In media production, agold image is the final cut of an album or film after all edits and mixing have been completed. It’s in its final, perfect form–it’s gold.

This meaning carried over into systems administration. In this context, a golden image is an intentionally configured snapshot of a system, (server, virtual desktop environment, or even a disk drive) which can be used to deploy new instances. Because this golden image (or sometimes gold image) is used in network virtualization to create new systems, it is also called amaster image orclone image. Another popular term is a baseline image, which can be an illustrative term to frame why golden images are so useful: they create a consistent, reliable baseline for system configuration, which can make it easier to maintain those systems across their life cycle.

Innovate with Red Hat Enterprise Linux

The concept of golden images starts withvirtual machines, which themselves are specially configured and launched from templates. With virtual environments, golden images offer two key benefits:convenienceandconsistency. Using a predefined template image allows administrators to deploy systems consistently with clear and known configuration.

Cloud computing is essentially virtual environments at a massive scale; the underlying concepts and technologies are very similar, and the differences come down to hardware management and user experience. The main difference with cloud computing is volume–instances can be deployed, changed, or removed quickly and without restraints from resource consumption or access.

With cloud computing, golden images are valuable IT management tools, with the ability to scale by allowing admins to deploy large numbers of instances very quickly while maintaining consistency.

Cloud computing adds complexity to infrastructures; consistency across your systems (really, standard operating environments, otherwise known as an SOE) allows administrators to perform common admin tasks at scale, like patching systems, upgrading packages, even granting user access to required services.

The reasons to use golden images in your environment hit every stage of your system life cycle.

• Faster deployment. Using golden images help you to deploy faster in cloud environments, both through scripting and automation or in ad hoc instances.
• Reduced human error.According to the IBM Cyber Security Intelligence Index, 95% of breaches are caused by human error such as misconfigurations, unpatched systems, or poor access controls. Having a predefined and tested template reduces the risk of human error causing a vulnerable system.
• Faster patch management and upgrades. Having defined templates helps with visibility and monitoring because it is possible to see quickly what systems require a patch or an updated package, or which ones are affected by asecurity vulnerability. It also allows for effective use ofautomation, rather than having to update each system individually and risking missing or misconfiguring systems.
• Maintaining configuration. "Configuration drift" is a somewhat recognized term, but there is still a lot of confusion.Driftmeans that a system has changed from an ideal baseline, either through adding or modifying applications, changing security settings, or changing system configurations between the data center and recovery systems. Without a baseline, it can be very difficult to identify when or how systems have been modified–and this can be crucial to maintain compliance systems for regulatory and industry standards. Using a baseline means that you can monitor systems for drift (which you can do forRed Hat® Enterprise Linux® andRed Hat OpenShift® systems throughRed Hat Insights).

Security is not a configuration setting,good security is a practice. It’s the cumulative effect of many different administrative and process choices. You can incorporate your specific security requirements and practices into your baseline images, which helps maintain your security posture even in different cloud environments and different footprints.

Manage security and compliance through effective automation

Unlike in media production, IT systems are never "done". Good IT practice requires maintaining the entire life cycle of systems, and with golden images, that requires maintaining both the image catalog and the systems deployed using the templates.

• Have a separate virtual environment to create new images. When using a tool like Red Hat Enterprise Linuximage builder to create a new base image, it is strongly encouraged to use a dedicated virtual machine because of the specific security requirements for the system.
• Consider setting up roles, groups, and services within your system configuration. One of the bottlenecks for cloud deployments isn’t deploying a new instance, it’s granting the right user and service access to new instances. Use the system security configuration to have required groups and roles done as part of the deployment process to make the overall authentication/authorization process more streamlined.
• Test before you launch. Have a QA process in place to test that the configuration (especially around applications and security) meet your requirements. Test for performance–packages should be optimized for the specific cloud environment in which they’ll be used.
• Update images when new packages are released. It’s easy to create new images or edit images using tools like image builder. To maintain the security and capabilities of the images, update the images as new versions of included packages are available.
• Monitor your deployed systems. Services like Red Hat Insights give visibility over your entire infrastructure, and using a set of baseline images can make it easier to identify vulnerable systems, create playbooks for automation, and track drift within systems.
• Have processes to retire images and systems. Create explicit policies for updating and deprecating images within your catalog and how to manage systems as images are changed and retired.
• Make images for a specific purpose. Identify different profiles that you use within your environment, and create baseline images that are specific for those different purposes. There is no reason to have a one-size-fits-all image, and using more custom images can help attain requirements around performance or security.

Automate your IT processes from start to finish

If you want to build your own images, Red Hat Enterprise Linux has atool called image builder, which can be run locally or through Red Hat Hybrid Cloud Console as a hosted service. Image builder breaks creating a custom image into a handful of simple steps: Get package recommendations (powered byRed Hat Enterprise Linux Lightspeed), select your packages, set the configuration, and then optimize the underlying operating system for a specific cloud environment.

Red Hat also has a program calledCloud Access, which allows organizations to use their subscription with public cloud providers. As part of the Cloud Access program,Red Hat has created certified, prebuilt images forAmazon Web Services (AWS),Microsoft Azure, andGoogle clouds for all of the major products from Red Hat, including Red Hat Enterprise Linux, middleware, and storage.

