Red Hat Enterprise Linux v.4

Technical Overview

HP User Society / DECUS17. Mai 2006

Joachim SchröderRed Hat GmbH

Product Development Overview Fedora is a fundamental part of the

development of Red Hat Enterprise Linux

The whole is greater than the sum of the parts due to a fully integrated testing processes

Close participation in upstream development minimizes patch differences & leverages upstream testing

Fedora & RHEL packages are 'owned' by the same engineer

Red Hat is able to influence high-end feature adoption by community

RHEL package sets tailored to market (AS, ES, WS...)

Integration

InstallerKitting

DocumentationPackaging C

Core packagesUser

contributedpackages

Project Management (community coordination, delivery)

Testing (limited internal, huge external)

Infinite universe ofopen source packages....

UpstreamLinux 2.6.x, Apache, etc.

Fedora

Extended documentationFull architecture range

Layered product integration

Project Management (scheduling, services, partner relationships)

Testing (extensive, rigorous, with customers & OEM/ISV partners)

Fixes/enhancements

Red Hat Enterprise Linux

Enterprise/commercial packagesConservative selection

Enterprise Linux Overview Complete family of Client & Server products – from Laptop to Mainframe

● Comprehensive architecture support● Shared base technology, all open source, matured by Fedora Project

Red Hat Enterprise LinuxClientsServers

Red HatEnterprise Linux AS

Red HatEnterprise Linux ES

Red HatEnterprise Linux WS

Red HatDesktop

Large servers; databases;corporate

applications

Entry/midservers;

email, web,file/print....

Technicalworkstation; poweruser; Engineering

apps; HPC

Standard corporateproductivity desktop;volume deployments

Intel® x86, Itanium®2,EM64T; AMD64;

IBM POWER,z­Series, S/390

Intel® x86, Itanium®2,EM64T; AMD64

Intel® x86, Itanium®2,EM64T; AMD64

Intel® x86, EM64T;AMD64

Open Source Projects

Fedora

Enterprise Linux Product Segmentation Product segmentation is based on system size and support options

● Consistent with Red Hat Enterprise Linux 3● Increased memory limit for Red Hat Enterprise Linux ES● Single SKU for each product now covers all architectures (per support

subscription level)● Except AS, which has a separate SKU for mainframe systems

Max CPUs Max mem

Ser

vers - -

2 16GB

Clie

nts 2 -

Red Hat Desktop 1 4GB

Red Hat Enterprise Linux AS“ Advanced Server”

Red Hat Enterprise Linux ES“ Entry/Mid Server”

Red Hat Enterprise Linux WS“ Workstation”

Hyperthreaded & multi-cored processor chips are counted as a single CPU

Enterprise Linux Subscriptions Red Hat Enterprise Linux is offered on an annual subscription basis

● Subscriptions designed for flexibility and ease-of-choice● Multi-year subscriptions available

(1) Red Hat Desktop includes Red Hat Network Proxy/Satellite Server withRed Hat Enterprise Linux AS Premium subscription and 24x7 Help Desk Escalation Support

Subscription Level: Basic Standard Premium

Red Hat Enterprise Linux AS N/A Yes Yes

Red Hat Enterprise Linux ES Yes Yes N/A

Red Hat Enterprise Linux WS Yes Yes N/A

Red Hat Desktop See note 1

Red Hat Network Update 1 year 1 year 1 year

Upgrades Included Included Included

ISV & OEM Certifications Yes Yes Yes

Unlimited Incident Support No 24x7

Response Guarantee N/A 4 hours 1 hour

Su

bs

cri

pti

on

fea

ture

s

M-F 9-9 (N/A)M-F 9-5 (RoW)

New Subscription Features Red Hat's support lifetime is now 7 years

instead of 5 years

– the longest in the industry

The ability to change chip architectures is included in a Red Hat subscription

– new for Red Hat Enterprise Linux 4

A Red Hat subscription gives you access to any release (v2.1, v.3, v.4, ...)

