Red Hat SummitGetting Started with Red Hat Insights with FedRAMP
How to start using Red Hat Insights
Abstract
Chapter 1. About Red Hat Insights
Powered by predictive analytics, Red Hat Insights gets smarter with every additional piece of intelligence and data. It can automatically discover relevant insights, recommend tailored, proactive, next actions, and even automate tasks. Using Red Hat Insights, customers can benefit from the experience and technical knowledge of Red Hat Certified Engineers, making it easier to identify, prioritize and resolve issues before business operations are affected.
As a SaaS offering, Red Hat Insights is regularly updated. Regular updates expand the Insights knowledge archive in real time to reflect new IT challenges that can impact the stability of mission-critical systems.
Chapter 2. Installing Red Hat Insights for Red Hat Enterprise Linux (RHEL)
This document provides starting points and resources for registering systems to Red Hat Insights for Red Hat Enterprise Linux.
Installation of Red Hat Insights typically involves installing the Insights client, then registering systems for use with Insights. You can use different methods to register and install Insights. A registration assistant is also available to guide you through the process of registering and installing Insights. You can also use the Remote Host Configuration (RHC) tool. The installation method you use can depend on conditions such as,
- Whether you are connecting to Red Hat for the first time
- Whether you use a certain version of RHEL
- Whether you want to do an automated installation or manual install
- Other factors
2.1. Installing Red Hat Insights on Red Hat Enterprise Linux Satellite-managed hosts
To install Insights on Red Hat Enterprise Linux hosts managed by Red Hat Satellite, see:
2.2. Registering and configuring Satellite Server integration with FedRAMP
Before you can use Insights with your server, you need to connect your servers to the Satellite Server. The Satellite Server enables your servers to communicate with Red Hat Insights.
An IP address-based allow list restricts network access to the Insights service. This ensures that only the servers and ports that you specify can connect to the Satellite Server.
Red Hat Insights subscription services are currently not available in the FedRAMP environment. Red Hat continuously evaluates service offerings, and will announce any updates or expansions to the FedRAMP environment as they become available.
The following requirements are in addition to existing Satellite Server connectivity requirements to the Red Hat Content Delivery Network and Red Hat Subscription Management (RHSM) for software updates. For more information about connectivity requirements, refer to How to access Red Hat Subscription Manager (RHSM) through a firewall or proxy.
Prerequisites
-
The Satellite Server must be able to connect to the domain
mtls.console.stage.openshiftusgov.com, using the HTTPS protocol on port 443. You must provide a static public egress IP address (or address range) from which Satellite traffic will originate.
NoteContact Red Hat Support to set up the public egress IP address.
The public egress IP address is an additional IP address on the primary network interface of your server.
- You are logged in to the Hybrid Cloud Console (https://console.openshiftusgov.com) as an Organization Administrator.
-
You have administrator
sshaccess to the Satellite server. -
You are logged in to the Satellite Server using
ssh.
Procedure
- From the main menu, navigate to Inventory > Configure Satellites. The Configure Satellites page displays.
- Click Generate Token to create the registration token for your organization.
- Copy the token.
Open a terminal window on your Satellite Server and enter the following command:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow hammer organization list
# hammer organization listThe system returns your organization ID. Make note of it for the next step.
Copy the command shown in Step 3 on the Configure Satellites page. Paste it into the terminal. Substitute the organization ID for
<organization_id>.Copy to Clipboard Copied! Toggle word wrap Toggle overflow SATELLITE_RH_CLOUD_URL=https://mtls.console.openshiftusgov.com org_id=<organization_id> foreman-rake rh_cloud:hybridcloud_register
# SATELLITE_RH_CLOUD_URL=https://mtls.console.openshiftusgov.com org_id=<organization_id> foreman-rake rh_cloud:hybridcloud_registerThe system returns a prompt for the token that you generated.
Paste the generated token that you copied at the prompt and press Enter.
The system returns a success message. You can now register the system with Satellite and run
insights-client.
2.3. Managing trusted IP addresses with an IP allowlist
Before you can connect Insights to your Satellite servers, you need to configure an allowlist that contains a trusted IP address (or range of IP addresses). You can configure the allowlist in two ways:
- Provide the trusted IP address (or addresses) to Red Hat stateside support during onboarding. Support uses the IP addresses to configure an allowlist for Insights. This allowlist allows network traffic from your Satellite-controlled environment into Insights. To configure the allowlist, contact stateside support through ServiceNow and mention that you want to connect your satellite servers to Insights.
- If you have not created the allowlist during onboarding, use the IP allowlist in the Manage Satellites page in the Red Hat Hybrid Cloud Console to manually add trusted IP addresses.
