Maximize your Linux operating environment

Manage standards-based compliance settings

System-wide cryptographic policy provides a consistent way to implement and maintain standards-based compliance settings for your infrastructure. 

With 1 simplified command, you can select a built-in cryptographic policy and apply it consistently across the applications on your system. Plus, if you have specialized regulatory compliance requirements, you can create a custom policy to meet your objectives.

Automate security configuration with system roles

Red Hat Enterprise Linux system roles, powered by Red Hat Ansible® Automation Platform, allow administrators to use automation to install and manage security settings at scale in less time. 

System roles are written to work with multiple Red Hat Enterprise Linux releases across various footprints, allowing administrators to use best practices for Red Hat solutions. With a single command or workflow, you can configure new security settings and maintain them on all your systems.

Centralize authentication and authorization

Red Hat Enterprise Linux includes centralized identity management (IdM) capabilities that allow you to authenticate users and implement role-based access controls (RBAC) using a single, scalable interface that spans your entire datacenter.

• Identity management in Red Hat Enterprise Linux integrates with Microsoft Active Directory, lightweight directory access protocol (LDAP), and other third-party identity and access management solutions through standard application programming interfaces (APIs). 
• You can also centrally manage authentication and authorization for services using certificate-based authentication and authorization techniques

Customize policies

Security-Enhanced Linux (SELinux) is an implementation of mandatory access control (MAC) in the Linux kernel. Red Hat Enterprise Linux containers run with SELinux by default. This includes an additional layer of security in the operating system (OS) and prevents containers from breaking out and overwriting the underlying host OS or other containers on the system. Udica allows system administrators and container developers to analyze a running container and auto-generate a policy with container-specific SELinux rules. This simplifies policy writing and reduces risk by eliminating the need to run containers with superuser privileges.

Patch systems with minimal downtime

Red Hat provides kernel live patches for common vulnerabilities and exposures (CVEs) rated critical or important for extended update support (EUS) releases at no extra cost. Kernel live patching (KLP) allows you to patch a running kernel to immediately address vulnerabilities without rebooting your system to minimize downtime without compromising security.

Manage security and compliance at scale

Included in a Red Hat Enterprise Linux subscription, at no added cost, Red Hat Insights is a Software-as-a-Service (SaaS) offering that provides users with actionable security data about their deployments. Discover and address operational and vulnerability risks, scan your systems faster to determine which patches are missing, and prioritize which critical patches to apply first. You can create, modify, implement, and maintain security configuration policies across all your Red Hat Enterprise Linux systems from a single web interface. Additionally, you can execute, scale, and automate remediation plans from Red Hat Insights with a Red Hat Smart Management subscription

Record system activity to support compliance goals

Red Hat Enterprise Linux includes session recording, which has auditing and logging capabilities that let security administrators capture keystrokes and activities of a select group of users on a system. This data is recorded in the same system journal or log file as all other activities and can be analyzed and correlated using replay and pause capabilities included in the playback tool.

Stop unauthorized applications from executing

Application allowlisting can reduce potential attack vectors and prevent rogue applications from executing on your system. The file access policy daemon (fapolicyd) offers built-in application allowlisting, which permits only approved executables to run on a system by a user. System administrators can configure fapolicyd with default policies or build their own to prevent modified or unauthorized applications from running.

Hands-on tips for getting the most out of your Red Hat Enterprise Linux deployments.

Get started with service administration basics

Moving SAP, running on another platform, to Red Hat Enterprise Linux? Service management on Red Hat Enterprise Linux is handled through systemd, a daemon that starts system services at boot and offers administrators the ability to stop, start, or restart services on a running system. Systemd can also be configured to monitor the state of a service and restart it if needed.

Install software using package managers

Moving to Red Hat Enterprise Linux from another OS? Installing, upgrading, and managing software is a critical skill for Red Hat Enterprise Linux administrators.

Reduce downtime with automation

System administrators need capabilities for scale. With Red Hat Enterprise Linux for SAP Solutions, you can fully automate your SAP deployment and management of SAP HANA® landscapes as well as the Red Hat infrastructure. Help your practitioners automate critical transitions like system and software upgrades with near-zero downtime, and support high availability and disaster recovery for scale-up and scale-out SAP HANA deployments with fully supported Red Hat High Availability Clustering technologies.

Reduce maintenance with kernel live patching

Red Hat Enterprise Linux for SAP Solutions provides live kernel patches for common vulnerabilities and exposures rated critical or important, at no extra cost. Kernel live patching allows you to patch a running kernel to address vulnerabilities in less time without rebooting your system—minimizing downtime without compromising your focus on security.

Provide automatic health, discovery, and security assessments

System administrators benefit from proactive monitoring and remediation services for their SAP infrastructure. Learn more about Red Hat’s application-focused view for SAP HANA deployments, making it easier to manage SAP systems.

View reported issues and remediate with ease

Red Hat simplifies SAP system administrator tasks by analyzing systems with suggested remediation guidance using Red Hat Insights. Besides SAP-specific content, Red Hat Insights can find different issues that may not be obvious to administrators, but can affect the viability of systems. Things like a mistake in a critical configuration file that would render a machine inoperable on the next reboot, misconfiguration of service settings that could add attack risk to your infrastructure, or even complex issues with interactions between different service configurations.

