Red Hat Enterprise Linux Doubles Down on Security, Infrastructure Management

Security and better management are the key features of the newest version of Red Hat Enterprise Linux, RHEL 7.4, a beta of which was released last week.

Security and compliance are key challenges facing modern organizations, noted Steve Almy, Red Hat’s principal product manager for RHEL. As a result, the new features had been designed to reduce the administrative workloads within companies. In particular, the features are designed to help sysadmins cope with end users who are less security-conscious.

One of the additions is support for Network Bound Disk Encryption, which is tooling designed to reduce the management burden of disk encryption at scale. He explained the rationale behind the move: “If you’re running a data center of 1,000 workloads, with those local disks, we believe there’s a danger that the users won’t encrypt those local disks. With Network Bound Disk Encryption, the administrator can turn on encryption, but they’re decrypted on the local network. But once the disks are removed from that local network, they’re encrypted — it’s a way to fight against disk leakage.

The updated Gnome desktop for RHEL 7.4

This desire to protect end users from themselves can also be seen in the introduction of another new feature, USB Guard. This allows the setting on permission on access to those USB thumb drives so that end users can neither read nor link to insecure devices.

Red Hat has also added some additional compliance features among them, updated audit capabilities to enable administrators to gather more information from critical events and improve the way that it interprets records.

Automation Nation

It’s not just security and compliance that are exercising Red Hat, there’s a growing user demand for more automation. The company bought configuration management company Ansible last year and has begun rolling some Ansible features into RHEL.

“Customers have been asking for Ansible as they’re finding it’s no longer enough to manage a single system. How to manage 1000 and 2000 systems at scale? That’s the question now,” Almy said.

He said that within RHEL 7.4, Red Hat had introduced a set of Ansible roles — those that allow configuration of five sub-systems — kdump (kernel crash dump), email (postfix), selinux, timesync and networking — into the software.

There’s a lot further to go before Ansible is fully integrated into RHEL but “we’re dipping our toe into the water” said Almy. “The aim is to provide a single interface into both RHEL 6 and RHEL 7.

There are some challenges with this integration said Almy, indicating that Ansible is going to be a bigger market of Red Hat’s customers’ armory in the future. “Once they start playing with Ansible, they’ll find out that the great thing is that it can to do everything … and the downside is that it can do everything.”

The company has also introduced other enhancements designed to improve the administrators’ lot. These include changes to RAID Takeover, enabling system administrators to more easily change the RAID configuration. “It would mean that they could make changes on-the-fly,” said Almy, “without having to schedule downtime.” He added that there was also a more modular approach to network management, offering greater flexibility.

There are going to be some other enhancements too. For example, the company is set to include Atomic Base, its cut-down version of its base image, in 7.4.

The new beta release is now in the hands of its users, while Red Hat ensures the stability of the software. “We’re aiming for late summer for general availability,” said Almy. “We won’t release if it’s not secure.”

Red Hat is a sponsor of The New Stack.

Feature image: Talking security at the Red Hat Enterprise Summit.