Red Hat Secures Spot in OS Pantheon

 
 
By Jason Brooks  |  Posted 2005-03-14
 
 
 

Red Hat Secures Spot in OS Pantheon


Red Hat Inc.s Red Hat Enterprise Linux 4 stands as a leading example of how Linux and the constellation of open-source projects that surround it have grown capable of serving the needs of organizations, from the desktop to the server room.



Click here to read the full review of Red Hat Enterprise Linux 4.

2


Red Hat Inc.s Red Hat Enterprise Linux 4 stands as a leading example of how Linux and the constellation of open-source projects that surround it have grown capable of serving the needs of organizations, from the desktop to the server room.

eWEEK Labs tests show that Version 4 of Red Hats flagship product is significantly more scalable and secure than previous versions, due in large part to its upgrade to Version 2.6 of the Linux kernel. Organizations that are running RHEL 3 now should test their applications with the new release to determine whether the performance gains theyll see are worth the disruption of an upgrade. (RHEL 4 is available for download at rhn.redhat.com for RHEL subscribers.)

Two of the most important factors to consider when weighing the pros and cons of upgrading or migrating to a new operating system are the applications you wish to run and the hardware on which you intend to run them.

If youre running commercial enterprise applications that support Linux, RHEL is the Linux distribution most likely to be certified for them. If youre looking to run applications in the open-source stack, RHEL is also a solid platform, featuring components that are up-to-date but that have had time to bake in Fedora, Red Hats community-supported Linux distribution.

Click here for more on the RHEL vs. Fedora question.

RHEL 4 also ships with compatibility libraries that enable it to run applications compiled for RHEL 2.1 and 3.

Red Hat Desktop (as the desktop flavor of RHEL is known) makes a solid Linux client, but it doesnt do much to distinguish itself from the rest of the desktop Linux pack. Wed like to see Red Hat do more for desktop administrators by adding tools such as the user configuration management system in Sun Microsystems Inc.s Java Desktop System.

The pricing for RHEL 4 is the same as that for Version 3: The server versions range from $349 for RHEL ES with basic support to $2,499 for RHEL AS with premium support.

RHEL ES supports as many as two Intel Corp. x86, Itanium 2 or EM64T processors or up to two Advanced Micro Devices Inc. AMD64 processors. RHEL AS adds support for IBMs Power series (eServer iSeries and eServer pSeries) and mainframe (eServer zSeries and S/390) platforms, as well as support for significantly more processors. This breadth of platform support is one of RHEL 4s competitive advantages over the somewhat more parochial Solaris 10 and Windows Server 2003.

Click here to read the review of Solaris 10.

eWEEK Labs tested RHEL AS.

Red Hat also sells a workstation version of RHEL, priced from $179 per system per year, as well as a corporate desktop version of RHEL, which, sold in packs of 50, costs about $70 per system per year.

Red Hat Adopted the Linux 2.6 kernel for its enterprise line after the code had undergone a years worth of updates from the kernel development project, as well as broad testing in versions 2 and 3 of Red Hats community-supported Linux distribution, Fedora Core. (RHEL 4 ships with a kernel based on Linux 2.6.9.)

One of the most significant improvements in the 2.6 kernel was to its disk I/O scheduler, which maximizes disk performance by sorting read-and-write requests and ensures that concurrently running applications get adequate access to the disk.

With RHEL 4, we could select among four I/O scheduler options by passing an argument to the kernel at boot time.

The noop scheduler, which is intended for use in virtualized environments, doesnt attempt to optimize at all, decreasing overhead by allowing the host operating system to worry about I/O optimization. The other three schedulers are anticipatory; deadline; and CFQ, or completely fair queueing (the default in RHEL 4).

The schedulers handle disk I/O optimization differently, with each offering distinct benefits depending on the set of applications run. We were, therefore, disappointed to find that Red Hat does not discuss the relative merits of each option in its manuals. Nevertheless, we were able to find a good deal of information on this topic on the Linux kernel mailing list (at lkml.org).

Linux 2.6 and, in turn, RHEL 4 also include a new process scheduler that scales better in multiprocessor, multicore and hyperthreaded CPU systems than does Version 2.4s process scheduler. Also of benefit to multiprocessor systems is the 2.6 kernels Read Copy Update feature, which speeds operations in which multiple processors need read access to particular data.

Also courtesy of the new kernel is tremendous growth in the number of processors RHEL AS supports—32 x86 processors (up from 16 in RHEL 3) or 64 Itanium 2 processors (up from eight in RHEL 3)—as well as a lower-overhead virtual memory system and a block I/O file system that boosts the maximum size of RHEL 4s ext3 file system to 8TB.