– upgrade anytime with no additional fee

Enterprise Linux v.4 will be supported from 2005 until 2012

Changing a 32 bit system to 64 bit is just one click 

in Red Hat Network ... there are no extra charges

Enterprise Linux Timeline Red Hat Enterprise Linux v.4 is the latest generation of the family

● Delivered in February 2005 Delivers the world's leading open source enterprise-strength solution with

increased performance, scalability, availability and security● Continued focus on the commercial client and server market

Red Hat EnterpriseLinux 3 Red Hat Enterprise

Linux 4 Red Hat EnterpriseLinux 5 Red Hat Enterprise

Linux 6

2004 2005 2006 2007 2008

Support Lifetime

- Intel x86 64-bit - EM64T- Red Hat Application Server- Red Hat Desktop- Red Hat Global File System

- 2.6 Kernel base- SELinux integration- Enhanced desktop- Enhanced scalability/performance- Logical Volume Management 2- RHN Monitoring- ....

Updates:- Auditing- Application profiling/debug tools- Mirroring & Multipathing- Netscape-based technologies- ....

Strategic alignment with hardware vendors Red Hat has the strongest partnerships

among all operating system vendors● Servers, workstations, desktops, laptops,

peripherals Enterprise Linux 4 is supported on the latest

hardware● A broad range of 64 bit systems● Blade configurations for horizontally

scaled clusters● Larger vertically scaled systems with up

to 64 CPUs

Over 750 certified systems

Enterprise Linux Server Solutions

Web Mail File Print Web proxy cache Authentication DNS DHCP Secure remote access Firewall Spam filter

Over 1000 certified applications

C/C++ Java

Certified 3rd party ISV applicationsHighly functional server environment

Custom applications in: Fortran ....

Kernel Red Hat Enterprise Linux v.4 is built on a Linux 2.6.9 kernel

● Red Hat Enterprise Linux v.3 used a Linux 2.4 kernel with numerous Linux 2.6 features incorporated

● Moving to a full Linux 2.6 core provides features that have matured during 2004, for example:

● New block I/O system increases storage scalability (e.g. 16TB on x86)

● Many 2.6 kernel algorithms provide higher performance than 2.4

● Fedora has provided extensive testing of new capabilities● All architectures built from a common source RPM (as with

RHEL3)● Uniform feature set and maintenance/support

I/O Elevators – CFQ Scheduler The Linux 2.6 kernel provides additional performance through improved I/O

initiation algorithms Kernel command line option can be used to select the scheduler for a system

● Provided schedulers:● CFQ; Deadline; Noop; AS

Completely Fair Queueing (CFQ) is the default RHEL 4 I/O scheduler● Implements one I/O queue per process● The I/O scheduler initiates one I/O per queue on a round-robin basis● Ensures complete fairness at a process level

Deadline scheduler provides a per I/O request deadline to eliminate process I/O starvation● Eliminates excessive I/O latency● Suitable for database applications

Noop scheduler provides no reordering● Typically used by virtual systems

I/O Elevators – Anticipatory Scheduler Anticipatory scheduler (AS) modifies read/write order balance:

● Average disk seek+transfer takes, say, 5-8mS● Reads tend to be synchronous – so are issued at a slow rate● Writes tend to be asynchronous – so are issued at a fast rate● Writes can overwhelm reads, dragging disk heads off-cylinder in the middle

of (common) physically sequential read operations● Off-cylinder operations cost the read thread ~10-16mS

● AS scheduler delays issuing queued writes after a read completes by ~1mS to see if another read is issued

● Optimizes the most common read semantics● Costs 1mS of write for a potential 10-16mS read gain

● Improves disk throughput, for slight increase in write latency● Suitable for interactive environments

Serviceability Kernel Crash Dump analysis

● Netdump – carried forward from Red Hat Enterprise Linux v.3● X86 only today

● EM64T/AMD64, Itanium 2 & IBM POWER planned for updates ● Diskdump

● X86 and Itanium 2 only today● Other architectures in planning for updates

● e.g. AMD64/EM64T in Red Hat Enterprise Linux v.3 Update 4● Creates dumpfile that is 100% compatible with Netdump

