cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Badfilemagic
Contributor II

IBM to Acquire RedHat

By now, I assume many people have heard that IBM will be acquiring RedHat for $34bn US (one of many articles covering this can be found here).  This is apparently for the hybrid cloud play and to get control of OpenShift, etc.  Of course, this also means getting RHEL, JBoss and other platforms that many of us deploy or use, be it directly or indirectly.

 

One wonders what the new corporate overlords will do with regards to RedHat's quest to maintain security certifications, such as for FIPS 140-2 and Common Criteria, and how that might affect both the landscape from an industry perspective (with Microsoft being the only OSPPv4+ certified OS), as well as how it might play out on the community side of things, with RedHat essentially having been an integrator and support vendor for open source software.

 

Of course, IBM and RedHat have years of major collaborations behind them, such as the recent deployment of Summit at Oak Ridge National Labs. Hopefully they don't find new and interesting ways to ruin it like most of what they acquire.

 

As an aside, out side of the HPC world how much commercial penetration does anyone think SuSE has in the US? Are any of you using it/defending it in industry?

-- wdf//CISSP, CSSLP
11 Replies
Daniel-Nash1
Newcomer III

Interesting, we use a lot of IBM products (Tivoli) and definitely Red Hat Linux, along with lots of Microsoft integration. 

 

As far as SUSE - Yes, SUSE has regular user groups  in our area and contacts me quarterly about our needs.

I have enjoyed using SUSE in the past with their Drake tools.  This summer they release their enterprise version 15 (skipping the superstitious 13 and passing 14), .

 

Supposedly the have some impressive Cloud technologies with what they call Hybrid IT.  Worth looking at. I am not sure if they follow the security FIPS 140-2 though (have not validated).

Kempy
Newcomer III

I just hope IBM don't do what Oracle did to Sun.
Shannon
Community Champion


@Daniel-Nash1 wrote:

Interesting, we use a lot of IBM products (Tivoli) and definitely Red Hat Linux, along with lots of Microsoft integration. 

 

 


We used to employ IBM's Qradar, running on RHEL, but the SIEM service is now outsourced from a MSSP, so I suppose they will feel be the 1st to feel the impact of this...

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
Badfilemagic
Contributor II

@Kempy

Honestly, like you my concern is much more broad than security, and certainly broader than government compliance. To my memory, IBM has never met an acquisition they couldn't ruin -- even worse than Cisco (unofficial motto on the street: "where great technology goes to become merely good").

 

Not that I'm super hot on RedHat these days anyway, BUT they're kind of the go-to for commercial Linux, at least in the US. Right now, I work at Cray, and we're very heavy with SuSE (Cray Linux Environment is based on SLES, for instance), as is a lot of the HPC community. This won't directly affect me at work, BUT could in the future, and it definitely changes the competitive and commercial landscape with regards to the operating systems market if nothing else.

 

I doubt it will have any affect on the cloud space, and $34bn seems an awful lot to pay for an also-ran in the cloud race. They might beat Oracle Cloud with this, but that's probably it. I don't see IBM unseating AWS or even Azure with this move.  And in a pure business sense, Forbes Magazine's analysis is that the acquisition fails 3/4 of the simple tests as to whether the move makes sense:

 

https://www.forbes.com/sites/petercohan/2018/10/29/ibms-33b-deal-for-red-hat-fails-three-of-four-tes...

 

So, I suppose we'll see.

 

 

-- wdf//CISSP, CSSLP
Badfilemagic
Contributor II

@Daniel-Nash1

 

SuSE is EAL-evaluated for Common Criteria, but the US doesn't do EALs anymore (Still recognizes them under CCRA, but NIAP only does the Protection Profiles these days).  With regards to FIPS 140-2, the current CMVP list has SuSE with current validations for the usual suspects: NSS, OpenSSL, a kernel crypto library, and OpenSSH server and client as well as libgcrypt.

 

So, from that stance they're competitive with RedHat.  BUT SuSE doesn't have the same pull that RedHat does, so it remains to be seen whether IBM's claims of "leaving RedHat alone" turn out to be true and whether they (RedHat) continue to have the same trajectory that they did in the past, on this or any other issue.

-- wdf//CISSP, CSSLP
DaveRead
Newcomer I

I think IBM has much more synergy with Red Hat's portfolio than Oracle did with Sun's.  As a Java programmer I felt a loss of community and focus when Oracle took over. I'm feeling better about this one, though I've been a Red Hat fan since I starting buying their Linux CD's in stores many years ago and really don't want to see this weaken a really nice software and services ecosystem.

Kempy
Newcomer III

Perhaps it will still be a good idea to fork it once more, just in case. 

kpoole_isc2
Newcomer I

Hybrid cloud is the prize in this purchase!
isc2clack
Newcomer I

This does not feel like good news.

 

RH is the goto Linux distribution for most of our work, if not that then CentOS.  It does not feel that SuSE etc have that much use outside being used by other vendors as a base platform for their offerings.

 

I don't think the big corporate approach translates well to the open source community. 

 

We shall see I guess.