Build a standard operating environment with system roles

Efficiently manage systems across different Red Hat Enterprise Linux versions with system roles that provide consistent workflows and streamline the execution of manual tasks, requiring less time. For SAP system administrators, Red Hat offers roles tailored to prepare systems with SAP recommended configuration, prior to installing software, and to report how systems are configured.

Try Red Hat Enterprise Linux for SAP Solutions at no cost

Start your no-cost, 60-day trial of Red Hat Enterprise Linux for SAP Solutions and get access to the technology, documentation, videos, discussions with peers, the customer portal, and more.

Edge management

Red Hat Enterprise Linux edge management helps organizations manage their needs and scale deployments at the edge with added focus on security. The benefits of zero-touch provisioning, system health visibility, and quick security remediations are available from a single interface. 

These capabilities provide control and certainty at every life stage of an edge system.

Customizable OS image generation

Create purpose-built system images using image builder. Build and deploy in less time and more efficiently maintain system images for your machines outside the datacenter. 

Red Hat Enterprise Linux image-based deployments are optimized for edge architectures, but customizable for your specific requirements. Take advantage of the software and life cycle from Red Hat and supplement with your own content and software.

Remote device update mirroring

Red Hat Enterprise Linux allows for image updates to be mirrored and staged transparently in the background, minimizing service interruption.

IT teams can push OS updates or application code to production and rely on individual edge devices to stage and apply them at the best time or scheduled maintenance window. This flexibility ensures that updates are applied on your terms to help maximize uptime and reduce administrative effort.

Edge simplified installer and onboarding

Deploy your images through the network or local install media. Besides having a choice of how to install your edge systems, Red Hat Enterprise Linux supports FIDO Device Onboarding (FDO) as a security standard for devices. This allows you to automate post-provisioning steps and remotely onboard to management platforms.

Efficient over-the-air updates

Support edge environments that have either low bandwidth, limited, or intermittent connectivity. 

Red Hat Enterprise Linux helps administrators with edge systems in difficult to reach places to update more efficiently. When updates are deployed, only those blocks that have changed in the image are transferred. This uses less bandwidth and transfers updates in less time.

Intelligent OS rollbacks

Run health checks to verify the system, critical services, and applications. 

You are able to define a series of health checks to execute at boot to validate the state of your systems. During an update procedure, if the new system fails during an update procedure, you can automatically revert to the last known good system state.

Automatic container updates and rollbacks

Podman’s auto-update capability can detect if an updated container fails and automatically rollback to the last working version. 

Edge images include Red Hat Enterprise Linux container tools. Combining features of the container tools, like automatic container updates and deployments, with existing system capabilities allows you to not only pull and deploy updated containerized workloads as they become available, but also recognize when that update fails to start correctly and redeploy the last version of the application

Streamline manual tasks with Red Hat

Red Hat Enterprise Linux system roles are a collection of supported roles that provide consistent workflows to streamline the execution of manual tasks. You no longer need to be an expert to manage and configure systems across different Red Hat Enterprise Linux versions. For example, the network system role simplifies configuration across multiple servers with automation.

Automate configurations

You can automate configurations across a population of servers by combining multiple roles, such as timesync, kernel setting, and tlog. Using these roles together lets you set the network time protocol (NTP) server settings, kernel tunables for your system workload, and provide terminal session recording across your system population while maintaining common operating environment configurations.

Control settings for entire populations

Red Hat Enterprise Linux system roles use Red Hat Ansible Automation Platform inventory files that break systems into subgroups and allow you to apply roles to certain groups of hosts or apply unique settings to each group of hosts. This gives you more control over what settings are applied where. For example, with the kernel settings role, you could apply 1 set of kernel settings for your database servers and a different set of kernel settings for your file servers.

Simplify and accelerate deployments

Included in your Red Hat Enterprise Linux subscription, image builder saves time by giving you a single tool to create consistent, gold template images that can be deployed into many runtime environments. 

Image builder takes care of the details needed for cloud, virtual, and physical platforms so you can deploy on different platforms in less time according to your business needs

Add third-party packages to optimize workloads

When creating your gold images using image builder, you are not limited to only Red Hat Enterprise Linux content. Image builder lets you install custom or third-party packages at build time with RPM Package Manager, allowing your images to be optimized for your workload and use case while saving provisioning time.

Customize images with libguestfs

Customize your gold system images using libguestfs, a set of tools that provides additional modification capabilities to the OS images created by image builder. With libguestfs, you can inspect system images, drop in or adjust configuration files, place application content, and more.

Simplify IT administration

Red Hat Enterprise Linux web console simplifies administration and helps you accomplish complex tasks, making administration painless and attainable to new users and advanced experts. Web console lets you view and configure devices across your complex infrastructure, from applying system updates to managing network and storage devices.

Understand firewall rules

Firewall rules can be challenging to view and understand. Web console graphical interface simplifies firewall rule reviewing and editing so you can understand security effects and manage network access to systems. You can better manage tasks, including opening the port to a database application so that services are accessible through the firewall.

