Red Hat Enterprise Linux 6 Technical Details: What’s New
Red Hat Enterprise Linux 6, the latest release of Red Hat’s trusted datacenter platform, delivers advances in application performance, scalability, and security. With Red Hat Enterprise Linux 6, you can deploy physical, virtual, and cloud computing within your datacenter, reducing complexity, increasing efficiency, and minimizing administration overhead while leveraging technical skills and operational know-how. Red Hat Enterprise Linux 6 is an ideal platform to translate current and future technology innovations into the best value and scale for IT solutions.
Efficiency, Scalability, and Reliability
- Red Hat Enterprise Linux 6 supports more sockets, more cores, more threads, and more memory.
- The CFS schedules the next task to be run based on which task has consumed the least time, task prioritization, and other factors. Using hardware awareness and multi-core topologies, the CFS optimizes task performance and power consumption.
Reliability, Availability, and Serviceability (RAS)
- RAS hardware-based hot add of CPUs and memory is enabled.
- When supported by machine check hardware, the system can recover from some previously fatal hardware errors with minimal disruption.
- Memory pages with errors can be declared as “poisoned”, and will be avoided.
- The new default file system, ext4, is faster, more robust, and scales to 16TB.
- The Scalable File System Add-On contains the XFS file system, which scales to 100TB.
- The Resilient Storage Add-On includes the high availability, clustered GFS2 file system.
- NFSv4 is significantly improved over NFSv3, and is backwards compatible.
- Fuse allows filesystems to run in user space allowing testing and development on newer fused-based filesystems (such as cloud filesystems).
- The web interface based on Conga has been re-designed for added functionality and ease of use.
- The cluster group communication system, Corosync, is mature, secure, high performance, and light-weight.
- Nodes can re-enable themselves after failure without administrative intervention using unfencing.
- Unified logging and debugging simplifies administrative work.
- Virtualized KVM guests can be run as managed services which enables fail-over, including between physical and virtual hosts.
- Centralized configuration and management is provided by Conga.
- A single cluster command can be used to manage system logs from different services, and the logs have a consistent format that is easier to parse.
- The tickless kernel feature keeps systems in the idle state longer, resulting in net power savings.
- Active State Power Management and Aggressive Link Power Management provide enhanced system control, reducing the power consumption of I/O subsystems. Administrators can actively throttle power levels to reduce consumption.
- Realtime drive access optimization reduces filesystem metadata write overhead.
Unprecedented Resource Management
System Resource Allocation
- Cgroups organize system tasks so that they can be tracked, and so that other system services can control the resources that cgroup tasks may consume (Partitioning). Two user-space tools, cgexec and cgclassify, provide easy configuration and management of cgroups.
- Cpuset applies CPU resource limits to cgroups, allowing processing performance to be allocated across tasks.
- The memory resource controller applies memory resource limits to cgroups.
- The network resource controller applies network traffic limits to cgroups.
- A snapshot of a logical volume may be merged back into the original logical volume, reverting changes that occurred after the snapshot.
- Mirror logs of regions that need to be synchronized can be replicated, supporting high availability.
- LVM hot spare allows the behavior of a mirrored logical volume after a device failure to be explicitly defined.
- DM-Multipath allows paths to be dynamically selected based on queue size or I/O time data.
- Very large SAN-based storage is supported.
- Automated I/O alignment and self-tuning is supported.
- Filesystem usage information is provided to the storage device, allowing administrators to use thin provisioning to allocate storage on-demand.
- SCSI and ATA standards have been extended to provide alignment and I/O hints, allowing automated tuning and I/O alignment.
- DIF/DIX provides better integrity checks for application data.
- UDP Lite tolerates partially corrupted packets to provide better service for multimedia protocols, such as VOIP, where partial packets are better than none.
- Multiqueue Networking increases processing parallelism for better performance from multiple processors and CPU cores.
- Large Receive Offload (LRO) and Generic Receive Offload (GRO) aggregate packets for better performance.
