If you have established a connection to two secured clusters, each with 5 identical nodes with 8 vCPUs (such as Amazon EC2 m7g.2xlarge), the total number of secured cores is 80 (2 x 5 x 8 = 80).
×
RHACS Cloud Service service description
Introduction to RHACS
Red Hat Advanced Cluster Security for Kubernetes (RHACS) is an enterprise-ready, Kubernetes-native container security solution that helps you build, deploy, and run cloud-native applications more securely.
Red Hat Advanced Cluster Security Cloud Service (RHACS Cloud Service) provides Kubernetes-native security as a service. With RHACS Cloud Service, Red Hat maintains, upgrades, and manages your Central services.
Central services include the user interface (UI), data storage, RHACS application programming interface (API), and image scanning capabilities. You deploy your Central service through the Red Hat Hybrid Cloud Console. When you create a new ACS instance, Red Hat creates your individual control plane for RHACS.
RHACS Cloud Service allows you to secure self-managed clusters that communicate with a Central instance. The clusters you secure, called Secured Clusters, are managed by you, and not by Red Hat. Secured Cluster services include optional vulnerability scanning services, admission control services, and data collection services used for runtime monitoring and compliance. You install Secured Cluster services on any OpenShift or Kubernetes cluster you want to secure.
Billing
Customers can purchase a RHACS Cloud Service subscription on the Amazon Web Services (AWS) marketplace. The service cost is charged hourly per secured core, or vCPU of a node belonging to a secured cluster.
Example 1. Subscription cost example
Security and Compliance
All Red Hat Advanced Cluster Security Cloud Service (RHACS Cloud Service) data in the Central instance is encrypted in transit and at rest. The data is stored in secure storage with full replication and high availability together with regularly scheduled backups. The RHACS Cloud Service is available through cloud data centers that ensure optimal performance and the ability to meet data residency requirements.
Authentication provider
When you create a Central instance using Red Hat Hybrid Cloud Console, authentication for the cluster administrator is configured as part of the process. Customers must manage all access to the Central instance as part of their integrated solution. For more information about the available authentication methods, see Understanding authentication providers.
The default identity provider in RHACS Cloud Service is Red Hat Single Sign-On (SSO). For more information about authentication using Red Hat SSO, see Default access to ACS Console.
Regulatory compliance
For the latest regulatory compliance information, see Understanding process and security for OpenShift Dedicated.
Metrics and Logging
Service metrics
Service metrics are internal only. Red Hat provides and maintains the service at the agreed upon level. Service metrics are accessible only to authorized Red Hat personnel. For more information, see PRODUCT APPENDIX 4 RED HAT ONLINE SERVICES.
Customer metrics
Core usage capacity metrics are available either through Subscription Watch or the Subscriptions page.
Service logging
System logs for all components of the Red Hat Advanced Cluster Security Cloud Service (RHACS Cloud Service) are internal and available only to Red Hat personnel. Red Hat does not provide user access to component logs. For more information, see PRODUCT APPENDIX 4 RED HAT ONLINE SERVICES.
Scalability and Service Level
Red Hat Advanced Cluster Security Cloud Service (RHACS Cloud Service) has set limits on the number of cores or clusters it can protect. The limits are based on the resources available in the Secured Cluster and the limits on usability.
Service Level Objective and Agreement
For more information about Service Level Objectives (SLOs) and Service Level Agreements (SLAs), see PRODUCT APPENDIX 4 RED HAT ONLINE SERVICES.
Updates and Upgrades
Red Hat makes a commercially reasonable effort to notify customers prior to updates and upgrades that impact service. The decision regarding the need for a Service update to the Central instance and its timing is the sole responsibility of Red Hat.
Customers have no control over when a Central service update occurs. For more information, see PRODUCT APPENDIX 4 RED HAT ONLINE SERVICES. Upgrades to the version of Red Hat Advanced Cluster Security Cloud Service (RHACS Cloud Service) are considered part of the service update.
The version of RHACS Cloud Service used on Secured Clusters must match the version of the Central instance of RHACS Cloud Service to ensure compatibility. Customers are responsible for Secured Cluster services upgrades required to maintain this version compatibility.
Availability
Availability and disaster avoidance are extremely important aspects of any security platform. Red Hat Advanced Cluster Security Cloud Service (RHACS Cloud Service) provides numerous protections against failures at multiple levels. To account for possible cloud provider failures, Red Hat established multiple availability zones.
Backup and Disaster Recovery
All RHACS Cloud Service clusters are backed up using Database backups. This also applies to customer data stored in the Central database.
All snapshots are created using the appropriate cloud provider snapshot APIs, encrypted and then uploaded to secure object storage, which for Amazon Web Services (AWS) is an S3 bucket.
-
Red Hat does not commit to a Recovery Point Objective (RPO) or Recovery Time Objective (RTO). For more information, see PRODUCT APPENDIX 4 RED HAT ONLINE SERVICES.
-
Site Reliability Engineering performs backups only as a precautionary measure. They are stored in the same region as the cluster.
-
Customers should deploy multiple availability zone Secured Clusters with workloads that follow Kubernetes best practices to ensure high availability within a region.
Getting Support
The RHACS Cloud Service includes Red Hat Standard and Premium support, which you can access using the Red Hat Customer Portal. You can open support tickets for the product "Red Hat Advanced Cluster Security Cloud Service".
Red Hat support responds to support tickets submitted by Limited Availability customers, while Red Hat Site Reliability Engineers (SREs) proactively monitor the health of Red Hat Advanced Cluster Security Cloud Service (RHACS Cloud Service).
In addition, a Red Hat Business Unit Solution Architect (BU SA) acts as a hands-on technical liaison between customer experts, Red Hat support, and Red Hat SREs, supporting customers with limited availability.
-
For more information on what is covered with RHACS Cloud Service support, see Scope of Coverage Details.
-
For more information on the terms of service for production support, see Production Support Terms of Service.
Service Removal
You can delete RHACS Cloud Service using the default delete operations from the Red Hat Hybrid Cloud Console. Deleting the RHACS Cloud Service Central instance automatically removes all RHACS components. Deleting is not reversible.
Pricing
Red Hat does charge a subscription fee for Red Hat Advanced Cluster Security Cloud Service (RHACS Cloud Service) during the Limited Availability. For more information, see PRODUCT APPENDIX 4 RED HAT ONLINE SERVICES.
Service Level Agreement
For more information about the Service Level Agreements (SLAs) offered for Red Hat Advanced Cluster Security Cloud Service (RHACS Cloud Service), see PRODUCT APPENDIX 4 RED HAT ONLINE SERVICES.
Timelines
Limited Availability
Production support for Red Hat Advanced Cluster Security Cloud Service (RHACS Cloud Service) is offered to a limited number of customers. For more information, see PRODUCT APPENDIX 4 RED HAT ONLINE SERVICES.
General Availability
Production support for RHACS Cloud Service is offered to all RHACS Cloud Service customers. For more information, see PRODUCT APPENDIX 4 RED HAT ONLINE SERVICES.