Gain performance insights without complicated commands

Using the command-line interface to gain performance insights can be challenging. Red Hat Enterprise Linux web console saves time and simplifies how administrators view performance data with new visual insights into network, central processing unit (CPU), memory, and disk performance—all without writing complicated, time-consuming commands.

Extend the web console

Web console in Red Hat Enterprise Linux is modular and extensible, allowing you to choose what functions should be available on your system. You can extend the web console by adding applications, including image builder, virtual machine management, container management, session recording, storage, and subscription manager.

Optimize workload performance with TuneD

TuneD is a Linux service that uses profiles to optimize your systems for different workloads and use cases. Built-in TuneD performance profiles can tune a broad range of workloads in a single command. TuneD profiles allow you to apply performance settings and get the best performance from your system—without getting overwhelmed with the technical details of the system.

Get a real-time snapshot with web console

To understand complex system metrics, you need a single, simple-to-use dashboard. A web-based graphical interface helps you visualize CPU, memory, storage, and network performance metrics and deploy configured performance profiles. Whether you’re managing systems in a datacenter, public cloud, or on edge devices, you can see live statistics and historical data, making it easy to put all the pieces together and get a complete picture of your environment.

Analyze performance with lightweight bcc-tools

Do you want to observe performance metrics without adding system overhead? BPF Compiler Collection (bcc) tools help you gather kernel information and analyze the performance of your Linux OS. Based on extended Berkeley Packet Filter (eBPF) technology, the bcc-tools package delivers a variety of lightweight and high-performance, Python-based programs to profile specific, programmable performance metrics.

View historical metrics with Performance Co-Pilot

Performance Co-Pilot (PCP) is a lightweight tool that gives you a complete view of performance metrics across your environment. With historical data capture, you can see usage, saturation, and error metrics for CPU, memory, storage, and network, all graphed in a historical table in the web console. You can see what your usage and saturation metrics look like at any point across the different resources, without waiting for them to happen again. To shorten your time-to-issue resolution, access the historical metrics data and share it directly with the Red Hat support team.

Deliver rich data visualizations by integrating with Grafana

Grafana is an open source analytics application that can be integrated with PCP to build rich visualizations on top of your performance data. By combining the preloaded Grafana dashboards with the remote logging capabilities of PCP, you can aggregate real-time and historical data from a variety of hosts into a single view for analysis and troubleshooting. To monitor your ecosystem applications, such as SQL Server, you can choose from a variety of plug-ins.

Apply up-to-date, timely security improvements

Throughout the 10-year life cycle of Red Hat Enterprise Linux, you have access to performance-related patches to help you benefit from security improvements and get the most out of your investment. If downtime is not an option while applying these patches, use the live patching tool. If you are unsure what patches have been applied, the patch services in Red Hat Insights (included in your subscription) can help you stay up to date with the latest product advisories.

Benchmark workload performance prior to production

Creating a baseline is 1 of the first steps to measuring system performance. If you do not understand your baseline performance or face inconsistencies in data collection, you won’t know what to improve, such as processing speeds or data storage. This level of understanding helps you plan and troubleshoot any future performance issues.

Optimize performance with hardware capacity planning

Many complex performance issues often turn out to be related to hardware capacity. If you’re not getting the performance you need, evaluate whether your applications are saturating or overworking your existing hardware resources. In most cases, adding more resources may help you get the performance you need.

Improve your IT life cycle planning

Make informed Red Hat Enterprise Linux system upgrade decisions with a long life cycle, including:

• A long major release life cycle that lets you standardize for up to 10 years without worrying about breaking your applications.
• A Red Hat Enterprise Linux Extended Update Support (EUS) Add-On that gives you the option to extend support—including bug fixes and security patches—so you can upgrade between minor releases less frequently.
• An Extended Life Cycle Support (ELS) Add-On subscription that allows you to extend Red Hat Enterprise Linux support beyond 10 years so you can strategically plan OS life cycle transitions with predictable schedules and clear Red Hat guidance.

Keep pace with the latest supported version of Red Hat Enterprise Linux

Leapp is a utility that gives you the control, confidence, and freedom you need to streamline your upgrade to the latest version. A preupgrade analysis provides application compatibility and remediation guidance. Moreover, it can perform the upgrade in minutes when you are ready while maintaining your customizations, configurations, and preferences.

Simplify your migration to Red Hat Enterprise Linux

Convert2RHEL gives you the control, confidence, and freedom to migrate from CentOS Linux or Oracle Linux to fully supported Red Hat Enterprise Linux in less time. Avoid costly redeployment projects with a single automated path that maintains your customizations, configurations, and preferences during the migration.

Streamline deployment across a hybrid cloud environment

Image builder for Red Hat Enterprise Linux helps you reduce provisioning time, optimize infrastructure, and accelerate future workload deployments by creating customizable OS images that are compatible with most major cloud providers and virtualization technologies available on the market today. Image builder automatically handles the details of how to deploy to a cloud environment, virtual machine, or image so that you can implement Red Hat Enterprise Linux on different platforms, according to your business needs