Slashdot Mirror

← Back to Stories (view on slashdot.org)

Red Hat Advanced Server Gets DoD COE Certification

Posted by timothy on from the buncha-cud-chewin-hippies dept.

DaveAtFraud writes "CNET is reporting that Red Hat Advanced server has been certified as a 'Common Operating Environment' (COE) when running on an IBM server by the U.S. Department of Defense. Red Hat Advanced Server is the first version of Linux to receive this certification. The certification clears the way for broader use of Linux in governement computer systems. Its interesting to note that the certification effort was made for the more proprietary (and costlier) Red Hat Advanced Server and not the basic Red Hat distribution." This despite the best efforts of certain lobbyists.

21 of 186 comments (clear)

  1. Go read Part 11 from the FDA by Anonymous Coward · · Score: 1, Informative

    It is near impossible to use most open-source in a cost effective way under those regulations. Give it a read and and then move onto their understanding of software verification.

    The whole open-source model just don't fly.

  2. From the Red Hat site by sczimme · · Score: 4, Informative


    Read the RH press release here.

    --
    I want to drag this out as long as possible. Bring me my protractor.
  3. Sorry to be a spoilsport, but... by TheMidget · · Score: 4, Informative

    ... isn't that the same certification than the one we scoffed at when Windows 2000 got it?

    1. Re:Sorry to be a spoilsport, but... by nemaispuke · · Score: 4, Informative

      You are talking about two different things, Common Criteria is about security and Common Operating Environment is a military standard for mission critical applcations (Command and Control, Intelligence, etc). What it means is that if you use applications designed for Motif/CDE and use COE as a standard, they can run on RedHat Linux Advanced Server. This is more about functionality than security.

    2. Re:Sorry to be a spoilsport, but... by Mr.+Firewall · · Score: 2, Informative

      You are correct

      Micro$oft's marketroids have been making a Big Deal out of their C2 certification for years, but have never bothered to mention that their systems only pass C2 if they're not connected to a network, are in a locked room with armed guards outside the door, and are powered off.

      OK, just kidding about the last two criteria. But the part about not being connected to a network is no joke.

      --
      In times of universal deceit, telling the truth gets you modded -1 Troll
    3. Re:Sorry to be a spoilsport, but... by Drestin · · Score: 2, Informative

      Sorry but you are also incorrect. The original certification did not involve a networked system. The CURRENT cerfications for both NT4 and Windows 2000 are indeed networked systems.

  4. Not seeing it. by smcdow · · Score: 2, Informative
    I've been tracking the status of COE compliance for Linux for a while -- I have several projects in the works that would benefit greatly from an "official" designation of COE compliance for Linux from DISA.

    I can find only one relevant page on DISA that pertains to Linux/COE. This page has a link to a draft of COE Compliance Critera for Linux. The information on this page hasn't changed in several months, AFAICT.

    So, what's new here? Can anyone point me to a place on DISA that substantiates the claims made by the news.com article? Where is the "real", final COE Compiance Critera for Linux?

    --
    In the course of every project, it will become necessary to shoot the scientists and begin production.
  5. Re:How to get it? by Anonymous Coward · · Score: 4, Informative

    Nonsense.

    Anyone can download it for free from Red Hat.

    You just don't get the support for free.

    Mirrors: http://www.redhat.com/download/mirror.html

    Check the "enterprise" directory.

  6. Re:Of course they certify the expensive version by slashbofh · · Score: 2, Informative
    Its interesting to note that the certification effort was made for the more proprietary (and costlier) Red Hat Advanced Server and not the basic Red Hat distribution
    You're right, it does cost more....for the first copy! After that, it's free.

    However if you want support for it, it will cost you about $1200 per machine per year. This is cheaper than most other OS's.

    Personally, I think you would be better served developing in house resourcs for the support, but that's just me.

    I'm also not necessarily happy with RH's choices on some packages to include in AS. The one that jumps out at me is choosing to use a beta version of an ntp4 release as opposed to simply using whatever was the stable version at the time.

    And yes, I work somewhere that is probably going to implement hundreds of copies of RH AS, and pay for the support.

  7. Re:Of course they certify the expensive version by salimma · · Score: 4, Informative

    Not to mention that the certification is only valid for a specific version of the OS (what Microsoft neglected to say back when they were selling NT 4.0 was that it's NT 3.5 that is C2-certified).

    The Advanced Server is released every one and a half year or so - the desktop OS every six months. Personally I find it a very agreeable deal - the free users get faster releases and contribute towards bug testing, the paying customers get what they want, slower but longer-supported (and now certified too) releases.

    --
    Michel
    Fedora Project Contribut
  8. SRPMs only by Anonymous Coward · · Score: 1, Informative
    Anyone can download it for free from Red Hat.

    Have you actually tried this? There's nothing but source RPMs.

  9. COE Segments by zaytar · · Score: 3, Informative

    Disclaimer - I work for the DoD but i don't speak for them.

    "Segments" are basically customized software installs for COE. This includes Government produced software (Government Off the Shelf, GOTS) and commercial software (Commercial Off the Shelf, COTS). For instance there is a "segment" that installs Netscape.

