On June 21st Red hat announced the next minor release of Red hat enterprise Linux 6 — Red hat enterprise Linux 6.3. Red hat continues to deliver a predictable lifecycle of new product features and partner enhancements that customers rely on. These innovations originate from many sources including Red hat engineers, partners and customers themselves, as well as the open source communities in which we lead and participate. Red hat enterprise Linux 6.3 provides enterprises with mature, stable technology backed up by our award-winning Global support services team.
Red hat enterprise Linux validates its position as a leading operating system platform — specifically within hybrid environments that require a combination of physical, virtual, and cloud architectures. In these environments enterprises expect consistency, stability, yet deployment flexibility. Features like secure disk wiping and live volume resizing of virtual guests demonstrate the value of Red hat enterprise Linux for hybrid deployment patterns, and represent the confluence of key capabilities for security and storage resource management with next generation architectures like cloud and virtualization.
Virtualization and Cloud Support
Scalability, Performance, and More Efficient Management
Enhanced KVM Virtualization Features
• KVM scalability enhancements in Red hat enterprise Linux 6.3 are bountiful. The maximum supported virtual guest size more than doubled from 64 to 160 virtual Cpus (vCpus).
This new limit is 5x the vCpus of VMware esx 5.0. Also vastly increased is the maximum supported memory in a KVM guest. This was upped from 512GB to 2tB. The memory increase is 2x the size of VMware esx 5.0. The enhanced features enable customers to more efficiently run large scale workloads in a virtual guest when compared to the VMware 5.0 limits.
• Red hat enterprise Linux 6.3 features support for new processors in KVM Virtualization.
KVM will add support for the latest processors, including the new Intel xeon series e5 and AMD 6200 series. The processor support is inherited directly from Red hat enterprise Linux and does not require additional development, as is the case with other hypervisor technologies. The new CPU model definitions in KVM provides the necessary new processor enablement to KVM host and the virtualize guests. This ensures that KVM Virtualization derives the performance benefits associated with the new processors and availability of the new instructions in the latest CPUs.
New KVM Virtualization Features
• New to this release is the support for USB 2.0. KVM supports USB 2.0 host adapter emulation which enables USB 2.0 devices to be used in guests, and supports USB pass through from host to guest. Devices like USB storage and tablets are now also supported. Remote wakeup support has also been added to the USB host controller, allowing suspended guests to resume from USB 2.0 devices.
• Remote wake-up support has also been added to the USB host controller, allowing suspended guests to resume from USB 2.0 devices. The key benefits of this new feature lie in the dramatic improvement of usability with Virtualization desktop and tablet. USB 2.0 emulation improves the power utilization and the Cpu consumption of virtual machines.
The speed provided by the new remote wake-up support saves Cpu cycles by providing a mechanism for devices to send wake-up requests instead of the old polling method.
• KVM now provides predictable MaC addresses of sR-IOV capable ethernet cards when the device is assigned to a virtual machine using a pCI device assignment. While previously, a sR-IOV capable ethernet card was given a new random MaC address each time the card was initialized, this was seen as inefficient. This feature no longer assigns a different MaC address every time the card passes through to a guest. Instead, a fixed MaC address is supplied by the libvirt prior to assigning the device to the guest. The presentation and preservation of a MaC address simplifies virtual guest administration by eliminating the manual process of assigning MaC addresses due to re-booting or restarting of a guest. This feature is supported for both Red hat enterprise Linux and Windows guests.
• Another new feature of KVM is the support for block device live re-sizing. KVM is now able to perform live volume re-sizing of a virtual disk, rather than stopping the virtual machine and then re-sizing it offline. This feature is supported with both Red hat and Windows guests and works on all backing stores and not restricted to LVM/dM. With this feature, guests no longer have to be taken offline to adjust block device size, increasing availability and allowing administrators to better manage their service Level agreements.
• The ability to automatically generate unique World Wide port Names (WWpN) and Wold Wide Node Names (WWNN) for virtual host Bus adapters (vhBas) is also new in the 6.3 release. When KVM assigns unique WWpNs and WWNNs to the vhBas, the device xML is automatically updated with the necessary information. This feature grants the benefit of automatic generation of names that is scriptable, eliminating a time-consuming, error-prone manual process.
• until recently, Cpu resources were assigned to migrated guests on an availability basis making migrations easy, but not guaranteeing Cpu resources and, therefore, not guaranteeing that the guest performance would be preserved after the migration. Libvirt now gives administrators the option to migrate guests with priority for performance. Libvirt now supports anew host Cpu mode that allows a generic guest configuration to use the maximum available Cpu resources on the host. By dynamically building the
Cpu configurations of a virtual machine, a guest can be live migrated and achieve the maximum performance the new host system is capable of delivering.
• an important new feature is the secure wipe of retired virtual machines. the current practice used to wipe and verify traces of data from a retired virtual machine was to issue a wipe command, then read a volume and ensure only zeros were returned. an industry accepted method of securely wiping disk for physical systems was to use the “scrub” command, which wipes, then re-writes a data device. In Red hat Linux enterprise 6.3, we have introduced the scrub command to KVM and providing the same level of security to virtualized environments that has been long enjoyed by physical systems. this is of importance to all users of virtualization who demand the most secure operating environment, especially those that require full compliance with the payment Card Industry data security standards (pCI-dss).
• The Red hat enterprise Linux 6.3 release introduces the informative “steal time” feature. This is the time that a virtual Cpu waits for a real Cpu while the hypervisor is servicing another virtual processor. KVM Virtual Machines can now calculate and report steal time, visible through tools like ‘top’ and ‘vmstat,’ which provides a guest accurate Cpu utilization data. The KVM steal time provides users with additional data to improve their application run time performance.
High availability/Clustering
Enhanced Support for VMware vSphere 5.x Feature
• support for high availability and resilient storage add-Ons for VMware vsphere has been extended to include VMWare vsphere 5.x with Red hat enterprise Linux 6.3. Customers electing to deploy guests on VMware vsphere 5.x can also use the available add-Ons.
In prior releases this feature was limited to KVM and vsphere 4.x installations.
Enhanced gFS2 Feature
• The shared storage file system, GFs2 has received several enhancements with the Red hat enterprise Linux 6.3 release. GFs2 now includes read-ahead capabilities for sequentially reading directories. The data write speed has been improved even when data writes are simultaneously targeting the same node. In addition, file system check utilities for GFs2 can now be used to check the integrity of the older GFs1 file system. Along with the benefit of easing the transition from GFs1 to GFs2, this enhanced file system check results in much faster data reads and writes data than in previous releases and works on all generations
of the file system.
SECurity
New openSSH Security Features
• Strong authentication is quickly becoming a standard industry practice and the availability of a two factor authentication mechanism introduces a higher level of security. This release will leverage this capability within Openssh to utilize two distinct inputs for authentication such as a password and a public key. Two-factor authentication will enable easier compliance with the payment Card Industry data security standards and other security regulations.
• another new security feature in the Red hat enterprise Linux 6.3 release is support for aes Counter Mode (aes-CtR) in Openssh. The advanced encryption standard, also known as Rijndael specification, now includes aes-CtR Cipher for Openssh. Among the benefits of this feature are high-speed networking capabilities through pipelining, parallelization and key stream pre-computation. CtR mode is particularly well suited to operate on a multiprocessor machine where blocks can be encrypted in parallel.
Enhanced IBM System z Features
• The package called OpenssL-IBMCa has been introduced with Red hat enterprise Linux 6.3, which makes calls directly to the hardware, provided cryptography. One can now run OpenssL and use currently available cryptography standards such as FIps 140-2 available on system Z running Red hat enterprise Linux.
• The feature makes currently available cryptography standards such as FIps 140-2 available on system Z running Red hat enterprise Linux. It simplifies configuration because all cryptography dependencies are available in the base product.
Enhanced SeLinux Feature
• The documentation for seLinux has been significantly expanded. This update provides detailed and up-to-date documentation and will make it easier for users and systems administrators to tackle day-to-day seLinux issues. For example, 400 man pages have been added to seLinux Confined system domains like httpd. These man pages can be accessed with the command ‘man -k selinux’.
