CONFIDENTIAL designator OpenShift Update and Roadmap and Demos Marc Curry OpenShift PM 1 Heather Heffner OpenShift PM Frank La Vigne Emerging Sales Specialist

OpenShift Roadmap and Update 2 Source: Red Hat detail. “The State of Enterprise Open Source,” Feb. 2022. Open Source Development not slowing down of IT leaders are more likely to select a vendor who contributes to the open source community of IT leaders believe enterprise open source is as secure or more secure than proprietary software Making good use of emerging technologies Artificial intelligence (AI) or machine learning (ML) Edge computing or Internet of Things (ioT) Containers Serverless computing 71% 71% 68% 61%

3 Cloud-native apps AI/ML, Functions Communities of Innovation | Ecosystems of Solutions Secure & Automated Infrastructure and Operations Traditional apps Physical Virtual Private cloud Public cloud Edge Delivering consistency, flexibility, security OpenShift Roadmap and Update

OpenShift Roadmap and Update 4 Available as self-managed platform or fully managed cloud service Red Hat OpenShift Dedicated2 Red Hat OpenShift service on Amazon Web Services1 Microsoft Azure Red Hat OpenShift Red Hat OpenShift on IBM Cloud1 Managed Red Hat OpenShift services Self-managed Red Hat OpenShift On public cloud, or on-premises on physical or virtual infrastructure3 Start quickly, we manage it for you Cloud managed You manage it, for control and flexibility Customer managed

5 OpenShift Cloud Services Recent Updates (3Q-4Q 2023) ●ROSA: Hosted Control Planes (Public Preview) ●ROSA: Terraform provider & modules ●ROSA: NLB and ALB ingress improvements ●ROSA: HIPAA ●ROSA: Regions: Melbourne, UAE, Hyderabad, Switzerland, Spain ●ROSA/OSD: worker node disk sizes & IMDSv2 ●ROSA/OSD: Default machine pool swap-out ●ARO: cluster resource tagging ●ARO: Private cluster in User Defined routing (no public IP) ●ARO: extended lifecycle ●ARO: 4.12 ●ARO: no fee Infrastructure Nodes Managed OpenShift 5 OpenShift Roadmap and Update ❖ New cloud architecture option ❖ Networking improvements with new ingress options ❖ Compliance and certifications always a priority ❖ Global region availability ❖ Maturing platforms ❖ Lifecycle improvements ❖ Cost efficiency

6 Traditional N-Tier Apps Cloud Native Microservices ISV Packaged Apps Physical Virtual Private cloud Public cloud Red Hat Enterprise Linux Edge cloud Red Hat OpenShift Red Hat Open Hybrid Cloud Data, Analytics & AI/ML Enabling any application, on any infrastructure, in any location OpenShift Roadmap and Update

OpenShift Roadmap and Update 7 OpenShift Focus Areas and Themes 7 The Roadmap for CY 2023 and Beyond Containers, VMs & Kubernetes Development and Deployment of Cloud Native Apps Multi-cloud, Hybrid-cloud, and the Edge Security and Compliance Resilience and Scale User Experience

No content

OpenShift Roadmap and Update 9 ACS Cloud is now available: https://www.redhat.com/acstrial ● Currently protecting: ○ 52 Centrals, 54 Clusters ○ Over 1000 nodes ○ Over 26k vCPU ● Sign up online for 60 days free trial ○ redhat.com/acstrial ● Connect to your Openshift or any other kubernetes Cluster and start your evaluation in minutes ● Fully functional Trial with no limited on functionality of capacity ● Access to Red Hat's award-winning Customer Portal, including documentation, helpful videos, discussions, and more Red Hat Advanced Cluster Security (RHACS) for Kubernetes ACS Cloud Trial is Now Available

OpenShift Roadmap and Update 10 SCC Preemption Prevention and PSA Improvements 10 SCC Preemption: SCCs are part of the OpenShift API and are subject to modifications by customers. This would lead to preemption issues that resulted in: ● Modifications of out-of-the-box SCCs causing core workloads to malfunction ● Addition of new higher priority SCCs that overrule existing pinned out-of-the-box SCCs during SCC admission and cause core workloads to malfunction ● Often encountered with Layered Products as well such as ACS, Storage Operators from OpenShift partner teams You can now pin your workload to specific SCC to prevent against SCC preemption issues PSA Improvements: ● Default and Kube System namespace have privileged enabled for Cloud provider ease of integration ● User should be able to modify pod-security.kubernetes.io-labels

OpenShift Roadmap and Update 11 Red Hat now ships fully automated tooling to implement the DISA STIG for OpenShift via the Compliance Operator US DISA STIG is the MANDATED security baseline for the Department of Defense, and is widely used by civilian and commercial agencies DISA STIG for OpenShift and Compliance Operator Profile DISA is the US DoD’s common IT service provider DISA releases the Red Hat OpenShift Container Platform 4.12 Security Technical Implementation Guide – DoD Cyber Exchange https://docs.openshift.com/container-platform/4.13/security/compliance_operator/co-scans/compliance-opera tor-supported-profiles.html

OpenShift Roadmap and Update 12 12 OpenShift on Arm ● Round out cloud platform support to all running OpenShift on highly efficient, high performance per watt architectures o-----------------------------o ● Support for Arm on GCP ● oc mirror parity with x86 Multi-architecture Cluster ● More cluster flexibility by allowing nodes of different architecture, now with more cloud platforms and a guided install experience o------------------------------o ● Multi-architecture compute platforms: ○ GCP with Arm ○ Bare Metal Arm ○ Add IBM Power or IBM Z to x86 clusters ● Assisted Installer support ● Autoscale from zero ● Mirror multi-release payload IBM Power and zSystems ● Run OpenShift on highly available, highly secure, scalable hardware. o-----------------------------o ● Single Node OpenShift support ● Hosted Control Planes - x86 control plane, Power or Z compute (Tech Preview) ● oc mirror parity with x86 ● Install secured cluster services with Red Hat Advanced Cluster Security (RHACS) operator Systems Enablement

OpenShift Roadmap and Update An OpenShift topology for hybrid cloud operations at scale Scaling Operations with Hosted Control Planes (aka Hypershift) Separation of concerns between management & workload admins Cost efficiency, better security and compliance, and faster time to provision OpenShift clusters Containerized Apps Cluster 1 Control Plane Management Cluster (Hosted Control Planes) Cluster 2 Control Plane Cluster n Control Plane Cluster 1 Worker Nodes Cluster 1 Worker Nodes Cluster 1 Worker Nodes Cluster 1 Worker Nodes Cluster 1 Worker Nodes Cluster 2 Worker Nodes Cluster 1 Worker Nodes Cluster 1 Worker Nodes Cluster n Worker Nodes Cluster 1 Worker Nodes Cluster 1 Worker Nodes Cluster 3 Worker Nodes Developers/ DevOps Engineers IT Operations/ Platform Engineer

Hosted Control Planes for Red Hat OpenShift What’s new ● Baremetal with the Agent Provider (GA) ● OpenShift Virtualization (GA) ● AWS [Continuation] (Tech Preview) ● Arm CP and x86 NodePools on AWS (Tech Preview) ● IBM Power/Z NodePools (Tech Preview) ● Tailor the setup to your needs with high Flexibility ● Streamline Role Management & Segmentation ● Reduce Multi-cluster Overhead ● Optimize your economics, Increase your Margins, and Meet your Eco-Friendly Goals Optimize your economics, Increase your Margins, and Meet your Eco-Friendly Goals (💰 ☘) ● 30% infra savings; 65% for SREs/Operations savings on mgmt costs.60% time-saving for devs (⬆ Productivity), 50% reductions in power & facility costs. 14 Why it matters OpenShift Roadmap and Update

OpenShift Roadmap and Update 15 Open Virtual Network (OVN) Enhancements Included in any upgrade to OpenShift 4.14+ ▸ Every cluster node hosts its own network flow data versus querying control nodes for it ▸ Improved scale ･ Network flow data is localized on every node which reduces operational latency ･ Adding nodes to a cluster has a much smaller impact on cluster-wide traffic ･ Now scales linearly with node count: O(1) versus O(#workers / 3-control-nodes) ▸ Improved stability ･ No RAFT control node leader election, a major source of cluster instability ▸ Isolated networking loss in case of issue ･ Any cluster node lost affects just that node instead of the whole cluster network ･ Properly deployed apps (across nodes) are unaffected by any single node loss ▸ Improved Security ･ Cluster nodes don’t need to know the networking of other cluster nodes, or communicate their own control plane ovnkube-cluster-manager NBDB northd SBDB data plane ovnkube controller OVS ovn controller OVS Bridge NIC pod: ovnkube-control-plane pod: ovnkube-node

● Prevent and identify malicious code with integrated security checks ● Safeguard build systems with security-focused CI/CD workflows ● Continuously monitor security at runtime with higher fidelity threat detection Flexibility and choice of any environment Standardize, share and store with centralized access controls Code New Virtual Physical Hybrid Universal Base Image Language Runtime Application Libraries Build Monitor New Image Scanning Deployment Gates Software Composition Analysis Digitally Signed & Verified Artifact Building Image Building New New Provenance, Attestation of Curated Content OSS Risk Profiles Images Containers Clusters Network New Code, build, and monitor to a Trusted Software Supply Chain Delivered as a cloud service with integrated security guardrails at every phase of the SDLC

OpenShift Roadmap and Update 17 Shift-left security ⬤ Scan app images for security vulnerabilities ⬤ Establish security guardrails with build policies ⬤ Achieve SLSA 3 compliance Continuous integration ⬤ Automate container image build and test with pipelines ⬤ Design pipelines with the visual pipeline builder ⬤ Build and share CI tasks across the organization 17 Automate app build and security

Red Hat OpenShift Networking 18 Integrating Zero Trust Source: Red Hat’s Zero Trust Adoption Journey Zero Trust OpenShift Ansible Identity Platforms (IDM, DS/CS, SSO) ZT maturity via services engagements Security Ecosystem 18

OpenShift Roadmap and Update 19 19 Red Hat Device Edge and MicroShift What is it? Red Hat Device Edge with MicroShift is a Kubernetes distribution derived from OpenShift Container Platform that is designed for optimizing small form factor devices and edge computing. New Features: ● General availability ● Updateability ● Automatic rollback with rpm-ostree ● Manual backup and restore ● CSI Snapshots ● CNCF certification ● Networking enhancements (full offline) Kubernetes cluster services Networking | Ingress | Storage | Helm Kubernetes Orchestration | Security Linux for edge (*) Security | Containers | VMs Install | Over-the-air-updates Monitoring | Logging Physical | Virtual | Cloud | Edge MicroShift k8s workload k8s operators VMs

Hybrid MLOps platform: OpenShift AI Model development Conduct exploratory data science in JupyterLab with access to core AI / ML libraries and frameworks including TensorFlow and PyTorch using our notebook images or your own. Collaborate within a common platform to bring IT, data science, and app dev teams together Model serving & monitoring Deploy models across any cloud, fully managed, and self-managed OpenShift footprint and centrally monitor their performance. Lifecycle management Create repeatable data science pipelines for model training and validation and integrate them with devops pipelines for delivery of models across your enterprise. Increased capabilities / collaboration Create projects and share them across teams. Combine Red Hat components, open source software, and ISV certified software. Now available as fully managed cloud service or traditional software product on-prem or in the cloud!

OpenShift Roadmap and Update 21 Infrastructure Solutions Red Hat OpenShift Platform AI Stack - Red Hat / NVIDIA Red Hat OpenShift Platform VMware vSphere virtual machine

Demos 22

CONFIDENTIAL designator commons.openshift.org youtube.com/OpenShift facebook.com/openshift twitter.com/openshift 23 Commons builds connections and collaboration across OpenShift communities, projects and stakeholders. In doing so we'll enable the success of customers, users, partners, and contributors as we deepen our knowledge and experiences together. Thank you