- Support for Data Center Bridging includes data traffic priorities and flow control for increased Quality of Service.
- New support for software Fiber Channel over Ethernet (FCoE) is provided.
- iSCSI partitions may be used as either root or boot filesystems.
- IPv6 is supported.
- SELinux policies have been extended to more system services.
- SELinux sandboxing allows users to run untrusted applications safely and securely.
- File and process permissions have been systematically reduced whenever possible to reduce the risk of privilege escalation.
- New utilities and system libraries provide more control over process privileges for easily managing reduced capabilities.
- Walk-up kiosks (as in banks, HR departments, etc.) are protected by SELinux access control, with on-the-fly environment setup and take-down, for secure public use.
- Openswan includes a general implementation of IPsec that works with Cisco IPsec.
Enforcement and Verification of Security Policies
- OpenScap standardizes system security information, enabling automatic patch verification and system compromise evaluation.
Identity and Authentication
- The new System Security Services Daemon (SSSD) provides centralized access to identity and authentication resources, enables caching and offline support.
- OpenLDAP is a compliant LDAP client with high availability from N-way MultiMaster replication, and performance improvements.
Stable Application Development and Production Platform
- This release of Apache includes many improvements, seeÂ Overview of new features in Apache 2.2
- A major revision of Squid includes manageability and IPv6 support
- Memcached 1.4.4 is a high-performance and highly scalable, distributed, memory-based object caching system that enhances the speed of dynamic web applications.
- OpenJDK 6 is an open source implementation of the Java Platform Standard Edition (SE) 6 specification. It is TCK-certified based on the IcedTea project, and the implementation of a Java Web Browser plugin and Java web start removes the need for proprietary plugins.
- Tight integration of OpenJDK and Red Hat Enterprise Linux includes support for Java probes in SystemTap to enable better debugging for Java.
- Tomcat 6 is an open source and best-of-breed application server running on the Java platform. With support for Java Servlets and Java Server Pages (JSP), Tomcat provides a robust environment for developing and deploying dynamic web applications.
- Ruby 1.8.7 is included, and Rails 3 supports dependencies.
- Version 4.4 of gcc includes OpenMP3 conformance for portable parallel programs, Integrated Register Allocator, Tuples, additional C++0x conformance implementations, and debuginfo handling improvements.
- Improvements to the libraries include malloc optimizations, improved speed and efficiency for large blocks, NUMA considerations, lock-free C++ class libraries, NSS crypto consolidation for LSB 4.0 and FIPS level 2, and improved automatic parallel mode in the C++ library.
- Gdb 7.1.29 improvements include C++ function, class, templates, variables, constructor / destructor improvements, catch / throw and exception improvements, large program debugging optimizations, and non-blocking thread debugging (threads can be stopped and continued independently).
- TurboGears 2 is a powerful Internet-enabled framework that enables rapid web application development and deployment in Python.
- Updates to the popular web scripting and programming languages PHP (5.3.2), Perl (5.10.1) include many improvements.
- SystemTap uses the kernel to generate non-intrusive debugging information about running applications.
- The tuned daemon monitors system use and uses that information to automatically and dynamically adjust system settings for better performance.
- SELinux can be used to observe, then tighten application access to system resources, leading to greater security.
- PostgreSQL 8.4.4 includes many improvements, please seeÂ PostgreSQL 8.4 Feature Listfor details.
- MySQL 5.1.47 improvement are listed here:Â What Is New in MySQL 5.1.
- SQLite 3.6.20 includes significant performance improvements, and many important bug fixes. Note that this release has made incompatible changes to the internal OS interface and VFS layers (compared to earlier releases).
System API / ABI Stability
- The Red Hat Enterprise Linux: Application Compatibility Specification document defines stable, public, system interfaces for the full ten-year life cycle of Red Hat Enterprise Linux 6. During that time, applications will not be affected by security errata or service packs, and will not require re-certification. Backward compatibility for the core ABI is maintained across major releases, allowing applications to span subsequent releases.