2.3.1. Adding trusted IP addresses to an allowlist
You can use Manage Satellites to create an allowlist, or add an IP address (or a range of IP addresses) to an existing allowlist. Adding IP addresses enables additional FedRAMP users in your organization to access the Red Hat Hybrid Cloud Console.
Manage Satellites allows only IPv4 addresses. It does not support IPv6 addresses.
To add a range of IP addresses, use CIDR notation (for example, 226.167.71.76/32).
Prerequisites
- You have Organization Administrator permissions.
- You are logged in to the Hybrid Cloud Console.
Procedure
- Click Manage Satellites. The Manage Satellites page displays.
Scroll down the page to the IP Address Allowlist section at the bottom.
Click Add IP Addresses. The Add IP Addresses to Allowlist dialog box displays.
Type an IP address (or range of IP addresses) and click Submit. The IP addresses appear on the allowlist.
2.3.2. Removing IP addresses from the allowlist
Prerequisites
- You have Organization Administrator permissions.
- You are logged in to the Hybrid Cloud Console.
- You have an IP allowlist configured.
- You have added at least one IP address (or range of IP addresses) to the allowlist.
Procedure
- Click Manage Satellites. The Manage Satellites page displays.
- Scroll down the page to the IP Address Allowlist section at the bottom.
Select the IP address you want to remove, and then click Remove. The Remove IP Addresses from Allowlist dialog box displays.
- Click Remove, and then click Submit.
Additional resources
- For more information about the Insights onboarding process, refer to Registering and managing Satellite server integration with FedRAMP.
- For more information about using Manage Satellites to connect to Satellite servers, see Registering and managing Satellite server integration with FedRAMP
Chapter 3. User Access settings in the Red Hat Hybrid Cloud Console
User Access is the Red Hat implementation of role-based access control (RBAC). Your Organization Administrator uses User Access to configure what users can see and do on the Red Hat Hybrid Cloud Console (the console):
- Control user access by organizing roles instead of assigning permissions individually to users.
- Create groups that include roles and their corresponding permissions.
- Assign users to these groups, allowing them to inherit the permissions associated with their group’s roles.
All users on your account have access to most of the data in Insights for Red Hat Enterprise Linux.
3.1. Predefined User Access groups and roles
To make groups and roles easier to manage, Red Hat provides two predefined groups and a set of predefined roles.
3.1.1. Predefined groups
The Default access group contains all users in your organization. Many predefined roles are assigned to this group. It is automatically updated by Red Hat.
If the Organization Administrator makes changes to the Default access group its name changes to Custom default access group and it is no longer updated by Red Hat.
The Default admin access group contains only users who have Organization Administrator permissions. This group is automatically maintained and users and roles in this group cannot be changed.
On the Hybrid Cloud Console navigate to Red Hat Hybrid Cloud Console > the Settings icon (⚙) > Identity & Access Management > User Access > Groups to see the current groups in your account. This view is limited to the Organization Administrator.
3.1.2. Predefined roles assigned to groups
The Default access group contains many of the predefined roles. Because all users in your organization are members of the Default access group, they inherit all permissions assigned to that group.
The Default admin access group includes many (but not all) predefined roles that provide update and delete permissions. The roles in this group usually include administrator in their name.
On the Hybrid Cloud Console navigate to Red Hat Hybrid Cloud Console > the Settings icon (⚙) > Identity & Access Management > User Access > Roles to see the current roles in your account. You can see how many groups each role is assigned to. This view is limited to the Organization Administrator.
3.2. Access permissions
The Prerequisites for each procedure list which predefined role provides the permissions you must have. As a user, you can navigate to Red Hat Hybrid Cloud Console > the Settings icon (⚙) > My User Access to view the roles and application permissions currently inherited by you.
If you try to access Insights for Red Hat Enterprise Linux features and see a message that you do not have permission to perform this action, you must obtain additional permissions. The Organization Administrator or the User Access administrator for your organization configures those permissions.
Additional resources
For more information about user access and permissions, see User Access Configuration Guide for Role-based Access Control (RBAC) with FedRAMP.
Providing feedback on Red Hat documentation
We appreciate and prioritize your feedback regarding our documentation. Provide as much detail as possible, so that your request can be quickly addressed.
Prerequisites
- You are logged in to the Red Hat Customer Portal.
Procedure
To provide feedback, perform the following steps:
- Click the following link: Create Issue
- Describe the issue or enhancement in the Summary text box.
- Provide details about the issue or requested enhancement in the Description text box.
- Type your name in the Reporter text box.
- Click the Create button.
This action creates a documentation ticket and routes it to the appropriate documentation team. Thank you for taking the time to provide feedback.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}