Red HatOpen SourceOpen StandardsCooperation and Freedom

Xander D HarknessSenior Enterprise Consultant, Red HatMay 2008

2

Belief

We believe in the community.

We believe in collaboration.

We believe in choice.

We believe interoperability is created by open standards.

Open standards create interoperability everyone can implement. That's the real solution. It doesn't require a deal between two companies.

The interoperability solution has shifted to the intersection of applications, data, and business logic. We're focused on delivering an open source platform that addresses these issues.

3

Open Standards

Apache, BIND, DNS, Eclipse, Fedora, Firefox, Hibernate, JBoss, Kerberos, LDAP, MySQL, Perl, PHP, Python, PostgreSQL, Sendmail, Tomcat.

Mail – RFC 2821 2822

Jabber – RFC 3920 3921

DNS – RFC 1034 1035 2782

NFS – RFC 1094 1813 3530

Kerberos – RFC 1510 4120 4121

MSN?? YahooIM?? Skype??

4

Red Hat Development Model

Collaboration with partners and open source contributors to develop technology

Deliver complete distributions in two stages for two audiences

– First stage● Fedora – the development vehicle● Approximately twice/annum

– Fedora Core 6 latest release● Fast moving, latest technology● Unsupported, ABI/API changes

– Second stage● Red Hat Enterprise Linux● Stable, mature, commercially focused ● Extensively QAed, supported and certified● 7 years of maintenance with ABI guarantee● Major release approximately every 24 months

Life Cycle of Red Hat Enterprise Linux 2.1

General Availability: May 17, 2002Full Support (including hardware updates): May 17, 2002 -- Nov 30, 2004Deployment Support: Dec 1, 2004 -- May 31, 2005Maintenance Support: June 1, 2005 -- May 31, 2009

6

Recent Red Hat Acquisitions

GFS (Global File System)

Single node free, Multi-node closed before Red Hat purchased Sistina

Red Hat re-wrote any licenced or non-free code

Released to the community, including Red Hat's competitors

Red Hat Directory / Certificate Server

Red Hat purchased Netscape Directory Server and Certificate Server

Removed all non-free code (temporary loss off some GUI functions)

Two years of 'discussion' with US authorities prior to release of Certificate Server

libvirt / RT Linux

Libvirt – to prevent lock-in to specific hypervisors

Real Time

● All previous implementations were 'code bombs'● Two years to cut out long code paths

7

Partners

Important for ecosystem Hardware certification

Support without holes!

Cooperation

● Large Government work● Shared Development

Standards

● AMQP● Jabber

8

9

Services

Making work easy(ier) Dedicated Enterprise Engineer

● Statoil● World Governments● Vodafone

Global Support Services

● Helpful people to speak to● Follow the sun● Knowledgebase / Whitepapers

Enterprise Architects

● Review systems designs● Technology Workshops

Global Professional Services

● Instant Access to all parts of Red Hat – Developers, Architects, PM, Geek Vast amounts of experience in many systems and environments

10

Software as a commodity

More for less GFS (Cluster File System)

● Free with Red Hat Enterprise Linux

Virtualisation

Cluster Suite

Global Professional Services

● Instant Access to all parts of Red Hat – Developers, Architects, PM, Geek Vast amounts of experience in many systems and environments

Red Hat Cluster Suite

Low-cost high availability for applications● Create n-node server clusters for desired level of availability

● In the event of a failure, workload is picked-up by other servers in the cluster

Core services for enterprise cluster confi gurations (with v4)● Distributed Lock Manager, Service Manager, I/O Fencing, Heartbeats, GUI

Red Hat Cluster Suite

SAN

Red Hat Global File System (GFS)

Allows a cluster of Linux servers to share data in a common pool of storage

“The main attraction – and, frankly, the original promise – of storage networking is the ability to connect multiple systems to a common pool of storage.” - Illuminata, Sept. 2004

Red Hat GFS

SAN

Making life better for our customers

14

Hardware & Para-Virtualization

Red Hat Enterprise Linux 5 will support a number of hardware and software virtualization scenarios:

● Fully virtualized on Intel VT & AMD SVM (Vanderpool and Pacifica)● Allows guest to be Red Hat Enterprise Linux 2.1, 3, 4 as well as other

Operating Systems ● Support & certification details to be defined

● Para-virtualized Red Hat Enterprise Linux● Red Hat Enterprise Linux 5 ● Red Hat Enterprise Linux 4

● Guest kernel will be shipped with RHEL 4.5● Support for x86, x86_64, UP and SMP at product release

● Support for IA64 as Tech Preview, PPC possibly later depending on upstream development.

● Para-virtualized same-on-same architecture support:● x86_64 on x86_64, i386 PAE on i386 PAE, IA64 on IA64

● Fully-virtualized as supported by hardware.

15

Use Case: Single Instance

Dom0 used as a hardware abstraction layer

Support for new hardware while running workload on an older version of Red Hat Enterprise Linux

Deploying centralized Dom0 managementwhile allowing Dom1 operational freedom

Security isolation

Client and Server usage Models.

User DomainRed Hat Enterprise

Linux

Server Hardware

Red Hat Enterprise Linux 5

Virtualization Hypervisor

Domain 0

ApplicationApplicationManagement

16

Use Case: Multi Instance Virtualization

Red Hat Enterprise Linux 5 allowing a theoretically unlimited number of guest domains.

