rhel4 technical overvie · robust mail, calendaring, and contact management client supports imap,...
TRANSCRIPT
Red Hat Enterprise Linux v.4
Technical Overview
HP User Society / DECUS17. Mai 2006
Joachim SchröderRed Hat GmbH
Product Development Overview Fedora is a fundamental part of the
development of Red Hat Enterprise Linux
The whole is greater than the sum of the parts due to a fully integrated testing processes
Close participation in upstream development minimizes patch differences & leverages upstream testing
Fedora & RHEL packages are 'owned' by the same engineer
Red Hat is able to influence high-end feature adoption by community
RHEL package sets tailored to market (AS, ES, WS...)
Integration
InstallerKitting
DocumentationPackaging C
Core packagesUser
contributedpackages
Project Management (community coordination, delivery)
Testing (limited internal, huge external)
Infinite universe ofopen source packages....
UpstreamLinux 2.6.x, Apache, etc.
Fedora
Extended documentationFull architecture range
Layered product integration
Project Management (scheduling, services, partner relationships)
Testing (extensive, rigorous, with customers & OEM/ISV partners)
Fixes/enhancements
Red Hat Enterprise Linux
Enterprise/commercial packagesConservative selection
Enterprise Linux Overview Complete family of Client & Server products – from Laptop to Mainframe
● Comprehensive architecture support● Shared base technology, all open source, matured by Fedora Project
Red Hat Enterprise LinuxClientsServers
Red HatEnterprise Linux AS
Red HatEnterprise Linux ES
Red HatEnterprise Linux WS
Red HatDesktop
Large servers; databases;corporate
applications
Entry/midservers;
email, web,file/print....
Technicalworkstation; poweruser; Engineering
apps; HPC
Standard corporateproductivity desktop;volume deployments
Intel® x86, Itanium®2,EM64T; AMD64;
IBM POWER,zSeries, S/390
Intel® x86, Itanium®2,EM64T; AMD64
Intel® x86, Itanium®2,EM64T; AMD64
Intel® x86, EM64T;AMD64
Open Source Projects
Fedora
Enterprise Linux Product Segmentation Product segmentation is based on system size and support options
● Consistent with Red Hat Enterprise Linux 3● Increased memory limit for Red Hat Enterprise Linux ES● Single SKU for each product now covers all architectures (per support
subscription level)● Except AS, which has a separate SKU for mainframe systems
Max CPUs Max mem
Ser
vers - -
2 16GB
Clie
nts 2 -
Red Hat Desktop 1 4GB
Red Hat Enterprise Linux AS“ Advanced Server”
Red Hat Enterprise Linux ES“ Entry/Mid Server”
Red Hat Enterprise Linux WS“ Workstation”
Hyperthreaded & multi-cored processor chips are counted as a single CPU
Enterprise Linux Subscriptions Red Hat Enterprise Linux is offered on an annual subscription basis
● Subscriptions designed for flexibility and ease-of-choice● Multi-year subscriptions available
(1) Red Hat Desktop includes Red Hat Network Proxy/Satellite Server withRed Hat Enterprise Linux AS Premium subscription and 24x7 Help Desk Escalation Support
Subscription Level: Basic Standard Premium
Red Hat Enterprise Linux AS N/A Yes Yes
Red Hat Enterprise Linux ES Yes Yes N/A
Red Hat Enterprise Linux WS Yes Yes N/A
Red Hat Desktop See note 1
Red Hat Network Update 1 year 1 year 1 year
Upgrades Included Included Included
ISV & OEM Certifications Yes Yes Yes
Unlimited Incident Support No 24x7
Response Guarantee N/A 4 hours 1 hour
Su
bs
cri
pti
on
fea
ture
s
M-F 9-9 (N/A)M-F 9-5 (RoW)
New Subscription Features Red Hat's support lifetime is now 7 years
instead of 5 years
– the longest in the industry
The ability to change chip architectures is included in a Red Hat subscription
– new for Red Hat Enterprise Linux 4
A Red Hat subscription gives you access to any release (v2.1, v.3, v.4, ...)
