Q2 CY2025 What’s Next in OpenShift OpenShift Product Management 1 

What's Next in OpenShift Q2CY2025 2 Speakers Maria Simon Hari Rakotoranto Sho Weimer Nick Png Jim Zimmerman Jamie Parker Ramon Acedo Rodriguez Harriet Lawrence 

Creating value depends on the ability to develop and deliver high-quality applications faster on any cloud Improve digital customer experience Mitigate risks Gain competitive advantage 3 

4 The Challenges of enterprise technologists surveyed are actively working on modernization projects, but ~79% experience modernization project failures, due to complexity, cost, or risk. Source: idevnews ~92% ↓50% Application Modernization Rise of Generative AI Less time to required for AI Agents to exploit account exposures and an expected 40% of data breaches caused by AI misuse by 2027 Source: Gartner Source: Gartner ~76% of organizations say the cognitive load is so high that it is a source of low productivity. Gartner predicts 75% of companies will establish platform teams for application delivery. Source: Salesforce Source: Gartner Developer Productivity Average annual increase in software supply chain attacks over the past three years. 45% of organizations will experience attacks. It is a matter of when, not if. Source: Sonatype ↑742% Software Supply Chain Security 

Trusted Comprehensive Consistent Container engine Application platform Across hybrid cloud Reduce Risk Improve Productivity Increase Flexibility You need an application platform that is… 5 5 

GARTNER is a registered trademark and service mark of Gartner and Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Red Hat. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Red Hat Red Hat is a Leader in the 2024 Gartner® Magic Quadrant™: Container Management and 2024 Gartner® Magic Quadrant™: Cloud Application Platforms Source: Gartner, “Magic Quadrant for Cloud Application Platforms,” By Tigran Egiazarov, Mukul Saha, Anne Thomas, Steve Schwent, 4 November 2024 Source: Gartner, “Magic Quadrant for Container Management,” Dennis Smith, Tony Iams, Wataru Katsurashima, Michael Warrilow, Richard Watson, 10 September 2024 6 

7 Secure Apps and Platform Manage at Scale Accelerate AI Modernize Apps and Infrastructure AI / ML Lightspeed Zero Trust with Confidential Computing and Workload Identity Trusted Supply Chain Post Quantum Crypto Multicluster management and governance Cloud Services Edge Developer productivity OpenShift Virtualization Universal Connectivity The Road Ahead AI Ecosystem 

8 Near Term (<6 months) Mid Term (~9 months) Long Term (>12 months) Roadmap Terminology 

9 What’s Next in OpenShift Q2CY2025 Spotlight Features 

What's Next in OpenShift Q2CY2025 OpenShift Lightspeed Generative AI based chat assistant 10 What’s coming ▸ General Availability in coming months ▸ Cluster-awareness and cluster interrogation ▸ BYO knowledge ▸ Quota Now (Technology Preview) ▸ Interactive OpenShift documentation/help ▸ Disconnected deployment ▸ Attach feature to explain pod yaml, and debug log and alerts ▸ Flexible LLM architecture ○ Watsonx, Azure AI, OpenAI, Red Hat OpenShift AI, RHEL AI 

What's Next in OpenShift Q2CY2025 Accelerate AI/ML Workloads in OpenShift 11 11 Job queue management Bring Kueue into the OpenShift ecosystem providing best of breed Registry support for AI models Store, serve, and distribute AI models in Quay Improve GPU efficiency Dynamically allocate AI accelerator resources with Dynamic Accelerator Slicer based on workload needs Enhance Workload Orchestration Manage groups of interrelated workloads as a single unit with JobSet, with LeaderWorkerSet coordinating distributed execution across the cluster Provide choice and flexibility Broad ecosystem of hardware accelerators with NVIDIA GPU, AMD GPU, Intel Gaudi, Qualcomm AI 100, IBM Spye AIU, and more Device Management Dynamic Resource Allocation to manage and allocate specialized hardware devices (GPUs) 

