Red Hat Enterprise Linux 5

Joachim Schröderjoachim.schroeder@redhat.comRed Hat GmbH

2

Red Hat Development Model Collaboration with partners and open source contributors to develop

technology Deliver complete distributions in two stages for two audiences

● First stage● Fedora – the development vehicle● Approximately twice/annum

● Fedora Core 6 underway● Fast moving, latest technology● Unsupported, ABI/API changes

● Second stage● Red Hat Enterprise Linux● Stable, mature, commercially focused ● Extensively QAed, supported and certified● 7 years of maintenance with ABI guarantee● Major release approximately every 24 months

3

Red Hat 14,45%

IBM 8,19%

Astaro 4,97%

Linux Foundation 4,43%

Qumranet 3,93%

Novell 3,87%

Unknown/None 33,84%

Kernel Lines Changed - 2.6.20

Source: http://lwn.net/Articles/222773/

Linux 2.6.20 Contributors Red Hat is the leading commercial contributor to the ongoing kernel development

process● Significantly ahead

of Novell & Oracle Also a leader or

major contributorto many otheropen sourceprojects

5

Open source solution stack expands capabilities Open source offers proprietary replacements across the software stack.

● Lower TCO● Increased customer leverage

Proprietary Open Source

6

Open Source Architecture Combining Red Hat capabilities to deliver value throughout the software stack

● Every application. Every workload. Every business requirement.

7

Recent benchmark results World record TPC-H performance with 3000GB database

● HP : Oracle : Red Hat● 5% faster and 30% cheaper than #2 : Sun Solaris 10 on E25K SPARC Server

Red Hat Enterprise Linux also holds six of the top ten results at 300GB database size

Source: www.tpc.org 20-Jan-2007

Red Hat Enterprise Linux Updates

9

What's new in Version 5? Enterprise Linux Advanced Platform Integrated virtualization Industry leading performance and price/performance Enhanced and easy to use security Improved networking and interoperability Enhanced development tools New SLAs Enhanced client

10

Red Hat Enterprise Linux 5: Product summary

Servers:● Red Hat Enterprise Linux Advanced Platform for mainstream customers

● Unlimited server size and virtualization capabilities● Maximum flexibility and value

● Red Hat Enterprise Linux available forsmall environments

Clients:● Red Hat Enterprise Linux Desktop● Workstation and Multi-OS

options for special environments● High volume security and manageability

11

Red Hat Enterprise Linux: Subscription features Red Hat Enterprise Linux is provided on a per-physical-system annual

subscription basis Benefits

● Fully inclusive – no ad ditional orhidden costs● Unlimited support incidents● No Client Access Licenses● No upgrade costs

● Easy to budget● Provides a stable, secure,

no-risk deployment A subscription

● Can be moved between systems● Can be used to run any version● Applies to any supported

architecture (ex. mainframe)

12

Red Hat Enterprise Linux Updates Red Hat Enterprise Linux Updates are released during the Full Support

Phase● Consolidated bug- and security-errata● Additional non-critical fixes● Driver updates to enable new hardware● Selected new feature support while preserving the runtime

environment● Delivered online as errata and as complete set of ISO images to

enable installation on new hardware

13

Red Hat Enterprise Linux 4 Updates Preview Red Hat Enterprise Linux 4.5 (planned early '07)

● Update release model changes: Extended Update Support● Switch from 4-months to 6-months update cycles● Changed naming scheme: RHEL 4Ux -> RHEL 4.x

● Key Features● OpenFabrics.Org fully supported● Extended dm-mirror support, cluster mirroring● WPA wireless authentication support● OpenOffice2 planned

● General hardware updates

14

Red Hat Enterprise Linux 4 Updates Preview Red Hat Enterprise Linux 4.5 (planned early '07) (continued)

● Virtualization● New kernel variant to enable running Red Hat Enterprise Linux 4

para-virtualized guests on a Red Hat Enterprise Linux 5 host● Carrying forward RHEL4 ISV ecosystem to RHEL5 ● Minimal performance hit thanks to para-virtualization● Datacenter Consolidation

● Fully virtualized supported with VT-hardware

Red Hat Enterprise Linux 5

16

RHEL 5 Development Highlights Core virtualization Platform consolidation Integrated directory and security integration Client and developer enablement

17

Additional RHEL 5 Highlights Additional highlight areas that are actively being worked on for RHEL 5

include:● Network storage ( Autofs, CacheFS / NFS persistent local cache*, iSCSI )● Desktop ( GNOME, X.Org 7.1, Laptop improvements )● RHN support for virtualization● Kexec / Kdump ( replacing Diskdump and Netdump)● Single Sign On and Security / Smartcard integration● Installer improvements● GFS2 ( Single Node GFS / Clustering )*● Analysis and Development Tools ( SystemTap, Frysk )● Stateless Linux ( Desktop / Server / Virtualized )● Infiniband and RDMA (OpenFabrics.Org)● New Driver Model ( better support for out-of-tree drivers )

*) CacheFS and GFS2 are currently planned to be in Tech Preview state and to be fully supported in Red Hat Enterprise Linux 5.1

18

Updates to Packaging Problem: Virtualization leads to higher complexity Goal is to balance by simplifying current model:

● Easier roll-out thanks to simpler yet more flexible structure:● Limit number of media kits / ISOs

● Red Hat Enterprise Linux Server ● Red Hat Enterprise Linux Client

● Boot-time configuration of the installer to offer individual option Subscriptions carrying forward from current model. Details to be defined

19

Hardware & Para-Virtualization

Red Hat Enterprise Linux 5 will support a number of hardware and software virtualization scenarios:● Fully virtualized on Intel VT & AMD SVM (Vanderpool and Pacifica)

● Allows guest to be Red Hat Enterprise Linux 2.1, 3, 4 as well as other Operating Systems

● Support & certification details to be defined● Para-virtualized Red Hat Enterprise Linux

● Red Hat Enterprise Linux 5 ● Red Hat Enterprise Linux 4

● Guest kernel will be shipped with RHEL 4.5● Support for x86, x86_64, UP and SMP at product release

● Support for IA64 as Tech Preview, PPC possibly later depending on upstream development.

● Para-virtualized same-on-same architecture support:● x86_64 on x86_64, i386 PAE on i386 PAE, IA64 on IA64

● Fully-virtualized as supported by hardware.

20

Use Case: Single Instance

Dom0 used as a hardware abstraction layer Support for new hardware while running

workload on an older version of Red Hat Enterprise Linux

Deploying centralized Dom0 managementwhile allowing Dom1 operational freedom

Security isolation Client and Server usage Models.

User DomainRed Hat Enterprise

Linux

Server Hardware

Red Hat Enterprise Linux 5

Virtualization Hypervisor

Domain 0

ApplicationApplicationManagement

21

Use Case: Advanced Platform

An enhanced virtualization environment is provided when multiple instances of Red Hat Enterprise Linux 5 are used:● Multi Instance Logical Volume Management● Multi Instance Global File System● Multi Instance Application Migration

(with Cluster Suite failover)

Provides a complete virtualization platform ● Server : Storage : Management

● Simplifies deployment & manageability● Increases flexibility & scalability● Included as part of the Multi Instance option● Integrates server & storage virtualization with

no special hardware● Server & storage resources may be shared or independent

Red HatEnterprise

Linux 5

Red HatEnterprise

Linux 5

Red HatEnterprise

Linux 5

Dom 0

MgmtApp

AppApp

AppApp

App

Server Hardware

Multi-instance Logical Volume Manager

Multi-instance Global File System

Multi-instance Application Migration (HA)

Dom 0

Red Hat Enterprise Linux 5Virtualization Hypervisor

22

virt-manager

23

dd

virt-manager VM details/config

24

Runtime Environment GCC 4.1

● Including 4.2 backport of OpenMP● More complete Java 1.4 in gcj and class libraries, Fortran95 support● Already system compiler in Fedora Core 5

Glibc 2.4, Libstdc++ 4.1 SystemTap, Oprofile and Frysk enhancing serviceability

● Also designed for optimization of production environments

Backwards compatibility for Red Hat Enterprise Linux 3 and 4● Userspace applications that are compiled for Red Hat Enterprise Linux 3 or 4, that do

NOT use 2.1-backwards compatibility features, are expected to continue to work unmodified in Red Hat Enterprise Linux 5

● Additional compatibility options via unchanged stack in virtualized environment

ISV certification recommended in DomU● Kernel ISVs and Databases are a special case

25

Security - SELinux Enhancements Expanded SELinux targeted policy coverage

● Will provide coverage for all core system services, versus 11 in Red Hat Enterprise Linux 4

● Inclusion of support for Multi Level Security (MLS) enforcement model under consideration● In addition to existing RBAC and TE models● Security Certification and support with OEM partners

An additional level of protection against security exploits● Fine-grained policies via kernel-enforced mandatory access controls● Limits the scope of security vulnerabilities● Way beyond what any other general-purpose OS can deliver

26

Security - Binary Code Protection Execshield enhancements provide additional armoring against most

common kinds of security exploits Introducing stack “c anary” word feature to detect overflow exploits Core packages built with new FORTIFY_SOURCE GCC option which

implements run-time bounds checking to prevent buffer overflow exploits

27

Red Hat Enterprise Linux Desktop 5 Building on Linux's reputation as the most secure operating system available

YOUR DESKTOPS

A layered defense designed to defend against external and internal attacks

28

Desktop Environment Foundation for Stateless Linux project Updated desktop environment and applications Sabayon planned for inclusion

● New tool enables central management of desktop settings

X.Org - Modularization of Xorg into multiple packages● Improves maintainability – groun dwork for new acceleration

architecture, Look & Feel improvements

ACPI enhancements. Internationalization and Localization

● Additional languages and wider font support● Improved input method integration with desktop

Network Manager● automatic management of wired/wireless network

environments, secure network access and VPN support

29

Encrypted partitioning

For swap partitions and non-root filesystems /etc/crypttab

● my_swap /dev/hdb1 /dev/urandom swap,cipher=aes-cbc-essiv:sha256

● my_volume /dev/hda5 /etc/volume_key cipher=aes-cbc-essiv:sha256

Cryptsetup

30

Stateless Linux Initiative to separate the OS & applications from user configuration/data

(“s tate”) Create a new, simplified management paradigm A consistent, unified architecture that supports...

● OS on the Network● OS on the local machine

Basic requirements:● OS image is read-only● Hardware configuration is auto-detected● Data and settings are stored on

network, optionally cached locally

Initial client focus, but also applicable to servers (esp. virtualized)

Initial feature release in Red Hat Enterprise Linux 5● Additional features in Updates

31

Identity Management Native support for Identity management in conjunction with Red Hat

Directory Server and Red Hat Certificate System Integration of Identity & Certificate Management capabilities with Red

Hat Enterprise Linux and community applications● Clear and secure architecture● Addition of Enterprise Security Client (smartcard, physical token,

support)● Centralized key management for core desktop applications

● system login, web browser, email, SSH Integration of certificate-based security and Kerberos infrastructure via

PKInit Enables centralized management of users and rights Enables “Sin gle Sign-On” user experience

32

Questions?

www.redhat.com

Vielen Dank!

Joachim Schröderjoachim.schroeder@redhat.comRed Hat GmbH