There are two supported protocols in Red Hat Enterprise Linux for synchronization of computer clocks over a network. The older and more well-known protocol is the Network Time Protocol (NTP). In its fourth version, NTP is defined by IETF in RFC 5905. The newer protocol is the Precision Time Protocol (PTP), which is defined in the IEEE 1588-2008 standard.
The reference implementation of NTP is provided in the ntp package. Starting with Red Hat Enterprise Linux 7.0 (and now in Red Hat Enterprise Linux 6.8) a more versatile NTP implementation is also provided via the chrony package, which can usually synchronize the clock with better accuracy and has other advantages over the reference implementation. PTP is implemented in the linuxptp package.
With two different protocols designed for synchronization of clocks, there is an obvious question as to which one is
Continue reading “Combining PTP with NTP to Get the Best of Both Worlds”
Not long ago, Intel introduced a new Xeon processor platform to enable faster computing for the enterprise world. Codenamed Broadwell, this architecture brought additional cores to the chip and many improvements, from faster memory support to various security enhancements. As with three generations of Intel Xeon processors before this one, these benefits span beyond simple increases in transistor counts or the number of cores within each processor.
Today, Intel launched the Intel Xeon E7 v4 processor family, a high-end, enterprise-focused class of processors based on Broadwell architecture and targeted at large systems with four or more CPUs. Accompanying the launch are several new world record industry-standard benchmarks; this is where things like increased memory capacity or larger on-chip caches benefit overall system performance, resulting in the highest reported scores on various standard benchmarks. The Xeon E7 v4 launch, along with other announcements like it, typically send a ripple of innovation throughout Red Hat’s partner ecosystem in the form of new and improved performance results. The ability to support these partners is of paramount importance to Red Hat and, as a result, Red Hat Enterprise Linux is often selected by these ongoing benchmarking efforts.
Here is how Red Hat Enterprise Linux scored this time:
Continue reading “Red Hat Delivers High Performance on Critical Enterprise Workloads with the Latest Intel Xeon E7 v4 Processor Family”
Virtualization technologies have evolved such that support for multiple networks on a single host is a must-have feature. For example, Red Hat Enterprise Virtualization allows administrators to configure multiple NICs using bonding for several networks to allow high throughput or high availability. In this configuration, different networks can be used for connecting virtual machines (using layer 2 Linux bridges) or for other uses such as host storage access (iSCSI, NFS), migration, display (SPICE, VNC), or for virtual machine management. While it is possible to consolidate all of these networks into a single network, separating them into multiple networks enables simplified management, improved security, and an easier way to track errors and/or downtime.
The aforementioned configuration works great but leaves us with a network bottleneck at the host level. All networks compete on the same queue in the NIC / in a bonded configuration and Linux will only enforce a trivial quality of service queuing algorithm, namely: pfifo_fast, which queues side by side, where packets can be enqueued based on their Type of Service bits or assigned priority. One can easily imagine a case where a single network is hogging the outgoing link (e.g. during a migration storm where many virtual machines are being migrated out from the host simultaneously or when there is an attacker VM). The consequences of such cases can include things like lost connectivity to the management engine or lost storage for the host.
A simple solution is to configure
Continue reading “Steps to Optimize Network Quality of Service in Your Data Center”
Some time ago, two different projects were started in the open source community, namely: Ipsilon and Keycloak. These projects were started by groups with different backgrounds and different perspectives. In the beginning, it seemed like these two projects would have very little in common… though both aimed to include
Continue reading “Red Hat Federation Story: Ipsilon & Keycloak… a “Clash of the Titans””
Woah. 2015 went by really quickly. I do suppose it’s not all that surprising as time flies… especially when you’re having fun or… getting older (you pick). In fact, we’ve already put 2 percent of 2016 behind us! That said, before we get too deep into “the future”, and in consideration of Janus having not one but two faces, let’s take a quick trip down memory lane…
Without a doubt, 2015 was an exciting year for all things “container”, especially here at Red Hat.
To recap, the year started off with a bang when we announced the general availability of Red Hat Enterprise Linux Atomic Host alongside Red Hat Enterprise Linux 7.1. Then – less than two months later
Continue reading “Looking Back on Containers in 2015”
Over the past few decades we have seen great advancements in the IT industry. In fact, the industry itself seems to be growing at an increasingly faster pace. However, as the industry grows so to does its evil twin – the figurative sum of all threats to IT security.
On the bright side, along with a steady stream of ever-evolving security issues and threats, there has also been a great effort to mitigate and, when possible, entirely eliminate such threats. This is accomplished by either fixing the bugs that allowed these issues and threats to exist (in the first place) or by fixing the configurations and protectionary mechanisms of systems so as to prevent attackers from finding success.
As 2015 has been no stranger to news stories about data leakages, various security flaws, and new types of malware – one could easily conclude that “the dark side” is winning this seemingly eternal race.
However, taking the complexity of today’s IT solutions into account
Continue reading “Configuring and Applying SCAP Policies During Installation”
We are pleased to announce the release of Red Hat Certificate System 9. Supported on Red Hat Enterprise Linux 7.1 and based on the open source PKI capabilities of the Dogtag Certificate System, Red Hat Certificate System 9 provides a robust and flexible set of features to support Certificate Life Cycle Management. It is able to issue, renew, suspend, revoke, archive/recover, and manage the single and dual-key X.509v3 certificates needed to handle strong authentication, single sign-on, and secure communications. Red Hat Certificate System 9 incorporates several new and enhanced features, including
Continue reading “Red Hat Certificate System 9 Now Available”
Given the recent massive spike in interest in Linux Containers, you could be forgiven for wondering, “Why now?”. It has been argued that the increasingly prevalent cloud computing model more closely resembles hosting providers than traditional enterprise IT, and that containers are a perfect match for this model.
Despite the sudden ubiquity of container technology, like so much in the world of open source software, containerization depends on a long series of previous innovations, especially in the operating system. “One cannot resist an idea whose time has come.” Containers are such an idea, one that has been a long time coming.
Continue reading “The History of Containers”
Perhaps you’ve been charged with developing a container-based application infrastructure? If so, you most likely understand the value that containers can provide to your developers, architects, and operations team. In fact, you’ve likely been reading up on containers and are excited about exploring the technology in more detail. However, before diving head-first into a discussion about the architecture and deployment of containers in a production environment, there are three important things that developers, architects, and systems administrators, need to know
Continue reading “Architecting Containers Part 1: Why Understanding User Space vs. Kernel Space Matters”
On Thursday, July 30, 2015, Red Hat will be presenting a free webinar for system administrators, engineers, and architects to learn what’s new with Red Hat Enterprise Linux.
During this webinar Red Hat curriculum manager and Red Hat Certified Architect, Michael Jarrett, will teach you about the new and changed features in Red Hat Enterprise Linux 7. He’ll focus on system administration topics that have changed significantly or are particularly important in Red Hat Enterprise Linux 7. He’ll also discuss the skills and expert knowledge needed to measure and influence performance on these systems.
Then Pete Hnath, director of curriculum, will show you how easy it is to train on Red Hat Enterprise Linux 7 and update your skills with the new Red Hat Learning Subscription, a year-long, all-access pass to more than 30 online learning courses.