● Can use common debug tools/utilities● Allows a crash dump to be taken on a local disk

● AIC7xxx, AIC79xx, MPT Fusion (generic IDE under development)● Kexec dump technology under investigation/development

14Red Hat Confidential ­ NDA Required

Product features subject to change prior to availability

Developer Tools: Frysk Execution Analysis Tool – “ always

on” debugging New beginning – leap-frog 20 year

old technology Red Hat initiative – will be delivered

initially through Fedora – Fall 2005 C++ debugging improvements Modular architecture Graphical Interface Event Driven http://sources.redhat.com/frysk

OProfile SystemTap

Statisticalsampling

 Frysk

Full modelingTracing andProfiling

Security New to Red Hat Enterprise Linux v.4

● Security Enhanced Linux (SELinux)● Improved auditing● Common Criteria/EAL4+ certification

Enhancements carried forward from Red Hat Enterprise Linux v.3, Update 3● Position Independent Executables (PIE)● Exec Shield● NX/XD

Security: Exec Shield Two Exec Shield capabilities:

● Segmentation support● No eXecute (NX; AMD) / eXecute Disable (XD; Intel) support

● Memory management enhancements that improve security by ensuring that stack/heap/buffer areas are set non-executable

● NX/XD use a new CPU memory management hardware feature● For Itanium® 2 and new 32-bit & 64-bit x86 Intel/AMD

processors● Supported in PAE-enabled (smp & hugemem) kernels

executable | non-executable

Code Rvar1var2var3var3

return address

Rinjected code Stack

Security: PIE, gcc/glibc Position Independent Executables (PIE) support

● Application section load addresses are randomly assigned every time an application is started, making address-based exploits much harder

● Requires application to be built with PIE enabled● All RHEL4 servers/daemons/etc are built with PIE enabled

● Appropriate for all architectures GCC and GLIBC security enhancements

● Glibc memory allocator functions now perform sanity checks to detect double freeing of memory and heap buffer overflows. Double free exploits are now impossible

● printf format string exploitation prevention performs security checks for specialized parameters

● gcc buffer bound checking incorporates buffer checking functions when buffer size is known at compile time. Prevents buffer exploits

● These features are currently unique to Red Hat Enterprise Linux v.4

Security Enhanced Linux (SELinux) Leverages 10 years of OS research by the NSA “ Policies” ensure applications have only the minimum access needed Transparent to applications and users – no added administration Role-based access controls (RBAC) available to enhance security A successful attack can only use the rights of the compromised application

Kernel Kernel

Classical UID based Access ControlOnce a security exploit gains access to

privileged system components the entiresystem is compromised

Domain-Type based Access ControlKernel policy defines application rights,

firewalling applications from compromisingthe entire system

Policy

Enforcement

Storage The Linux 2.6 kernel offers greatly increased storage subsystem scalability

● Supports over 4,000 SCSI devices/paths (vs. 256 with Linux 2.4) Ext3 enhancements

● Online file system growth improves availability● High value feature for LVM environments

● Block reservations greatly improve read/write performance● Maximum supported filesystem size increased to 8TB● Maximum filesize increased to 8TB (x86/AMD64/EM64T) & 16TB

(Itanium2/POWER)● Using sparse file support

Logical Volume Manager 2 (LVM2)● Significantly increased functionality over RHEL3+LVM1

● Mirroring, Multipathing, R/W snapshots● Improved robustness, availability, performance; easier to configure/manage

RAID s/w provides support for RAID 6 and improved support for RAID 0+1

Storage: Logical Volume Management (LVM2) LVM2 provides significantly improved GUI-based storage management

capabilities● Goal to provide consistent, easy to understand, administrator interface

Storage: iSCSI iSCSI provides low-cost connectivity to

Enterprise SAN infrastructures● Direct access to corporate data● TCP/IP based

iSCSI support planned for RHEL4 & RHEL3● Open source Cisco implementation (Initiator

only)● RHEL4 dependent on upstream acceptance

of iSCSI initiator driver● Planned for delivery in a RHEL4 update● Linux 2.6 driver currently undergoing

rapid change and development● RHEL3 via update 4

● Not upstream dependent● Boot support planned for a later update

Qlogic/Adaptec iSCSI adapter support available

Red Hat Enterprise Linux Host

ISCSI bridge

Switch

FChost

ISCSIstorage controller

(e.g. NetApp)

TCP/IP

Fibre Channel

Cisco iSCSI initiator

NIC

Qlogic/Adaptec driver

iSCSI adapter

SAN

Desktop: Core Applications Firefox & Mozilla Web Browsers

● Choice of integrated Firefox browser (default) or classic Mozilla suite● Single Sign-On support for NTLM and Kerberos over HTTP using GSSAPI● Improved standards compliance, platform integration, and i18n support

Evolution 2.0 Groupware Client● Robust mail, calendaring, and contact management client● Supports IMAP, POP, SMTP, LDAP, and iCalendar standards● Integrated Microsoft Exchange 2000/2003 interoperability● Integrated certificate management● Improved platform integration, handheld support, and offline IMAP support● 100% open source component of the GNOME desktop system

Updated OpenOffice.org Office Suite● Including robust word processor, spreadsheet, presentation applications● Supports document exchange with Microsoft Office file formats

Desktop: Technology Improved Multimedia Capabilities

● Integrated open source Helix Player supports Ogg Vorbis, Theora

● Bundled RealPlayer 10 adds SMIL, MP3, Flash, RealAudio/RealVideo

● Integrated Rhythmbox Music Management Application

Updated Desktop Applications● Gaim, the multi-protocol instant messenger

client● Planner, the graphical project management

tool● GIMP 2.0, the powerful image composition and

editing environment● Rdesktop, RDP terminal services client

Desktop: Technology Cross-platform Interoperability

● Use MS Active Directory for user login authentication

● Authenticate to web-based applications with NTLM

● Interoperate with MS Exchange for mail and shared calendaring

● Browse Windows SMB file and print shares from default desktop

Vino – Desktop session sharing via VNC (for helpdesk, collaboration uses)

Red Hat Cluster Suite v.4 Core clustering functionality for both Red Hat

Cluster Suite and Red Hat Global File System is delivered in Red Hat Cluster Suite● Membership management; I/O fencing;

Lock manager; Heartbeats; Service/resource manager; Management GUI

Support for up to 300 nodes Multiple lock management models

● Client-server with SLM/RLM (single/redundant lock manager)

● Distributed Lock Manager● New with Red Hat Cluster Suite v.4● Open, stable API – consistent with

VMS DLM

Red Hat Enterprise Linux

Single node LVM2

Red Hat Cluster Suite

HA Services(Failover)

Core services:DLM – Connection Manager – Service ManagerI/O Fencing – Heartbeats – Management GUI

IP LoadBalancing

Cluster LogicalVolume Manager

Cluster FileSystem

Red Hat Global File System

Red Hat Cluster Suite v.4 New version for Red Hat Enterprise Linux v.4

● Existing subscriptions can upgrade at no charge Provides two technologies

● High Availability failover – suitable for unmodified applications● IP Load Balancing – enables network server farms to load share IP load

New features include:● Elimination of requirement for shared storage

● Significantly reduces the cost of high availability clustering● Shared Quorum partition is no longer required

● Service state, previously stored in Quorum partition, is now distributed across cluster

● Online resource management modification● Allows services to be updated without shutting down (where possible)

Also provides core technologies used by Red Hat Global File System● Included as part of Red Hat Global File System

Distributed Lock Manager Red Hat Cluster Suite v.4 includes a Distributed Lock Manager (DLM)

● Primarily used by Red Hat Global File System, but available for general purpose use by any application

