What’s new in RHEL 6

Red Hat on Wednesday (10, Nov. 2010) released version 6 of its Red Hat Enterprise Linux (RHEL) distribution.
RHEL 6 has more than 2,000 packages, and an 85 percent increase in the amount of code from the previous version, said Jim Totton, vice president of Red Hat’s platform business unit. The company has added 1,800 features to the OS and resolved more than 14,000 bug issues.

What’s new for Red Hat Enterprise Linux 6 Server?

Reliability, availability, and scalability (RAS)
• Red Hat Enterprise Linux 6 supports more sockets, more cores, more threads, and more memory.
• RAS hardware-based hot add of CPUs and memory is enabled.
• When supported by machine check hardware, the system can recover from some previously fatal hardware errors with minimal disruption.
• Memory pages with errors can be declared as “poisoned” and will be avoided.
• The CFS schedules the next task to be run based on which task has consumed the least time, task prioritization, and other factors. Using hardware awareness and multi-core topologies, the CFS optimizes task performance and power consumption.

The new default file system, ext4, is faster, more robust, and scales to 16 TB.
The scalable file system add-on contains the XFS file system, which scales to 100 TB. The resilient storage add-on includes the high availability, clustered GFS2 file system.
NFSv4 is significantly improved over NFSv3, and is backwards compatible.
Fuse allows filesystems to run in user space allowing testing and development on newer fused-based filesystems (such as cloud filesystems).

High availability
• The web interface based on Conga has been redesigned for added functionality and ease of use.
• The cluster group communication system, Corosync, is mature, secure, high-performance, and lightweight.
• Nodes can re-enable themselves after failure without administrative intervention using unfencing.
• Unified logging and debugging simplifies administrative work.
• Virtualized KVM guests can be run as managed services, which enables fail-over, including between physical and virtual hosts.
• Centralized configuration and management is provided by Conga.
• a single cluster command can be used to manage system logs from different services, and the logs have a consistent format that is easier to parse.

Power management
The tickless kernel feature keeps systems in the idle state longer, resulting in net power savings.
active State power Management and aggressive Link power Management provide enhanced system control, reducing the power consumption of I/O subsystems. administrators can actively throttle power levels to reduce consumption.
Relatime drive access optimization reduces filesystem metadata write overhead.

System resource allocation
Cgroups organize system tasks so that they can be tracked and so that other system services can control the resources that cgroup tasks may consume (partitioning). Two userspace tools, cgexec and cgclassify, provide easy configuration and management of cgroups.
• Cpuset applies CPU resource limits to cgroups, allowing processing performance to be allocated across tasks.
• The memory resource controller applies memory resource limits to cgroups.
• The network resource controller applies network traffic limits to cgroups.

• a snapshot of a logical volume may be merged back into the original logical volume, reverting changes that occurred after the snapshot.
• Mirror logs of regions that need to be synchronized can be replicated, supporting high availability.
• LVM hot spare allows the behavior of a mirrored logical volume after a device failure to be explicitly defined.
DM-Multipath allows paths to be dynamically selected based on queue size or I/O time data.
• Very large SAN-based storage is supported.
• Automated I/O alignment and self-tuning is supported.
• Filesystem usage information is provided to the storage device, allowing administrators to use thin provisioning to allocate storage on-demand.
• SCSI and aTa standards have been extended to provide alignment and I/o hints, allowing automated tuning and I/o alignment.
• DIF/DIX provides better integrity checks for application data.

• UPD Lite tolerates partially corrupted packets to provide better service for multimedia protocols, such as voIp, where partial packets are better than none.
• Multiqueue Networking increases processing parallelism for better performance from multiple processors and CPU cores.
• Large Receive Offload (LRO) and Generic Receive Offload (GRO) aggregate packets for better performance.
• Support for datacenter bridging includes data traffic priorities and flow control for increased quality of service.
• New support for software Fiber Channel over Ethernet (FCoE) is provided.
• iSCSI partitions may be used as either root or boot filesystems.
• Ipv6 is supported.

Access control
• SELinux policies have been extended to more system services.
• SELinux sandboxing allows users to run untrusted applications safely and securely.
• File and process permissions have been systematically reduced whenever possible to reduce the risk of privilege escalation.
• New utilities and system libraries provide more control over process privileges for easily managing reduced capabilities.
• Walk-up kiosks (as in banks, HR departments, etc.) are protected by SELinux access control, with on-the-fly environment setup and take-down, for secure public use.
• openswan includes a general implementation of Ipsec that works with Cisco Ipsec.

Enforcement and verification of security policies
OpenSCAP standardizes system security information, enabling automatic patch verification and system compromise evaluation.
• The new System Security Services Daemon (a.k.a. SSSD) provides centralized access to identity
and authentication resources, enables caching and offline support.
• OpenLdap is a compliant LDAP client with high availability from N-way multimaster replication and performance improvements.

Kernel-based virtualization
• The KVM hypervisor is fully integrated into the kernel, so all Red Hat Enterprise Linux system improvements benefit the virtualized environment.
• The application environment is consistent for physical and virtual systems.
• Deployment flexibility, provided by the ability to easily move guests between hosts, allows administrators to consolidate resources onto fewer machines during quiet times or to free up hardware for maintenance downtime.

Leverages kernel features
• Hardware abstraction enables applications to move from physical to virtualized environments independently of the underlying hardware.
• Increased scalability of CPUs and memory provides more guests per server.
• Block storage benefits from selectable I/O schedulers and support for asynchronous I/O.
• Cgroups and related CPU, memory, and networking resource controls provide the ability to reduce resource contention and improve overall system performance.
• Reliability, availability, and serviceability (RAS) features (e.g., hot add of processors and memory, machine check handling, and recovery from previously fatal errors) minimize downtime.
• Multicast bridging includes the first release of IGMP snooping (in IPv4) to build intelligent packet routing and enhance network efficiency.
• CPU affinity assigns guests to specific CPUs.

Guest acceleration
• CPU masking allows all guests to use the same type of CPU.
• SR-IOV virtualizes physical I/O card resources, primarily networking, allowing multiple guests to share a single physical resource.
• Message-signaled interrupts deliver interrupts as specific signals, increasing the number of interrupts.
• Transparent hugepages provide significant performance improvements for guest memory allocation.
• Kernel Same Page (KSM) provides reuse of identical pages across virtual machines (known as deduplication in the storage context).
• The tickless kernel defines a stable time model for guests, avoiding clock drift.
• Advanced paravirtualization interfaces include non-traditional devices such as the clock (enabled by the tickless kernel), interrupt controller, spinlock subsystem, and vmchannel.
• In virtualized environments, sVirt (powered by SELinux) protects guests from one another.
• Windows WHQL-certified drivers enable virtualized Windows systems and allow Microsoft customers to receive technical support for virtualized instances of Windows Server.

Installation, updates, and deployment
• Anaconda supports installation of a “minimal platform” as a specific server installation or as a strategy for reducing the number of software packages to increase security.
• Red Hat Network and Red Hat Network Satellite continue to provide management, provisioning, and monitoring for large deployments.
• Installation options have been reorganized into “workload profiles” so that each system installation will provide the right software for specific tasks.
Dracut, a replacement for mkinitrd, minimizes the impact of underlying hardware changes, is more maintainable, and makes it easier to support third-party drivers.
• The new yum history command provides information about yum transactions, and supports undo and redo of selected operations.
• Yum and RPM offer significantly improved performance.
• RPM signatures use the Secure Hash Algorithm (SHA256) for data verification and authentication, improving security.
• Storage devices can be designated for encryption at installation time, protecting user and system data. key escrow allows recovery of lost keys.
• Standards-Based Linux Instrumentation for Manageability (SBLIM) manages systems using Web-Based Enterprise Management (WBEM).
• ABRT enhanced error reporting speeds triage and resolution of software failures.

Routine task delegation
Policykit allows administrators to provide users access to privileged operations, such adding a printer or rebooting a desktop, without granting administrative privileges.
• Samba improvements include support for Windows 2008 R2 trust relationships, specifically Windows cross-forest, transitive trust, and one-way domain trust.
• applications can use openChange to gain access to Microsoft Exchange servers using native protocols, allowing mail clients like Evolution to have tighter integration with Exchange servers.

This is summerized from The official release note which can be downloaded here (pdf).

Share Button

One thought on “What’s new in RHEL 6

Leave a comment

Your email address will not be published. Required fields are marked *