RedHawk Architect

Architect allows users to easily make software selections for a target system image. Selection of base distribution (CentOS or RHEL) packages is simplified with selection of base environments, package categories and groups, search and selection of individual packages, and a full presentation of package descriptions, contents, and dependencies. All software selection is granular at the package level, and Architect manages all software dependencies and size requirements of the installation. Users can also install RedHawk packages and NightStar tools, as well as any other application-specific software into a target system image.

Architect allows users to easily configure many target system parameters, including:

• timezone, system run-level, root password
• serial console configuration
• networking configuration
• disk partitioning and file system configuration, including configuration of LVM and disk encryption with LUKS
• configuration of read-only root
• SELinux
• system services
• kernel boot parameters
• custom kernel configuration

The GUI makes it simple to build custom kernels, apply software updates, install additional packages, copy files to and from the target file system image, and manually customize a target file system image.

Target system images can be deployed in a variety of ways, including:

• direct flash of removable USB devices
• USB or CD/DVD installation media to install bare-metal target systems
• PXE network installation of bare-metal target systems
• PXE network configuration for booting bare-metal diskless clients
• creation of self-contained RAMDISK file system images
• creation of virtual machine images, and integration with Virtual Machine Manager and RedHawk KVM-RT
• both UEFI and Legacy BIOS targets are supported

The PXE Target Manager allows for simple remote management of any number of networked remote targets. Once configured to PXE boot, the boot state of targets can be controlled by the Architect PXE Target Manager. Targets can be remotely controlled to boot to any of the following states:

• boot from local disk
• boot an installer to install or reinstall local disk(s)
• boot a diskless image
• start synchronization process with the Architect host

Remote Target Synchronization allows a deployed target to resynchronize any file system changes with the target system image on the Architect host. Synchronization can be done in both directions. Customizations made on one target system can easily be propogated to other target systems. The file system of one target can be synchronized to the target system image on the Architect host, which can then be deployed to other targets.

Image configuration includes the ability to enable and configure the mode of SELinux on target systems. SELinux file contexts are configured during target system deployment. Kernel configuration includes the ability to enable FIPS on target systems. Post-installation FIPS configuration is performed during target system deployment. The Advanced Security Edition (ASE) of Architect enforces arbitrary SCAP profiles. STIG compliance is achieved by applying a SCAP profile that has been defined to implement STIG security policy.