Hazelcast IMDG Achieves IBM’s Kubernetes Container Software Certification

May 26, 2020
Hazelcast IMDG Achieves IBM’s Kubernetes Container Software Certification

Building containerized software that runs on Kubernetes platforms like Red Hat OpenShift Cloud Platform is the hot trend in software development. Everyone is building containers, but the technology is new enough that best practices and certifications are still being developed. IBM specializes in providing software for enterprises. An example of this software is IBM Cloud Paks, which facilitates transformation—a faster, more reliable way to build, move and manage solutions on the cloud. While containerizing its software, IBM has leveraged its history of building enterprise solutions and coalesced many best practices into a certification program. 

This certification program was initially created for IBM-produced software, but enterprise customers also require a rich ecosystem of software to create a complete solution. Now IBM has taken the next step and made a certification available to partners of IBM Cloud Paks. This allows IBM and partners to go to market together and provide enterprise customers with a high level of confidence in the quality of the software they are using. 

Today, we’re pleased to announce that Hazelcast IMDG has met the Certified for IBM Cloud Paks criteria!

Red Hat Image and Operator Certification are prerequisites to the Certified for IBM Cloud Paks process. IBM scans the running solution in an OpenShift Cloud Platform cluster and runs ~200 linter checks for Kubernetes and container best practices. IBM also reviews aspects of the solution architecture and documentation. Here are examples of the certification requirements that were met by Hazelcast IMDG:

  • Data encryption in-flight and at-rest:
    • Encrypt all data in transit using TLS 1.2
    • Encrypt all data at rest
    • Secrets must be stored in an approved service
  • Network protection and implementation:
    • Only expose required ports/services from each container
    • Limit traffic between pods
    • Containers do not communicate with the host
  • Limit Security Privilege:
    • Run with a restricted security context constraint (SCC)
    • Provide custom SCC with exact security context
    • Provide a mechanism to track all components of a workload
  • Keys and certificate implementation and management:
    • Product should use a Key Management system
    • Products must support key rotation
    • Allow customer-provided keys
    • Ability to replace customer keys
    • Use an approved certificate manager
    • Products must support certificate rotation
    • Must follow best practices for Public Key Infrastructure
    • Allow customer-provided certificates
    • Ability to replace customer certificates

Want to learn more? 

Here are some links to get you started:

About the Author

About the Author

Mesut Celik

Mesut Celik

Tech Team Lead

Mesut is Tech Lead at Hazelcast, where he is responsible for cloud-native ecosystem integrations and third party partnerships. Prior to joining Hazelcast, Mesut was the Managing Partner of Zerobuffer Innovative Solutions, an Information Technology and Services company in Turkey. Previously, he was a Consultant at Atos Origin, also an IT company. Earlier in his career, he was a Senior Software Engineer at Alcatel-Lucent, a French global telecommunications equipment company. Mesut holds a degree in Computer Engineering from Ege University in Turkey. He is a Java developer and is passionate about giving talks at public conferences.

Follow me on

Latest Blogs

Hazelcast with Istio Service Mesh

Hazelcast Autoscaling with Horizontal Pod Autoscaler (HPA)

Hazelcast Autoscaling with Horizontal Pod Autoscaler (HPA)

Hazelcast on IBM Cloud Private

View all blogs by the author

Subscribe to the blog

Follow us on: