dcsimg

First Look: Red Hat Enterprise Linux 5

Two years in the making, RHEL 5 is finally ready. The result? With Xen, SELinux, the Red Hat Global File System, and more, Red Hat Enterprise Linux 5 raises the bar for commercial Linux. We break down the new features and walk you through creating your first virtual machine.

Red Hat Enterprise Linux (RHEL) has long been a fixture in enterprise machine rooms. Robust, fast, and feature-rich, RHEL is often the standard by which other enterprise distributions are measured. With Red Hat Enterprise Linux 5 (RHEL5), Red Hat once again raises the bar for commercial Linux. CIOs, don the Red Hat.

The most important feature of RHEL5 is the integration of Xen, an open source virtualization engine. While Linux has always been able to execute multiple applications all (seemingly) at the same time, virtualization takes “multiprocessing” further, turning a single piece of physical hardware into many virtual computers. Each virtual machine is independent and runs its own operating system instance — a flavor of Linux or Windows, say — on virtual hardware, oblivious to the low-level machinations that enable such sharing.

Virtualization is sure to change the real estate of the machine room. Red Hat estimates that a typical production server runs at only 15 to 20 percent of capacity. The remaining cycles — the processing power of four production servers — are simply wasted, lost to idle time. With virtualization, though, a single system can act in multiple roles simultaneously, conserving floor space, and reducing cooling and power consumption.

At the other extreme, the workload of a server approaching 100 percent utilization can be subdivided and reassigned to other, less-taxed servers. Similarly, a workload can be shifted from failing hardware to other hosts without noticeable downtime. For example, to repair a machine with a failing power supply, shift its virtualized instances to a good machine, shut down the box, replace the power supply, restart, and recall the instances back.

In fact, a set of properly configured, networked virtual servers can shift an operating system instance from one physical computer to another in as little as 100 milliseconds — a veritable blink of the eye, even when measured in Internet time. Virtualization simplifies maintenance of commodity hardware, and may make you inclined to use commodity PCs in places where you previously deployed high-end servers with redundant systems, like dual power supplies.

To take advantage of Xen, one of two things has to be present: either the operating system must be aware that it’s running in a virtual environment, or the CPU must include support for virtualization.

  • Paravirtualization requires that the guest operating system be modified to run in a virtual environment. This means older Linux distributions, Microsoft Windows, Solaris, and the various BSD operating systems won’t run paravirtualized. However, paravirtualization requires no specialized hardware and so runs on older processors.

  • Full virtualization requires hardware support for virtualization, something that’s only been available in the most recent AMD and Intel CPU chips. A fully-virtualized environment can effectively run any operating system.

Interestingly, the interface between the operating system and Xen is “virtualized” as well: all connections to the virtualization system are done via a special library called libvirt. If Red Hat wants to replace Xen in the future with another virtualization technology, the only component to change is libvirt. Any software that depends on libvirt should continue to run unchanged.

Xen does place some demands on the system, ranging from almost no overhead for machines running paravirtualization, to about 5 percent of CPU for machines running full virtualization.

Given the novelty of virtualization and its possibilities, the technology comes with something of a learning curve. To help end-users ramp up, Red Hat has established a Web site, http://www.openvirtualization.com, to educate users. The site is chock full of training videos, case studies, and documentation.

Something for the Paranoid

Another new feature of RHEL 5 is a suite of tools to manage Security Enhanced Linux (SELinux). The United States’s National Security Agency (NSA) developed SELinux to strictly limit access to system resources. None, few, or many privileges can be awarded to each application, depending on how SELinux is configured.

While SELinux is highly-secure, many sites have avoided deploying it because configuration is so complex — even a pain. RHEL 5 simplifies the setting of bells and whistles with SETroubleshooter, a graphical program to help resolve configuration problems and inconsistencies. And rather than building security policies from scratch, RHEL 5 includes over 100 security templates for common services, so system administrators should never see a SELinux error unless a threat has been detected.

Figure One shows one pane from RHEL5’s SELinux Management Tool.

FIGURE ONE: Red Hat Enterprise Linux 5 simplifies the deployment and administration of Security Enhanced Linux

The Red Hat Global File System and Other Goodies

The Red Hat Global File System (GFS) is another noteworthy addition to RHEL5. GFS lets many servers share a file system, but it’s far more capable than the Network File System (NFS). GFS allows a cluster of Linux servers to share data in a common pool of storage. Multiple servers can contribute storage to the pool, and system components — a server, network, or storage device — can be made redundant to avoid single points of failure. The file system and individual volumes can be resized with no downtime, and because the pool is shared, software updates and upgrades can be applied in one place and rolled out automatically to all of the member servers.

RHEL5 also includes Directory Server, a package formerly known as Netscape Directory Server. Whether your users log in via password or smart card, Directory Server facilitates single sign-on: sign-on to one machine to securely access all resources across the network.

RHEL5 has a host of other improvements:

  • The ext3 file system has been revised to manage files up to sixteen terabytes. Previously, the maximum was eight terabytes.

  • The 2.6.18 kernel is the basis of RHEL5.

  • RHEL 5 includes Yum, a stellar program for adding, updating or removing software packages.

Next: A Tale of Two Distros

Comments are closed.