Introduction
After 6 + months of public beta testing and more than 3 years after its previous major point release, RHEL (Red Hat Enterprise Linux) version 7 is out. The update speaks to Red Hat's interests in outfitting RHEL with many of the latest enterprise and data center features. Here are the some amazing features of newly launched RHEL 7
Features
Red Hat’s latest release of its flagship platform RHEL 7 delivers dramatic improvements in reliability, performance, and scalability. A wealth of new features provides the architect, system administrator, and developer with the resources necessary to innovate and manage more efficiently.
Linux Containers
Linux Containers provide a method of isolating a process and simulating its environment inside a single host. It provides application sandboxing technology to run applications in a secure container environment, isolated from other applications running in the same host operating system environment. Linux Containers are useful when multiple copies of an application or workload need to be run in isolation, but share environments and resources.
Identity Management
Cross-Realm Kerberos Trust
Identity Management in Red Hat Enterprise Linux can now establish cross-realm trust with Microsoft Active Directory. Synchronization between the two identity stores is not needed. This new capability makes it possible for users with Active Directory credentials to access Linux resources without requiring additional identity authentication so that single sign-on functionality exists across Microsoft Windows and Linux domains.
RealmD
RealmD discovers information about the domain or realm automatically and simplifies the configuration needed to join it. RealmD works with Microsoft Active Directory and Red Hat Enterprise Linux identity management.
Performance Management
Performance Co-Pilot
Performance Co-Pilot is a new framework for system-wide performance monitoring, recording, and analysis that provides an API for importing and exporting sampled and traced data. It also includes tools for interrogating, retrieving, and processing the collected data. Performance Co-Pilot can transmit this data across a network and integrate with subsystems such as syslogd, sar/sysstat, and systemd. It provides a common graphical user interface for browsing through all collected data as well as interactive text interfaces.
TUNED AND TUNED Profiles
Tuned is an adaptive system-tuning daemon that tunes system settings dynamically depending on usage. Red Hat Enterprise 7 includes several default tuned profiles, allowing administrators to benefit from better performance and power management for common workloads with very little tweaking. By default, the tuned profile selected is based on the Red Hat Enterprise Linux product variant, though administrators can modify the profile to address intended use cases.
TUNA
Red Hat Enterprise Linux 7 enhances Tuna beyond just the process performance monitoring capabilities found in Red Hat Enterprise Linux 6 with additional support for kernel parameter tuning, along with profile customization and management.
Tuna has a unified, easy-to-use graphical user interface for system performance tuning, monitoring, and tuned profile management. It helps customers get the best performance out of their systems by using proactive load balancing and monitoring to eliminate hot spots, prevent performance problems, and avoid potential service calls.
NUMA Affiniy
With more and more systems, even at the low end, presenting Non-Uniform Memory Access (NUMA) topologies, Red Hat Enterprise Linux 7 addresses the performance irregularities that such systems present. A new, kernel-based NUMA affinity mechanism automates memory optimization. It attempts to match processes that consume significant resources with available memory and CPU resources in order to reduce cross-node traffic. The resulting improved NUMA resource alignment improves performance for applications and virtual machines, especially when running memory-intensive workloads.
Hardware Event Reporting Mechanism (HERM)
Red Hat Enterprise Linux 7 unifies hardware event reporting into a single reporting mechanism. Instead of various tools collecting errors from different sources with different timestamps, a new Hardware Event Reporting Mechanism (HERM) will make it easier to correlate events and get an accurate picture of system behavior. HERM reports events in a single location and in a sequential timeline. HERM uses a new userspace daemon, rasdaemon, to catch and log all RAS events coming from the kernel tracing infrastructure.
Virtualization
Guest Integration with VMWARE
Red Hat Enterprise Linux 7 advances the level of integration between the Red Hat Enterprise Linux guest and VMware vSphere.
Integration now includes:
- Open VM Tools.
- 3D graphics drivers for hardware-accelerated OpenGL and X11 rendering.