What's Next in OpenShift Q2CY2025 AI Ecosystem 12 12 ▸ NVIDIA B200 GPU support NVIDIA B200 is supported with the NVIDIA GPU Operator 25.3.0. HGX B200 and DGX B200 systems are certified in the Red Hat catalog. ▸ NVIDIA Multi-node, Multi-GPU Red Hat has documented the full end-to-end configuration for GPUDirect RDMA. ▸ NVIDIA Grace-Blackwell support (roadmap) NVIDIA Grace Hopper Superchip is already supported with OpenShift, and Red Hat is preparing support for the Grace Blackwell GB200 NVL72. ▸ OpenShift Virtualization support for NVIDIA HGX servers with NVSwitch (roadmap) Support for deploying and managing Fabric Manager with OpenShift Virtualization on NVIDIA HGX OEM servers with NVSwitch will be available in a future release. All supported AI Accelerators ▸ Unified AI accelerator telemetry dashboard (roadmap) An upcoming dashboard in the OpenShift web console will provide built-in visibility into GPUs/AI accelerators performance and power usage. ▸ AMD GPU Health Monitoring The AMD GPU Operator performs real-time health checks using a metrics exporter. It also integrates with the Kubernetes Device Plugin to automatically remove unhealthy GPUs from the schedulable resources of compute nodes. ▸ OpenShift Virtualization support for AMD MI300X and MI325X GPUs (roadmap) Support for OpenShift Virtualization using the newly announced AMD ROCm GIM driver is planned for a future release. 

What's Next in OpenShift Q2CY2025 13 Secure Platform Configurations Secure Credential Management ▸ Zero Trust Workload Identity Manager (ZTWIM) based on SPIFFE/SPIRE ▸ Bring Trusted Execution Environments (TEEs) to OpenShift using Confidential Computing Zero-Trust Access ▸ Kube-KMS support ▸ External Secrets Operator support ▸ cert-manager integration with OpenShift Service Mesh via istio-csr (GA) Trusted and Secure Platform Secure by Default ▸ Bring Your Own external OIDC for seamless multi-cloud authentication ▸ Pod Security Admission Integration - Restricted Enforcement ▸ User namespace support (GA) ▸ SigStore toolchain to sign and verify signed artifacts in OpenShift 

What's Next in OpenShift Q2CY2025 14 Mobility Enterprise Networking Multi-cluster management ▸ IBM Z, s390 and Arm support ▸ Additional Cloud integration ▸ Console and usability enhancements for Single cluster and Multi-cluster Virtualization ▸ Multi-cluster Observability for VM management at scale ▸ Fine-Grained RBAC for Multi-cluster Virtualization ▸ Multi-cluster lifecycle operations enhancement ▸ IPv6 Single-stack for control plane and localnet ▸ Secondary UDN localnet: Routable L2 overlay with optional dynamic IP allocation ▸ BGP and EVPN for User Defined Networks OpenShift Virtualization Modern infrastructure with proven KVM virtualization ▸ Storage Class Migration ▸ Live migration capability in Migration Toolkit for Virtualization Load aware balancing ▸ Cross-cluster live migration ▸ Assisted Migration utility Near term Long term 

What's Next in OpenShift Q2CY2025 Streamlined OpenShift Virtualization Onboarding Experience Disconnected Installation, No Registry Required ▸ Install OpenShift Virtualization in fully air-gapped environments without needing a pre-existing image registry ▸ Leverages Agent-based installer UI-Driven Workflow ▸ Removes the need for manual YAML and CLI steps with a guided installer experience Opinionated Workflow with Pre-Configured Operators ▸ Pre-configure essential operators for OpenShift Virtualization Engine and minimize external day 1 dependencies Technology Preview in 4.19 15 

Core platform 16 What’s Next in OpenShift Q2CY2025 

What's Next in OpenShift Q2CY2025 Provider Integrations, Installation, and Updates 17 ▸ Add new clouds and platforms ▸ Add new regions ▸ Multiple architectures ▸ Enable third party integrations ▸ Hosted Control Planes ▸ New cluster capabilities ▸ More flexibility Installation Updates Platforms Enable Hybrid Cloud Optimize onboarding Mitigate risk ▸ Improve update user experience ▸ Update precheck ▸ Update progress monitoring Core platform 

What's Next in OpenShift Q2CY2025 18 Cloud ▸ IPv6 single stack support ▸ IPv6/IPv4 Dual stack support ▸ Dedicated Host support ▸ User managed External DNS support ▸ Additional disks at install time ▸ Support for new regions in Mexico, Taiwan, Saudi Arabia and Auckland ▸ IPv6 single stack support ▸ IPv6/IPv4 Dual stack support ▸ Dedicated Host support ▸ User managed External DNS support ▸ Additional disks at install time ▸ Azure Government Secret regions ▸ NVIDIA H100 and H200 machine series support ▸ IPv6 single stack support ▸ IPv6/IPv4 Dual stack support ▸ GCP private and restricted endpoints support ▸ Support for OpenShift Virtualization (GA) ▸ Additional disks at install time ▸ Oracle Cloud Roving Edge Infrastructure ▸ Support for OpenShift Virtualization (GA) ▸ Oracle Alloy Cloud Infrastructure ▸ Red Hat validated Oracle CSI driver Consistency Across the Hybrid Cloud 

What's Next in OpenShift Q2CY2025 Consistency Across the Hybrid Cloud 19 On-premises ▸ Day 2 firmware settings reconfiguration and firmware updates ▸ Bare Metal Multi-architecture Support ▸ Bare Metal as a Service (BMaaS) ▸ Bare Metal Cluster API Provider ▸ Bare Metal Spoke Cluster Provisioning for Hosted Control Planes from a KubeVirt Hosted Cluster ▸ Support for Network Controller Sideband Interface (NC-SI) ▸ Static IP assignments ▸ Agent-based Installer Support ▸ Multi-Prism Central Failure domains ▸ VM-VM Anti-Affinity Policies ▸ Add bare metal nodes to clusters on Nutanix ▸ OpenShift Zones support with Host Groups ▸ MachineSet support for more than one disk ▸ IPI support for multi-NIC VM ▸ Support Adding Bare Metal Nodes to OpenShift vSphere clusters ▸ RHOSO multi cluster resource orchestration ▸ RHOSO multi-Openstack deployments ▸ RHOSO OpenStack Workload Optimization based on OpenStack Watcher ▸ RHOSO Federated Authentication ▸ RHOSO Multi Cloud Connect via BGP EVPN ▸ RHOSO Confidential Computing (Memory Encrypted VMs on AMD) ▸ Secret Store CSI Driver on IBM Z ▸ IPv6 Single Stack support ▸ Dynamic Resource Allocation (DRA) ▸ Dual Stream RHCOS support ▸ Multi-Zone IPI PowerVS Bare Metal IBM Power Systems and IBM LinuxONE 

What's Next in OpenShift Q2CY2025 20 Hosted Control Planes (HCP) ▸ Streamlined and simplified upgrades for control planes and NodePools ▸ Dynamic Control Planes Scaling ▸ 3rd-Party CNI Conformance Tests for Cilium and Calico CNIs ▸ Enhanced debugging for seamless installation and lifecycle ▸ Improvements and advancements in ROSA HCP and work towards ARO HCP ▸ User-Defined Networking support ▸ IPSec/networking config parity with standalone Storage ▸ Recover from expansion GA ▸ VolumeAttributeClass TP ▸ vSphere volume migration GA ▸ Disable vSphere CSI GA ▸ Azure File cross-subscriptions access GA Core ▸ Support for RHCOS 9 & 10 in a single cluster for updates ▸ Swap support for containers ▸ User Namespace ▸ PSa Restricted enforcement ▸ BYO External OAuth/OIDC ▸ Descheduler customization to get metrics from Prometheus ▸ Scale nodes with AutoNode on AWS with Hosted Control Planes ▸ In-place pod update ▸ In-place Vertical Pod Autoscaler update ▸ Machine API to Cluster API migration Hosted Control Planes and the Core Platform Near Term Long Term 

What's Next in OpenShift Q2CY2025 Control Plane ▸ Support for setting event-ttl and goaway-chance in the Kube API Server Operator improving scalability of very large clusters ▸ Hitless automatic defrag of etcd nodes, for better etcd performance ▸ Hitless TLS Certificate Rotation for Kubernetes API ▸ Kubernetes Key Management Service (Kube KMS) integration ▸ A new Control Plane documentation section ▸ External CA Support for Platform Certificates ▸ Improved platform certificates rotation information for users 21 Near Term Long Term 

Red Hat Cloud Services 22 What’s Next in OpenShift Q2CY2025 

What's Next in OpenShift Q2CY2025 23 Cloud Services ▸ No Public Egress required to Install/Operate HCP Clusters ▸ Shared-VPC deployment ▸ Dedicated Hosts for Virtualization (Enable Windows BYOL) ▸ Windows License-Included for Virtualization ▸ Capacity Reservation and Capacity Blocks for ML ▸ Machine pool auto-scale to/from zero ▸ Enable EUS channel for managed OpenShift clusters ▸ Integrated Karpenter / Auto-Node ▸ Support for up to 249 compute nodes ▸ Wide range of GPU-enabled instances with deployment flexibility ▸ OCP-Virt on OSD-GCP ▸ Windows BYOL for Virtualization ▸ Out of the box integration with Google Cloud NetApp Volumes ▸ Expanded regions - Azure Government Texas and Arizona, UAE Central ▸ Expanded instance type support ▸ Managed identities - General availability ▸ Azure Lockbox Enhancements ▸ Jumbo frames support ▸ Expanded regions - Mexico Central, Indonesia central, Austria ▸ Prometheus persistence ▸ Hosted Control Planes Managed OpenShift Services Red Hat OpenShift Service on AWS (ROSA) Azure Red Hat OpenShift (ARO) OpenShift Dedicated - Google Cloud Near term Long term 

More than Kubernetes Workloads and Layered Offerings 24 What’s Next in OpenShift Q2CY2025 

What's Next in OpenShift Q2CY2025 25 Achieve complete control over the lifecycle of your applications Delivering an Enterprise Application Platform Simplified: merging Dev + Admin console Unified: helm, operators, devfiles in one catalog view Streamlined: guided ServiceAccount creation and CRD cleanup with operators Operate GitOps: everything as code with confidence via PR promotions and scaling in new ways More secure builds with isolation via user namespaces & multi-cluster support Quay completing supply chain coverage with artifacts and AI models Build Microservices with less overhead at scale with ambient mesh, user-defined networks across dual-stack clusters Post-quantum security for any service mesh app Augment apps with serverless AI agents, edge and event streaming Streamline legacy application onboarding with Gen AI Deploy Serverless ServiceMesh Console Operator Mgmt Migration Toolkit for Applications 

What's Next in OpenShift Q2CY2025 26 Centrally manage your infrastructure definition and software assets Develop: GitOps and Quay ● OCI repo source ● Argo agent (Tech Preview) GitOps ● Environment promotion and rollback ● Certificate management ● UI performance and accessibility ● Application-based sharding ● AI Model Card indexing and discovery in Model Registry ● Switch to PatternFly UI ● Tag Immutability ● Least-recently pulled auto pruning ● Sparse Manifest Lists ● Organization mirroring ● Artifact support: npm, maven, python, gems ● Offline HuggingFace API Near Term Long Term Quay 

What's Next in OpenShift Q2CY2025 27 Automate application build, test and deployment Build: Builds and Pipelines ● Buildpacks build strategy (TP) ● BuildConfig to Shipwright migrations Builds Pipelines ● Buildpacks build strategy (GA) ● Image builds in user namespaces ● Multi-arch image builds ● Expanding build strategies ● StepActions (GA) ● Enhanced pruner (TP) ● Reduced GitHub App permissions ● Expanded concurrency control ● Dependency caching in resolvers ● Pipelines execution in user namespaces ● Multi-cluster control plane ● Tekton Results multi-tenancy ● Pipelines-in-pipelines GA ● Retention policies in Tekton Results Near Term Long Term 

What's Next in OpenShift Q2CY2025 28 Simplify and secure your application workloads Run: Serverless and Service Mesh ● Function template - Python for AI ● Catalog of pre factored Event Source and Event Sinks (AWS S3, AWS SQS) Serverless ● Serverless Workflow and Functions for No code AI Agent Composition ● Support for AWS Lambda Migration ● Support integration of AI Services ● Function as Kubernetes Deployment ● AI Model Drift Detection with Eventing ● Istio ambient mode (sidecar-less) technology preview ● Istio-csr (for cert-manager) generally available ● Istio ambient mode (sidecar-less) general availability of stable features ● Quantum-ready crypto ● External (Off cluster) workload integration ● Multi-cluster service mesh management Near Term Long Term Service Mesh 

What's Next in OpenShift Q2CY2025 29 Achieve control over your workloads through intuitive UI or automation Manage: Operator Framework and OpenShift Console ● Support for Themes (PF6) ● Merge & Simplify Admin + Dev Perspective OpenShift Console ● Unified Software Catalog - OLM v1 support in Console ● Dynamic Plugins: Multi-Cluster Support ● Filter for individual operator versions and channels right from the UI ● Unified catalog ● RHDH Software Template Generator for OCP Applications ● Support operators with webhooks and namespace scope in OLM v1 ● Auto-suggest appropriate install ServiceAccount ● Support Helm-packaged operators ● Install and manage any helm chart declaratively ● Configurable CRD clean-up Near Term Long Term Operator Framework 

Networking 30 Edge computing with Red Hat OpenShift What’s Next in OpenShift Q2CY2025 

What's Next in OpenShift Q2CY2025 User Defined Networks (UDN) with BGP EVPN Integration Bring your own network to OpenShift, your fabric, your rules ▸ Unify VMs, containers, and custom networks — BGP EVPN brings virtualization and OpenShift onto a seamless data center fabric ▸ Full support in OVN-Kubernetes ･ UDN A default network for OVN-Kubernetes components + VRF support for additional isolated-by-default UDNs ･ BGP as a routing protocol for UDNs ･ EVPN, a common data center networking fabric that relies on BGP for dynamically exposing cluster scoped network entities into a provider’s network, as well as program BGP-learned routes from the provider’s network into OVN ▸ Use cases: ･ Extend UDN into provider networks, so a VM can be directly referenced by its (static) L2 network address, rather than requiring NAT translation at the cluster edge ･ Live migrate a VM between a provider network and an OCP cluster 31 

What's Next in OpenShift Q2CY2025 OpenShift Core Networking Roadmap ▸ GA of Gateway API at OCP 4.19 with OSSM 3.0 ▸ Installed side-by-side with HAProxy ･ 10+ years of proven stability, performance ▸ OCP will support all methods of K8s ingress: ･ Route API ･ Ingress API ･ Gateway API ▸ OpenShift Ingress operator will support installation and management of Gateway API via OSSM ▸ Enabling Service Mesh is not required ▸ OCP platform will provide out-of-the-box DNS and LB support Ingress API Route API Gateway API (3rd-party) OCP Cluster Kubernetes’ next-generation standard for service networking 32 Analogs: Istio : OpenShift router Envoy : HAProxy Gateway : IngressController HTTPRoute : Route 

What's Next in OpenShift Q2CY2025 Network Observability eBPF Manager IPv6 ● Already supported on On-prem, we look to extend to all public clouds in the coming releases ● As public cloud platform end-to-end IPv6 support progresses, we are working with the cloud providers to make sure OpenShift networking will also support IPv6 dual-stack deployments on the public cloud to match their readiness ● An eBPF program manager and gatekeeper that ensure the secure deployment of eBPF applications ● Currently in CNCF Sandbox ● Secure and manage all user and OpenShift eBPF implementations e.g. Ingress Node Firewall, Network Observability Operator ● Installed from Operator Hub ● Currently under Tech Preview, looking to GA this very soon Red Hat OpenShift Networking ● Network Observability Operator is a free, easily-installed add-on option in the console ● eBPF Manager integration ● User Defined Networks (UDN) enablement ● OpenShift AI deployment-specific metrics ● Identify specific K8s Network Policy blocking traffic ● korrel8r (correlation between Observability tools) ● Packet tracing ● Multi-cluster enablement ● IPsec / mTLS 33 

What's Next in OpenShift Q2CY2025 OpenShift Core Networking Roadmap Red Hat Connectivity Link Core DNS Integration Today, Red Hat Connectivity Link integrates with the Cloud Service Providers (AWS, Google, Microsoft) allowing advanced management of DNS. With the Red Hat Connectivity Link plugin for Core DNS we bring all the same features of the Cloud DNS integrations to your local DNS Management solution. Now you can bring along your CoreDNS backends plugins: ● InfoBlox ● Redis ● Cloudflare ● Akamai ● Blue Cat ● And more… New Release v1.1 Coming in May Featuring: Red Hat Connectivity Link will be introducing support for Gateway API v1.2 which brings with it: ● gRPC Routing ● Web Sockets ● Timeouts ● Retries ● And More… Preparation & logic to support inference serving integrations which will allow for: ● Token Rate Limiting ● Universal Authentication ● Enforce Policies for AI Applications ● Model Versioning & Deployment ● Inference Serving Metrics ● And More… Additional Capabilities 34 

Observability 35 Edge computing with Red Hat OpenShift What’s Next in OpenShift Q2CY2025 

What's Next in OpenShift Q2CY2025 Red Hat OpenShift Observability & Insights ● Custom reports builder in Cost Management ● GenAI observability capabilities and partner integrations ● Integrated analytics capabilities for OCP - incident detection, signal correlation ● OpenShift Lightspeed troubleshooting integration ● Workload efficiency with Rightsizing ● Native and custom dashboards for single- and multi-cluster observability ● Deploy, use & manage Observability w/ Cluster Observability Operator ● Enriching AI with GPU/Accelerator metrics and dashboards, integrating Accelerator metrics with OCP dashboards and Cost Management ● Application Monitoring dashboards, integration with Red Hat Developer hub for Cost Management ● Incident navigation capabilities in ACM ● OpenTelemetry integration with Red Hat Edge Management Near Term Long Term 36 Red Hat Observability Platform 

