Upload
hoangcong
View
215
Download
1
Embed Size (px)
Citation preview
2
Red Hat Development Model Collaboration with partners and open source contributors to develop
technology Deliver complete distributions in two stages for two audiences
● First stage● Fedora – the development vehicle● Approximately twice/annum
● Fedora Core 6 underway● Fast moving, latest technology● Unsupported, ABI/API changes
● Second stage● Red Hat Enterprise Linux● Stable, mature, commercially focused ● Extensively QAed, supported and certified● 7 years of maintenance with ABI guarantee● Major release approximately every 24 months
3
Red Hat 14,45%
IBM 8,19%
Astaro 4,97%
Linux Foundation 4,43%
Qumranet 3,93%
Novell 3,87%
Unknown/None 33,84%
Kernel Lines Changed - 2.6.20
Source: http://lwn.net/Articles/222773/
Linux 2.6.20 Contributors Red Hat is the leading commercial contributor to the ongoing kernel development
process● Significantly ahead
of Novell & Oracle Also a leader or
major contributorto many otheropen sourceprojects
5
Open source solution stack expands capabilities Open source offers proprietary replacements across the software stack.
● Lower TCO● Increased customer leverage
Proprietary Open Source
6
Open Source Architecture Combining Red Hat capabilities to deliver value throughout the software stack
● Every application. Every workload. Every business requirement.
7
Recent benchmark results World record TPC-H performance with 3000GB database
● HP : Oracle : Red Hat● 5% faster and 30% cheaper than #2 : Sun Solaris 10 on E25K SPARC Server
Red Hat Enterprise Linux also holds six of the top ten results at 300GB database size
Source: www.tpc.org 20-Jan-2007
9
What's new in Version 5? Enterprise Linux Advanced Platform Integrated virtualization Industry leading performance and price/performance Enhanced and easy to use security Improved networking and interoperability Enhanced development tools New SLAs Enhanced client
10
Red Hat Enterprise Linux 5: Product summary
Servers:● Red Hat Enterprise Linux Advanced Platform for mainstream customers
● Unlimited server size and virtualization capabilities● Maximum flexibility and value
● Red Hat Enterprise Linux available forsmall environments
Clients:● Red Hat Enterprise Linux Desktop● Workstation and Multi-OS
options for special environments● High volume security and manageability
11
Red Hat Enterprise Linux: Subscription features Red Hat Enterprise Linux is provided on a per-physical-system annual
subscription basis Benefits
● Fully inclusive – no ad ditional orhidden costs● Unlimited support incidents● No Client Access Licenses● No upgrade costs
● Easy to budget● Provides a stable, secure,
no-risk deployment A subscription
● Can be moved between systems● Can be used to run any version● Applies to any supported
architecture (ex. mainframe)
12
Red Hat Enterprise Linux Updates Red Hat Enterprise Linux Updates are released during the Full Support
Phase● Consolidated bug- and security-errata● Additional non-critical fixes● Driver updates to enable new hardware● Selected new feature support while preserving the runtime
environment● Delivered online as errata and as complete set of ISO images to
enable installation on new hardware
13
Red Hat Enterprise Linux 4 Updates Preview Red Hat Enterprise Linux 4.5 (planned early '07)
● Update release model changes: Extended Update Support● Switch from 4-months to 6-months update cycles● Changed naming scheme: RHEL 4Ux -> RHEL 4.x
● Key Features● OpenFabrics.Org fully supported● Extended dm-mirror support, cluster mirroring● WPA wireless authentication support● OpenOffice2 planned
● General hardware updates
14
Red Hat Enterprise Linux 4 Updates Preview Red Hat Enterprise Linux 4.5 (planned early '07) (continued)
● Virtualization● New kernel variant to enable running Red Hat Enterprise Linux 4
para-virtualized guests on a Red Hat Enterprise Linux 5 host● Carrying forward RHEL4 ISV ecosystem to RHEL5 ● Minimal performance hit thanks to para-virtualization● Datacenter Consolidation
● Fully virtualized supported with VT-hardware
16
RHEL 5 Development Highlights Core virtualization Platform consolidation Integrated directory and security integration Client and developer enablement
17
Additional RHEL 5 Highlights Additional highlight areas that are actively being worked on for RHEL 5
include:● Network storage ( Autofs, CacheFS / NFS persistent local cache*, iSCSI )● Desktop ( GNOME, X.Org 7.1, Laptop improvements )● RHN support for virtualization● Kexec / Kdump ( replacing Diskdump and Netdump)● Single Sign On and Security / Smartcard integration● Installer improvements● GFS2 ( Single Node GFS / Clustering )*● Analysis and Development Tools ( SystemTap, Frysk )● Stateless Linux ( Desktop / Server / Virtualized )● Infiniband and RDMA (OpenFabrics.Org)● New Driver Model ( better support for out-of-tree drivers )
*) CacheFS and GFS2 are currently planned to be in Tech Preview state and to be fully supported in Red Hat Enterprise Linux 5.1
18
Updates to Packaging Problem: Virtualization leads to higher complexity Goal is to balance by simplifying current model:
● Easier roll-out thanks to simpler yet more flexible structure:● Limit number of media kits / ISOs
● Red Hat Enterprise Linux Server ● Red Hat Enterprise Linux Client
● Boot-time configuration of the installer to offer individual option Subscriptions carrying forward from current model. Details to be defined
19
Hardware & Para-Virtualization
Red Hat Enterprise Linux 5 will support a number of hardware and software virtualization scenarios:● Fully virtualized on Intel VT & AMD SVM (Vanderpool and Pacifica)
● Allows guest to be Red Hat Enterprise Linux 2.1, 3, 4 as well as other Operating Systems
● Support & certification details to be defined● Para-virtualized Red Hat Enterprise Linux
● Red Hat Enterprise Linux 5 ● Red Hat Enterprise Linux 4
● Guest kernel will be shipped with RHEL 4.5● Support for x86, x86_64, UP and SMP at product release
● Support for IA64 as Tech Preview, PPC possibly later depending on upstream development.
