50
Red Hat Enterprise Linux 8 Why it’s time to move Adrian Keward Principle Solution Architect October 15 th 2019
Red Hat Enterprise Linux 8Why it’s time to moveAdrian KewardPrinciple Solution ArchitectOctober 15th 2019
3
Red Hat Enterprise Linux 8
Easier adoptionfor staff new to Linux®
More subscription valuewith Red Hat Insights, now included in allRed Hat Enterprise Linux subscriptions
A consistent experience
across bare-metal, virtual, and public and hybrid cloud environments
Eased transitionto and adoption of containerized workloads with community-driven, new container management tools
Increased speed and easeof deployment
Broad ecosystemof supported applications
4
Benefits of a consistent foundation withRed Hat Enterprise Linux
Deliver workloads faster with less effort
Increase agility and reduce time to market for critical workloads
Reduce IT friction and costs of dynamicbusiness changes
Deliver any application on any footprint at any time
5
Build your future on a stable, high-performing
platform that can scale to meet the needs of
your organization today and tomorrow.
Simplified Delivery
Reducing complexity is a key benefit that starts with being able to consume it easily
1. Provides the foundation of our operating system
2. Completely self contained operating system
3. Guaranteed 10 years of enterprise support
1. Provides flexible lifecycle options
2. Fully enterprise supported3. Common Red Hat Enterprise
Linux languages supported at launch
4. Defaults to 10 years of enterprise support
BASE OS APPLICATION STREAMS
=Note: RHEL subscriptions also provide access to additional content for Developer use. More details available at the developer.redhat.com
Value of the Red Hat Subscription
Enterprise product from community projects
❖Invest in the future of enterprise open source technology by paying Red Hat to represent your needs and contribute code to influential communities.
❖Take advantage of hardened, tested, certified enterprise-ready solutions identified and evolved by Red Hat.
A Familiar Experience
Enterprise OS on all footprints
Development Process (Fedora)
10-year lifecycle for most content
Offerings and Add-Ons
Managed by Satellite
Simpler delivery structure
Predictable release cadence
More life cycle options
More frequent application updates
What’s the same What’s different
RED HAT ENTERPRISE LINUX 8
9
At a glance
KERNEL VERSION 4.18+
SYSTEM COMPILER GCC 8.2, LLVM 6.0
HARDWARE ARCHITECTURES Intel/AMD 64-bit, IBM Power LE, IBM z Systems, ARM 64-bit
DEFAULT FILE SYSTEM XFS
PACKAGE MANAGEMENT Yum v4
TIME SYNCHRONIZATION Chrony
NETWORKING NetworkManager
INIT SYSTEM Systemd v239
ftrace kpatch
DYNAMIC KERNEL PATCHING
CALL
RETURN
Return
Originalfunction
NOOP
BEFORE PATCHING
Return
IMPROVEpredictability of maintenance.
DEFERreboots for critical kernel issues.
MINIMIZEdowntime for security patches.
Originalfunction
CALLCALL CALL
Replacementfunction
AFTER PATCHING
Hardware Architectures
Datacenter
Cloud
Scale-up/out
Database service
IoT
INTEL/AMD
Density in workload
OLTP
Scale-up
Database service
IBM Z
Supercomputing
Client
Big Data processing
Artificial Intelligence
IBM Power
Hyperscale computing
Edge computing
64-bit Server architecture (AARCH64)
IoT
ARM
RE
D H
AT EN
TER
PR
ISE
LINU
X 8
Developers need access to the latest tools.Operations needs to know those are stable and supported.
12
13
Plan with confidence
Remove uncertain from your platforms
Simpler deployment options
Standardized platforms for any environments
Latest stable tools
Combining open source innovation with enterprise reliability
Faster time to “Hello World”
Simpler deployment optionsUse standardized platforms for any environments
Ability to plan with confidenceRemove uncertainty from your platforms
Latest stable toolsCombine open source innovation with enterprise reliability
Predictable updates
14
6 monthsMinor updates
3 yearsMajor releases
2 phasesSupport life cycle
The newest yum package manager: version 4
15
New technologyMaintains the same experience while adding new tools
Better dependency managementOffers faster resolution and easier minimization of what's installed
Stable APIProvides new application programming interface (API) for extending yum that will progress into the future
Repository
rpm
rpm
rpm
rpm
rpm
rpm
metadata
rpm rpmrpm
system
yum
16
Power the adoption of containers
RE
D H
AT EN
TER
PR
ISE
LINU
X 8
Container Infrastructure
Docker Compatibility
skopeo
CONTAINERS ARE LINUX
18
Namespaces
CPU Memory Storage Network
Cgroups
Seccomp
SELinuxRu
n
Build
CONTAINERSApplication dependencies
Application binaries
Powering the adoption of containerized workloads
19
Red Hat Enterprise Linux(Podman/Buildah/Skopeo)
TRADITIONAL DEVELOPMENT
Find Run Build Share
CLOUD-NATIVE
Integrate Deploy
Quay Red Hat OpenShift®
(Kubernetes)
Manage containers with Podman
20
Fast and lightweightNo daemons required
Advanced namespace isolationRootless operations for container run and build
Open standards compliantCreates and maintains any standard Open Containers Initiative (OCI) -compliant containers and pods
Podman
RunC
Kernel
Images
Create images with Buildah
21
More controlScriptable tooling for fine-grained image control, and maximum control starting from base or scratch images
Minimization of imagesElimination of unneeded dependencies by using host-based tools
From base, multilayer From scratch, single layer
Java runtime and dependencies, and
application
OS update layer
Java™ runtime layer
Application layer
Base Red Hat Enterprise Linux
Inspect and transport images with Skopeo
22
Inspect images remotelyExamine image metadata without needing to download
Publish and transfer imagesCopy images from registries to hosts or directly between registries
Sign and verify imagesSupports GPG key signing on publish
Image registry Image registry
Image repositoryMetadata signature
Host
SKOPEO
23
Introducing Red Hat Enterprise CoreOS & UBI
RE
D H
AT EN
TER
PR
ISE
LINU
X 8
An immutable host, delivered with OpenShift○ Aligned lifecycle○ Aligned release cadence
Preserving the best from Container Linux and Atomic
● Container Linux○ User experience○ Minimal compose; decreased attack
surface○ Over-the-air automated updates○ Mission statement towards
containerizing all workloads● Atomic Host
○ Red Hat ecosystem
RED HAT ENTERPRISE LINUX CORE OS
24
RHEL ABI(Base image)
App / Service
containerlinux
25
WHY?Because containers ARE Linux.Developers & software vendors include Linux code inside the container. This enables a container ecosystem that when run on OpenShift, delivers a Red Hat Enterprise Linux experience.
WHAT?A subset of Red Hat® Enterprise Linux® that is freely available and redistributable, driving standardization on container (or base) images that are “RHEL-ready.”
RED HAT UNIVERSAL BASE IMAGEA bold change that will help us expand the ecosystem
CONTAINER CONTAINER CONTAINER
LINUX CONTAINER HOST (KERNEL)
LINUX OSDEPENDENCY
LINUX OSDEPENDENCY
LINUX OSDEPENDENCY
APP APP APP
Linux OS host spans every container
1 2Linux is in
every single container
Kubernetes services
THE UNIVERSAL BASE IMAGE
CONTAINER
RHEL BASE IMAGE
LANGUAGE RUNTIMES
APP
RED HAT PLATFORM
CONTAINER
RHEL BASE IMAGE
LANGUAGE RUNTIMES
APP
ANY CONTAINER PLATFORM
CONTAINER
RHEL BASE IMAGE
LANGUAGE RUNTIMES
PARTNER CONNECT CERTIFIED APP
RED HAT PLATFORM
Not Supported Enterprise support when run on Red Hat platforms
Certification provides the highest level of support
Default Configurations
Sensible out-of-the-box configuration
Supported tunables for MS SQL, SAP HANA, Oracle Database, NFV hosts and more!
TUNED PROFILES
Supported Ansible roles and modules providing a common configuration interface
Starting with networking, SELinux, time sync, and kdump
SYSTEM ROLES
Supported crypto policies to match your encryption needs
Current policies include Legacy, Default (PCI-DSS), FIPS, and Future
CRYPTO POLICIES
Performance Improvements
Range of improved performance with RHEL 8 (alpha) compared to RHEL 7
10%✲
30%✲
45%✲
✲ General guidance. Varies greatly with workload and system tuning.
29
The future of infrastructure is hybrid, multicloud
RE
D H
AT EN
TER
PR
ISE
LINU
X 8
Create images for all your environments with image builder
30
Single sourceLets you create gold images for any environment from the same blueprint increasing stability and consistency
Any footprintSupports public cloud, private cloud, enterprise hypervisors, and bare metal
Simple interfaceProvides web-based view within the web console for selecting packages and creating blueprints
Blueprint
Bare metal
Hypervisors
Public clouds
Private clouds
Create custom blueprints
IMAGE BUILDER
Target any platform:
+ other cloud platforms
“I need to quickly create customized OS images for my hybrid deployment environments, including physical, virtual, and private and public clouds.”
SYSTEMS/CLOUD ADMINISTRATOR
Image Builder
IMAGE BUILDER
Content out
DVD installers
Disk img
FileSystem img
Virtual img
Cloud img
Content in
Red Hat content
Custom
Third party
Third partyREST API
Backend builders
GUI CLI
SATELLITE
Bare metal
Private cloud
Virtual
Public cloud
Speed automation creation with system roles
33
Common automationManage multiple versions of Red Hat Enterprise Linux from a single role
Reduced reworkImport provided roles to eliminate task creation in playbooks
Easy switching of providersChange between default and optional tools quickly and safely
timesync
dbserver
SELinux
network
webserver
RED HAT ENTERPRISE LINUX SYSTEM ROLES
LoggingStorage
Metrics
6 7 8.x
Network SELinux TimeSync kdump
NFS
Tuned
Boot
Firewall
Identity
CURRENT ROLES
• Network• SELinux• TimeSync• Postfix• kdump
TARGETED ROLES
• Storage• Logging• Metrics• NFS• Tuned• Firewall• And more!
SYSTEM ROLES
ANSIBLE PLAYBOOKS
hosts: allrole: rhel-system-roles.network
35
New capabilities can’t come at the expense of security
RE
D H
AT EN
TER
PR
ISE
LINU
X 8
A highly secure platform
36
Latest protocol supportIncluding TLS 1.3 via OpenSSL 1.1.1
Hardened codeIncluding PIE and RELRO binaries and code analysis in our pipelines
Integrated identity managementAs a stand-alone provider or trusted member of an Active Directory, with expanded integrations to tools like the web console
Updated toolsIncluding the LUKS v2 on-disk format for encryption
Security policy, process, and procedures
DESIGN BUILD
RUN
MANAGE
ADAPT
Configuring systemwide cryptographic policies
37
Central configurationSet acceptable algorithms from a single tool
Improved consistencyCovers multiple cryptographic providers and consumers like TLS, kerberos, and Java
Built-in policiesIncluding legacy systems requiring 64-bit security and FIPS allowed or approved algorithms
Default
LegacyClient
Future
Encryption algorithm OpenSSL
httpdSecured
communications
Recording user terminal sessions
38
Audit activitiesCreate a record of actions taken for review against security policies
Create visual guidesBuild run books and training materials with demonstrations
Record and play backLogged via standard channels with multiple playback options
SESSION RECORDING
39
SSH
Login
NSS
tlog
CLI
Cockpit
Playback
User
Syslog
Journal
PAM
Auth
pty
Shell
Bash
Logging
Now you can record and Playback user terminal sessions
Improved firewall management with nftables
40
Consolidated filteringSupports IPv4, IPv6, ARP, and Bridge filtering in a single tool
Simpler rule creationMultiple matches and actions reduce the number of rules required
Improved tracingProvides easier debugging and verification of actions taken on any packet
41
Improved service delivery brings Linux to more new users
RE
D H
AT EN
TER
PR
ISE
LINU
X 8
Remote single-system views in the web console
42
Browser-based interfaceOffers remotely accessible user interface using host security mechanisms
Consolidated viewProvides single view of tasks to speed understanding and completion
Standard management toolsUses system tools to change state, not a separate workflow
New in the web console
43
Virtual machinesCreate and manage virtual machines
Network-bound disk encryptionEnroll disks with Tang server and manage LUKS keys
Single sign-on configurationAutomatically configure when joining a domain
44
Gain new capabilities while giving up nothing
RE
D H
AT EN
TER
PR
ISE
LINU
X 8
In-place upgrades for your systems
45
Reduced migrationsAnalyze systems to determine if upgrading in place can avoid a costly migration
Easy rollback optionsCombine with bootable LVM snapshots for safety
Improved frameworkGet better analysis and a simplified process with a more extensible framework
Upgrade framework
Applications
7 8
RUN LEAPP
CREATE BOOTABLE LVM SNAPSHOT
Can I upgrade this host?
46
PICK CANDIDATE
SERVER
ANALYZE CHECK OUTPUT
REBOOT TO FINISH UPGRADE
UPGRADECOMPLETE
MIGRATING TO RHEL 8
AUTOMATEDThe in-place upgrade tool is a completely automated framework that significantly reduces manual effort
SECURE AND RELIABLE This tool takes into account security configurations including OpenSCAP. It is also compatible with Boom.
EASY TO USE WITH GREAT REPORTINGUpgrade is possible through both a CLI today We are actively working on integration with the Red Hat Web Console
ONLINE AND OFFLINEThis tool can run both online as well as offline and perform an upgrade
Checkrequirements
Identify the version of RHEL you are running
Upgrade to RHEL 7.6
In-place upgrade to RHEL 8.0
Migrating to Red Hat Enterprise Linux 8
Doing a risk assessment before making any changes is critical to understanding what is about to happen
PRE-UPGRADE
Fully plugable and fully supported upgrade framework makes moving to new major releases of RHEL easy
UPGRADE
If anything goes wrong, BOOM will let you rollback to the previous snapshot - this is not a downgrade but instead a full byte-level rollback
ROLLBACK
CONFIDENTIAL - NDA REQUIRED4949
Find more at: https://www.redhat.com/rhel