● Closely mirrors the original Digital VMS DLM A DLM is a highly functional, distributed (cluster-wide), application

synchronization subsystem● Processes use the DLM to synchronize access to a shared resource (e.g. a

file, program, or device) by establishing locks on named resources● Permits the creation of distributed applications

● e.g Oracle RAC (which uses a private DLM)● Provides a collection of services

● Multiple lock spaces and concurrency (lock) modes● Lock hierarchies/domains (resources & subresources)● Range locking● Lock conversions & value blocks● Blocking & Asynchronous completions

Red Hat Global File System v.6.1 New version for Red Hat Enterprise Linux v.4

● Existing subscriptions can upgrade at no charge Provides two major technologies

● GFS cluster file system – concurrent file system access for database, web serving, NFS file serving, HPC, etc. environments

● CLVM cluster logical volume manager1

Fully POSIX compliant Data and meta-data journaling (per-node journals, clusterwide recovery) Maximum filesize & file system size: 16TB with 32-bit systems, 8EB with 64-bit

systems Supports file system expansion Requires shared storage

● Supports several topologies: SCSI, SAN, iSCSI, gnbd Rapidly growing development community since being open sourced in Q2/04

● Builds for other distributions becoming available (e.g. Debian)

(1) Cluster mirroring and cluster snapshots provided in GFS 6.1 update

Red Hat Application Server Red Hat Application Server v.1 was announced in August 2004

● Combination of open source technologies from:● Apache (Tomcat Servlet/JSP container)● ObjectWeb (JOnAS application server)● Eclipse (IDE + J2EE plugin)

Red Hat Application Server v.2 is due for deliveryin H1 2005● Will provide numerous new features, including

● Updated packages (e.g. JOnAS 4.x)● Simplified configuration via profile

management & server templates● PostgreSQL 8 support with seamless JOnAS

integration● Enhanced administration and development tools● Feature enhancements in collaboration with ObjectWeb & Apache, e.g.:

● Enhanced persistence – JAX-R

Dat

abas

e

Red HatApplication Server

Web

Bro

wse

rA

pplic

atio

n

Web Container

Tomcat

Servlets JSPs

EnterpriseJava Beans

EJB Container

JOnAS

Red Hat Solution Summary

Red Hat Global File SystemRed Hat Cluster Suite

Red Hat Application ServerEJB container Web container

Red Hat Enterprise Linux AS/ES

Red Hat Enterprise Linux AS/ES

Red Hat Developer Suite

Red Hat Enterprise Linux WSRed Hat Desktop

EIS Tier

Middle Tier

Client Tier

Development & DeploymentInfrastructure

Applications – Browsers

Servers – Web – J2EE

Database – SAN

Red Hat NetworkServerModules

Red Hat GlobalSupport Services

Red Hat GlobalProfessional Services

Red Hat GlobalLearning Services

Management & SupportInfrastructure

http://rhn.redhat.com

   

Note: This is a snapshot of development status. Some features may not mature sufficiently for inclusion in GA Release. 

  Security                 Agility                Reduced CostSecurity                 Agility                Reduced Cost

Full-Virtualization – FV (Transparent Virtualization) ● Creates Entire Virtual Machine; Complete System Emulation.● Virtual Machine appears to be generic system to the Operating System.● No Modifications to the Operating System are required.● Significant performance impact without Hardware-enabled Virtualization● Examples: VMware & Xen w/Hardware Support

Single Kernel Image (SKI)● Light weight virtualization where the host OS Spawns different copies of

itself. Adding limitation and restriction on running same version of OS, and same patch level on all version of the virtualized guests.