VT and para-virt support, old RHEL versions, other operating systems TBD

Typical layout for Datacenter Consolidation

Packaging and pricing details TBD

Red Hat Enterprise Linux 5

Virtualization Hypervisor

Red HatEnterprise

Linux 3

Red HatEnterprise

Linux 4

Red HatEnterprise

Linux 5

OtherOperatingSystem

Dom 0

MgmtApp

AppApp

AppApp

AppApp

App

Server Hardware

17

Use Case: Virtualization Platform

An enhanced virtualization environment is provided when multiple instances of Red Hat Enterprise Linux 5 are used:

● Multi Instance Logical Volume Management● Multi Instance Global File System● Multi Instance Application Migration

(with Cluster Suite failover)

Provides a complete virtualization platform

● Server : Storage : Management

● Simplifies deployment & manageability

● Increases flexibility & scalability

● Included as part of the Multi Instance option

● Integrates server & storage virtualization withno special hardware

● Server & storage resources may be shared or independent

Red HatEnterprise

Linux 5

Red HatEnterprise

Linux 5

Red HatEnterprise

Linux 5

Dom 0

MgmtApp

AppApp

AppApp

App

Server Hardware

Multi-instance Logical Volume Manager

Multi-instance Global File System

Multi-instance Application Migration (HA)

Dom 0

Red Hat Enterprise Linux 5

Virtualization Hypervisor

18

Use Case: Virtualization Cluster

“Multi Instance” provides storage sharing & application failover within a single server

Extend these capabilities across multiple servers with:

● Red Hat Enterprise Cluster Suite● Red Hat Global File System

● Ideal for scale-out & blade configurations

Shared Storage

Extend

Security Enhanced Linux (SELinux)

Integrated into standard Red Hat Enterprise Linux versions – full ISV support

Flexible Mandatory Access Control system for Linux

Capabilities analogous to commercial secure operating systems (e.g. Trusted Solaris, Trusted Irix)

Optional targeted policy in core product secures key network-facing services with minimal system impact

Support for strict (government/military application) and custom policies through Red Hat Global Professional Services

Kernel Kernel

Discretionary Access ControlOnce a security exploit gains access to

privileged system components the entiresystem is compromised

Mandatory Access ControlKernel policy defi nes application rights,

fi rewalling applications from compromisingthe entire system

Policy

Enforcement

Red Hat Confidential

MRG RealtimeIllustrating determinism

Red Hat Confidential

Detail zoom-in of RHEL5 vs MRG Realtime

22

Typical sources of non-determinism

Application priorities– One application blocks another

– Or holds a contended resource (lock)

Linux kernel– When the Linux kernel is running, applications block

– The longer the kernel runs, the longer applications block

– Determinism bounded by longest running kernel codepath

High priority app runs

Interrupt

Kernel interrupt handling & scheduler

High priority appresumes

23

How? - Realtime Java (RTSJ)

Versions of Java which are more deterministic – primarily by removing garbage collection unpredictability and inter-JVM communication

MRG Realtime is the only Linux kernel having the prerequisites (ie, Priority Inheritance, preemption)

Working closely w/ IBM– IBM WebSphere Real Time– Realtime spec conformant – 200,000 rt thread capable– Exclusive realtime garbage collector– 1ms max GC pause time– Uses at most 30% cpu in any 10ms window

Deployed by US Navy – DDG Destroyer program

24

Stateless Linux

Initiative to separate the OS & applications from user configuration/data (“state”)

Create a new, simplified management paradigm

A consistent, unified architecture that supports...– OS on the Network

– OS on the local machine

Basic requirements:– OS image is read-only

– Hardware configuration is auto-detected

– Data and settings are stored on network, optionally cached locally

Initial client focus, but also applicable to servers (esp. virtualized)

Initial feature release in Red Hat Enterprise Linux 5– Additional features in Updates

25

Identity Management

Native support for Identity management in conjunction with Red Hat Directory Server and Red Hat Certificate System

Integration of Identity & Certificate Management capabilities with Red Hat Enterprise Linux and community applications

– Clear and secure architecture

– Addition of Enterprise Security Client (smartcard, physical token, support)

– Centralized key management for core desktop applications● system login, web browser, email, SSH

Integration of certificate-based security and Kerberos infrastructure via PKInit

Enables centralized management of users and rights

Enables “Single Sign-On” user experience

Software Management

rhel-4-es-i386

rhn-tools-4-i386

lm-TS1.0-rhel-4-es-i386

lm-TS1.0-rhn-tools-4-i386

LM TS 1.0 Packages

Red Hat

LM

ApplicationServer

CommonWeb

ServerSecurity

Service activation keys

Platform channels

What is Red Hat Network?

A systems management platform designed to provide complete lifecycle management of the operating system and applications.

A single solution for lifecycle management of compute resources

● Installing and provisioning new system

● Updating systems

● Managing confi guration fi les

● Monitoring performance

● Redeploying for a new purpose

Red Hat Network

Red Hat's modular, Web-based Linux management platform● Built for distributed systems

● Integrates with existing platforms

Simple value proposition

● Save time and money – Increase productivity – Enhance security

Modular approach

● Updates – Management – Provisioning – Monitoring

29