Cloud-native applications are being widely adopted across the hybrid cloud in order to accelerate application development and deployment. Based on the open-source technologies of containers and Kubernetes, these applications can be factored into microservices and are able to scale automatically. Red Hat OpenShift then combines containers and Kubernetes with other PaaS technologies into an enterprise-grade environment to make it easier to develop and manage applications.

But there’s a challenge – containers in their basic form are stateless and so data is lost when the application closes. You will need to add persistent storage to enables containers to store and access data externally.

In our community blog in May – “Containerized Data Services and Software-Defined Storage come to IBM Z” - we described how persistent data can be combined with software-designed storage on IBM Z through Red Hat OpenShift Data Foundation.

With the new release of Red Hat OpenShift Data Foundation 4.9 now available, we’ve made the next step and added encryption support for data-at-rest on IBM Z and LinuxONE using the common Linux Unified Key Setup (LUKS2).

There are two levels of granularity possible – either an entire storage device can be encrypted, or a specific persistent volume used by an application can be encrypted. And when an entire storage device is encrypted, there’s also a choice of whether keys are stored internally or externally.

The end result is that cloud-native applications which need to encrypt data-at-rest can now be developed and deployed on IBM Z and LinuxONE using Red Hat OpenShift. This complements the encryption support for data-in-transit which is already supported in Red Hat OpenShift Container Platform.

Red Hat OpenShift Data Foundation for IBM Z is available either as an individual offering or as part of IBM Storage Suite for IBM Cloud Paks.

To find out more, visit the Red Hat OpenShift Data Foundation website or the IBM Storage Suite for IBM Cloud Paks website.