– upgrade anytime with no additional fee
Enterprise Linux v.4 will be supported from 2005 until 2012
Changing a 32 bit system to 64 bit is just one click
in Red Hat Network ... there are no extra charges
Enterprise Linux Timeline Red Hat Enterprise Linux v.4 is the latest generation of the family
● Delivered in February 2005 Delivers the world's leading open source enterprise-strength solution with
increased performance, scalability, availability and security● Continued focus on the commercial client and server market
Red Hat EnterpriseLinux 3 Red Hat Enterprise
Linux 4 Red Hat EnterpriseLinux 5 Red Hat Enterprise
Linux 6
2004 2005 2006 2007 2008
Support Lifetime
- Intel x86 64-bit - EM64T- Red Hat Application Server- Red Hat Desktop- Red Hat Global File System
- 2.6 Kernel base- SELinux integration- Enhanced desktop- Enhanced scalability/performance- Logical Volume Management 2- RHN Monitoring- ....
Updates:- Auditing- Application profiling/debug tools- Mirroring & Multipathing- Netscape-based technologies- ....
Strategic alignment with hardware vendors Red Hat has the strongest partnerships
among all operating system vendors● Servers, workstations, desktops, laptops,
peripherals Enterprise Linux 4 is supported on the latest
hardware● A broad range of 64 bit systems● Blade configurations for horizontally
scaled clusters● Larger vertically scaled systems with up
to 64 CPUs
Over 750 certified systems
Enterprise Linux Server Solutions
Web Mail File Print Web proxy cache Authentication DNS DHCP Secure remote access Firewall Spam filter
Over 1000 certified applications
C/C++ Java
Certified 3rd party ISV applicationsHighly functional server environment
Custom applications in: Fortran ....
Kernel Red Hat Enterprise Linux v.4 is built on a Linux 2.6.9 kernel
● Red Hat Enterprise Linux v.3 used a Linux 2.4 kernel with numerous Linux 2.6 features incorporated
● Moving to a full Linux 2.6 core provides features that have matured during 2004, for example:
● New block I/O system increases storage scalability (e.g. 16TB on x86)
● Many 2.6 kernel algorithms provide higher performance than 2.4
● Fedora has provided extensive testing of new capabilities● All architectures built from a common source RPM (as with
RHEL3)● Uniform feature set and maintenance/support
I/O Elevators – CFQ Scheduler The Linux 2.6 kernel provides additional performance through improved I/O
initiation algorithms Kernel command line option can be used to select the scheduler for a system
● Provided schedulers:● CFQ; Deadline; Noop; AS
Completely Fair Queueing (CFQ) is the default RHEL 4 I/O scheduler● Implements one I/O queue per process● The I/O scheduler initiates one I/O per queue on a round-robin basis● Ensures complete fairness at a process level
Deadline scheduler provides a per I/O request deadline to eliminate process I/O starvation● Eliminates excessive I/O latency● Suitable for database applications
Noop scheduler provides no reordering● Typically used by virtual systems
I/O Elevators – Anticipatory Scheduler Anticipatory scheduler (AS) modifies read/write order balance:
● Average disk seek+transfer takes, say, 5-8mS● Reads tend to be synchronous – so are issued at a slow rate● Writes tend to be asynchronous – so are issued at a fast rate● Writes can overwhelm reads, dragging disk heads off-cylinder in the middle
of (common) physically sequential read operations● Off-cylinder operations cost the read thread ~10-16mS
● AS scheduler delays issuing queued writes after a read completes by ~1mS to see if another read is issued
● Optimizes the most common read semantics● Costs 1mS of write for a potential 10-16mS read gain
● Improves disk throughput, for slight increase in write latency● Suitable for interactive environments
Serviceability Kernel Crash Dump analysis
● Netdump – carried forward from Red Hat Enterprise Linux v.3● X86 only today
● EM64T/AMD64, Itanium 2 & IBM POWER planned for updates ● Diskdump
● X86 and Itanium 2 only today● Other architectures in planning for updates
● e.g. AMD64/EM64T in Red Hat Enterprise Linux v.3 Update 4● Creates dumpfile that is 100% compatible with Netdump
● Can use common debug tools/utilities● Allows a crash dump to be taken on a local disk
● AIC7xxx, AIC79xx, MPT Fusion (generic IDE under development)● Kexec dump technology under investigation/development
14Red Hat Confidential NDA Required
Product features subject to change prior to availability
Developer Tools: Frysk Execution Analysis Tool – “ always
on” debugging New beginning – leap-frog 20 year
old technology Red Hat initiative – will be delivered
initially through Fedora – Fall 2005 C++ debugging improvements Modular architecture Graphical Interface Event Driven http://sources.redhat.com/frysk
OProfile SystemTap
Statisticalsampling
Frysk
Full modelingTracing andProfiling
Security New to Red Hat Enterprise Linux v.4
● Security Enhanced Linux (SELinux)● Improved auditing● Common Criteria/EAL4+ certification
Enhancements carried forward from Red Hat Enterprise Linux v.3, Update 3● Position Independent Executables (PIE)● Exec Shield● NX/XD
Security: Exec Shield Two Exec Shield capabilities:
● Segmentation support● No eXecute (NX; AMD) / eXecute Disable (XD; Intel) support
● Memory management enhancements that improve security by ensuring that stack/heap/buffer areas are set non-executable
● NX/XD use a new CPU memory management hardware feature● For Itanium® 2 and new 32-bit & 64-bit x86 Intel/AMD
processors● Supported in PAE-enabled (smp & hugemem) kernels
executable | non-executable
Code Rvar1var2var3var3
return address
Rinjected code Stack
Security: PIE, gcc/glibc Position Independent Executables (PIE) support
● Application section load addresses are randomly assigned every time an application is started, making address-based exploits much harder
● Requires application to be built with PIE enabled● All RHEL4 servers/daemons/etc are built with PIE enabled
● Appropriate for all architectures GCC and GLIBC security enhancements
● Glibc memory allocator functions now perform sanity checks to detect double freeing of memory and heap buffer overflows. Double free exploits are now impossible
● printf format string exploitation prevention performs security checks for specialized parameters
● gcc buffer bound checking incorporates buffer checking functions when buffer size is known at compile time. Prevents buffer exploits
● These features are currently unique to Red Hat Enterprise Linux v.4
Security Enhanced Linux (SELinux) Leverages 10 years of OS research by the NSA “ Policies” ensure applications have only the minimum access needed Transparent to applications and users – no added administration Role-based access controls (RBAC) available to enhance security A successful attack can only use the rights of the compromised application
Kernel Kernel
Classical UID based Access ControlOnce a security exploit gains access to
privileged system components the entiresystem is compromised
Domain-Type based Access ControlKernel policy defines application rights,
firewalling applications from compromisingthe entire system
Policy
Enforcement
Storage The Linux 2.6 kernel offers greatly increased storage subsystem scalability
● Supports over 4,000 SCSI devices/paths (vs. 256 with Linux 2.4) Ext3 enhancements
● Online file system growth improves availability● High value feature for LVM environments
● Block reservations greatly improve read/write performance● Maximum supported filesystem size increased to 8TB● Maximum filesize increased to 8TB (x86/AMD64/EM64T) & 16TB
(Itanium2/POWER)● Using sparse file support
Logical Volume Manager 2 (LVM2)● Significantly increased functionality over RHEL3+LVM1
● Mirroring, Multipathing, R/W snapshots● Improved robustness, availability, performance; easier to configure/manage
RAID s/w provides support for RAID 6 and improved support for RAID 0+1