- Fast communication mechanisms between VMware ESX and the virtual machine.
Combined, these additions provide a rich, high-performance environment for the Red Hat Enterprise Linux virtual machine running on VMware.
Cryptography Support
KVM-based virtualization capabilities meet new cryptographic security requirements from both US and UK governments by adding the ability for the virtual machine to draw entropy from the host. By default, this information is sourced from the host’s /dev/random file, but hardware random number generators available on hosts can be used as the source as well.
By alleviating entropy starvation in guests, cryptographic applications running on the guest are more effective. This feature is especially important to highly security-conscious customers such as federal governments, online merchants, financial institutions, and defense contractors.
Virtual Function I/O Device Assignment
The Virtual Function I/O (VFIO) userspace driver interface improves PCI device assignment for KVM. VFIO provides kernel-level enforcement of device isolation, improves security of device access, and is compatible with features such as secure boot. For example, Red Hat Enterprise Linux 7 uses the VFIO framework for Graphic Processing Unit (GPU) device assignment. Note that VFIO replaces the KVM device assignment mechanism used in Red Hat Enterprise Linux 6.
Development
OpenJDK
Red Hat Enterprise Linux 7 includes OpenJDK 7 as the default Java development and runtime environment. OpenJDK 7 is the most current stable version of publicly available Java. It provides more stability, better performance, better support for dynamic languages, and quicker startup times.
All Java 7 packages (java-1.7.0-openjdk, java-1.7.0-oracle, java-1.7.0-ibm) in Red Hat Enterprise Linux 7 let you install multiple versions in parallel, similarly to the kernel. Parallel installation makes it simpler to try out multiple versions of the same JDK simultaneously in order to tune performance and debug problems if needed.
Installation and Deployment
IN-PLACE Upgrade
Red Hat Enterprise Linux 7 provides support that simplifies the task of performing in-place upgrades. A pre-upgrade assistant package is provided in the Red Hat Enterprise Linux 6. 5 beta zstream, which reports what can be upgraded in-place and what will have to be done manually. The report describes the issues and links to knowledgebase articles available in the Red Hat Customer Portal.
The report includes information on configuration files that will be modified and identifies existing user-modified configuration files, recommending some to be manually checked. At that point, the administrator can decide if the end result of an in-place upgrade is sufficient for their needs. Upon executing the in-place upgrade, the administrator can then inspect the final results and decide to complete the upgrade.
Partitioning Defaults for Rollback
The ability to revert to a known, good system configuration is crucial in a production environment. Using LVM snapshots with ext4 and XFS (or the integrated LVM snapshotting feature in Btrfs) an administrator can capture the state of a system and preserve it for future use. An example use case would involve an in-place upgrade that does not present a desired outcome and an administrator who wants to restore the original configuration.
ANACONDA KICKSTART for Active Directory Integration
A system administrator can now create kickstart installation files that do not require administrative credentials. The installed system can then join an Active Directory domain with a one-time password. This new feature eliminates the need for writing and maintaining large blocks of interdependent code in two domains.
Creating Installation Media
Red Hat Enterprise Linux 7 introduces Live Media Creator for creating customized installation media from a kickstart file for a range of deployment use cases. Media can be used to deploy standardized images whether on standardized corporate desktops, standardized servers, virtual machines, or hyperscale deployments. Live Media Creator, especially when used with templates, provide a way to control and manage configurations across the enterprise.
Server Profile TEMPLATES
Server Profile TEMPLATES
Red Hat Enterprise Linux 7 features the ability to use installation templates to create servers for common workloads. These templates can simplify and speed creating and deploying Red Hat Enterprise Linux servers, even for those with little or no experience with Linux.
Desktop
Red Hat Enterprise Linux 7 includes three desktops to match different work styles and preferences:
- GNOME 3,
- GNOME Classic, and
- KDE
GNOME 3 provides a focused working environment that encourages productivity. A powerful search feature lets you access all your work from one place. Side-by-side windows make it easy to view several documents at the same time, and you can turn off notifications when you need to concentrate on the task in hand.
