Overview
This documentation contains the technical product description for the Managed RHEL service. Contract-relevant information can be found in the respective customer contract and the service description.
Managed RHEL comprises the operation of a server operating system by Swisscom as a service provider. The table shows an overview of the most important functions:
| Functions | Managed RHEL Service |
|---|---|
| SLA on the OS | X |
| Monitoring | X |
| Alarming | Swisscom |
| Troubleshooting | Swisscom |
| Malware Protection | X |
| Patching | X |
| Reporting | X |
| Lifecycle (Swisscom Agents and Tools) | X |
On a Swisscom RHEL VM, only Swisscom has root privileges on the server.
| Privileges | Managed RHEL Service |
|---|---|
| Elevated privileges | Swisscom |
The usage of elevated privileges by the customer is possible, but leads to the suspension of the SLA.
Prerequisites and general conditions
The supported Operating Systems and versions, as well as the other prerequisites for the purchase of the Managed RHEL product, is described in this chapter.
- An Operating System certified accordingly by Swisscom. An Operating System is certified through compliance checks, which are an integral part of the requirements.
- The virtual machine must be based on a Swisscom Enterprise Service Cloud Blueprint
Supported Operating Systems and versions
The Managed RHEL Service can be ordered for the following Operating Systems and versions:
- Red Hat Enterprise Linux RHEL 8
- Red Hat Enterprise Linux RHEL 9
Requirements
To obtain Managed RHEL service, the following requirements must be met on a Swisscom RHEL VM:
The server must have run through the Swisscom ESC staging process and provisioned with a Swisscom RHEL blueprint.
No customer-specific malware protection solution (agent) must be installed on the server.
The Operating System must not be connected to a customer-specific patching solution.
The current VMware Tools must be installed on the server.
The server must be hardened according to Swisscom specifications.
Operating System data must be separated from application data. Dedicated file systems must be created for applications in the volume group
datavg.Disk space must be managed with LVM, application data must reside in the volume group
datavg.Swisscom file system layout must be adhered to.
No custom kernels may be installed, only standard Red Hat Enterprise Linux kernels.
The compliance check must be successfully completed. If one of the checks fails, Managed RHEL service cannot be offered. The customer is informed and can resolve the problems or apply to Swisscom for an exception. This can either be approved or rejected. Detailed technical details on the requirements can be found in the compliance checks section.
Managed RHEL is not ready for container services like Docker, Openshift, etc. As an alternative to Docker, you can use Podman.
Podman is a full-fledged container engine that provides the same functionality as Docker, the quasi-industry standard. However, Podman does not use a so-called daemon and also offers containers without root access. Security should therefore be at the forefront of the project. Podman is available from RHEL version 7.6 and higher. For its work, it relies on a CLI that is compatible with Docker. For security reasons, the customer/user should always obtain downloaded container images from the trusted source. For building own images, Podman relies on Buildah, which comes from the same group of developers as Podman, CRI-O and Skopeo. A container is executed without root rights on the Swisscom RHEL VM. In fact, the process only runs inside the container as root, but on the host as a normal user.
More information here: