Red Hat's Enterprise Linux Atomic Host 7.1 release is generally available today, providing users with the promise of a more secure and optimized operating system for Docker containers. The Atomic Host release comes alongside the Red Hat Enterprise Linux 7.1, which also debuts today.

Red Hat first announced its Project Atomic effort in April 2014 as part of a broad push into the Docker Linux container space. While Docker is supported on the main Red Hat Enterprise Linux 7 operating system edition, that OS is a general-purpose system and is not as tightly optimized for Docker as is Atomic Host.

Subhendu Ghosh, senior technology product manager at Red Hat, explained that a lot has happened since the initial announcement of Project Atomic. One of the big shifts has been Red Hat's embrace of the Google-led Kubernetes open-source project for container orchestration. Red Hat has embraced Kubernetes for its container offerings, and the company is now the second-largest contributor in the community after Google, Ghosh said.

"Red Hat Enterprise Linux Atomic Host includes Kubernetes as the orchestration engine for multi-container, multi-host applications, managing the launch, state and communication for each container and host," Ghosh told eWEEK. "In terms of changes, Kubernetes superseded geard for orchestration, which was demoed at Red Hat Summit in April 2014."

Red Hat is also leveraging Kubernetes as a core part of its upcoming OpenShift 3 platform-as-a-service (PaaS) release.

OpenShift 3 builds on the work Red Hat has done on RHEL 7 and RHEL Atomic Host with regards to Kubernetes, Ghosh said.

"The bottom line is that we don't see any of the work on Kubernetes, Docker, or Red Hat Enterprise Linux Atomic Host as being unique to OpenShift or Red Hat Enterprise Linux," Ghosh said. "They are becoming intertwined, and the engineering teams are co-mingled."

By using Kubernetes as the orchestration engine across Red Hat's platforms, the company is targeting full application portability and mobility when it comes to containerized applications, Ghosh said.

Security

Another development that Red Hat has advanced for Atomic Host is improved security controls with the introduction of what Red Hat refers to as "super-privileged" containers. Ghosh explained that the super-privileged containers allow users to deploy system services as containers and then run those service containers with privileged access to the host system, as well as other containers on the same host. Docker containers run on top of the host operating system, which is where the need for the super-privilege containers has emerged.

"Red Hat Enterprise Linux Atomic Host's image design does not allow the run time addition of any content at the host level," Ghosh said. "A number of our customers, however, expressed use cases for debug and performance tools in the form of hardware and system agents that need to interact at the host level."

Ghosh explained that super-privileged containers enable all the privileges needed by applications that must access the host.

Red Hat has also been working on improving storage management for container hosts. Ghosh noted that Red Hat Enterprise Linux Atomic Host now uses thin provisioning for the disk space used for container images.

System updating and rollback capabilities are also integrated into Atomic Host. Ghosh explained that that "atomic" updating in the RHEL Atomic Host is achieved via OSTree, which Red Hat started developing in 2012.

"It uses a Git-like method to deploy the operating system onto a disk and allows the co-location of multiple aggregate file systems," Ghosh explained. "Via OSTree, we will make updates available frequently, delivering bug fixes as well as implementing new features."

The idea of incremental transactional updates and rollback capability is also something that Red Hat's Linux rival Canonical has been pursuing with its Snappy Ubuntu Linux efforts.