News
News
2/7/2005
02:10 PM
50%
50%

Review: Red Hat Enterprise Linux 4

Linux 4 adds Logical Volume Manager 2 and directory support for better stability and performance. But poor documentation and complicated SELinux policy management could spell trouble.

• CFQ (Complete Fair Queue) Scheduler. Manages I/O requests and bandwidth on a per-process basis; good for workloads requiring low latency and high throughput.

• Deadline scheduler. Gives I/O requests a deadline by which they must be served; best for applications like databases that require frequent disk access.

Dig Deeper (on-site search queries)
Read On

• Anticipatory scheduler. Extends the deadline scheduler by adding heuristics that reorder I/O access and increase throughput.

• No-op scheduler. Schedules I/O requests without any algorithmic preference for one request over another; optimal for a virtualized environment that takes advantage of an existing scheduler.

RHEL 4 uses the Ext3 file system and has added enhancements surrounding file access and synchronization. Also included in this release is LVM2 (Logical Volume Manager 2), which lets you manipulate files systems. I tested this feature using the CLI (command-line interface) and found it effective and easy to use. For example, I used lvreduce within LVM2 to decrease the size of LogVol01 from 1.94 GB to 1.84 GB with a single command. Next, I used lvextend to bring it back to its original size.

A full suite of command-line tools lets you manipulate each logical volume in a volume group, which surely beats symbolically linking directories to alternate file systems when you run out of room. But beware: The tools can be dangerous. Indeed, they'll warn you that decreasing the size of a volume may result in data loss.

Tight Security

The inclusion of the NSA (National Security Agency)'s SELinux (Security Enhanced Linux) is a boon, even if its initial integration with Red Hat's management tools is minimal. SELinux uses a flexible and fine-grained MAC (Mandatory Access Control) architecture, called Flask, that can be built into the Linux kernel. SELinux doesn't modify or impose restrictions on the existing Linux user-ID scheme, but instead maintains separate attributes, thus enforcing control without affecting compatibility with the existing system.

You can manipulate the SELinux policy with regard to specific Internet services over the Gnome 2.8 desktop included with RHEL 4. Supported services in this release include DHCP, DNS, HTTP, MySQL, NIS, NTP, Postgres, SNMP, Squid and Syslog. The GUI for the SELinux policy allows for minimal configuration of the policy regarding capabilities of each service, including settings, such as limiting file access and execution by the HTTP daemon, and allowing or disallowing master zone transfers through DNS.

Good
• Easy integration with Active Directory servers
• Supports 32- and 64-bit x86 architectures
• Integration with SELinux provides fine-grained RBAC for services and files
• Supports PCI Express

Bad

• SELinux policies are cumbersome to create
• Difficult to manage some of the new features, such as SELinux and LVM2

Red Hat Enterprise Linux 4, starts at $179. Red Hat, (888) 733-4281, (919) 754-3700. www.redhat.com

If you're brave, you can create SELinux policies manually using the included command-line tools. I poked around in the policy directories and read up on the language used, but decided that the complexity of the job was far beyond the scope of this review.


Policy Based Access Control
Click to Enlarge

I hope Red Hat will improve RHEL's integration and management of SELinux and LVM2, perhaps through a more intuitive GUI. Although the inclusion of both LVM2 and SELinux is a step forward, the tools might be complicated for folks to use to their advantage. On the upside, I found the detailed logs hella-cool; they'll come in handy when it comes to compliance-based initiatives.

Authentication Control

Another advance in RHEL 4 is the upgrade to Samba 3.0 and easy integration with Active Directory (AD). Using the GUI, I selected Winbind as an authentication mechanism. A dialog box let me specify the use of an ADS or domain model; I chose the former. I configured Winbind to use our NWC Inc. AD 2000 server, then provided the proper credentials to let the system access AD. Next, I logged out and logged back in as an AD user who did not yet exist on the RHEL 4 system.

The Winbind support alone is reason enough to upgrade to RHEL 4. What's more, you get a wealth of productivity applications, including the first appearance of Mozilla Firefox and Thunderbird, as well as the standard Citrix, RDP and Terminal Service client options. The move to SELinux to provide fine-grained control over file and service access is positive, though it's difficult for the uninitiated to use. All in all, RHEL 4 is a step in the right direction.

Lori MacVittie is a Network Computing senior technology editor working in our Green Bay, Wis., labs. Write to her at lmacvittie@nwc.com.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Listen Now InformationWeek Live For the Week of December 14, 2014
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.