Red HatOpen SourceOpen StandardsCooperation and Freedom
Xander D HarknessSenior Enterprise Consultant, Red HatMay 2008
2
Belief
We believe in the community.
We believe in collaboration.
We believe in choice.
We believe interoperability is created by open standards.
Open standards create interoperability everyone can implement. That's the real solution. It doesn't require a deal between two companies.
The interoperability solution has shifted to the intersection of applications, data, and business logic. We're focused on delivering an open source platform that addresses these issues.
3
Open Standards
Apache, BIND, DNS, Eclipse, Fedora, Firefox, Hibernate, JBoss, Kerberos, LDAP, MySQL, Perl, PHP, Python, PostgreSQL, Sendmail, Tomcat.
Mail – RFC 2821 2822
Jabber – RFC 3920 3921
DNS – RFC 1034 1035 2782
NFS – RFC 1094 1813 3530
Kerberos – RFC 1510 4120 4121
MSN?? YahooIM?? Skype??
4
Red Hat Development Model
Collaboration with partners and open source contributors to develop technology
Deliver complete distributions in two stages for two audiences
– First stage● Fedora – the development vehicle● Approximately twice/annum
– Fedora Core 6 latest release● Fast moving, latest technology● Unsupported, ABI/API changes
– Second stage● Red Hat Enterprise Linux● Stable, mature, commercially focused ● Extensively QAed, supported and certified● 7 years of maintenance with ABI guarantee● Major release approximately every 24 months
Life Cycle of Red Hat Enterprise Linux 2.1
General Availability: May 17, 2002Full Support (including hardware updates): May 17, 2002 -- Nov 30, 2004Deployment Support: Dec 1, 2004 -- May 31, 2005Maintenance Support: June 1, 2005 -- May 31, 2009
6
Recent Red Hat Acquisitions
GFS (Global File System)
Single node free, Multi-node closed before Red Hat purchased Sistina
Red Hat re-wrote any licenced or non-free code
Released to the community, including Red Hat's competitors
Red Hat Directory / Certificate Server
Red Hat purchased Netscape Directory Server and Certificate Server
Removed all non-free code (temporary loss off some GUI functions)
Two years of 'discussion' with US authorities prior to release of Certificate Server
libvirt / RT Linux
Libvirt – to prevent lock-in to specific hypervisors
Real Time
● All previous implementations were 'code bombs'● Two years to cut out long code paths
7
Partners
Important for ecosystem Hardware certification
Support without holes!
Cooperation
● Large Government work● Shared Development
Standards
● AMQP● Jabber
8
9
Services
Making work easy(ier) Dedicated Enterprise Engineer
● Statoil● World Governments● Vodafone
Global Support Services
● Helpful people to speak to● Follow the sun● Knowledgebase / Whitepapers
Enterprise Architects
● Review systems designs● Technology Workshops
Global Professional Services
● Instant Access to all parts of Red Hat – Developers, Architects, PM, Geek Vast amounts of experience in many systems and environments
10
Software as a commodity
More for less GFS (Cluster File System)
● Free with Red Hat Enterprise Linux
Virtualisation
Cluster Suite
Global Professional Services
● Instant Access to all parts of Red Hat – Developers, Architects, PM, Geek Vast amounts of experience in many systems and environments
Red Hat Cluster Suite
Low-cost high availability for applications● Create n-node server clusters for desired level of availability
● In the event of a failure, workload is picked-up by other servers in the cluster
Core services for enterprise cluster confi gurations (with v4)● Distributed Lock Manager, Service Manager, I/O Fencing, Heartbeats, GUI
Red Hat Cluster Suite
SAN
Red Hat Global File System (GFS)
Allows a cluster of Linux servers to share data in a common pool of storage
“The main attraction – and, frankly, the original promise – of storage networking is the ability to connect multiple systems to a common pool of storage.” - Illuminata, Sept. 2004
Red Hat GFS
SAN
Making life better for our customers
14
Hardware & Para-Virtualization
Red Hat Enterprise Linux 5 will support a number of hardware and software virtualization scenarios:
● Fully virtualized on Intel VT & AMD SVM (Vanderpool and Pacifica)● Allows guest to be Red Hat Enterprise Linux 2.1, 3, 4 as well as other
Operating Systems ● Support & certification details to be defined
● Para-virtualized Red Hat Enterprise Linux● Red Hat Enterprise Linux 5 ● Red Hat Enterprise Linux 4
● Guest kernel will be shipped with RHEL 4.5● Support for x86, x86_64, UP and SMP at product release
● Support for IA64 as Tech Preview, PPC possibly later depending on upstream development.
● Para-virtualized same-on-same architecture support:● x86_64 on x86_64, i386 PAE on i386 PAE, IA64 on IA64
● Fully-virtualized as supported by hardware.
15
Use Case: Single Instance
Dom0 used as a hardware abstraction layer
Support for new hardware while running workload on an older version of Red Hat Enterprise Linux
Deploying centralized Dom0 managementwhile allowing Dom1 operational freedom
Security isolation
Client and Server usage Models.
User DomainRed Hat Enterprise
Linux
Server Hardware
Red Hat Enterprise Linux 5
Virtualization Hypervisor
Domain 0
ApplicationApplicationManagement
16
Use Case: Multi Instance Virtualization
Red Hat Enterprise Linux 5 allowing a theoretically unlimited number of guest domains.