● Examples: Solaris Zones, Swoft Virtuozzo Para-Virtualization – PV (Low-Overhead-FV)

● Founded by XenSource; attempts to reconcile the two approaches.● Requires minor changes to the Guest Operating System● Resolves the performance impact of FV by allowing direct access to the

hardware resources as managed by the Hypervisor

Virtualization Models

Xen Use Case 1 Fat Dom0

RHEL

Hardware

Xen HypervisorControl

FrontendDrivers

DomUDom0

Back

end

Driv

ers

Devi

ceDr

iver

s

Unprivileged Domain: The Guestor the Virtual Machine. Each VMis instantiated in Dom0 once itsparameters are set:            CPU, Memory, Storage

Domain 0 – Privileged Domain,the host. Provides hardware support (backend drivers) interfaces for guests control and    management toolsFully loaded RHEL

Xen Hypervisor provides IRQ routing, Scheduling , and inter­domains communications. The Hypervisor with the Dom0 Device Drivers provide transparent sharing of resources. It also enforces strict resource limitations (example: RAM). 

Xen Use Case 2: Thin Dom0

RHEL

Hardware

Xen HypervisorControl

FrontendDrivers

DomUDom0

Unprivileged Domain: The Guestor the Virtual Machine. Each VMis instantiated in Dom0 once itsparameters are set:            CPU, Memory, Storage

Domain 0 – Privileged Domain,the host. Provides hardware support (backend drivers) interfaces for guests control and    management toolsMinimal RHEL with LibVirt

Xen Hypervisor provides IRQ routing, Scheduling , and inter­domains communications. The Hypervisor with the Dom0 Device Drivers provide transparent sharing of resources. It also enforces strict resource limitations (example: RAM). 

Installation tools:● Anaconda “ Red Hat Installer” is Virtualization-aware ; ease

Vitualization setup and

installation Management Tools:

● Red Hat Network ISV and IHV Certification Storage:

● Global File System (GFS)

integration

Red Hat Added Value

Xen HypervisorXen Hypervisor

Red Hat Enterprise LinuxRed Hat Enterprise Linux

HardwareHardware

Others

App X

DomDomnn

RHEL 4

App2

DomDom22

RHEL 3

App1

RHEL 3

DomDom11RH ClusterRH ClusterSuiteSuite

GFSGFS

Red 

Hat N

etw

ork

Red 

Hat N

etw

ork

Red Hat Delivers Useful, Reliable, and Tested SolutionsRed Hat Delivers Useful, Reliable, and Tested Solutions

Alpha - Technology Preview● Available now in Fedora Core 5

Beta:

GA : RHEL 5 GA – End of Year Fully Virtualizated on Virtualization-Enabled processor

● Allows RHEL 2.1, 3, 4 guests as well as others OS Para-Virtualization: RHEL 5 at GA, RHEL 4 sooner after GA

Beta 1 in RHEL 5 – Around SummerBeta 2 in RHEL 5 – Around Fall

Red Hat Virtualization: Roadmap

Development and QA environments ● Secure and compartmentalized instances;● think “ chroot” jail.● Simplify test scripting and execution for ● qualifications ● Simplify test simulation Advantages● Rapid Deployment and Adoption● Shorten Certification Process

Solving Real Business Problems

Xen HypervisorRed Hat Enterprise Linux

HardwareCPU(s) IO Memory

RRHHEE

Appl

icat

ion

RRHHEE

Dev 

Env

RRHHEE

Dev 

Env

com

part

men

taliz

ed

General API for virtual machines Currently focused on Xen, but not exclusive Main tasks:● The API should allow to do efficiently and cleanly all the

operations needed to manage domains on a node● The API will not try to provide high level multi-nodes management

features like load balancing● Deliver a stable fundament for

management tools● Work on a single node only, except

live migration – considered basic function

Libvirt

Libvirt Usage example in Python

import libvirt import sys

conn = libvirt.openReadOnly(None) if conn == None: print 'Failed to open connection to the hypervisor' sys.exit(1)

try: dom0 = conn.lookupByName("Domain-0") except: print 'Failed to find the main domain' sys.exit(1)

print "Domain 0: id %d running %s" \ % (dom0.ID(), dom0.OSType()) print dom0.info()

Questions?

Vielen Dank!

Joachim Schröder, Solution Architectjoachim.schroeder@redhat.com