Troubleshoot & optimize resources faster in ACM with: ▷ Consolidated incident detection with alert groupings ▷ Productization of right sizing for Namespaces & Virtual Machines - towards TP Long Term: Exploring Observability Signals with UI Plugins & Customizable Dashboards Improved Observe section in ACM console with: ▷ Leveraging Perses for customizable dashboards ▷ Consolidated Multi-Cluster Alerting UI ▷ Introducing a Multi-Cluster Logging UI Improving Observability for OpenShift Virtualization & Red Hat Advanced Cluster Management Near Term: Making Use of Analytics Features Mid Term: Easily Defining & Installing Observability Components Consolidating the Multi-Cluster Observability Add-On (MCOA) in ACM with: ▷ Cluster logging operator ▷ Cluster observability operator ▷ Loki operator ▷ Tempo operator 37 Red Hat Observability Platform redhat.com/observability 

Leveraging observability signals & analytics to provide cluster awareness with: ▷ Signal correlation/Korrel8r ▷ Incident detection ▷ Cluster & components health with kube-health Near Term: Distribute & Integrate OpenTelemetry ▷ Establish OpenTelemetry (OTEL) schema for AI workloads ▷ Integration with Dynatrace platform AI & Observability for Red Hat OpenShift Long Term: Integration with OpenShift Lightspeed & AI Interfaces Mid Term: Accelerators Metrics & Partner Enablement Partner accelerators enablement: ▷ Leveraging Perses ▷ One dashboard to rule it all 38 OpenShift AI AI Workloads OpenShift Lightspeed redhat.com/observability Red Hat Observability Platform 

39 What’s Next in OpenShift Q2CY2025 Developer Experience 

What's Next in OpenShift Q2CY2025 40 Red Hat Developer Hub Core Plugins Adoption ▸ Plugins Installation from RHDH ▸ RHDH Local (TP) ▸ Adoption Insights (TP) ▸ Plugins Certification ▸ OpenShift AI Integration Near term Long term ▸ FIPS Support ▸ Templates Lifecycle Management ▸ Bulk Import (GA) ▸ Developer Lightspeed (DP) ▸ Scorecard Plugin ▸ First time onboarding experience ▸ Localization Support ▸ Customizable Homepage ▸ MCP Server ▸ Continuous Learning 

41 Podman Desktop Accepted as a Sandbox Cloud Native Computing Foundation (CNCF) project. 5.7k ! Red Hat Tooling Containers & Kubernetes UX & Configuration ▸ Mirror Registries ▸ More Kubernetes Object Supported ▸ Kubernetes Namespace selection ▸ Bridge to remote Podman Hosts ▸ GPU Acceleration Support ▸ Test Bootable Containers in BootC Extension ▸ RHEL Extension ▸ RHEL LightSpeed Extension ▸ Run Microshift in a Container ▸ Red Hat Container Catalog ▸ Vulnerability Scanning Near term Long term ▸ Status bar Improvements ▸ Faster and Simpler Onboarding ▸ Dashboard Revamp ▸ Logs UI ▸ Integrated CLI 

42 Podman AI Lab Agentic Local Inferencing Experimentation Playground ▸ GPU Acceleration Support ▸ Support for OpenVino ▸ Support for vLLM ▸ Easy start of LLama Stack ▸ Explore Llama Stack API ▸ Agents Recipes ▸ MCP Server Support ▸ Podman MCP Server ▸ A2A Near term Long term ▸ Leveraging Ramalama ▸ Expand Catalog of Recipes ▸ Access to Open AI API ▸ Ollama API compatibility ▸ MCP Support in Playground 42 

43 Edge computing with Red Hat OpenShift What’s Next in OpenShift Q2CY2025 Security Platform Security and Red Hat Advanced Cluster Security 

What's Next in OpenShift Q2CY2025 44 Zero Trust Workload Identity Multi-Factor Authentication for Workloads ▸ Enable MFA for your workloads with Red Hat’s Zero Trust Workload Identity Manager Operator ▸ Day 2 Operator Based on SPIFFE/SPIRE ▸ Single identity schema across multi-cluster deployments with federation support. ▸ Short-lived, cryptographically verifiable identities issued after node and workload attestation enabling zero-trust architecture ▸ Identities for VM and Container Workloads ▸ Available as TechPreview in 1H 2025 

What's Next in OpenShift Q2CY2025 Compliance Vulnerability Management Risk Profiling 45 Red Hat Advanced Cluster Security Security across the entire application lifecycle ▸ Adding context for CVE prioritization ▸ Integration with other VM tools ▸ Vulnerability Management for VMs ▸ New OCP CO profiles ▸ Compliance as policy ▸ OCPVirt compliance ▸ Visualize and schedule tailored profiles ▸ RBAC insights ▸ Action Driven Risk Near term Long term 

What's Next in OpenShift Q2CY2025 Security Policy Guardrails Network & Runtime 46 Red Hat Advanced Cluster Security Security across the entire application lifecycle ▸ Policy as code improvements ▸ Integration with other policy engines ▸ Violation reporting ▸ FIPS 140 support ▸ BYODB ▸ External Entity IP visualization and threat detection ▸ Improved isolation insights with BANP/ANP Platform Near term Long term 

47 Edge computing with Red Hat OpenShift What’s Next in OpenShift Q2CY2025 What’s Next in Multicluster Management With Red Hat Advanced Cluster Management 

What’s Next in OpenShift Q2Y2025 Red Hat Advanced Cluster Management Roadmap Highlights Virtualization Cluster Lifecycle Governance ● Fine-grained RBAC for OpenShift Virtualization and Search (TP) ● Ability to customise the name of the hub cluster ● ROSA HCP lifecycle via Cluster API (AWS) ● Test automation tooling for OCM.io policies (GA) ● Live migration of VMs (TP) ● Launch to VNC console (Virtual Network Computing) ● ARO HCP lifecycle via Cluster API (Azure) ● Enable easier RHACM certificate management across your fleet (TP) ● ACS Policy integration in Governance UI Near term Long term 48 

Application Lifecycle Cloud Marketplace ● Progressive Sync of Argo CD ApplicationSets in RHACM (TP) ● ACM on-demand offering in AWS marketplace - going live! ● OpenShift Gitops add-on for tighter integration (GA) ● Argo CD agent integration (TP) ● ACM on-demand offering in Azure & Google Cloud What’s Next in OpenShift Q2Y2025 Red Hat Advanced Cluster Management Roadmap Highlights 49 Near term Long term 

OpenShift for Telco and Edge 50 Edge computing with Red Hat OpenShift What’s Next in OpenShift Q2CY2025 Product Managers: Daniel Fröhlich, Franck Baudin, Robert Love, Michal Zasepa, Hari Rakotoranto 

What's Next in OpenShift Q2CY2025 51 Red Hat Device Edge and MicroShift Maintain the Base Support RHEL Image Mode GA RHEL 9.6 and 10.x Edgy AI Workload Model Serving with OpenShift AI - GA Extend Capabilities Generic Device Plugin Cert-manager Optimized image pulling with zsdt:chunked Stability and Continuity Innovative use cases Simplify day2 EDGE Near term Long term 

What's Next in OpenShift Q2CY2025 Node 3 Two Node OpenShift with Arbiter (TNA) Approach: ● Two node solution for cost sensitive customers ● Small arbiter node, running only 3d etcd instance ● Technically a three node cluster ● OCP Virtualization fully supported ● Hyperconverged Storage / SDS via Partners ● X86 and Arm, bare metal only Node 2 Node 1 Infrastructure Services Kubernetes Services etcd 3 instances with regular quorum mechanisms like 3 node compact clusters Workload Timeline Targets: ● V4.19 Technology Preview ● V4.20 General Availability 52 

What's Next in OpenShift Q2CY2025 Two Node OpenShift with Fencing (TNF) Approach: ● True two node solution for cost sensitive customers ● Relies on proven RHEL-HA technologies (corosync, pacemaker) to provide etcd HA ● Uses fencing to protect against split brain situations: the surviving node power downs the failed node to guarantee consistency ● Requires a Base Management Controller (BMC) that supporters RedFish for fencing ● Node local storage supported (e.g. LVMS) ● X86, bare metal only Timeline Targets:: ● V4.19 Developer Preview ● V4.20 Tech Preview Infrastructure Services Kubernetes Services etcd (Lead) Node 1 Workload BMC used for fencing etcd (Follow) RHEL HA (Corosync, Pacemaker) Node 2 53 

What's Next in OpenShift Q2CY2025 54 Telco Continued Involvement in O-RAN WG6 (O-Cloud) and W11 (Security) O2-IMS interface implementation (*) and O-Cloud Manager deployment Metal3 as an open-source HW Manager Cooperation with partners to deploy and provision the O-Cloud Alignment with O-RAN Standard Intel GNR-D with integrated NIC and Connorsville NIC family (**) RAN DU deployments on ARM (nVIDIA Grace Hopper) (**) RAN Acceleration based on nVIDIA (Hopper and CX-7 Bluefield) AMD 4th Generation CPU and Turin leveraging LLC Aware CPU pinning New Hardware Enablement Standardised Telco Cloud for RAN HW Refresh and New Functionality Production rollout of Image Based Install, Image Based Upgrades and Image Based Break+Fix Utilization of full Red Hat portfolio to solve diverse operational challenges Advise and assist the ecosystem to adopt cloud native principles and best practices Broad Operationalization of Red Hat OpenShift Platform Plus Simplify and Accelerate Day-1/2 Operations (*) - Depending on the O-RAN standard readiness and excluding O2ims monitoring (metrics) API and logs (**) - Depends on HW vendor roadmap/availability, upstream readiness and/or 3rd party software 

What's Next in OpenShift Q2CY2025 ● Red Hat is: ○ actively engaged in O-RAN WG6 (O-Cloud) and WG11 (Security) activities. ○ extending a Hub Cluster functionality to manage CaaS and Hardware (Day-0/1/2) and meet requirements defined by O-RAN for O-Cloud ○ working on SMO&RAN workload agnostic O-Cloud components ● Key investment areas in upcoming 6-12 months: ○ Metal3 as an open-source Hardware Manager ○ CaaS and HW Day-2 operations ■ incl. IBU, IBI, and IBBF for SNO ○ O-Cloud Observability at scale based on the cloud-native best practices ○ RAN use cases: ■ SNO with DU Profile ■ SNO with CU&DU Profile ■ MNO with RAN workload ● Accelerate the building of the O-Cloud partner ecosystem ● Drive O-RAN standard (WG6, WG11) and O-RAN SC 55 O-RAN (O-Cloud Components) Telco Near term Long term 

56 ARM Based CPU Targeting full Telco Edge use case with the same experience as with OpenShift on x86 today GraceHopper DP 4.19 = Solution analysis and ARM builds of Operators for both use cases (SNO DU and MNO), No ZTP or LCM (IBI, IBU, TALM, etc) TP 4.20 = DU on SNO: ZTP and LCM (IBI, IBU), CX-7/BF3 NIC, CX6 NIC, Full regression testing, KPI testing GA 4.21 = DU on SNO support in RDS TP 4.21 = CU on MNO ZTP and LCM, CX-6&CX-7/BF3 NIC AMD based CPU AMD based CPU Genoa and Bergamo supported (NPS ==1) TP 4.18: Node Per Socket =1 GA 4.20+: Turin support WIP 4.20+ : LLC Aware CPU pinning as a better way to leverage CCX than Node Per Socket =4 Engaging with AMD for upstream support - Long term goal (NRI) ARM based CPU Sierra Forest / Granite Rapid -D / Connersville Family Sierra Forest: 5G Core RDS inclusion WIP Granite Rapid -D: OCP Milestones dependent on 3rd party upstream deliverables DP 4.19 = Quality Sample HW, Integrated NIC, Carter Flat NIC, VBR2, PTP OC/BC, Limited Regression Testing TP 4.19 = Quality Sample HW, Integrated NIC, Carter Flat NIC, VBR2, PTP OC/BC, T-GM [DP], Limited Regression Testing, KPI Evaluation GA 4.20.z (Q1’26) = Commercial HW, Integrated NIC, Carter Flat NIC, Reed Channel NIC, VBR2, PTP OC/BC, T-GM, Full Regression Testing, Full KPI Testing New Hardware Support - Validated for Telco Use cases Near term Long term 

Upcoming Events 57 Edge computing with Red Hat OpenShift What’s Next in OpenShift Q2CY2025 

Find us at Red Hat Summit May 19 2025, Boston red.ht/summit25 http://red.ht/Co mmonsSummit 58 

Thank you for joining! 59 Guided demos of new features on a real cluster learn.openshift.com OpenShift info, documentation and more try.openshift.com OpenShift Commons: Where users, partners, and contributors come together commons.openshift.org What’s New and What’s Next red.ht/whatsnew