VT and para-virt support, old RHEL versions, other operating systems TBD
Typical layout for Datacenter Consolidation
Packaging and pricing details TBD
Red Hat Enterprise Linux 5
Virtualization Hypervisor
Red HatEnterprise
Linux 3
Red HatEnterprise
Linux 4
Red HatEnterprise
Linux 5
OtherOperatingSystem
Dom 0
MgmtApp
AppApp
AppApp
AppApp
App
Server Hardware
17
Use Case: Virtualization Platform
An enhanced virtualization environment is provided when multiple instances of Red Hat Enterprise Linux 5 are used:
● Multi Instance Logical Volume Management● Multi Instance Global File System● Multi Instance Application Migration
(with Cluster Suite failover)
Provides a complete virtualization platform
● Server : Storage : Management
● Simplifies deployment & manageability
● Increases flexibility & scalability
● Included as part of the Multi Instance option
● Integrates server & storage virtualization withno special hardware
● Server & storage resources may be shared or independent
Red HatEnterprise
Linux 5
Red HatEnterprise
Linux 5
Red HatEnterprise
Linux 5
Dom 0
MgmtApp
AppApp
AppApp
App
Server Hardware
Multi-instance Logical Volume Manager
Multi-instance Global File System
Multi-instance Application Migration (HA)
Dom 0
Red Hat Enterprise Linux 5
Virtualization Hypervisor
18
Use Case: Virtualization Cluster
“Multi Instance” provides storage sharing & application failover within a single server
Extend these capabilities across multiple servers with:
● Red Hat Enterprise Cluster Suite● Red Hat Global File System
● Ideal for scale-out & blade configurations
Shared Storage
Extend
Security Enhanced Linux (SELinux)
Integrated into standard Red Hat Enterprise Linux versions – full ISV support
Flexible Mandatory Access Control system for Linux
Capabilities analogous to commercial secure operating systems (e.g. Trusted Solaris, Trusted Irix)
Optional targeted policy in core product secures key network-facing services with minimal system impact
Support for strict (government/military application) and custom policies through Red Hat Global Professional Services
Kernel Kernel
Discretionary Access ControlOnce a security exploit gains access to
privileged system components the entiresystem is compromised
Mandatory Access ControlKernel policy defi nes application rights,
fi rewalling applications from compromisingthe entire system
Policy
Enforcement
Red Hat Confidential
MRG RealtimeIllustrating determinism
Red Hat Confidential
Detail zoom-in of RHEL5 vs MRG Realtime
22
Typical sources of non-determinism
Application priorities– One application blocks another
– Or holds a contended resource (lock)
Linux kernel– When the Linux kernel is running, applications block
– The longer the kernel runs, the longer applications block
– Determinism bounded by longest running kernel codepath
High priority app runs
Interrupt
Kernel interrupt handling & scheduler
High priority appresumes
23
How? - Realtime Java (RTSJ)
Versions of Java which are more deterministic – primarily by removing garbage collection unpredictability and inter-JVM communication
MRG Realtime is the only Linux kernel having the prerequisites (ie, Priority Inheritance, preemption)
Working closely w/ IBM– IBM WebSphere Real Time– Realtime spec conformant – 200,000 rt thread capable– Exclusive realtime garbage collector– 1ms max GC pause time– Uses at most 30% cpu in any 10ms window
Deployed by US Navy – DDG Destroyer program
24
Stateless Linux
Initiative to separate the OS & applications from user configuration/data (“state”)
Create a new, simplified management paradigm
A consistent, unified architecture that supports...– OS on the Network
– OS on the local machine
Basic requirements:– OS image is read-only
– Hardware configuration is auto-detected
– Data and settings are stored on network, optionally cached locally
Initial client focus, but also applicable to servers (esp. virtualized)
Initial feature release in Red Hat Enterprise Linux 5– Additional features in Updates
25
Identity Management
Native support for Identity management in conjunction with Red Hat Directory Server and Red Hat Certificate System
Integration of Identity & Certificate Management capabilities with Red Hat Enterprise Linux and community applications
– Clear and secure architecture
– Addition of Enterprise Security Client (smartcard, physical token, support)
– Centralized key management for core desktop applications● system login, web browser, email, SSH
Integration of certificate-based security and Kerberos infrastructure via PKInit
Enables centralized management of users and rights
Enables “Single Sign-On” user experience
Software Management
rhel-4-es-i386
rhn-tools-4-i386
lm-TS1.0-rhel-4-es-i386
lm-TS1.0-rhn-tools-4-i386
LM TS 1.0 Packages
Red Hat
LM
ApplicationServer
CommonWeb
ServerSecurity
Service activation keys
Platform channels
What is Red Hat Network?
A systems management platform designed to provide complete lifecycle management of the operating system and applications.
A single solution for lifecycle management of compute resources
● Installing and provisioning new system
● Updating systems
● Managing confi guration fi les
● Monitoring performance
● Redeploying for a new purpose
Red Hat Network
Red Hat's modular, Web-based Linux management platform● Built for distributed systems
● Integrates with existing platforms
Simple value proposition
● Save time and money – Increase productivity – Enhance security
Modular approach
● Updates – Management – Provisioning – Monitoring
29