ra2 studio - Fotolia


Tap into the new SELinux, DR features in RHEL release 7.3

Red Hat Enterprise Linux 7.3 gives admins more granular control over security, DR and containers, while laying the foundation for IoT workloads -- something RHEL 8 will likely build on.

When you think of enterprise Linux, the first company that often comes to mind is Red Hat.

Red Hat Enterpise Linux (RHEL) gives users the flexibility and security to run the Linux platform in their data centers with enterprise-level support. In November 2016, Red Hat released the latest iteration of its enterprise Linux platform, RHEL 7.3, which focuses heavily on security, performance and reliability.

Let's take a look at some of the new features in this RHEL release -- and what they could mean for the upcoming launch of RHEL 8.

New security, container features emerge

Prior to RHEL release 7.3, admins may have struggled with SELinux allowing user access to that application, due to an SELinux system module.

Security-Enhanced Linux (SELinux) is one of the biggest improvements in RHEL release 7.3, giving administrators better control over policies. It is now possible to override a system module with a custom module that has a higher priority, so the custom module takes precedence.

For example, an organization might have a custom SELinux module that allows access to a custom, web-based application. Prior to RHEL release 7.3, admins may have struggled with SELinux allowing user access to that application, due to an SELinux system module. But now, admins can enable a custom module and give it a higher priority over a system module to ensure access to that application.

Container security also gets a boost with improvements to the OpenSCAP Workbench, an open source version of the Security Content Automation Protocol (SCAP). This addition to RHEL will provide the means to set baseline policies for security compliance in a GUI tool. The improvement to OpenSCAP can be found with what is called Atomic Scan. How atomic scan differs from other container scanners is that it understands the underlying container architecture and adds container vulnerability detection into the mix. An atomic scan can also mount a read-only root file system -- such as a container downloaded from a remote host -- scan the content for vulnerabilities, and then output the scan log for analysis.

Latest RHEL release gets boost in video, application stack performance

Red Hat 7.3 goes a long way to address the needs for the likes of video conferencing, VoIP, and software as a service by introducing lightweight tunnels and the ability to offload packet processing to co-processors with an enhanced memory allocator capable of supporting up to 100 GB network interfaces.

Another performance increase can be found in high-transaction application stacks like databases and virtual machines. In 7.3, Red Hat expands support for high-speed, low-latency devices -- such as non-volatile memory.

With RHEL release 7.3, organizations can also deploy multisite disaster recovery (DR) services without having to use a third-party vendor; the DR components are built-in and will integrate with the operating system. Admins can configure pacemaker to enable the multisite functionality, and trigger pacemaker alerts to receive notifications of status changes. This built-in disaster recovery option will help RHEL 7.3 be more reliable than preview RHEL iterations.

RHEL 8 to likely focus on IoT release

With RHEL 8's release in 2018, Red Hat will place a significant focus on industrial internet of things (IoT). More and more businesses rely on smart technology and connected systems, many of which have been found vulnerable to attacks. Considering IoT will continue to be a target to malicious attacks, RHEL 8 will put a significant focus on security. RHEL 7.3 laid the foundation for this with support for Bluetooth Low Energy devices and for the Controller Area Network bus protocol, which is used in automobiles and high-end industrial controllers.

Next Steps

Container advancements with RHEL 7

Prepare Linux server clusters for high availability

Did RHEL 7 redefine containers?

Dig Deeper on Linux servers