Red Hat even has optimized, OCI-compliant container images as part of itsUniversal Base Image Catalog.

See what Red Hat Enterprise Linux can offer your strategic IT plans

• Blog post

  Reduce risk in Kubernetes: How to separate admin roles for safer, compliant operations

• Blog post

  Red Hat Enterprise Linux's evolution at Summit: 12 essential reads

• Overview

  Modernize your IT infrastructure with Red Hat and AWS

• Overview

  Modernize your IT infrastructure with Red Hat and AWS

• What is a Linux container?
• Why run Linux on AWS?
• What is high availability?
• What is container orchestration?
• What is ERP?
• What is SAP HANA (and why does it run on Linux)?
• Functional safety and continuous certification on Linux
• Why run Linux on IBM Cloud
• What is CentOS Stream?
• Stateful vs stateless applications
• Why choose Red Hat Enterprise Linux on Azure?
• What is Kubernetes?
• Why choose Red Hat Enterprise Linux on AWS?
• Red Hat OpenShift on VMware
• What is KubeVirt?
• Why use Red Hat Ansible Automation Platform with Red Hat OpenShift?
• What is Podman Desktop?
• Linux on Azure
• Linux for cloud computing
• Why choose Red Hat for Linux?
• What is CentOS?
• What to know about CentOS Linux EOL
• How to move to Red Hat Enterprise Linux from other Linux distros
• What to know for Red Hat Enterprise Linux 7 End of Maintenance
• Red Hat Enterprise Linux migration process
• Why run Linux on Google Cloud?
• What is Podman?
• Red Hat Satellite on Red Hat Enterprise Linux
• What are hosted control planes?
• What is the Kubernetes Java client?
• What is kubernetes security?
• Red Hat OpenShift for developers
• Why choose Red Hat Enterprise Linux on Google Cloud?
• What is Linux kernel live patching?
• Containers vs VMs
• Edge computing with Red Hat OpenShift
• What is the SAP HANA migration?
• Why run Microsoft SQL Server on Linux?
• How Kubernetes can help AI/ML
• What is Kubeflow?
• What are microservices?
• What is container security?
• OpenShift vs. OpenStack: What are the differences?
• What are sandboxed containers
• what is Buildah?
• Kubernetes vs OpenStack
• What are validated patterns?
• Kubernetes on AWS: Self-Managed vs. Managed Applications Platforms
• What's the best Linux distro for you?
• What's the difference between Fedora and Red Hat Enterprise Linux
• What is Linux?
• What is an image builder?
• What is a Linux server?
• What is a configuration file?
• Red Hat OpenShift vs. OKD
• What is high performance computing (HPC)?
• Red Hat OpenShift vs. Kubernetes: What's the difference?
• What is high availability and disaster recovery for containers?
• Spring on Kubernetes with Red Hat OpenShift
• Why run Apache Kafka on Kubernetes?
• What are Red Hat OpenShift cloud services?
• VNF and CNF, what’s the difference?
• What is a container registry?
• What is an ARM processor?
• ARM vs x86: What's the difference?
• What is Skopeo?
• What are Red Hat OpenShift Operators?
• Using Helm with Red Hat OpenShift
• Kubernetes security best practices
• What is lightweight directory access protocol (LDAP) authentication?
• Orchestrating Windows containers on Red Hat OpenShift
• What is a Kubernetes operator?
• What is MPLS?
• High performance computing with Red Hat OpenShift
• Advantages of Kubernetes-native security
• What is KubeLinter?
• Intro to Kubernetes security
• Container and Kubernetes compliance considerations
• How microservices support IT integration in healthcare
• Kubernetes cluster management
• Red Hat OpenShift on IBM IT infrastructure
• Red Hat OpenShift for business leaders
• How to deploy Red Hat OpenShift
• Cost management for Kubernetes on Red Hat OpenShift
• Kubernetes-native Java development with Quarkus
• What is enterprise Kubernetes?
• What makes Red Hat OpenShift the right choice for IT operations?
• Why choose Red Hat for Kubernetes?
• What makes Red Hat OpenShift the right choice for SAP?
• What is Kubernetes role-based access control (RBAC)
• Red Hat Enterprise Linux security
• What is containerization?
• What is a Linux certification?
• What was CoreOS and CoreOS container Linux
• Learning Kubernetes basics
• What is service-oriented architecture?
• What is the Kubernetes API?
• What is Kubernetes cluster management?
• What is a Kubernetes deployment?
• Why choose the Red Hat build of Quarkus?
• Introduction to Kubernetes architecture
• What is CaaS?
• Introduction to Kubernetes patterns
• What is a Kubernetes cluster?
• What is Quarkus?
• What is Jaeger?
• What is SELinux?
• What is the Linux kernel?
• What is Clair?
• What is etcd?
• What is container-native virtualization?
• What is Knative?
• Why choose Red Hat for microservices?
• Why choose Red Hat for containers?
• What is Docker?
• What is a Kubernetes pod?