Leveraging Azure Red Hat OpenShift for Hybrid Cloud Modernization and Production AI
This article highlights how Azure Red Hat OpenShift provides a secure, scalable, and consistent platform for enterprise application modernization and operationalizing AI workloads. It details features enabling seamless migration from legacy virtualization, robust security through Zero Trust principles and confidential computing, and integrated AI capabilities. The platform aims to standardize governance and security across diverse workloads, moving organizations from AI pilots to production systems.
Read original on Azure Architecture BlogThe collaboration between Microsoft and Red Hat on Azure Red Hat OpenShift (ARO) aims to provide an enterprise-grade platform for organizations to modernize their applications and transition AI initiatives from pilot projects to production environments. ARO serves as a fully managed Kubernetes service that integrates deeply with Azure services, offering a unified approach to governance, security, and scalability across hybrid and multi-cloud deployments.
Core Architectural Pillars
ARO focuses on several key areas to support enterprise demands:
- Platform Modernization: Facilitates migration of legacy applications, including virtualized workloads, to a containerized environment without immediate re-architecture.
- Enhanced Security: Implements a Zero Trust approach with confidential computing and advanced identity management.
- AI Innovation: Provides a consistent platform for running AI applications and integrates with Azure AI services for accelerated development.
- Global Expansion: Addresses data residency, sovereignty, and latency requirements through expanding regional availability.
Modernization with OpenShift Virtualization
A critical aspect of modernization is the ability to move existing virtual machine (VM) workloads to a more agile platform without significant disruption. OpenShift Virtualization on ARO allows enterprises to run VMs and containers side-by-side on a single managed Kubernetes platform. This capability offers a practical, incremental path to modernization, enabling organizations to migrate workloads as-is and gradually refactor them into cloud-native applications over time. This reduces the initial barrier to entry for container adoption and leverages existing investments.
Zero Trust Security and Confidential Computing
Security is paramount for regulated industries. ARO integrates Zero Trust principles by default. Key features include:
- Confidential Containers: Protect sensitive data *in use* through hardware-backed isolation, ensuring plaintext data is not exposed to the underlying infrastructure. This is crucial for highly regulated workloads.
- Managed Identities and Workload Identities: Standardize credential management, aligning with Azure role-based access control (Azure RBAC) for platform operations and utilizing OpenID Connect (OIDC) federation for secure application access to Azure services. This eliminates the need for long-lived secrets, reducing security risks and operational overhead.
Architectural Insight: Identity Management
Adopting identity-based access (like Managed Identities and OIDC federation) is a cornerstone of modern, secure distributed systems. It centralizes authentication, enforces least privilege, and significantly mitigates risks associated with static credentials, aligning directly with Zero Trust principles.
Operationalizing AI at Scale
ARO provides a consistent platform for deploying and managing AI applications, bridging the gap between AI development and production. It supports running AI capabilities directly via Red Hat OpenShift AI or integrating with Azure AI services and Microsoft Foundry. Expanded NVIDIA GPU support enables running large-scale inference and data-intensive AI workloads on a fully managed, enterprise-ready platform. This integrated approach ensures consistent governance and security as AI moves beyond experimentation.