    These segment installs basically install the software such that it conforms to the COE environment. For example, applications must live in a certain path, follow a certain naming scheme, use certain environment variables to find things, only put user data in a certain place, etc, etc. Think "rpms" or FreeBSD packages - segments are just big tar balls with a standardized format and install scripts :)

    The segments are available via DISA to those programs that are developing COE software - you have to show proof of need and sponsorship (i.e. somebody has to pay somewhere along the way for you to have access). Basically if you are developing applications for the DoD, you can get them - we have to get them through a certain chain of command. I think vendors can get access, but you have to talk to the DISA folks about how that works.

    --
    /* ICBM Coordinates 32.78N, 79.93W */
  10. Re:How to get it? by cowbutt · · Score: 2, Informative
    Not for gratis, but a US$60 download as the Advanced Server Developer Edition

    --

  11. Re:linux kernel, redhat distro by jruschme · · Score: 3, Informative

    I haven't seen a COE Linux environment, but based on my experience with COE Solaris, I can tell you that the answer is a bit more complicated.

    Starting from a bare system, you first install the COTS (Common Off The Shelf) OS (RHAS, in this case). This will likely be a "custom" install since it will likely have some strange partition requirements.

    On top of this, you would then install the COE "kernel". This is a core set of COE services, scripts, utilities, etc. Part of this process is the creation of several user accounts (sysadmin, etc) as well as a general lockdown of the box (no root logins allowed, lots of permission changes, etc.) This step will also likely involve installation of package updates to close various security holes.

    From there, one would install the various "segments" (COE name for packages) needed to set the box up for a specific usage.

    Personally, I'm curious to see if the COE kernel will load on top of a regular RH 8.0. I can see having RHAS for target systems, but it would be nice to be able to use the regular version as a development platform.

  12. No .isos for enterprise just source RPMs by Corporate+Gadfly · · Score: 3, Informative
    Anyone can download it for free from Red Hat.
    Can someone mod the parent down? As pointed out in several other replies to the parent, there are NO .iso files available for the Advanced Server. Just the SRPMs.
    --
    Corporate Gadfly
    Jonathan Archer: the most beaten up Enterprise captain in Star Trek history
  13. Re:How to get it? by stefanlasiewski · · Score: 2, Informative

    If you want to save money to evaluate this product, you need to build it yourself.

    RedHat is under no obligation to provide free binaries, just free source files.

    Hey, they even helped you a bit by providing SRPMS instead of Tar files.

    --
    "Can of worms? The can is open... the worms are everywhere."
  14. Re:GPL vs RHAS License... by lal · · Score: 2, Informative

    IANAL, so take your own read of the EULA:

    http://www.redhat.com/licenses/rhlas_us.html

    It looks like each copy of RHAS installs with proprietary client to the RedHat network. This client is not GPL. It is "RedHat Intellectual Property". That's apparently what's licensed.

  15. Re:Of course they certify the expensive version by JoeBuck · · Score: 3, Informative

    What Red Hat calls 2.4.9 has hundreds of patches compared to what Linus called 2.4.9.

  16. Re:Of course they certify the expensive version by ewilts · · Score: 4, Informative
    RHAS does not have only a 3-year lifecycle. It's 5 from initial release, based on this official document: http://www.redhat.com/apps/support/errata/rhlas_er rata_policy.html

    Comparing that to Solaris, I have no idea where you pulled out the 11.5 year life cycle. According to Sun's web page, it's 5 years from last ship date. Reference this page: http://wwws.sun.com/software/solaris/fcc/lifecycle .html

    I will admit that 5 years from last ship is greater than 5 years from initial ship, but there's no way in hell it's an 8.5 year delta like you're trying to claim.

    Ya know, "gobs of system management tools" and "a kernel many tricks up it's[sic] sleeve" don't exactly add to much of a review :-). I believe I can honestly claim that Red Hat Linux Advanced Server has "gobs of system management tools" and "a kernel with many tricks up its sleeve". Of course, this claim holds true for Windows too.

    How you got moderated to 2 on your post is beyond me...

    --
    .../Ed
  17. Re:GPL vs RHAS License... by jeremy_hogan · · Score: 2, Informative

    The GPL requires that we make GPL and GPL derivative source code available to recipients of the binaries. We do that, AND post the source on ftp for anyone to use, which we don't have to do for this or any other of our products which are posted on ftp. We feel we should adhere to the spirit of the GPL as much as to the letter.

    AS has a stack of support and services that require a fee for use, reality is that no one will stop you from building your own or installing on multiple machines. But you won't get full support, ,services, RHN, and in some cases ISV/IHV support.

    Only part of the value of AS lay in the bits.

  18. Re:How to get it? by Nohea · · Score: 2, Informative

    I compiled the SRPMS myself and installed. Not easy, but it worked.

    - Download
    - rebuild all the SRPMS on Red Hat Linux 7.2 (seemed to be the closest)
    - look at the errors from missing devel packages
    - install *-devel rpms
    - rebuild again
    - rpm -Fvh *.i386.rpm
    - rpm -ivh the redhat-release package

    No installer seemed to be included.

    Then repeat every time a patch SRPM is released!

    Maybe it's worth the $800.