Jump to section

Red Hat Insights data and application security

Copy URL

Red Hat® Insights is a Software-as-a-Service offering that gives users visibility into their operating environments, helping to identify and address operational and vulnerability risks before an issue results in downtime. To provide this service, small pieces of system metadata are sent to the Red Hat Insights service for processing and analysis, during which time measures are taken to help reduce risk. 

Red Hat Insights continuously analyzes platforms and applications to predict risk, recommend actions, and track costs so enterprises can better manage hybrid cloud environments. The utility allows users to remediate issues without a separate Red Hat Satellite subscription.

Insights is designed to work with minimal data

Red Hat Insights collects only the minimum system metadata needed to analyze and identify issues for supported platforms.

You can control what data is sent to Red Hat for analysis

Before data is sent, you have the option to inspect and redact information.

Data is encrypted throughout the processes, with a customizable collection schedule

Red Hat signs its data collection rules and will stop if the signature cannot be verified.

Only one uploaded data set is stored at a time

For each cluster, host or instance, one uploaded data set is stored on the services infrastructure.

Experience Red Hat Insights in the Red Hat Hybrid Cloud Console

Infrastructure

To protect your data, Red Hat Insights offers measures to protect data and keep information from persisting.

Red Hat OpenShift Dedicated

Red Hat Insights operates on Red Hat’s own Red Hat OpenShift® Dedicated infrastructure.

Common vulnerability exposure (CVE) and patching

All infrastructure software components are continuously monitored for known CVEs and proactively patched. Patches that can impact end users will be applied as soon as possible but may necessitate end user notification and scheduling a service window in some cases.

Penetration testing

Penetration testing is conducted by both internal and external parties.

Restricted data access

Access to systems that handle customer data is controlled via multi-factor authentication and strict authorization controls. Access is granted on a need to know basis and limited for required SaaS infrastructure operations.

User access

For user access management, Red Hat Insights uses Red Hat’s single sign-on (SSO) service and also provides role-based access control (RBAC) functions to help manage user access to Red Hat Insights capabilities and information in a more granular way.

Red Hat SSO authentication

Red Hat Insights is integrated into Red Hat’s existing SSO service for user management and is available in the Red Hat Hybrid Cloud Console. This integration allows users to use their existing login credentials to access other Red Hat assets, like the Red Hat Customer Portal.

Role-based access control (RBAC)

The Red Hat Hybrid Cloud Console offers RBAC functionality, which enables administrators to grant or restrict user logins on their account access to Red Hat Insights and its individual services.

Data retention

In order to remain registered, an Insights client host must check in daily.

Latest upload for Insights client

When a client sends a new upload, the system automatically removes the previous upload, resulting in only one upload being kept at a time.

Automatic stale system removal

For hosts using the Insights client, if a system stops checking in with the Red Hat Insights service for 24 hours, it is identified as a "stale host". If a stale host doesn’t report to Red Hat Insights for 30 consecutive days, the host is automatically unregistered from the Red Hat Insights service.

Regulations

As a Red Hat product, Red Hat Insights is internally assessed against Red Hat’s data regulation policies.

General Data Protection Regulation (GDPR) and Personally Identifiable Information (PII)

The Red Hat Insights client collection does not target PII.

Data controls and redaction

The Red Hat Insights client offers several controls to inspect the data it collects, obfuscate IP address or hostnames, redact files, patterns, and keywords, and locally audit payloads.

Red Hat Insights client architecture

Red Hat Enterprise Linux® hosts and Red Hat Ansible® Automation Platform hosts running on Red Hat Enterprise Linux use the Insights client for configuration and data collection. 

The Insights client has a critical role in extracting metadata from a host for analysis. Several controls are available to manage the collection and transmission of host data so you can tailor the metadata that is extracted and transmitted for analysis.

Open source client node

The Insights client was developed with open source principles in mind. Insights client code is available for review and contribution.

Minimal system metadata collected

The Insights client collects the minimum necessary metadata and will pre-process it to target specific lines or facts within files where possible. This ensures the overall payload remains small, collecting what is necessary for analysis and avoiding key areas where sensitive data may be stored.

Leverage existing firewall rules

If a host is already subscribed to Red Hat Subscription Manager or to a connected Red Hat Satellite, the Insights client by default will leverage those existing and established connections for its communication with Red Hat. This means that no additional firewall rules or ports need to be added.

Encrypted communication

All communication with Red Hat occurs over encrypted channels, leveraging transport layer security and mutual certificate authentication. All data is encrypted in transit and at rest.

Resource restrictions

Resource constraints are implemented to limit the client’s use of the host’s central processing unit and memory resources, and all collection items have automatic timeouts if they are taking longer than expected.

Red Hat Insights client controls

The Red Hat Insights client has several optional controls available for use to enable overall customization on how the client runs, as well as what information the client sends from the host to Red Hat for analysis.

IP and hostname obfuscation

Some organizations may consider IP addresses and hostnames to be sensitive information they prefer not to transmit to Red Hat. Red Hat Insights has optional controls that allow you to exclude the IP address or hostname from the data file transmitted to Red Hat and to obfuscate the values within the user interface. Additional options let a custom display name be entered for the identification of obfuscated hosts.

Minimal host impact

The Insights client is designed to activate at its scheduled time, perform the metadata collection, and then shut down. By default, check-ins occur once per day and check-in time slots are staggered across each system to minimize network strain. A scheduled collection time slot can be overridden via a custom schedule function to change the time of day or frequency of the check-in from the default values on a per-system basis.

Proxy support

Insights client has built-in support for HTTP proxies or an existing connected Red Hat Satellite may be leveraged as a proxy to streamline setup and registration.

Granular controls for data redaction

Red Hat Insights provides several optional controls that can redact data on-premise prior to being sent for analysis. Any file, pattern, or keyword can be specified within the Insights client’s deny list function, which will omit the specified items from the final collection prior to submission.

Local collection inspection and redaction verification

The Insights client has built-in options available to generate a payload archive locally, without sending the archive to Red Hat. This option may be used to inspect the contents of the collection and can be used to verify any redaction or obfuscation settings that a user specifies.

Optional host unregistration

The registration of a host to Red Hat Insights may be unregistered manually at any point. Running the unregistration command will disable the Insights client from checking in and remove the host and its results from Red Hat Insights.

Security insights graphic

Frequently asked questions

Keep reading

Blog

The latest news on Red Hat Insights

Get the most up-to-date information on Red Hat Insights on its blog channel.

Analyst paper

Graybar boosts IT infrastructure automation and management with Red Hat Enterprise Linux

Graybar now leverages Red Hat® Enterprise Linux® as its sole Linux distribution after completing a migration from a third-party Linux OS in 2021.

Analyst paper

Save administrator time and effort by activating Red Hat Insights

Read how Red Hat Insights can save you time and effort in this report from Principled Technologies.

More about security

Products

A security framework that manages user identities and helps keep communications private.

An enterprise-ready, Kubernetes-native container security solution that enables you to more securely build, deploy, and run cloud-native applications.

A predictive analytics service that helps identify and remediate security, performance, and availability threats to your Red Hat infrastructure.

A single console, with built-in security policies, for controlling Kubernetes clusters and applications.

Resources