Red Hat Enterprise Linux Benefits & Migration Strategies as CentOS 7 nears End of Life
As CentOS 7, a FOSS derivative of Red Hat Enterprise Linux (RHEL), comes to its end of life less than a year from now (June 30, 2024), users of the popular operating system need a strategy for migrating to a supported operating system.
There are several ways in which Red Hat has made it easy to take this opportunity to move from CentOS 7 to Red Hat Enterprise Linux, and many reasons that it makes technical and fiscal sense for Intelligence Community (IC) agencies and systems integrators to do so. Here are some reasons to make Red Hat Enterprise Linux the center of your post-CentOS strategy.
Production Requirements in IC Environments
Red Hat is the leading commercial contributor to the Linux® kernel and countless other open-source projects and is a leading provider of enterprise open-source software solutions. Red Hat Enterprise Linux supports more than 90% of Fortune 500 companies and has a long history of supporting enterprise workloads in both the private and public sectors. Red Hat has been in business for 30 years and has delivered Red Hat Enterprise Linux for 20+ years, with its 9th major release delivered in May 2022.
Red Hat has made it easy for IC agencies and systems integrators to utilize RHEL in their mission environments – it is available for customers to download. Some agencies even import patches into their networks regularly. RHEL is also available in hourly images and bring-your-own license (BYOL) subscription models on all commercial and IC cloud providers.
FIPS and Common Criteria Certifications
Red Hat has a proven track record of obtaining certification validations required for production use, such as FIPS and Common Criteria. Red Hat Enterprise Linux security certifications do not transfer to derivative distributions, meaning that derivative distribution providers must attain governmental and public security certifications for distribution themselves. The basis of these certifications is done through rigorous reviews of source code, binaries, and engineering processes. As a result, most derivative distributions do not carry significant security certifications.
Stable Long Term Support for Mission Workloads
Mission-critical workloads often require longer-term support, as they are kept at the same release level until a significant retrofit is done rather than upgrading to a newer release. For the system to maintain accreditation, that requires a support vendor who can provide a robust OS and support it for a decade or longer after the initial release. Others only require more extended support for a minor release so that it can correspond with their release cycle. Red Hat offers support for both.
While the RHEL base lifecycle for a significant release is ten years, hyperscaler-provided free operating systems have shorter life cycles, best used for shorter-lived workloads that will be spun up, used, and destroyed. However, many government organizations have been told to move to the cloud and are still working with long-running workloads. Suppose your organization migrates or deploys long-lived applications to the cloud due to a mandate. In that case, these “free” operating systems are not an excellent long-term strategy for your organization.
Extended Lifecycle Support (ELS)
Red Hat offers Extended Lifecycle Support (ELS), an optional Add-On subscription for certain Red Hat Enterprise Linux subscriptions, intended to support mission essential customers who need a more extended system lifecycle for an extra two years (a total of 12 years for a major release). ELS delivers particular Red Hat-defined Critical and Important security fixes and selected (at Red Hat discretion) urgent priority bug fixes and troubleshooting for the last minor release.
To support our customers in completing their planned migrations, Red Hat is announcing a one-time, 4-year ELS period for Red Hat Enterprise Linux 7 ELS. Compared to previous significant releases, ELS for RHEL 7 also expands the scope of security fixes by including updates that address Important CVEs.
Extended Update Support
Red Hat offers Extended Update Support (EUS) for Red Hat Enterprise Linux for mission-focused organizations that can only upgrade sometimes. EUS provides the option to standardize on a specific minor release for an extended period while still receiving technical support and errata updates.
While Red Hat offers these extensions that provide support and patches beyond the standard Enterprise Linux production support period, Red Hat does not publicly publish the source code for these patches. As a result, derivative vendors must develop their patches, or cease to deliver patches, when the standard production support period for the equivalent version of Red Hat Enterprise Linux ends.
Live Kernel Patches
Linux kernel live patching applies critical security patches to a running Linux kernel without rebooting or interrupting runtime. By their very nature, security patches are unscheduled; without live patching, applying a security patch to the kernel means a reboot of the host, and this can often cause administrators to delay deploying essential security patches and leaving systems vulnerable to attack. All active Red Hat Enterprise Linux subscriptions include access to live kernel patches for critical and vital Common Vulnerabilities and Exposures (CVEs) at no extra cost. Red Hat does not publish the source code for Red Hat Enterprise Linux live kernel patches. Derivative vendors must develop these patches themselves, and most do not dedicate personnel to constructing and compiling these patches for their distribution.
Enterprise Level OS Support
Most organizations who need to deploy enterprise systems at scale have found that managing their infrastructure requires more than OS package repositories to enable their infrastructure teams to be effective. Red Hat Satellite can manage the life cycle of Red Hat infrastructure and configuration content and efficiently manage your Linux systems. Satellite helps mission environments by improving system-to-administrator ratios through automating patch and configuration management and provisioning and by allowing junior-level administrators to perform senior admin tasks organized in an intuitive interface. This is especially useful in the IC, where clearance requirements artificially cap the number of senior systems administrators.
