Red Hat Linux Upgrade Pushes New Security, Automation Tools

Red Hat on Tuesday announced the availability of Red Hat Enterprise Linux 7.4 beta.

RHEL 7.4 includes new security and compliance features and streamlined automation, along with tools for improved systems administration.

This latest upgrade comes nearly three years into the series 7 lifecycle. It continues to provide enterprises with a rich and stable foundation for both existing applications and a new generation of workloads and solutions.

“RHEL 7.4 enables data centers to continue running mission-critical stuff. We rarely see the particular features any more. We just take the technology for granted,” said Steve Almy, principal product manager for RHEL at Red Hat.

The security aims to eliminate users’ fear of breaches and the pain that follows, dealing with at-scale deployments, he told LinuxInsider.

“The fear is that something bad will happen on the security side. The challenge is management at scale. This feature addresses both of those items for customers,’ Almy said.

Worry-Free Disk Encryption

Red Hat Enterprise Linux 7.4 Beta introduces Network Bound Disk Encryption. This feature is designed to reduce significantly the management burden of disk encryption at scale.

Disk encryption is a critical issue involving password security when you are deploying on a data center and have to reboot a server, and people have to re-enter passwords to access disks, Almy explained. That is often a big issue when staffers have encrypted laptops.

“As a result, people rarely encrypt because then they can’t decrypt,” he said. “This feature allows those disks to be encrypted and then decrypted by a key only on the local network.”

The feature uses two upstream packages called “Clevis” and “Tang,” which allow a server to be set up on the local network, which can transfer the decryption key without human intervention on the local network only. The data on removable devices is not decryptable once disconnected from the network.

What’s Inside

Enhancements to OpenSSL HTTP/2.0 further enhances the security bolstering. It enables the implementation in OpenSSL of several new Transport Layer Security protocol features, such as Application-Layer Protocol Negotiation.

Updated audit capabilities make it easier for administrators to filter the events logged by the audit system. Admins can gather more information from critical events and interpret large numbers of records.

Management and automation features focus on solutions for complex IT environments that span bare metal to cloud deployments. One such solution added to RHEL 7.4 is automation via Ansible Tower.

Also, Red Hat Enterprise Linux 7.4 Beta helps to simplify system configuration through the inclusion of Red Hat Enterprise Linux System Roles for RHEL-specific supported content that relies on Ansible automation. This simplifies the management and maintenance of Red Hat Enterprise Linux 6-based and Red Hat Enterprise Linux 7-based deployments via a single set of tools.

Ansible Config Built In

Red Hat acquired Ansible last fall. Ansible is the simple way to automate apps and IT infrastructure. Now a handful of subsystems are configurable through Ansible scripting — a big deal for some customers, according to Almy. This is a new feature introduced in version 7.4.

“Customers have been running Ansible at scale. Now they have a set of a fully RHEL-supported set of scripts to run,” Almy said.

More Features

The beta release makes it easier to maintain mission-critical applications with several new features to speed up triaging events and issues. Among the additions:

  • Enhancements to RAID Takeover to easily change the RAID configuration and characteristics of logical volumes on the fly.
  • Network Manager update to version 1.8 that extends route options for firewall and route-table setup. Other network enhancements include ACsec for L2 VPNs, improved DNS, DHCP configuration visibility, and dynamic configuration of ethernet interface options.
  • Co-Pilot (PCP) client tools support with the addition of client tools like pcp2influxdb, pcp-mpstat and pcp-pidstat to allow the export of performance metric values to influxdb, and retrospective analysis of mpstat and pidstat values. Additionally, new PCP Performance Metrics from several subsystems are available to a variety of Performance Co-Pilot analysis tools.

Caution Getting It

Enterprise customers with active RHEL subscriptions can download and preview Red Hat Enterprise Linux 7.4 Beta via the Red Hat Customer Portal. It is easily accessible to customers who subscribe to the beta channel for easy direct access to updates.

The caveat is that RHEL does not support updates from beta to GA releases, Almy noted. So users can try out the beta version’s new features as a separate installation.

Otherwise, they will have to wait for a regular product upgrade when version 7.4 is fully released by the end of this summer, he said.

Trumps Fedora

Red Hat Enterprise Linux is a commercial Linux distro that delivers military-grade security with 99.9 percent uptime. A community-maintained Linux distro serves as a breeding ground for leading-edge features for RHEL.

“We and our customers find RHEL to be of great value. Fedora is a great product,” said Howard Green, vice president for marketing at Azul Systems.

“However, it is also a proving ground for advanced concepts and technologies, some of which make it into RHEL and some of which do not,” he told LinuxInsider.

Fedora is a great window into advanced thinking within the Red Hat and Linux community. However, it is not a “hardened, enterprise grade distro,” Green said.

Organizations with sufficient resources certainly will gain by uploading and previewing beta versions of major RHEL releases, he said, as it lets them verify compatibility as well as help identify bugs and glitches.

Jack M. Germain

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software.Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Jack M. Germain
More in Enterprise

LinuxInsider Channels