Red Hat takes security seriously and we know that our customers do too, which is why we have used Red Hat Enterprise Linux, with its existing security features, as the basis for OpenShift.
Co-Location (IaaS) Security
At this time, OpenShift runs on Amazon's EC2 cloud and inherits the security features of that platform. Learn more about the security of EC2.
OpenShift (PaaS) Security
Red Hat has a long history of managing the packages that make up Red Hat Enterprise Linux, including industry-leading responsiveness to security vulnerabilities and managing its online presence on Linux systems. OpenShift Online is also proactively managed as part of the service.
Our systems are hardened with technologies like:
- Process, network, and storage separation
- Statefull and stateless inspection firewall
- Proactive monitoring of capacity limits (CPU, disk, memory, etc.)
- Intrusion detection (files, ports, back doors, etc.)
- Port monitoring
- Pam namespace
- Security compliance frameworks
- RPM verification and vulnerabilities updated
- Remote logging
- Encrypted communications (SSH, SSL, etc.)
Risk assessment and security consultation is provided by Red Hat's Product Security Team.
Private data and logins exchanged with OpenShift is transmitted over SSL (our web interface utilizes HTTP Strict Transport Security). Application passwords are filtered from our log files and encrypted. Pushing and pulling of private data is done over SSH authenticated with keys, not passwords, to help prevent brute force cracking. Tools are available for users to deploy similar steps for their applications.
Red Hat's Product Security Team helps identify and prevent new exploits. This team frequently tests exploits such as cross site scripting (XSS) and that cookie permissions are set appropriately.
We’re concerned and active about security, but we’re aware that many companies are not comfortable hosting code outside their firewall. For these companies we offer OpenShift Enterprise, a supported version of OpenShift that can be installed and operated inside your company’s network.
If you have any general comments, concerns, or questions about OpenShift security, including if you see something that you believe violates OpenShift's terms of servcie, please email email@example.com. One or more of our Operations team members will review and/or escalate the issue as appropriate.
If you are reporting a security flaw or vulnerability, please contact the Red Hat Security Team directly.