Red Hat Satellite can also enable organizations by playing a pivotal role in automatically moving packages from the secure Red Hat content delivery network to disconnected networks, thereby reducing the effort required to maintain a secure infrastructure. Several IC agencies have implemented this methodology to ensure the availability of patches, reduce costs, and remove the toil of manually moving packages from one network to another.
Reduced Cost of Operating the OS
Red Hat supports its users beyond the OS and patches in ways that decrease the cost of use. Most projects responsible for rebuilding derivative operating systems do not provide commercial support for their free Linux distributions. Without this, IT staff must handle platform support issues, including management and provisioning, on their own, requiring more time and people. This results in higher overall costs. Compared to unpaid Linux distributions, Red Hat Enterprise Linux users experience 23% lower three-year cost of operations, 32% more efficient IT infrastructure teams, and 72% less unplanned downtime.
Red Hat Support Resources
With a Red Hat Subscription, you can access phone and online support to open a support case, live chat with a support engineer, or speak directly with a Red Hat support expert by phone. Red Hat support engineers can access the Red Hat product engineers that build RHEL, and the Linux Kernel. Confirmed stateside support is available to ensure the engineers you work with are US citizens, and many IC agencies have support contracts that enable cleared on-site Red Hat engineers and Technical Account Managers to view your logs and who know the technical details of your mission and what you need and do.
Red Hat Documentation
Red Hat produces documentation for Red Hat Enterprise Linux, enabling engineers to deploy the operating system more effectively with fewer resources and issues. Product documentation exists for planning, installing, upgrading, administration, cloud deployment, security, networking, identity management, storage, virtualization, and developing applications on the platform. In addition to the availability of this documentation, Red Hat has invested in making these capabilities available on the IC high-side networks. Currently, with limited availability until ATO, the system will make Red Hat product documentation and knowledgebase articles available for Red Hat customers.
Red Hat Reference Architectures
Red Hat References Architectures are developed in collaboration with Red Hat’s ecosystem partners to ensure customers have known good models to work with when deploying software in their environments, to support scale, ease of deployment, and supportable architectures.
Red Hat Support for the IC
Red Hat’s federal services organization currently has over 60 TS/SCI-cleared personnel with access to multiple IC agencies. These cleared resources can work on-site to support the IC mission with access to the Red Hat engineering teams building RHEL. These individuals understand the unique requirements of these agencies and the nature of disconnected environments.
Red Hat Developer Subscription for Teams
Organizations that use CentOS Linux for their development environments and run a Red Hat offering for their production environments now have a Red Hat Enterprise Linux offering that can replace CentOS Linux with a RHEL subscription and all the benefits of the Red Hat Developer Program. The zero-cost Red Hat Developer Subscription for Teams provides customers access to RHEL to support their development work. This includes access to enough physical or virtual entitlements for all development needs and includes all the benefits of Red Hat Enterprise Linux, including rapid security updates, access to all the RHEL certifications, RHEL management tools, including Red Hat Satellite, and access to RHEL extended lifecycle offerings. Additionally, developers can access the Red Hat Customer Portal and Red Hat Knowledgebase, getting started guides, documentation, and a rich catalog of certified applications.
Now is the time to develop your organizational strategy for migrating off CentOS 7. Many organizations who do not put the time and effort into determining a path forward now will run out of time and find that they cannot get security patches and can’t maintain their system accreditation. Fortunately, Red Hat has tools and resources to make it easy for IC agencies and systems integrators to migrate from CentOS or another Red Hat derivative to a supported operating system.
Red Hat’s Convert2RHEL tool lets you quickly convert CentOS and other RHEL derivative Linux systems directly to Red Hat Enterprise Linux systems and has been validated to work on IC networks. Convert2RHEL minimizes the need for costly redeployment projects and reduces administrative burden by maintaining existing operating system customizations, configurations, and preferences during the conversion.
Red Hat Services
For larger, more complex migration projects, you can also engage Red Hat Consulting to help accelerate your migration. Cleared Red Hat experts can come on-site to bring proven knowledge, experience, and backing of Red Hat product engineers to your migration project to help you identify and convert critical applications and workloads and mentor your team to continue confidently afterward.
Now is the right time to develop your strategy for what your organization will do after CentOS 7 comes to its end of life next year. Hopefully, you are considering the advantages of working with a Linux vendor with a long history of support for the IC.
For more questions on this topic, please contact a Red Hat Account Manager. Or visit https://red.ht/icn to learn more about what we can do for your organization.
About Red Hat
Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies. Red Hat helps customers develop cloud-native applications, integrate existing and new IT applications, and automate and manage complex environments. A trusted adviser to the Fortune 500, Red Hat provides award-winning support, training, and consulting services that bring the benefits of open innovation to any industry. Red Hat is a connective hub in a global network of enterprises, partners, and communities, helping organizations grow, transform, and prepare for the digital future.
About IC Insiders
IC Insiders is a special sponsored feature that provides deep-dive analysis, interviews with IC leaders, perspective from industry experts, and more. Learn how your company can become an IC Insider.