Chapter 1. Overview

Security

  • Red Hat Enterprise Linux 7.4 introduces support for Network Bound Disk Encryption (NBDE), which enables the system administrator to encrypt root volumes of hard drives on bare metal machines without requiring to manually enter password when systems are rebooted.
  • The USBGuard software framework provides system protection against intrusive USB devices by implementing basic whitelisting and blacklisting capabilities based on device attributes.
  • The OpenSSH libraries update includes the ability to resume interrupted uploads in Secure File Transfer Protocol (SFTP) and adds support for a new fingerprint type that uses the SHA-256 algorithm. This OpenSSH version also removes server-side support for the SSH-1 protocol.
  • Multiple new Linux Audit capabilities have been added to enable easier administration, to filter the events logged by the Audit system, gather more information from critical events, and to interpret large numbers of records.
  • The OpenSC set of libraries and utilities adds support for Common Access Card (CAC) cards and now provides also the CoolKey applet functionality.
  • The OpenSSL update includes multiple enhancements, such as support for the Datagram Transport Layer Security (DTLS) version 1.2 protocol and Application-Layer Protocol Negotiation (ALPN).
  • The OpenSCAP tools have been NIST-certified, which enables easier adoption in regulated environments.
  • Cryptographic protocols and algorithms that are considered insecure have been deprecated. However, this version also introduces a lot of other cryptographic-related improvements. For more information, see Chapter 53, Deprecated Functionality and the Enhancing the Security of the Operating System with Cryptography Changes in Red Hat Enterprise Linux 7.4 Knowledgebase article on the Red Hat Customer Portal.
See Chapter 15, Security for more information on security enhancements.

Identity Management

  • The System Security Services Daemon (SSSD) in a container is now fully supported. The Identity Management (IdM) server container is available as a Technology Preview feature.
  • Users are now able to install new Identity Management servers, replicas, and clients on systems with FIPS mode enabled.
  • Several enhancements related to smart card authentication have been introduced.
For detailed information on changes in IdM, see Chapter 5, Authentication and Interoperability. For details on deprecated capabilities related to IdM, see Chapter 53, Deprecated Functionality.

Networking

  • NetworkManager supports additional features for routing, enables the Media Access Control Security (MACsec) technology, and is now able to handle unmanaged devices.
  • Kernel Generic Routing Encapsulation (GRE) tunneling has been enhanced.
For more networking features, see Chapter 14, Networking.

Kernel

  • Support for NVMe Over Fabric has been added to the NVM-Express kernel driver, which increases flexibility when accessing high performance NVMe storage devices located in the data center on both Ethernet or Infiniband fabric infrastructures.
For further kernel-related changes, refer to Chapter 12, Kernel.

Storage and File Systems

  • LVM provides full support for RAID takeover, which allows users to convert a RAID logical volume from one RAID level to another, and for RAID reshaping, which allows users to reshape properties, such as the RAID algorithm, stripe size, or number of images.
  • You can now enable SELinux support for containers when you use OverlayFS with Docker.
  • NFS over RDMA (NFSoRDMA) server is now fully supported when accessed by Red Hat Enterprise Linux clients.
See Chapter 17, Storage for further storage-related features and Chapter 9, File Systems for enhancements to file systems.

Tools

  • The Performance Co-Pilot (PCP) application has been enhanced to support new client tools, such as pcp2influxdb, pcp-mpstat, and pcp-pidstat. Additionally, new PCP performance metrics from several subsystems are available for a variety of Performance Co-Pilot analysis tools.
For more information regarding updates to various tools, see Chapter 7, Compiler and Tools.

High Availability

  • Red Hat Enterprise Linux 7.4 introduces full support for the following features:
    • clufter, a tool for transforming and analyzing cluster configuration formats
    • Quorum devices (QDevice) in a Pacemaker cluster for managing stretch clusters
    • Booth cluster ticket manager
For more information on the high availability features introduced in this release, see Chapter 6, Clustering.

Virtualization

  • Red Hat Enterprise Linux 7 guest virtual machines now support the Elastic Network Adapter (ENA), and thus provide enhanced networking capabilities when running on the the Amazon Web Services (AWS) cloud.
For further enhancements to Virtualization, see Chapter 19, Virtualization.

Management and Automation

  • Red Hat Enterprise Linux 7.4 includes Red Hat Enterprise Linux System Roles powered by Ansible, a configuration interface that simplifies management and maintenance of Red Hat Enterprise Linux deployments. This feature is available as a Technology Preview.

Red Hat Insights

Since Red Hat Enterprise Linux 7.2, the Red Hat Insights service is available. Red Hat Insights is a proactive service designed to enable you to identify, examine, and resolve known technical issues before they affect your deployment. Insights leverages the combined knowledge of Red Hat Support Engineers, documented solutions, and resolved issues to deliver relevant, actionable information to system administrators.
The service is hosted and delivered through the customer portal at https://access.redhat.com/insights/ or through Red Hat Satellite. To register your systems, follow the Getting Started Guide for Insights. For further information, data security, and limits, refer to https://access.redhat.com/insights/splash/.

Red Hat Customer Portal Labs

Red Hat Customer Portal Labs is a set of tools in a section of the Customer Portal available at https://access.redhat.com/labs/. The applications in Red Hat Customer Portal Labs can help you improve performance, quickly troubleshoot issues, identify security problems, and quickly deploy and configure complex applications. Some of the most popular applications are: