to access are listed on this page and are grouped by product, for example, RHEL, OpenShift Container Platform, and Ansible Automation Platform.
You can also filter your permissions by application, for example, by advisor, cost management, inventory, and remediations.
3.5. Configure user permissions
If you are an Organization Administrator, you can view and manage the permissions of all users in your organization to Red Hat Lightspeed and other Red Hat Hybrid Cloud Console services in the User Access section of the Identity & Access Management feature in the Hybrid Cloud Console.
If you are not an Organization Administrator, you will be unable to complete this task. However, you can check your own permissions for different applications by navigating to My User Access. Contact your Organization Administrator to request more permissions.
Prerequisites
- You are logged in to the Red Hat Hybrid Cloud Console as an Organization Administrator, or you have the required administrator User Access role permissions.
Procedure
- In the Hybrid Cloud Console, click the Settings icon (⚙), then navigate to Identity & Access Management > User Access.
Results
From here, you can create and manage:
Providing feedback on Red Hat documentation
We appreciate and prioritize your feedback regarding our documentation. Provide as much detail as possible, so that your request can be quickly addressed.
Prerequisites
- You are logged in to the Red Hat Customer Portal.
Procedure
To provide feedback, perform the following steps:
- Click the following link: Create Issue
- Describe the issue or enhancement in the Summary text box.
- Provide details about the issue or requested enhancement in the Description text box.
- Type your name in the Reporter text box.
- Click the Create button.
This action creates a documentation ticket and routes it to the appropriate documentation team. Thank you for taking the time to provide feedback.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}