Storage: Logical Volume Management (LVM2) LVM2 provides significantly improved GUI-based storage management
capabilities● Goal to provide consistent, easy to understand, administrator interface
Storage: iSCSI iSCSI provides low-cost connectivity to
Enterprise SAN infrastructures● Direct access to corporate data● TCP/IP based
iSCSI support planned for RHEL4 & RHEL3● Open source Cisco implementation (Initiator
only)● RHEL4 dependent on upstream acceptance
of iSCSI initiator driver● Planned for delivery in a RHEL4 update● Linux 2.6 driver currently undergoing
rapid change and development● RHEL3 via update 4
● Not upstream dependent● Boot support planned for a later update
Qlogic/Adaptec iSCSI adapter support available
Red Hat Enterprise Linux Host
ISCSI bridge
Switch
FChost
ISCSIstorage controller
(e.g. NetApp)
TCP/IP
Fibre Channel
Cisco iSCSI initiator
NIC
Qlogic/Adaptec driver
iSCSI adapter
SAN
Desktop: Core Applications Firefox & Mozilla Web Browsers
● Choice of integrated Firefox browser (default) or classic Mozilla suite● Single Sign-On support for NTLM and Kerberos over HTTP using GSSAPI● Improved standards compliance, platform integration, and i18n support
Evolution 2.0 Groupware Client● Robust mail, calendaring, and contact management client● Supports IMAP, POP, SMTP, LDAP, and iCalendar standards● Integrated Microsoft Exchange 2000/2003 interoperability● Integrated certificate management● Improved platform integration, handheld support, and offline IMAP support● 100% open source component of the GNOME desktop system
Updated OpenOffice.org Office Suite● Including robust word processor, spreadsheet, presentation applications● Supports document exchange with Microsoft Office file formats
Desktop: Technology Improved Multimedia Capabilities
● Integrated open source Helix Player supports Ogg Vorbis, Theora
● Bundled RealPlayer 10 adds SMIL, MP3, Flash, RealAudio/RealVideo
● Integrated Rhythmbox Music Management Application
Updated Desktop Applications● Gaim, the multi-protocol instant messenger
client● Planner, the graphical project management
tool● GIMP 2.0, the powerful image composition and
editing environment● Rdesktop, RDP terminal services client
Desktop: Technology Cross-platform Interoperability
● Use MS Active Directory for user login authentication
● Authenticate to web-based applications with NTLM
● Interoperate with MS Exchange for mail and shared calendaring
● Browse Windows SMB file and print shares from default desktop
Vino – Desktop session sharing via VNC (for helpdesk, collaboration uses)
Red Hat Cluster Suite v.4 Core clustering functionality for both Red Hat
Cluster Suite and Red Hat Global File System is delivered in Red Hat Cluster Suite● Membership management; I/O fencing;
Lock manager; Heartbeats; Service/resource manager; Management GUI
Support for up to 300 nodes Multiple lock management models
● Client-server with SLM/RLM (single/redundant lock manager)
● Distributed Lock Manager● New with Red Hat Cluster Suite v.4● Open, stable API – consistent with
VMS DLM
Red Hat Enterprise Linux
Single node LVM2
Red Hat Cluster Suite
HA Services(Failover)
Core services:DLM – Connection Manager – Service ManagerI/O Fencing – Heartbeats – Management GUI
IP LoadBalancing
Cluster LogicalVolume Manager
Cluster FileSystem
Red Hat Global File System
Red Hat Cluster Suite v.4 New version for Red Hat Enterprise Linux v.4
● Existing subscriptions can upgrade at no charge Provides two technologies
● High Availability failover – suitable for unmodified applications● IP Load Balancing – enables network server farms to load share IP load
New features include:● Elimination of requirement for shared storage
● Significantly reduces the cost of high availability clustering● Shared Quorum partition is no longer required
● Service state, previously stored in Quorum partition, is now distributed across cluster
● Online resource management modification● Allows services to be updated without shutting down (where possible)
