Slashdot Mirror
Red Hat Advanced Server Gets DoD COE Certification
DaveAtFraud writes "CNET is reporting that Red Hat Advanced server has been certified as a 'Common Operating Environment' (COE) when running on an IBM server by the U.S. Department of Defense. Red Hat Advanced Server is the first version of Linux to receive this certification. The certification clears the way for broader use of Linux in governement computer systems. Its interesting to note that the certification effort was made for the more proprietary (and costlier) Red Hat Advanced Server and not the basic Red Hat distribution." This despite the best efforts of certain lobbyists.
Why is this even worth noting? Certification efforts aren't especially cheap. If you're going to expend time and resources getting a version of your product certified, why not put the effort into the version that is likeliest to generate enough revenue as a result of the certification to pay for the effort.
After all, while RedHat is in relatively good financial condition, it's not like they have around $40 billion in the bank (unlike some operating system companies). Certifying Advanced Server is a good use of limited resources.
That said, any government security certification is a Good Thing in the commercial marketplace, too - it helps when the engineers need to make a positive case to their PHB's, and gives one more "checklist item" that can get marked in their favor when comparing RH to other vendors.
-- Josh Turiel
"2. Do not eat iPod Shuffle."
I use it on a box to run apps that I developed that our M$ monkeys haven't matched(or can't) match. Mainly a lot of situations where one line of code does what would take several more in M$ (Scheduler vs. cron)
In our case it comes down to services. I work for the Commanding General and all he wants is "services not platforms".
I think maybe that has helped to bring in open source in our little corner of the military more than anything. IM talks about how they are M$ certified blah blah and I just bring out a new app coded in Perl that the green suiters can't live without.
Or better yet create one and let it run on one of my own outside servers and then demo it to them with a "Oh by the way, we need Linux to do this".
It's like heroin, get 'em hooked. They gotta have it. Superior services, not platforms.
As far as it being the more expensive version of RH that's certified, have you seen RH's stock price? You're still saving the military a lot more in the long run by getting the more expensive version.
Read the RH press release here.
I want to drag this out as long as possible. Bring me my protractor.
... isn't that the same certification than the one we scoffed at when Windows 2000 got it?
Here's a better link to story, sans linkspam:
http://news.com.com/2102-1001-984202.html
COE? Here's the link to their homepage:
http://diicoe.disa.mil/coe/
Admins! Get your fucking heads out of your asses and check to see if something is linkspam before posting it. This isn't the first time. Someone is making money from the click through.
Fuck them.
And impressive considering the other certified OSes (Solaris, AIX, HPUX, and NT). I first used the Advanced Server a couple of months ago while evaluating some Itanium2s, and I was plesantly suprised. I really like RH's decision to make the Advanced Server their "Enterprise" class distro with about an 18 month release cycle. Makes my job easier (TM).
I never thought I would say this, but I've gotten accustomed to using RH. I was a die hard Debian fan, and in philosophy still am. But when it comes to 3rd party support, and announcements like this, I have to say that RH is the distro right now, and probably will be for some time to come (at least in the US).
For all of the advancements that RH has done for Linux, and in spite of itself, including RPM. I would like for them to get a better package system. Yes, I know theres the apt-rpm or whatever its called, but I'm talking something that already comes with the distro and works on all architectures supported by RH. Someday...
Anyhow, all these distro's really have in common is the kernel code which makes them linux. The rest of the software (FTP, wm's, editors) bundled is up to the bundler. It is these choices that can make a distro more secure from another. EX: ssh v. telnet, std ftpd v. vsftpd, vi v. emacs (Sorry, I just had to ;-}) et al; The DOD is going to certify the whole bundle and not just individual pieces. Basically, they don't trust their admins (contractors mostly) to pick the right pieces on their own, so they will find a good bundle and certify that with special instructions.
Who are you? The new #2 Who is #1? You are #617565. I am not a number, I am a free man! Muhahaha.
Nonsense.
Anyone can download it for free from Red Hat.
You just don't get the support for free.
Mirrors: http://www.redhat.com/download/mirror.html
Check the "enterprise" directory.
Thanks in advance.
Are there any download sites with the binary RPMS? Everything I've seen is SRPM only.
-fp
All the source is right there on Red Hat's FTP servers. Download it and build it for yourself.
Disclaimer - I work for the DoD but i don't speak for them.
:)
"Segments" are basically customized software installs for COE. This includes Government produced software (Government Off the Shelf, GOTS) and commercial software (Commercial Off the Shelf, COTS). For instance there is a "segment" that installs Netscape.
These segment installs basically install the software such that it conforms to the COE environment. For example, applications must live in a certain path, follow a certain naming scheme, use certain environment variables to find things, only put user data in a certain place, etc, etc. Think "rpms" or FreeBSD packages - segments are just big tar balls with a standardized format and install scripts
The segments are available via DISA to those programs that are developing COE software - you have to show proof of need and sponsorship (i.e. somebody has to pay somewhere along the way for you to have access). Basically if you are developing applications for the DoD, you can get them - we have to get them through a certain chain of command. I think vendors can get access, but you have to talk to the DISA folks about how that works.
/* ICBM Coordinates 32.78N, 79.93W */
There was a LOT of bureaucratic inertia standing in the way of this effort inside the DoD. In the office this little initiative started in within ESC, the push for this cost two program managers and one engineer their positions, with extra effort made to derail their careers. Another person had to keep his head down and toe the line for a long time. The replacement for the second program manager was frusterated and constrained and a little scared, having entered the arena of combat by stepping over the corpses of the previous two (figuratively).
The efforts by DISA and Red Hat were started because the little program that those people worked on provided the customer for the product. Sure, there was a lot of "anecdotal" demand for Linux, but this was the first formal acquisition program that was committed to it. The guinea pig, so to speak.