- The KVM hypervisor is fully integrated into the kernel, so all Red Hat Enterprise Linux system improvements benefit the virtualized environment.
- The application environment is consistent for physical and virtual systems.
- Deployment flexibility, provided by the ability to easily move guests between hosts, allows administrators to consolidate resources onto fewer machines during quiet times, or free up hardware for maintenance downtime.
Leverages Kernel Features
- Hardware abstraction enables applications to move from physical to virtualized environments independently of the underlying hardware.
- Increased scalability of CPUs and memory provides more guests per server.
- Block storage benefits from selectable I/O schedulers and support for asynchronous I/O.
- Cgroups and related CPU, memory, and networking resource controls provide the ability to reduce resource contention and improve overall system performance.
- Reliability, Availability, and Serviceability (RAS) features (e.g., hot add of processors and memory, machine check handling, and recovery from previously fatal errors) minimize downtime.
- Multicast bridging includes the first release of IGMP snooping (in IPv4) to build intelligent packet routing and enhance network efficiency.
- CPU affinity assigns guests to specific CPUs.
- CPU masking allows all guests to use the same type of CPU.
- SR-IOV virtualizes physical I/O card resources, primarily networking, allowing multiple guests to share a single physical resource.
- Message signaled interrupts deliver interrupts as specific signals, increasing the number of interrupts.
- Transparent hugepages provides significant performance improvements for guest memory allocation.
- Kernel Same Page (KSM) provides reuse of identical pages across virtual machines (known as deduplication in the storage context).
- The tickless kernel defines a stable time model for guests, avoiding clock drift.
- Advanced paravirtualization interfaces include non-traditional devices such as the clock (enabled by the tickless kernel), interrupt controller, spinlock subsystem, and vmchannel.
- In virtualized environments, sVirt (powered by SELinux) protects guests from one another
Microsoft Windows Support
- Windows WHQL-certified drivers enable virtualized Windows systems, and allow Microsoft customers to receive technical support for virtualized instances of Windows Server
Installation, Updates, and Deployment
- Anaconda supports installation of a â€œminimal platformâ€ as a specific server installation, or as a strategy for reducing the number of software packages to increase security.
- Red Hat Network and Red Hat Network Satellite continue to provide management, provisioning, and monitoring for large deployments.
- Installation options have been reorganized into â€œworkload profilesâ€ so that each system installation will provide the right software for specific tasks.
- Dracut, a replacement for mkinitrd, minimizes the impact of underlying hardware changes, is more maintainable, and makes it easier to support third party drivers.
- The new yum history command provides information about yum transactions, and supports undo and redo of selected operations.
- Yum and RPM offer significantly improved performance.
- RPM signatures use the Secure Hash Algorithm (SHA256) for data verification and authentication, improving security.
- Storage devices can be designated for encryption at installation time, protecting user and system data. Key escrow allows recovery of lost keys.
- Standards Based Linux Instrumentation for Manageability (SBLIM) manages systems using Web-Based Enterprise Management (WBEM).
- ABRT enhanced error reporting speeds triage and resolution of software failures.
Routine Task Delegation
- PolicyKit allows administrators to provide users access to privileged operations, such adding a printer or rebooting a desktop, without granting administrative privileges.
- Improvements include better printing, printer discovery, and printer configuration services from cups and system-config-printer.
- SNMP-based monitoring of ink and toner supply levels and printer status provides easier monitoring to enable efficient inventory management of ink and toner cartridges.
- Automatic PPD configuration for postscript printers, where PPD option values are queried from printer, are available in CUPS web interface.
- Samba improvements include support for Windows 2008R2 trust relationships: Windows cross-forest, transitive trust, and one-way domain trust.
- Applications can use OpenChange to gain access to Microsoft Exchange servers using native protocols, allowing mail clients like Evolution to have tighter integration with Exchange servers.