This is a draft of two entries for the Red Hat Press Blog
Interoperability
Interoperability is all the buzz these days. With it comes the promise of seamless integration of an otherwise disconnected and disjointed mass of servers. You don't want conflict, especially not with your infrastructure. At the Fedora Project, where we work to present the latest technology wrapped up in an easy to use Linux product, we feel your pain. We are diligently working on technologies which enhance, improve and advance interoperability. And with the release of Fedora 11 on May 26th come some interesting new interoperability related features.
Microsoft Exchange has become a staple in many IT environments. Its groupware features make it popular amongst many organazations both small and large. And yet it has been almost impossible to use its full functionality through an open source client -- until now. Exchange utilizes a proprietary protocol, the Messaging Application Programming Interface or MAPI, developed by Microsoft to provide its features. OpenChange is the first Open Source implementation of the MAPI protocol.
OpenChange aims to provide a portable Open Source implementation of these Microsoft Exchange and Exchange Server protocols. The OpenChange implementation provides a client-side library which can be used in existing messaging clients to offer native compatibility with Exchange. Using the "libmapi" library, OpenChange allows clients such as Thunderbird, Evolution, KMail, and other open source applications to utilize the full range of MAPI functionality including messaging, shared calendars, contact databases, public folders, notes and tasks. All applications can now start speaking the same language, regardless of platform.
In order to enable OpenChange and libmapi to function properly, parts of Samba 4, the open source software suite for interoperability with Microsoft network resources, have begun to enter the Fedora release. Samba is the software that allows Linux hosts to use services such as Windows File and Printer Sharing, authentication and authorization functionality, and name resolution. Samba 4 promises to greatly enhance this baseline functionality by adding full Active Directory logon and administration support, built-in LDAP and Kerberos servers, a generic security subsystem, and better scalability. "Some parts of Samba 4 are reaching stability and we included those libraries that enable other projects like OpenChange. However, most of these libraries are still subject to change but they are heading toward stability, and we closely collaborate with upstream in the stabilization effort" said Simo Sorce, a Red Hat Engineer and Samba Upstream Developer.
Fedora gives customers of Red Hat Enterprise Linux an opportunity to sneak a peek at upcoming technology that may be slated for inclusion in RHEL. Feel free to download a copy of Fedora 11 on May 26th at get.fedoraproject.org and check it out. Your infrastructure will thank you.
Virtualization
Virtualization, its unlike any player we have ever seen. Few technologies these days are considered revolutionary, changing the rules of the game and bending them to adapt to it. Its like the lefty pitcher with the nasty curve ball that makes you rethink all those hours in the batting cages. Yet, if virtualization is on your team, as well it should be, you're both light years ahead--of the competition, and one step closer--to IT simplicity.
Red Hat and the Fedora Project have been involved in virtualization since it was a rookie. Virtualization is always improving, tweaking its mechanics, adding new pitches its repertiore. Fedora 11 offers to showcase some of these hot new pitches, which are currently making their way home towards the next release of Red Hat Enterprise Linux.
Strike 1: Performance
Performance is one of the key benefits of virtualization. With commodity hardware costs plummeting, virtualizaton makes it trivial to expand infrastructure and add computing horsepower without overpopulating the data center. Its also become commonplace to try and squeeze every bit out of your hardware. Unifying infrastructure calls for a unified play. In the upcoming Fedora 11, we see just that taking place with KVM, the Kernel Virtual Machine technology and QEMU, the generic machine emulator and virtualizer.
The QEMU package provides a processor and system emulator which enables users to launch guest virtual machines not only under the same hardware platform as the host machine, but also dramatically different hardware platforms. For example, QEMU can be used to run a PPC guest on an x86 host. QEMU dynamically translates the machine code of the guest architecture into the machine code of the host architecture. KVM provides kernel support for running guests of the same architecture as the host. Guests run directly on the hardware with out any translation needed by the host, allowing much higher levels of performance to be attained.
As of the upcoming Fedora 11 release QEMU can now use the KVM kernel support for higher performance virtualization. The kvm and qemu packages will now be unified into one package set under the qemu subsystem. The merging of the two code bases has been going on, and continues upstream, but the Fedora package maintainers have chosen to merge the packages now in order reduce the maintenance burden and provide better support. Always one step ahead of the game.
Strike 2: Security
Now that we've eeked out every last bit of juice out of that hardware, what good would it do if it wasn't secure. Enhancing the security around the virtualization stack helps to make sure its not only performing well on the field, but also that it remains a good player in the clubhouse. Starting in Fedora 11, you'll begin to see integration of SELinux with the stack via sVirt. sVirt bring SELinux based Mandatory Access Control to guest virtual machines. Virtual machines can now be run more effectively isolated from the host and one another, making it harder for security flaws to be exploited in the hypervisor by malicious guests. You can read more about sVirt here: http://selinuxproject.org/page/SVirt
Also in Fedora 11 is the ability to use the SASL protocol for authenticating VNC connection to KVM and QEMU virtual machines. The use of SASL, in combination with existing TLS encryption support, will allow clients to securely connect to remote virtual machine consoles hosted on Fedora servers. This obsoletes old VNC password style authentication and provides a mechanism for plugable security which is strong and yet configurable without changes to the application.
Strike 3: Usability
Finally, when it comes down to the wire and you need to get that final out in the 9th and score some big points, being able to do things easily and intuitively is what counts. Fedora 11 brings a slew of new features and a redesign of some areas of 'virt-manager' to help you get your work done easily and more effectively. 'virt-manager' is an end-to-end desktop UI for managing virtual machines. It lets you create new instances of machines, track performance and resource usage on currently running instances, and detailed view graphs performance & utilization over time. Some of the new features include a redesign of the VM creation wizard, physical device assignment for existing VMs, which more easily helps allocate physical resources tied to VMs, and support for more fine grained disk and network I/O stats and VM migration support. You can learn more about 'virt-manager' at http://virt-manager.et.redhat.com/.
This is another way that the Fedora community is solving problems for open source users. To check out KVM, QEMU, Virt Manager or any other of Fedora's cutting edge virtualization technologies download a copy of Fedora 11 from http://get.fedoraproject.org.