Let's give proper respect to RH (those involved know who he is) at Red Hat, who took that first call and pitched it to his management, even though it looked like all the risk was on Red Hat.
In a free market economy the consumer has the option of making choices based on any number of factors including price, quality, speed/efficiency, convenience, and just plain old personal taste. However, in any system that shuts out all but the most deep pocketed (and well connected personally) companies then you had better be willing to pay more for less. Furthermore if the weights of the value of a product, service or the company that renders it has moved from the above factors (price, quality, etc) to that of the prettiest proposals, the slick talkingest (reverting to my Yosemite Sam mode) company personnel and the prettiness of words and documents presented then you will inevitably end up with less quality. Competition has then moved completely to the realm of draft picks for the cheerleader squad. It doesn't matter if they do nothing but look pretty and say stupid repetitive cheers... hey! they look pretty.
Bullshit artistry is _THE_ factor in government contracting, as a track record of proven quality does not factor in. Now to be fair, there is the SEI system in place (Systems Engineering and Integration) which mostly inherits from the ISO 9001 system. With five levels (1 - 5, no zero... 1 is granted to anyone whether they can find their ass with either hand or not) you have a criteria of process quality by which you can judge an organization. However, with all the money and obvious effort that went into creating and maintaining this system the Achilles heel is no different than in any other of the "best laid systems and plans" to date. That my friend is the factor of non-compliance to the very processes that define who is granted what level. In other words, they don't use it like it was intended thus rendering it as just another acronym. The ironic thing (but typical in entrenched bureaucracy) is that even though pretty much anyone will admit (if you ask them lightly in the break room over coffee) that the system is rather broken most of those will still puff up with pride (if contractor) if they are a talking head of an organization with higher than SEI Level 2 or will speak with awe and wonder (if government) of an organization with SEI Level 2 or higher.
What I fail to understand is why some will defend this bastardization on the grounds that those organizations with an undeserved SEI level are "Working Towards it." Well, that is good... really, however that is illogical when you look at the fact that the SEI system is not a projection but a grant of current operational status. I somehow doubt that there would be much validity in being granted a good bill of health after being shot 10 times if it was based on the fact that the surgical staff would "Soon fix me up good." No, instead I should be labeled as "In Critical Condition" and any other status be viewed as such. (Hmmm, is THAT what STAT comes from... meaning right NOW? I sure don't know) Back to IT work, if I was the customer then I would not care one damn bit of a system in place that is not consistently applied. The minute it becomes acceptable practice to arbitrarily award the SEI Levels is the same instance that such levels loose their meaning.
Now some might say (who lack working neurons) that this is exactly what happens with capitalist Evil Corporations (TM) yet in reality we see that it is the government itself that creates this system. If the government would place individuals in decision making roles that had both a sense of ethics as well as refined professionalism then you would find that requirements would soon show a dramatic shift towards the quality of the products and services rendered. Networked people are important, to that there is no question. Yet a professional organization will correctly view those connected personnel as one of the many factors involved in doing business. ("Professional" defined here not just as "they get paid to do X" but referring the the ethical and motivational set of standards and practices they employ) Some actually believe that without business developers sliming their way through the system, charming the customer and confusing them when they question bad quality, that there would be no business. Perhaps in some cases there would be less, but there have been entirely too many cases in history (large and small) that show that if there is a need on one end and a supplier on the other than things can work out just fine. The middle man is nothing more than a facilitator of this process... a catylist (sp) but since they themselves do not do any real work they are expendable in reality. Before them business happened at perhaps a slower rate. Without them business adapts. Without those providing the actual product and service than there is nothing to be made of the best of deals. Take out the bullshit artists in the government and soon you will find that their contractual counterparts will begin to vanish as well.
On a different but very much related note: Has anyone ever done a study of the percentage of commercials split up by radio, television and print (including the net) that actually advertise the uniqueness of the product, its advantages over competitors and why you should buy it? Don't get me wrong, I LOVE those beer commercials usually. However when so many commercials have become little sitcoms or tools of the "arteest" then I really fail to see how I as a consumer am supposed to do anything but ignore them and focus on doing research (to include ratings). I rarely see any commercial that is useful however that could just be where I live.
I seek not only to follow in the footsteps of the men of old, I seek the things they sought.
A more sane way to manage source packages on production boxes is to have a machine similar to the production boxes but with the developer toolchain installed.
The production boxes will still use debs or rpms but the compilation boxes can easily use something like checkinstall to make packages. This won't work in a potpurri environment but it would be fine if there's lots of identical machines. You mentioned that you wanted only particular software on your machines. With source compilation, you can even specify that the software only have certain options compiled in.
Since the dev toolchains are confined to a few boxes, maintaining those shouldn't be onerous either.
I haven't seen a COE Linux environment, but based on my experience with COE Solaris, I can tell you that the answer is a bit more complicated.
Starting from a bare system, you first install the COTS (Common Off The Shelf) OS (RHAS, in this case). This will likely be a "custom" install since it will likely have some strange partition requirements.
On top of this, you would then install the COE "kernel". This is a core set of COE services, scripts, utilities, etc. Part of this process is the creation of several user accounts (sysadmin, etc) as well as a general lockdown of the box (no root logins allowed, lots of permission changes, etc.) This step will also likely involve installation of package updates to close various security holes.
From there, one would install the various "segments" (COE name for packages) needed to set the box up for a specific usage.
Personally, I'm curious to see if the COE kernel will load on top of a regular RH 8.0. I can see having RHAS for target systems, but it would be nice to be able to use the regular version as a development platform.
Corporate Gadfly
Jonathan Archer: the most beaten up Enterprise captain in Star Trek history