Next page: Tightened security.

Page Three


Red Hat Enterprise Linux shares most of the same security mechanisms as other Linux distributions. However, it lets administrators further batten down their system hatches through support for SELinux (Security-Enhanced Linux), a set of kernel modifications and utilities initially developed by the National Security Agency that brings a mandatory access control permissions scheme to Linux.

Developing and troubleshooting SELinux policies, particularly on a system running many applications, is a tricky business. RHEL 4 eases the burden by shipping with a "targeted" policy that protects by default a small set of system services that are at great risk for attack because they typically face the Internet.

During tests, eWEEK Labs was able to toggle off and on certain elements of the default SELinux policy using the same system-config-securitylevel tool with which users graphically adjust basic firewall settings. However, its necessary to use the command line for more than a very basic SELinux configuration. (Red Hat has produced a nice manual for SELinux on RHEL 4, available at www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide.)

The ExecShield feature is not new in RHEL 4 (it was introduced as part of RHEL 3s third update, released in August of last year), but its a solid tool for preventing software exploits caused by buffer overflow attacks.

ExecShield is described in detail in a paper released by Red Hat (and available at www.redhat.com/f/pdf/rhel/WHP0006US_Execshield.pdf). In the paper, Red Hat reports that ExecShield stopped 11 of 16 serious Linux vulnerabilities that surfaced between Nov. 1, 2003, and Aug. 11, 2004, and for which exploits were made available.

Were not aware of a distribution outside of the Red Hat/Fedora family that uses ExecShield, which is open source but was developed by Red Hat. As with SELinux, ExecShield underwent testing in multiple Fedora releases during the last year before making its way into RHEL.

Red Hats focus for RHEL 4 was primarily under the hood, so its not too surprising that we didnt see many differences in the products administration tools.

In fact, with graphical system administration tools that lag behind those of Novell Inc.s SuSE Linux Enterprise Server 9 and Windows 2003 Server in both scope and intelligence, RHEL 4 will have administrators spending more time than they would probably like at the command line. This wont be a problem for those familiar with RHEL, but it certainly steepens the learning curve, particularly where new features such as SELinux are concerned. Fortunately, Red Hat provides well-written and easily accessible documentation (available at www.redhat.com/docs/manuals/enterprise).

As with previous versions of RHEL, we could install RHEL 4 software and receive updates by connecting to the Red Hat Network with RHELs up2date client. In the version of up2date that ships with RHEL 4, we could also draw packages from the yum and apt software repositories or from a standard directory.

We upgraded a system running RHEL 3 AS to RHEL 4 AS without incident. SELinux was disabled by default on the new machine, and enabling it would have entailed some administrative chores. This is one reason why Red Hat recommends that users upgrade to RHEL 4 via a clean install.

Red Hat does not, however, support upgrading to RHEL 4 from a previous version using up2date. To update, administrators must boot from an install disk image (from a disk or a PXE [Preboot Execution Environment] server), which then runs Red Hats Anaconda installer application.

Weve had success upgrading between Fedora Core releases using an application such as yum, and wed like to see Red Hat do the testing required to support this sort of upgrade in RHEL.

RHEL 4 ships with an updated version of the LVM (Logical Volume Manager), which aims to make it easier for administrators to manage storage among multiple disks.

RHEL 4s Anaconda installation program uses LVM by default, but, for various reasons, administrators may wish to return to creating standard partitions instead.

RHEL 4s LVM implementation doesnt support RAID mirroring yet, although Red Hat officials have said support will be added in an update coming soon. RHEL 4 also includes a graphical client for managing LVM, but we found this tool to be very basic.

Next page: RHEL Web resources.

Page Four


  • Good documentation is one of Red Hat Enterprise Linux 4s strengths. Its all available in PDF or HTML format at redhat.com/docs/manuals/enterprise.

  • Its possible to download software and updates of applications that Red Hat doesnt provide from a number of volunteer packaging projects. Four such projects have recently combined, and the packages they currently offer can be found at dag.wieers.com/home-made/apt/rpmforge.php.

  • Mailing list archives are an excellent place to find troubleshooting information or to get a handle on where project developers are going. Red Hats mailing lists are at redhat.com/mailman/listinfo. For RHEL (whose code name is nahant), the most pertinent lists are nahant-list and nahant-beta-list, but the Fedora lists will contain a lot of useful RHEL information as well.

    Source: eWEEK Labs

    Senior Analyst Jason Brooks can be reached at jason_brooks@ziffdavis.com.

    Check out eWEEK.coms for the latest open-source news, reviews and analysis.

  • Rocket Fuel