Last month at the Red Hat virtual summit, Red Hat announced a bunch of enhancements to their OpenShift Container Platform offering with the 4.4 release, but the thing that caught my eye was the announcement of Red Hat Advanced Cluster Management (ACM). ACM is the new control plane that helps you manage your OpenShift and/or your managed Kubernetes clusters running either On-Prem or in any of the major Public cloud platforms. If you are just starting down the container path, and you are dealing with just a few clusters (less than 5) at a single site, then maybe you can manage those clusters without needing something like ACM. But, for customers who have adopted containers and are now deploying their applications across clusters and across cloud environments, managing these different environments becomes difficult. Challenges not only include the initial deployment and life cycle management of the clusters, but also include applying unified security and governance policies across clusters and clouds, or finding a way to manage and monitor all the resources being deployed.
If you look at how the Kubernetes ecosystem has evolved over the past year, you will see how vendors like Google, Microsoft, and VMware are trying to address these issues with their offerings. Google with their Anthos offering allows customers to deploy and manage Google Kubernetes Engine (GKE) clusters on-prem and in Google Cloud. Microsoft announced Azure ARC, which allows customers to treat Azure as the single control plane and manage Kubernetes clusters running on-prem. VMware announced Tanzu Mission Control, which allows customers to use a single pane of glass to manage, monitor and operate all their kubernetes clusters across cloud environments. One trend that you see here, is that all these offerings require your clusters to be connected back to a cloud hosted control plane, which is not necessarily useful to all customers. They might have compliance reasons or even lack of connectivity back to these cloud portals that act as roadblocks to use such offerings. This is the reason I am excited about Red Hat ACM, as it allows customers to deploy this control plane on any OpenShift Cluster (4.3, 4.4 or higher). Your OpenShift cluster can be running on-prem or in any of the public clouds. So, if you have a completely disconnected scenario, you can use ACM to manage different OpenShift clusters that you might be running inside your datacenter.
Red Hat ACM is currently in Tech Preview, with plans to be generally available in the summer timeframe. Customers will have to buy additional licenses for the ACM functionality and can either run ACM on their existing OpenShift cluster or deploy a new Cluster for managing their existing clusters. ACM will enable customers with the following use cases:
- Unified Multi-Cluster Management: ACM will allow users to deploy new OpenShift clusters on AWS, Azure and Google Cloud using the Apache HIVE APIs, with plans to spin up bare metal based OpenShift clusters On-Prem as well. You can also import your existing OpenShift clusters (Managed or Self-operated) or existing AKS, EKS and GKE clusters into the ACM interface.
(Screenshots used in this blogs were taken from the Tech Field Day Presentations)
Once all the clusters are either imported or deployed, you can use the Dashboard to monitor them.
You can also choose to upgrade the version of Kubernetes running on clusters across cloud platforms using the ACM portal.
Another interesting feature I liked from the demo, was that now you can aggregate resources running across clusters. Let’s say you wanted to look at all the Deployments or all the Persistent Volume Claims across all your clusters, ACM will allow you to do just that.
This not only helps visualize, but also helps you troubleshoot issues faster. It can also help you compare how certain resources look when they move through the dev, test, and production clusters.
- Policy based governance, risk and compliance: Another key use case that ACM enables is around policy based governance. Whenever I talk to customers about containers and kubernetes; security and compliance is always a key topic of discussion. How can they use their existing policies and extend those to this new way of application development and deployment. ACM enables customers to centrally set and enforce policies for security, applications, and infrastructure. It comes with a few built-in continuous improvement software (CIS) compliance policies and audit checks, but you can very easily add your own. You can run these policies across your clusters in an audit mode, to identify the outliers. And, you can also enforce these policies across clusters if you want. ACM helps you get immediate visibility into your compliance posture based on your defined standards.
- Advanced application lifecycle management: Another key use case for ACM is around application lifecycle management. OpenShift already did a good job at integrating with your CICD tools to help you deploy your clusters and your containerized applications using a GitOps workflow. ACM extends that capability and allows you to deploy your applications at scale, across clusters and across private and public cloud environments. ACM not only allows you to deploy your applications at scale, but also allows you to visualize and monitor all the applications that might be running across your different clusters, a capability that was definitely missing in the Red Hat ecosystem.
To summarize, Red Hat Advanced Cluster Management enables organizations to accelerate their application development pipelines by enabling self-service deployment of underlying OpenShift clusters, a unified management (control) plane for all your clusters, and a consistent way to apply your security and compliance policies across environments.
You can check out the Tech Field Day briefing with Red Hat for more details around all the new announcements here.
Datacenter Rookie 
One thought on “Red Hat Advanced Cluster Management – Bringing the control plane back On-Premises”