Also provides core technologies used by Red Hat Global File System● Included as part of Red Hat Global File System
Distributed Lock Manager Red Hat Cluster Suite v.4 includes a Distributed Lock Manager (DLM)
● Primarily used by Red Hat Global File System, but available for general purpose use by any application
● Closely mirrors the original Digital VMS DLM A DLM is a highly functional, distributed (cluster-wide), application
synchronization subsystem● Processes use the DLM to synchronize access to a shared resource (e.g. a
file, program, or device) by establishing locks on named resources● Permits the creation of distributed applications
● e.g Oracle RAC (which uses a private DLM)● Provides a collection of services
● Multiple lock spaces and concurrency (lock) modes● Lock hierarchies/domains (resources & subresources)● Range locking● Lock conversions & value blocks● Blocking & Asynchronous completions
Red Hat Global File System v.6.1 New version for Red Hat Enterprise Linux v.4
● Existing subscriptions can upgrade at no charge Provides two major technologies
● GFS cluster file system – concurrent file system access for database, web serving, NFS file serving, HPC, etc. environments
● CLVM cluster logical volume manager1
Fully POSIX compliant Data and meta-data journaling (per-node journals, clusterwide recovery) Maximum filesize & file system size: 16TB with 32-bit systems, 8EB with 64-bit
systems Supports file system expansion Requires shared storage
● Supports several topologies: SCSI, SAN, iSCSI, gnbd Rapidly growing development community since being open sourced in Q2/04
● Builds for other distributions becoming available (e.g. Debian)
(1) Cluster mirroring and cluster snapshots provided in GFS 6.1 update
Red Hat Application Server Red Hat Application Server v.1 was announced in August 2004
● Combination of open source technologies from:● Apache (Tomcat Servlet/JSP container)● ObjectWeb (JOnAS application server)● Eclipse (IDE + J2EE plugin)
Red Hat Application Server v.2 is due for deliveryin H1 2005● Will provide numerous new features, including
● Updated packages (e.g. JOnAS 4.x)● Simplified configuration via profile
management & server templates● PostgreSQL 8 support with seamless JOnAS
integration● Enhanced administration and development tools● Feature enhancements in collaboration with ObjectWeb & Apache, e.g.:
● Enhanced persistence – JAX-R
Dat
abas
e
Red HatApplication Server
Web
Bro
wse
rA
pplic
atio
n
Web Container
Tomcat
Servlets JSPs
EnterpriseJava Beans
EJB Container
JOnAS
Red Hat Solution Summary
Red Hat Global File SystemRed Hat Cluster Suite
Red Hat Application ServerEJB container Web container
Red Hat Enterprise Linux AS/ES
Red Hat Enterprise Linux AS/ES
Red Hat Developer Suite
Red Hat Enterprise Linux WSRed Hat Desktop
EIS Tier
Middle Tier
Client Tier
Development & DeploymentInfrastructure
Applications – Browsers
Servers – Web – J2EE
Database – SAN
Red Hat NetworkServerModules
Red Hat GlobalSupport Services
Red Hat GlobalProfessional Services
Red Hat GlobalLearning Services
Management & SupportInfrastructure
http://rhn.redhat.com
Note: This is a snapshot of development status. Some features may not mature sufficiently for inclusion in GA Release.
Security Agility Reduced CostSecurity Agility Reduced Cost
Full-Virtualization – FV (Transparent Virtualization) ● Creates Entire Virtual Machine; Complete System Emulation.● Virtual Machine appears to be generic system to the Operating System.● No Modifications to the Operating System are required.● Significant performance impact without Hardware-enabled Virtualization● Examples: VMware & Xen w/Hardware Support
Single Kernel Image (SKI)● Light weight virtualization where the host OS Spawns different copies of
itself. Adding limitation and restriction on running same version of OS, and same patch level on all version of the virtualized guests.
● Examples: Solaris Zones, Swoft Virtuozzo Para-Virtualization – PV (Low-Overhead-FV)
● Founded by XenSource; attempts to reconcile the two approaches.● Requires minor changes to the Guest Operating System● Resolves the performance impact of FV by allowing direct access to the
hardware resources as managed by the Hypervisor
Virtualization Models
Xen Use Case 1 Fat Dom0
RHEL
Hardware
Xen HypervisorControl
FrontendDrivers
DomUDom0
Back
end
Driv
ers
Devi
ceDr
iver
s
Unprivileged Domain: The Guestor the Virtual Machine. Each VMis instantiated in Dom0 once itsparameters are set: CPU, Memory, Storage
Domain 0 – Privileged Domain,the host. Provides hardware support (backend drivers) interfaces for guests control and management toolsFully loaded RHEL
Xen Hypervisor provides IRQ routing, Scheduling , and interdomains communications. The Hypervisor with the Dom0 Device Drivers provide transparent sharing of resources. It also enforces strict resource limitations (example: RAM).
Xen Use Case 2: Thin Dom0
RHEL
Hardware
Xen HypervisorControl
FrontendDrivers
DomUDom0
Unprivileged Domain: The Guestor the Virtual Machine. Each VMis instantiated in Dom0 once itsparameters are set: CPU, Memory, Storage
Domain 0 – Privileged Domain,the host. Provides hardware support (backend drivers) interfaces for guests control and management toolsMinimal RHEL with LibVirt
Xen Hypervisor provides IRQ routing, Scheduling , and interdomains communications. The Hypervisor with the Dom0 Device Drivers provide transparent sharing of resources. It also enforces strict resource limitations (example: RAM).
Installation tools:● Anaconda “ Red Hat Installer” is Virtualization-aware ; ease
Vitualization setup and
installation Management Tools:
● Red Hat Network ISV and IHV Certification Storage:
● Global File System (GFS)
integration
Red Hat Added Value
Xen HypervisorXen Hypervisor
Red Hat Enterprise LinuxRed Hat Enterprise Linux
HardwareHardware
Others
App X
DomDomnn
RHEL 4
App2
DomDom22
RHEL 3
App1
RHEL 3
DomDom11RH ClusterRH ClusterSuiteSuite
GFSGFS
Red
Hat N
etw
ork
Red
Hat N
etw
ork
Red Hat Delivers Useful, Reliable, and Tested SolutionsRed Hat Delivers Useful, Reliable, and Tested Solutions
Alpha - Technology Preview● Available now in Fedora Core 5
Beta:
GA : RHEL 5 GA – End of Year Fully Virtualizated on Virtualization-Enabled processor
● Allows RHEL 2.1, 3, 4 guests as well as others OS Para-Virtualization: RHEL 5 at GA, RHEL 4 sooner after GA
Beta 1 in RHEL 5 – Around SummerBeta 2 in RHEL 5 – Around Fall
Red Hat Virtualization: Roadmap
Development and QA environments ● Secure and compartmentalized instances;● think “ chroot” jail.● Simplify test scripting and execution for ● qualifications ● Simplify test simulation Advantages● Rapid Deployment and Adoption● Shorten Certification Process
Solving Real Business Problems
Xen HypervisorRed Hat Enterprise Linux
HardwareCPU(s) IO Memory
RRHHEE
Appl
icat
ion
RRHHEE
Dev
Env
RRHHEE
Dev
Env
com
part
men
taliz
ed
General API for virtual machines Currently focused on Xen, but not exclusive Main tasks:● The API should allow to do efficiently and cleanly all the
operations needed to manage domains on a node● The API will not try to provide high level multi-nodes management
features like load balancing● Deliver a stable fundament for
management tools● Work on a single node only, except
live migration – considered basic function
Libvirt
Libvirt Usage example in Python
import libvirt import sys
conn = libvirt.openReadOnly(None) if conn == None: print 'Failed to open connection to the hypervisor' sys.exit(1)
try: dom0 = conn.lookupByName("Domain-0") except: print 'Failed to find the main domain' sys.exit(1)
print "Domain 0: id %d running %s" \ % (dom0.ID(), dom0.OSType()) print dom0.info()
Questions?
Vielen Dank!
Joachim Schröder, Solution [email protected]