Red Hat, Suse refresh OSes

It wasn’t that long ago that Linux made for a decent server and a geek’s workstation. Now, Linux makes for an enterprise-class server and could be my mother’s workstation — it already runs on her TiVo.

With the recent release of Novell’s SLES9 (Suse Linux Enterprise Server 9) and the even more recent release of RHEL4 (Red Hat Enterprise Linux 4), there’s much ado about something in the Linux OS space.

Suse’s Assimilation

Of the two OSes, Suse Linux has the hardest road ahead. The Novell acquisition has lit a fire under the development team, but it’s likely to be a year or more before we see a truly cohesive product that melds the old-school Novell paradigm to the new Suse foundation.

That said, Suse isn’t losing any ground. SLES9 is a solid and capable Linux distribution with all the power and scope that you could hope for, but it occasionally tries too hard in some places and not hard enough in others.

The installer has the polished, all-graphical feel that marks most Linux distributions these days. On a few lab servers, however, the installer couldn’t accurately detect the video hardware initially, and called the text-based installer as a fallback.

The normal Suse installer configuration, preparation, and package selection modules of the YaST (Yet Another Setup Tool)-driven install are present, with a few minor changes to incorporate newer features such as the LDAP directory server configuration panels.

SLES9’s default options are relatively well-thought-out, with the possible exception of the DES default on local password encryption. It may be the Unix standard, but times have changed (MD5 and Blowfish are provided as options).

The OS boots to Linux kernel v2.6.5, with Suse customizations. Device detection wasn’t an issue on any of the server-class hardware in the lab, including a wide array of common SATA and SCSI RAID controllers. Some less expensive controllers will prove problematic owing to a lack of hardware vendor support.

Suse includes some handy options in the initial install, including support for encrypted volumes, which isn’t present in Red Hat. Truthfully, these are configured as crypto loop devices, not actual encrypted partitions, but the capability is there. The LDAP configuration is also straightforward, as is the default authentication method.

Suse Linux has always been big on management, and SLES9 is no exception. The YaST2 toolset is a great benefit, providing simple GUI configuration and management of most major functions of the OS.

When you step outside those boundaries, however, things become complex in a hurry. If a particular package has an option that isn’t supported by YaST2 and SuSEconfig, then manual modification of the SuSEconfig scripts may be necessary. That can result in somewhat erratic behavior during updates and, if the admin isn’t careful, can cause configuration files to be rewritten without the previous changes.

For instance, to add a milter definition to a sendmail configuration, you must modify the sendmail SuSEconfig script to include the INPUT_MAIL_FILTER definition in the sendmail macro file, because SuSEconfig builds the macro file during its run rather than relying on a flat file. Once you overcome those hurdles, the packages function as they should — but if you’re planning on coloring outside the lines often, be prepared for some legwork.

Suse’s update framework is built on YOU (YaST2 Online Updater), a tool that links to a Suse site to retrieve and install security patches and system updates. Although not as streamlined as Red Hat’s up2date, YOU now provides a reasonable array of features, including automatic updates.

Red Hat Rolls On

Red Hat released RHEL3 in October 2003 and took some heat for not incorporating the new v2.6 kernel via update when it was officially released in January 2004. RHEL4 marks Red Hat’s official foray into the new kernel, with RHEL booting to a customized v2.6.9 kernel.

RHEL4 may look familiar to everyday Linux users because Red Hat has been investing heavily in its community-supported spin-off, Fedora, Red Hat’s original Red Hat Linux line. RHEL4 was developed from a Fedora Core 3 release candidate version.

Fedora is Red Hat’s true beta OS, and thousands of unofficial QA testers all over the world hammer willingly on it every day. Bugs discovered in Fedora will expedite the same fix in RHEL, and packages that are added and tweaked on Fedora soon become updates to RHEL. The only real difference is the release cycle (Fedora has gone through three versions in the same time RHEL has gone through only one) and the e-mail, Web, and phone support packaged with RHEL.

Red Hat’s focus on Fedora serves as the base for Red Hat Advanced Server 4, RHEL4, Workstation, and Desktop. This makes the overall solution cohesive and portable: Custom packages developed for Workstation are applicable to the Desktop product and so forth.

The changes in RHEL4, then, are quite similar to the changes in Fedora Core 3. The default inclusion of SELinux security enhancements is notable in that they are also enabled by default. This feature can be disabled during the install, or set to warn only when flags are tripped. Also new is the default to LVM (Logical Volume Management) when using automatic partitioning. LVM lets administrators move partition sizes around easily after installation.

The v2.6.9-based kernel goes a long way toward improving overall system performance (see “Linux v2.6 Scales the Enterprise,” infoworld.com/2521). The new anticipatory scheduler and I/O subsystem enhancements shine in RHEL4 — proving it was high time that Red Hat officially supported the updated kernel.

RHEL4 also has significantly greater device support, especially on the desktop end. Digital cameras, MP3 players, and other common desktop devices are much simpler to manage and use.

Red Hat’s online update service, RHN (Red Hat Network), has been available since the halcyon days of Red Hat Linux 7 but has undergone a substantial revision. Licensed copies of RHEL versions can be registered with RHN, and all server updates can be scheduled right from the RHN Web site. Automatic updates are also possible via up2date and the Red Hat daemon that checks in with RHN servers on a scheduled basis.

Managing server entitlements can be a bit onerous, however, because it’s not possible to move any required entitlements from server to server following a rebuild, and servers must be deleted to free up licenses. That said, the up2date/RHN combination is simple and functional.

Movin’ On Up

The lack of coherent centralized directory management and group policies has been a major thorn in the side of widespread corporate Linux adoption, but progress is being made.

Red Hat recently purchased the Netscape Directory Server and Certificate Manager assets from AOL. In the near future, Red Hat will integrate these solutions into its enterprise releases, continuing the move toward a Windows-style domain architecture.

For Suse, the acquisition by Novell brought huge benefits, as well as the onus of integration. Novell’s existing directory server, eDirectory, and associated management tools will need to be integrated tightly with the Suse Linux layers to bring Novell stalwarts to the next level. Novell’s large, established base definitely has been shrinking, but the new life provided by the Suse merger easily could slow that trend.

Ultimately, both of these OSes are solid Linux distributions. Suse’s edge in the GUI management utilities is clear, but it is much simpler to extend RHEL4’s capabilities without running into problems with automated configuration processes. Suse will benefit from the integration of Novell’s solid management tools — and Red Hat should really be adding to its GUI toolset.

Look for both Red Hat and Suse to release milestone products in 2005 and 2006 that will firm up these endeavors and bring their goal of an enterprise minus Microsoft closer to reality.