GNOME 3 integrates well with online document-storage services, calendars, and contact lists, so all your data can be accessed from the same place.
GNOME Classic combines old and new; it keeps the familiar look and feel of GNOME 2, but adds the powerful new features and 3-D capabilities of GNOME Shell.
In addition to GNOME 3 and GNOME Classic, Red Hat Enterprise Linux 7 offers the version 4 of the KDE desktop, the latest stable version of this popular desktop.
Management
SYSTEM-WIDE Resource Management
Systemd, a system and service manager for Linux, is compatible with SysV and LSB init scripts and can work as a drop-in replacement for sysvinit, as it is backward-compatible with sysvinit scripts. Systemd, now included in Red Hat Enterprise Linux 7 :
- Provides aggressive parallelization capabilities.
- Uses socket and D-Bus activation for starting services.
- Offers on-demand starting of daemons.
- Keeps track of processes using Linux cgroups.
- Supports creating snapshots and restoring system state.
- Maintains mount and automount points.
- Implements fine-grained transactional, dependency-based, service control logic.
OpenLMI
The OpenLMI project provides a common infrastructure for the remote management of Linux systems. Capabilities include configuration, management, and monitoring of hardware, operating systems, and system services. OpenLMI includes a set of services that can be accessed both locally and remotely, multiple language bindings, standard APIs, and standard scripting interfaces. It enables system administrators to manage more systems, automate management operations, and manage both physical and virtual servers. The standardized tool interface shortens the learning curve for new administrators and the standard APIs make it easier to build custom tools.
Storage management capabilities simplify configuring and managing storage, especially on systems with multiple drives. A traditional issue on Linux systems is that volume labels can change when hardware is reconfigured. OpenLMI avoids this problem by allowing you to address volumes by volume label, UUID, or Device ID. The combination of a standardized API and persistent device names makes it easy to keep storage consistent, even when hardware and software change.
OpenLMI enables remote network management by providing a standardized API to query and configure the network hardware. In addition to standard network configuration, it supports configuring network bridging and bonding and provides notification of changes in network configuration.
A system administrator can use the OpenLMI Software Provider to remotely to add or remove services, determine the state of the service (started, running, stopped, failed), enable, start, or restart a service.
File Systems
- Red Hat Enterprise Linux now supports XFS file systems that are up to 500TB in size. The previous support limit was 100TB.
- BTFS (Brtfs) is a relatively young file system especially useful for local, large-scale use cases. BTFS includes basic volume management, snapshot support, and full data and metadata integrity checksumming, and a command-line interface that makes these advanced features easier to use than in other large-scale file systems.
- Ext4 supports a file system that is 50TB in size, up from 16TB.
- The Red Hat Enterprise Linux PNFS client now supports all commercially available server layout types.
- The CIFS networking file system with server message block (SMB) protocol updates will provide better performance, security, and more features than were available with previous protocols.
- GFS2 commands now more accurately deal with RAID stripe alignment and placement of critical elements such as journals and resource groups. This increases the scalability and performance of GFS2 when the file system is being created and when it is used.
Storage
ISCSI and FCOE Targets
Red Hat Enterprise Linux 7 includes a new software implementation of the iSCSI (RFC-3720 mode) and Fibre Channel over Ethernet (FCoE) targets in the kernel, as opposed to the user space, as was the case previously. This new implementation makes it possible to replace expensive shared storage arrays to Linux-based storage appliances built on commodity hardware.
Dynamic LUN Detection
Logical units (LUN) can now be dynamically recognized by the operating system with no manual intervention, resulting in fewer reboots and less downtime.
SNAPPER
Snapper is a new utility that creates, deletes, labels, and organizes snapshots of the Btrfs file system and logical volume manager block device. The additional information and tooling give system administrators more control over their backup environment.
Security
Dynamic FIREWALL
With firewalld, a firewall does not have to be stopped in order to change its rules. This increases the security of the system by eliminating vulnerability and adding the ability to respond to threats by quickly activating new rules. In addition to dynamic configuration capabilities, firewalld supports a powerful rules language that simplifies configuring firewalls.
Structured Logging
Information in log files is now structured, making automated log analysis tools more powerful and effective. The log file structure is not changed, ensuring that your existing tools and processes continue to work without requiring modifications.
Labeled NFS
Labeled NFS allows customers to deploy more secure environments, including secure virtual machine home directories stored on NFS servers. Images in a Red Hat Enterprise Virtualization storage domain can have labels conveniently assigned and issued by the Red Hat Enterprise Virtualization Manager.
Many types of attacks on a system can be prevented by providing fine-grained control of who can access system resources. SELinux protection is now available when using NFS, simplifying the development of secure applications. The Linux kernel has enhanced support for passing SELinux labels between a client and server using NFS.
Networking
NetworkManager Interfaces
NetworkManager has two new user interfaces: a command-line tool (nmcli) and a curses-based, text user interface (TUI). Nmcli is intended for administrators who prefer command-line access for managing network services and is useful for remote network administration and managing headless servers. The TUI replaces system-config-network-tui and simplifies configuring many network settings for those who do not want to edit configuration files directly.
Accurate Time Synchronization
Red Hat Enterprise Linux 7 supports the network time protocol (NTP) implementation Chrony, which provides more accurate clock synchronization than the network time protocol daemon (ntpd).
Benefits of Chrony include:
- Faster synchronization. Chrony usually needs only minutes instead of hours to minimize the time and frequency error, which is useful on desktops or systems not running 24 hours a day.
- A larger range for frequency correction (100000 ppm vs. 500 ppm) is useful for virtual machines that have quickly drifting clocks.
- Better response to rapid changes in the clock frequency, useful for virtual machines that have unstable clocks or for power-saving technologies that don’t keep the clock frequency constant.
- After the initial synchronization, the clock is never stepped, which is useful for applications needing system time to be monotonic.
- Better stability with temporary asymmetric delays, for example when the link is saturated by a large download.
- Periodic polling of servers is not required, so systems with intermittent network connections can still quickly synchronize clocks.
Precision Time Protocol
Red Hat Enterprise Linux 7 supports IEEE 1588 PTPv2 (Precision Time Protocol version 2) in combination with a supported network card. PTP is used to precisely synchronize clocks in an Ethernet network. When used in conjunction with the appropriate hardware, it is capable of achieving clock accuracy in the sub-microsecond range, which is far more accurate than is typically obtainable with the network time protocol (NTP). This feature is particularly important for applications in the financial services and trading-related industries, where application latency is measured in microseconds.
Team Driver Link Aggregation
The Team Driver project is new for Red Hat Enterprise 7 and provides a mechanism to team multiple network devices (ports) into a single logical interface at the data link layer (layer 2). This mechanism is typically used to increase the maximum bandwidth and provide redundancy.
Team Driver identifies only the necessary data fast-path parts in the kernel, and the majority of its logic is implemented as a user space daemon. This approach provides advantages over traditional bonding such as more stability, easier debugging, and simpler extensions while providing equal or better performance.
TCP Enhancements
Various improvements to transmission control protocol (TCP) aim to reduce latency for connection-oriented services such as web servers built on Red Hat Enterprise Linux.
40G Ethernet Link Speed
Red Hat Enterprise Linux 7 supports 40G Ethernet link speeds, which enables faster network communication for systems and applications.
Low-Latency Sockets
Low-latency sockets are a software implementation that reduces networking latency and jitter within the kernel. This implementation makes it easy for applications to poll for new packets directly in the network driver which speeds up packets moving into the network stack. Applications that are sensitive to unpredictable latency benefit from the top-down, busy-wait polling method that replaces interrupts for incoming packets.