● Para-virtualized same-on-same architecture support:● x86_64 on x86_64, i386 PAE on i386 PAE, IA64 on IA64
● Fully-virtualized as supported by hardware.
20
Use Case: Single Instance
Dom0 used as a hardware abstraction layer Support for new hardware while running
workload on an older version of Red Hat Enterprise Linux
Deploying centralized Dom0 managementwhile allowing Dom1 operational freedom
Security isolation Client and Server usage Models.
User DomainRed Hat Enterprise
Linux
Server Hardware
Red Hat Enterprise Linux 5
Virtualization Hypervisor
Domain 0
ApplicationApplicationManagement
21
Use Case: Advanced Platform
An enhanced virtualization environment is provided when multiple instances of Red Hat Enterprise Linux 5 are used:● Multi Instance Logical Volume Management● Multi Instance Global File System● Multi Instance Application Migration
(with Cluster Suite failover)
Provides a complete virtualization platform ● Server : Storage : Management
● Simplifies deployment & manageability● Increases flexibility & scalability● Included as part of the Multi Instance option● Integrates server & storage virtualization with
no special hardware● Server & storage resources may be shared or independent
Red HatEnterprise
Linux 5
Red HatEnterprise
Linux 5
Red HatEnterprise
Linux 5
Dom 0
MgmtApp
AppApp
AppApp
App
Server Hardware
Multi-instance Logical Volume Manager
Multi-instance Global File System
Multi-instance Application Migration (HA)
Dom 0
Red Hat Enterprise Linux 5Virtualization Hypervisor
24
Runtime Environment GCC 4.1
● Including 4.2 backport of OpenMP● More complete Java 1.4 in gcj and class libraries, Fortran95 support● Already system compiler in Fedora Core 5
Glibc 2.4, Libstdc++ 4.1 SystemTap, Oprofile and Frysk enhancing serviceability
● Also designed for optimization of production environments
Backwards compatibility for Red Hat Enterprise Linux 3 and 4● Userspace applications that are compiled for Red Hat Enterprise Linux 3 or 4, that do
NOT use 2.1-backwards compatibility features, are expected to continue to work unmodified in Red Hat Enterprise Linux 5
● Additional compatibility options via unchanged stack in virtualized environment
ISV certification recommended in DomU● Kernel ISVs and Databases are a special case
25
Security - SELinux Enhancements Expanded SELinux targeted policy coverage
● Will provide coverage for all core system services, versus 11 in Red Hat Enterprise Linux 4
● Inclusion of support for Multi Level Security (MLS) enforcement model under consideration● In addition to existing RBAC and TE models● Security Certification and support with OEM partners
An additional level of protection against security exploits● Fine-grained policies via kernel-enforced mandatory access controls● Limits the scope of security vulnerabilities● Way beyond what any other general-purpose OS can deliver
26
Security - Binary Code Protection Execshield enhancements provide additional armoring against most
common kinds of security exploits Introducing stack “c anary” word feature to detect overflow exploits Core packages built with new FORTIFY_SOURCE GCC option which
implements run-time bounds checking to prevent buffer overflow exploits
27
Red Hat Enterprise Linux Desktop 5 Building on Linux's reputation as the most secure operating system available
YOUR DESKTOPS
A layered defense designed to defend against external and internal attacks
28
Desktop Environment Foundation for Stateless Linux project Updated desktop environment and applications Sabayon planned for inclusion
● New tool enables central management of desktop settings
X.Org - Modularization of Xorg into multiple packages● Improves maintainability – groun dwork for new acceleration
architecture, Look & Feel improvements
ACPI enhancements. Internationalization and Localization
● Additional languages and wider font support● Improved input method integration with desktop
Network Manager● automatic management of wired/wireless network
environments, secure network access and VPN support
29
Encrypted partitioning
For swap partitions and non-root filesystems /etc/crypttab
● my_swap /dev/hdb1 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
● my_volume /dev/hda5 /etc/volume_key cipher=aes-cbc-essiv:sha256
Cryptsetup
30
Stateless Linux Initiative to separate the OS & applications from user configuration/data
(“s tate”) Create a new, simplified management paradigm A consistent, unified architecture that supports...
● OS on the Network● OS on the local machine
Basic requirements:● OS image is read-only● Hardware configuration is auto-detected● Data and settings are stored on
network, optionally cached locally
Initial client focus, but also applicable to servers (esp. virtualized)
Initial feature release in Red Hat Enterprise Linux 5● Additional features in Updates
31
Identity Management Native support for Identity management in conjunction with Red Hat
Directory Server and Red Hat Certificate System Integration of Identity & Certificate Management capabilities with Red
Hat Enterprise Linux and community applications● Clear and secure architecture● Addition of Enterprise Security Client (smartcard, physical token,
support)● Centralized key management for core desktop applications
● system login, web browser, email, SSH Integration of certificate-based security and Kerberos infrastructure via
PKInit Enables centralized management of users and rights Enables “Sin gle Sign-On” user experience