Chapter 1. Overview
Security
- The SELinux userspace has been rebased and provides various enhancements and performance improvements. Notably, the new SELinux module store supports priorities, and the SELinux Common Intermediate Language (CIL) has been introduced.
- OpenSCAP workbench now provides a new SCAP Security Guide integration dialog and enables modification of SCAP policies using a graphical tool.
- The OpenSCAP suite now includes support for scanning containers using the
atomic scan
command. - Upgraded
firewalld
starts and restarts significantly faster due to a new transaction model. It also provides improved management of connections, interfaces, and sources, a new default logging option, andipset
support. - The
audit
daemon introduces a new flush technique, which significantly improves performance. Audit policy, configuration, and logging have been enhanced and now support a number of new options. - Media Access Control Security (MACsec) encryption over Ethernet is now supported.
See Chapter 15, Security for more information on security enhancements.
Identity Management
The highlighted new features and improvements related to Identity Management (IdM) include:
- Improved performance of both IdM servers and clients in large customer environments
- Enhanced topology management and replica installation
- Extended smart card support for Active Directory (AD) users
- Fine-grained configuration of one-time password (OTP) authentication
- Improved troubleshooting capabilities of IdM clients.
Red Hat Enterprise Linux 7.2 introduced the Ipsilon identity provider service for federated single sign-on (SSO). Subsequently, Red Hat has released Red Hat Single Sign-On as a web SSO solution based on the Keycloak community project. Red Hat Single Sign-On provides greater capabilities than Ipsilon and is designated as the standard web SSO solution across the Red Hat product portfolio.
For details on Red Hat Single Sign-On, see:
Note that Red Hat does not plan to upgrade Ipsilon from Technology Preview to a fully supported feature. The ipsilon packages will be removed from Red Hat Enterprise Linux in a future minor release.
Entitlements to Red Hat Single Sign-On are currently available using Red Hat JBoss Middleware or OpenShift Container Platform subscriptions.
For detailed information on changes in IdM, refer to Chapter 5, Authentication and Interoperability.
Core Kernel
- Support for Checkpoint/Restore in User space (CRIU) has been expanded to the the little-endian variant of IBM Power Systems architecture.
- Heterogeneous memory management (HMM) feature has been introduced as a Technology Preview.
For more kernel features, refer to Chapter 12, Kernel. For information about Technology Previews related to kernel, see Chapter 42, Kernel.
Networking
- Open vSwitch now uses kernel lightweight tunnel support.
- Bulking in the memory allocator subsystem is now supported.
- NetworkManager now supports new device types, improved stacking of virtual devices, LLDP, stable privacy IPv6 addresses (RFC 7217), detects duplicate IPv4 addresses, and controls a host name through
systemd-hostnamed
. Additionally, the user can set a DHCP timeout property and DNS priorities.
For more networking features, see Chapter 14, Networking.
Platform Hardware Enablement
- Support for the Coherent Accelerator Processor Interface (CAPI) flash block adapter has been added. For detailed information, see Chapter 10, Hardware Enablement.
Real-Time Kernel
- A new scheduler policy,
SCHED_DEADLINE
has been introduced as Technology Preview. This new policy is available in the upstream kernel and shows promise for certain Realtime use cases. For details, see Chapter 43, Real-Time Kernel.
Storage and File Systems
- Support for Non-Volatile Dual In-line Memory Module (NVDIMM) persistent memory architecture has been added, which includes the addition of the
libnvdimm
kernel subsystem. NVDIMM memory can be accessed either as a block storage device, which is fully supported in Red Hat Enterprise Linux 7.3, or in Direct Access (DAX) mode, which is provided by the ext4 and XFS file systems as a Technology Preview in Red Hat Enterprise Linux 7.3. For more information, see Chapter 17, Storage and Chapter 12, Kernel in the New Features part, and Chapter 39, File Systems in the Technology Previews part. - A new Ceph File System (CephFS) kernel module, introduced as a Technology Preview, enables Red Hat Enterprise Linux Linux nodes to mount Ceph File Systems from Red Hat Ceph Storage clusters. For more information, see Chapter 39, File Systems.
- Support for pNFS SCSI file sharing has been introduced as a Technology Preview. For details, refer to Chapter 39, File Systems.
- LVM2 support for RAID-level takeover, the ability to switch between RAID types, is now available as a Technology Preview. See Chapter 45, Storage for more information.
Clustering
For Red Hat Enterprise Linux 7.3, the Red Hat High Availability Add-On supports the following major enhancements:
- The ability to better configure and trigger notifications when the status of a managed cluster changes with the introduction of enhanced pacemaker alerts.
- The ability to configure Pacemaker to manage multi-site clusters across geo-locations for disaster recovery and scalability through the use of the Booth ticket manager. This feature is provided as a Technology Preview.
- The ability to configure Pacemaker to manage stretch clusters using a separate quorum device (QDevice), which acts as a third-party arbitration device for the cluster. This functionality is provided as a Technology Preview, and its primary use is to allow a cluster to sustain more node failures than standard quorum rules allow.
For more information on enhancements to the Red Hat High Availability Add-On, see Chapter 6, Clustering in the New Features Part and Chapter 38, Clustering in the Technology Previews part.
Desktop
- A new instant messaging client, pidgin, has been introduced, which supports off-the-record (OTR) messaging and the Microsoft Lync instant messaging application.
For more information regarding changes in desktop, refer to Chapter 8, Desktop.
Internet of Things
- Red Hat Enterprise Linux 7.3 provides latest Bluetooth support, including support for connecting to Bluetooth Low Energy (LE) devices; see Chapter 14, Networking.
- Controller Area Network (CAN) device drivers are now supported, see Chapter 12, Kernel for more information.
- Red Hat Enterprise Linux 7 kernel is now able to use the embedded MMC (eMMC) interface version 5.0. For details, refer to Chapter 10, Hardware Enablement.
Linux Containers
- The System Security Services Daemon (SSSD) container is now available for Red Hat Enterprise Linux Atomic Host as Technology Preview. See Chapter 37, Authentication and Interoperability for details.
Red Hat Insights
Since Red Hat Enterprise Linux 7.2, the Red Hat Insights service is available. Red Hat Insights is a proactive service designed to enable you to identify, examine, and resolve known technical issues before they affect your deployment. Insights leverages the combined knowledge of Red Hat Support Engineers, documented solutions, and resolved issues to deliver relevant, actionable information to system administrators.
The service is hosted and delivered through the customer portal at https://access.redhat.com/insights/ or through Red Hat Satellite. For further information, data security, and limits, refer to https://access.redhat.com/insights/splash/.
Red Hat Customer Portal Labs
Red Hat Customer Portal Labs is a set of tools in a section of the Customer Portal available at https://access.redhat.com/labs/. The applications in Red Hat Customer Portal Labs can help you improve performance, quickly troubleshoot issues, identify security problems, and quickly deploy and configure complex applications. Some of the most popular applications are: