Red Hat's new Linux package boasts power and security

We found huge performance gains over previous editions of Red Hat Enterprise Linux, beefed up security options and vastly improved hardware detection mechanisms.

When Red Hat rolls out Red Hat Enterprise Linux 4.0 next week, the red carpet treatment may be warranted. In our Clear Choice test of this operating system package (we tested RHEL 4.0 Advanced Server, Red Hat's most robust Linux distribution), we found huge performance gains over previous editions, beefed up security options and vastly improved hardware detection mechanisms. For this combination, we give RHEL 4.0 a Network World Clear Choice award.

The increased speed comes by way of the new Linux 2.6.9 kernel. RHEL 4.0 posted numbers in our Web transactional test that showed a 23% hike over the numbers posted by RHEL 3.0 on identical hardware (See graphic, below).


How we did it

Archive of Network World tests

Subscribe to the Network Product Test Results newsletter


The increase in security comes by way of an optional Security Enhanced Linux (SELinux) kernel modification. These SELinux modifications - which are compiled into the Linux kernel by default at installation - get rid of root user and hierarchical privilege vulnerabilities.

This is the first time these methods have been included in an enterprise distribution. They are designed to improve security by directly controlling application access to operating system services. SELinux provides configuration control of every privileged service running inside its environment. These links prevent root user-access manipulation from exploits attempted against a server.

In practical use, SELinux can keep in check applications that attempt to claim privilege higher than those already established by user and group permissions. These applications then can be configured to limit their action to specific up-privileged resources, rather than those privileges connoted by user access.

Strict enforcement of privilege might stop (especially older) applications, but SELinux log files then can be used to alter services or fix applications so that they can run inside this more secure environment. There are older Unix/Linux/BSD applications that might try to make unapproved calls to printing services or older device code running on a server. To get these working inside the SELinux environment, you'd have to make changes to the Linux configuration file. We experienced such a problem with an older printing application, but we could make it work inside the SELinux parameters by adding a single line to the SELinux configuration files.

The better hardware detection is brought to the operating system by way of improvements in Anaconda, Red Hat's hardware installer/detector. This program made no mistakes in our diverse server platform compatibility tests (see How we did it ).

The use of faster CD-ROM drivers was a small pleasure. This made installation via CD faster than it was with previous editions. We configured PXE boot, and found that this was the easiest and fastest method of populating the many servers we tested for compatibility.

Also, Red Hat has significantly boosted its list of detectable devices - especially in troublesome areas such as embedded SCSI controllers and unusual network cards. Hardware changes, such as the change or addition of items like host-bus adapters and USB devices, were handled flawlessly.

Sun's NFS Version 4 is supported by RHEL 4.0. Our testing of this new file system support - while limited by our test network - showed both faster mounts and dismounts than we've seen in past Linux tests. We also noted faster file system access from within applications. This version is backward compatible with NFS Version 3, and we were able to easily mount and dismount file systems across platforms.

Performance of RHEL 4.0 was very good to excellent overall, and a marked improvement over RHEL 3.0. We conducted tests on several platforms to gauge improvements between RHEL versions, as well as a comparison between 32- and 64-bit versions.

These tests measured the operating system's ability to handle Web connections and Web-based transactions. We ran Apache 2.0.3 on top of RHEL 4.0 on each machine. The Linux 2.6.9 kernel gives Red Hat the same speed boosts in our 32-bit tests that we saw when we tested Novell's SuSe Linux Enterprise Server 9.0 (see here ). when it first sported the new kernel.

Red Hat Enterprise

Linux Version 4

Advanced Server
OVERALL RATING
4.63
Company: Red Hat Cost: $2,500. Pros: Improved performance; better security with SELinux extensions; outstanding hardware detection. Con: Some applications might need modifications to run within new security parameters.
The breakdown   

Installation/integration 25%

4.75
Performance 25%4.75
Management/administration 25%4.5
Security 25%4.5
TOTAL SCORE  4.63
Scoring Key: 5: Exceptional; 4: Very good; 3: Average; 2: Below average; 1: Consistently subpar

Also, as we saw with Novell's flavor of Linux when we ran it on a 64-bit server, performance of RHEL 4.0 on a 64-bit platform runs circles around the same code compiled, and running on, a 32-bit box. The ability of the twin-CPU AMD64 Polywell 2200S server used in this test to support Non-Uniform Memory Access techniques likely contributed to the improved 64-bit scores.

User and services management in this Red Hat package can be done through manual configuration, or by using simple drop-box configurations from the default open source user interface, Gnome. Red Hat's disk management has been improved via a new version of its Linux Volume Manager (LVM2). We tested LVM2 using RAID configurations on HP hardware, as well as mounting and dismounting storage-area network resources. The LVM2 application allows dynamic partitioning without halting disk/volume/partition resources during changes. Formatting new partitions is simpler overall, and the information is more logically presented.

Red Hat continues to polish Linux by paying attention to security and speed. On the surface, it looks like the same old Red Hat, but under the hood it's got a souped-up engine with enhanced safety features.

Learn more about this topic

Henderson is principal researcher for ExtremeLabs of Indianapolis. He can be reached at thenderson@extremelabs.com.

NW Lab Alliance

Henderson is also a member of the Network World Lab Alliance, a cooperative of the premier reviewers in the network industry, each bringing to bear years of practical experience on every review. For more Lab Alliance information, including what it takes to become a member, go to www.nwfusion.com/alliance.

Join the discussion
Be the first to comment on this article. Our Commenting Policies