Enhanced CLUSTER Resource Manager
Cluster resource management has been enhanced through several additions:
PACEMAKER Policy Engine
The pacemaker remote capabilities now apply to virtual machines within a cluster. Now with Red Hat Enterprise Linux 7, users can run pacemaker from within a virtual machine and to control resources and applications running in other virtual machines in the cluster.
Red Hat Enterprise Linux 7 supports IEEE 1588 PTPv2 (Precision Time Protocol version 2) in combination with a supported network card. PTP is used to precisely synchronize clocks in an Ethernet network. When used in conjunction with the appropriate hardware, it is capable of achieving clock accuracy in the sub-microsecond range, which is far more accurate than is typically obtainable with the network time protocol (NTP). This feature is particularly important for applications in the financial services and trading-related industries, where application latency is measured in microseconds.
Team Driver Link Aggregation
The Team Driver project is new for Red Hat Enterprise 7 and provides a mechanism to team multiple network devices (ports) into a single logical interface at the data link layer (layer 2). This mechanism is typically used to increase the maximum bandwidth and provide redundancy.
Team Driver identifies only the necessary data fast-path parts in the kernel, and the majority of its logic is implemented as a user space daemon. This approach provides advantages over traditional bonding such as more stability, easier debugging, and simpler extensions while providing equal or better performance.
TCP Enhancements
Various improvements to transmission control protocol (TCP) aim to reduce latency for connection-oriented services such as web servers built on Red Hat Enterprise Linux.
- Fast Open is an experimental TCP extension (not yet approved by the Internet Assigned Numbers Authority (IANA)) designed to reduce the overhead when establishing a TCP connection by eliminating one round time trip (RTT) from certain kinds of TCP conversations. Fast Open could result in speed increases of between 4% and 41% in page-load times.
- Tail loss probe (TLP), an experimental algorithm, improves the efficiency of how the TCP networking stack deals with lost packets at the end of a TCP transaction. TLP could reduce re-transmission timeouts by 15% and shorten HTTP response times by an average of 6%.
- Early Retransmit (RFC 5827) allows the transport to use fast retransmits to recover segment losses that would otherwise require a lengthy timeout. Connections can recover from lost packets faster, which decreases overall latency.
- Proportional Rate Reduction (PRP) is an experimental algorithm designed to return to the maximum transfer rate quickly. It can potentially reduce HTTP response times by 3-10%.
40G Ethernet Link Speed
Red Hat Enterprise Linux 7 supports 40G Ethernet link speeds, which enables faster network communication for systems and applications.
Low-Latency Sockets
Low-latency sockets are a software implementation that reduces networking latency and jitter within the kernel. This implementation makes it easy for applications to poll for new packets directly in the network driver which speeds up packets moving into the network stack. Applications that are sensitive to unpredictable latency benefit from the top-down, busy-wait polling method that replaces interrupts for incoming packets.
High Availability
Enhanced CLUSTER Resource Manager
Cluster resource management has been enhanced through several additions:
- Simplified administrative procedures reduce the amount of effort it takes to monitor and manage a cluster.
- Finer-grained monitoring of every component in the cluster stack provides more awareness and control over applications running in high-availability environments. Resources can have multiple states associated with them and can be managed on a schedule basis or manually. An important new feature is the ability to create user-defined actions.
- Resource cloning allows a single command to be replicated across multiple nodes in the cluster. For example, by using cloned resources, issuing a single command can cause a GFS2 filesystem to be mounted on all nodes within the cluster.
- The new cluster resource manager has both a graphical and a command-line interface. The new resource manager provides a single environment for managing clusters running Red Hat Enterprise Linux 6 and 7.
PACEMAKER Policy Engine
The pacemaker remote capabilities now apply to virtual machines within a cluster. Now with Red Hat Enterprise Linux 7, users can run pacemaker from within a virtual machine and to control resources and applications running in other virtual machines in the cluster.
