Red Hat Advanced Cluster Security Cloud Service: Frequently Asked Questions

General Questions

What does Red Hat Advanced Cluster Security Cloud Service include?

RHACS Cloud Service is built and hosted within hosted cloud facilities across the globe. All data is encrypted in transit, at rest, and in storage, with full replication and availability. RHACS Cloud Service will be available through cloud data centers globally, helping to enable  optimal performance and the ability to meet data residency requirements.

Along with the features listed below, RHACS Cloud Service comes with 24 x 7 support.

Supply chain security

• Simplify DevOps processes by providing developers with security context in their existing workflows.
• Integrate security into your CI/CD pipelines and image registries to provide continuous image scanning and assurance.
• Scan images for both operating system (OS) and language-level vulnerabilities.
• Use existing security information and event management (SIEM) tools and notification platforms to facilitate remediation and response.

Infrastructure security

• Harden your organization’s environment to make sure the underlying infrastructure is configured to maintain security.
• Prevent configuration drift running compliance checks against CIS benchmarks or custom policies.
• Analyze existing role-based access control (RBAC) rules to prevent insecure access and authorizations.
• Connect with the Kubernetes API to watch for high-risk actions such as configmap changes or container exec commands.

Workload security

• Prevent high-risk workloads from being deployed or run by using out-of-the-box deploy-time and runtime policies.
• Harden workloads by enforcing network policies that adhere to the principle of least privilege—providing only the access privileges necessary to complete a task.
• Use allow-listing and behavioral modeling to detect anomalous application behavior indicative of a threat at runtime.
• Monitor known good behavior to configure custom policies and alerts for anomalous and malicious behavior.

How is Red Hat Advanced Cluster Security Cloud Service different from Red Hat Advanced Cluster Security?

Until now, RHACS could be consumed in the cloud or on-premise environments, but customers had to manage the underlying application. With RHACS Cloud Service, you only need to manage the secured cluster service in your Kubernetes cluster. When our expert SRE and engineering teams manage the RHACS application, you can focus on security implementation and enabling development speed.

• Amazon Elastic Kubernetes Service (EKS)
• Google Kubernetes Engine (GKE)
• Microsoft’s Azure Kubernetes Service

View the full support matrix here.

How is RHACS Cloud Service installed?

With RHACS as a service, the engineering staff sets up the central RHACS component (console, scanner, database). You need only to install the minimal security agent (secured cluster service) on your Kubernetes cluster and you can start securing it in minutes.

How do I receive support for Red Hat Advanced Cluster Security Cloud Service?

All users receive 24 x 7 support offered by expert staff. The product includes links to contact Red Hat, and you can always file issues through the Red Hat Customer Portal.

Purchasing 

How can I purchase Red Hat Advanced Cluster Security Cloud Service?

You can purchase Red Hat Advanced Cluster Security Cloud Service directly through the AWS marketplace and be billed per use. If you prefer not to be billed through AWS, please contact Red Hat sales for more information.

How is the total cost of Red Hat Advanced Cluster Security Cloud Service calculated? 

The cost is calculated on a dollar($) per vCPU per hour ($/vCPU/hr) basis. Red Hat also offers a monthly and yearly subscription with a regular Red Hat subscription.

I don’t want to buy RHACS Cloud Service through Amazon. How do I buy it?

If you are an existing Red Hat customer, please contact your account manager. Otherwise, contact Red Hat sales for more information.

Is there an upfront commitment to use Red Hat Advanced Cluster Security Cloud Service?

No upfront commitment is required.

Customization

In what regions will Red Hat Advanced Cluster Security Cloud Service be available?

At launch, Red Hat Advanced Cluster Security Cloud Service  will be available in US-East and EU-Dublin. More regions will be added in the future. If you wish to have a specific region or cloud provider, please open a ticket here. We will contact you about your particular use case and hope to accommodate you.

What are the cluster sizing requirements for the Cloud Service?

Since Red Hat manages the central instance, RHACS users will not need to worry about its sizing. However, users must assess how many clusters they wish to connect to a single central instance. If you need more information, please contact us here.

Operations

Which services are performed by Red Hat Advanced Cluster Security Cloud Service?

With RHACS as a service, customers install only the minimal software on their K8s cluster (sensors) and can start securing it in minutes.  We support OpenShift on private and public clouds and the Kubernetes variants offered by leading public clouds. Forgo the operational activities and let Red Hat worry about them instead. Save time on provisioning, rescaling, security, software updates, upgrades, and backup and recovery.

Customers will receive 24 x 7 support offered by expert staff and enjoy flexible consumption models, including pay-as-you-go. Use your committed spend to purchase RHACS on Red Hat, Amazon AWS Marketplaces.

What types of Kubernetes clusters are supported?

View the official support matrix here. Following is a list of supported Kubernetes flavors:

• Red Hat OpenShift Dedicated (OSD)
• Azure Red Hat OpenShift (ARO)
• Red Hat OpenShift Service on AWS (ROSA)
• Red Hat OpenShift Container Platform (OCP) 4.x
• Red Hat OpenShift Kubernetes Engine (OKE) 4.x
• Amazon Elastic Kubernetes Service (Amazon EKS)        
• Google Kubernetes Engine (Google GKE)
• Microsoft Azure Kubernetes Service (Microsoft AKS)
  

How are upgrades managed?

Updates will be released faster with RHACS Cloud service because it is SaaS, which is a value add to help customers innovate more quickly.