Red Hat is heading for a hybrid cloud with Enterprise Linux 7.5: what does it mean

    Red Hat announces Enterprise Linux 7.5, a potential hybrid cloud base. The system received several updates: security improvements, new functionality of the administration console and solutions for working with containers.

    We will tell you more about innovations under the cut. / Flickr / Challiyil / CC Red Hat notes that the update will reduce corporate IT maintenance costs and provide new opportunities for managing hybrid cloud environments (including in the Azure cloud). For this, the following innovations were made.

    Implemented integration with OpenSCAP

    Red Hat believes that using a hybrid cloud provides new opportunities for corporations. For example, it helps accelerate the launch of products on the market. This is due to the ability to scale and test applications, as well as to increase data security. If the company's physical servers fail, the data will be stored in the cloud of the data center. However, the transition to a hybrid infrastructure will require additional efforts from the IT department - IB incidents will need to be resolved in different computing environments. To solve this problem, Enterprise Linux 7.5 added features to track software security.

    One of them is the integration of the Red Hat Ansible Automation application configuration management system and the OpenSCAP framework. The latter implements security settings checklists and uses the CPE, CCE, and OVAL rules to create checks. This makes it possible to create Ansible playbooks directly from OpenSCAP scans. As a result, the time spent on fixing vulnerabilities is reduced.

    Another tool is the Network-Bound Disk Encryption (NBDE) feature. It encrypts the root volumes of hard disks of virtual or physical machines and does not require re-entering the password after rebooting the system. For encryption and decryption, the Tang server and the Clevis framework are used, as well as the LUKS specification.

    Added Virtual Data Optimizer module

    The updated version supports Virtual Data Optimizer (VDO). VDO is a kernel module that saves disk space and reduces network load during replication. According to Red Hat research , VDO reduces the cost of storing data in the cloud or on-premise by 83% by reducing the amount of redundant data.

    First, he determines all the “zero” blocks and “weeds out” them. He then looks for redundant data. Data redundancy is checked against metadata using the UDS (Universal Deduplication Service) kernel module, which is supplied as part of VDO. Further, the LZ4 compression algorithm is applied to the individual data blocks. All compressed blocks are "packed" into physical blocks and stored on media. A guide to creating a VDO volume can be found here .

    New management console features

    The cockpit web console has been improved. It has simplified the management of hybrid cloud environments, networks, and storage. To do this, we added the boom command line utility and API for managing the bootloader entries of LVM snapshots and images. There is also support for loading SSH keys from arbitrary directories. You can read about other features and improvements here .

    In addition, Red Hat Enterprise Linux 7.5 introduced new functionality for working with Windows-based infrastructures: improved management of Windows Server, improved data transfer security in Microsoft Azure and the performance of Microsoft Active Directory.

    / Flickr / rodger evans / cc

    Added container support

    Developers also made changes to working with containers - added support for Buildah. Buildah is a command-line tool that helps you create OCI-compatible Linux container images. At the same time, you can modify images without starting the container environment and without the daemon working in the background.

    Buildah allows you to :

    • create a container from scratch or from an image;
    • create an image from the container or using the Dockerfile;
    • Create Docker and OCI images
    • mount / unmount the root file system of the container;
    • use the updated contents of the container root file system as a file system layer to transfer data to a new image;
    • remove the container or image.

    All this helps to save system resources and deploy container applications faster. Linux host security is ensured by the Linux Atomic Host, which reduces the attack surface (including by isolating kernel resources). An example of setting up and using Buildah can be found at this link.

    Enterprise Linux 7.5 can be downloaded now. There are versions for architectures x86, IBM Power, IBM System-Z.

    A few posts from our corporate blog:

    Also popular now: