Introducing Oracle Linux and Securing it with Ksplice
July 14 2016 Oracle Japan Global Business Unit Oracle Linux and Oracle VM Sales Principal Sales Consultant Fumiyasu Ishibashi
1 Safe Harbor Statement
The following is intended to outline our general product direc on. It is intended for informa on purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or func onality, and should not be relied upon in making purchasing decisions. The development, release, and ming of any features or func onality described for Oracle’s products remains at the sole discre on of Oracle.
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 2 Agenda • Summary of Oracle Linux • Live patching with Ksplice
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 3 Summary of Oracle Linux
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
4 Introducing Oracle Linux Oracle Linux Support
24x7 Supports exisiting RHEL and CentOS One stop Long history support Linux support from 1998 Free to download Oracle distro 2006 Free to use Completely opensource https://linux.oracle.com Includes support for many Oracle softwares
You can chose the kernel 100% Live patching for Kernel and userpace Binary UEK(Unbreakable process compatible Enterprise Kernel) Dtrace, OCFS2, Clusterware・・・
RedHat Compatible Endless support Kernel Oracle Standard 10年 1年 1年 1年 無期限
Same glibc Oracle Linux Premium Support Oracle Linux Sustaining Extended Support Support Non-Oracle Hardware supported
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 5 Oracle Linux Support type
Life me Sustaining Support
Ksplice support Dtrace support
Oracle OpenStack for Oracle Linux support
Spacewalk support Oracle Enterprise Manager free of use and support Oracle Clusterware free of use and support 24x7 online and phone support Oracle Linux Premier Support Downloading patch, fixes, erratas Login account for ULN Oracle Linux Basic Support Oracle Linux Network Support
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 6 Oracle Linux Subscrip on Pricing • Buy support for the systems you need – use the same so ware with updates on everything! Level Price • Oracle only counts physical sockets; Installable binaries and errata Free Basic Limited no limit on cores or number of (24x7, unlimited support) $499 virtual guests (2 or less CPUs) Basic (24x7, unlimited support) $1,199 (More than 2 CPUs) Premier Limited (24x7, unlimited support) $1,399 (2 or less CPUs)
Premier (24x7, unlimited support) $2,299 (More than 2 CPUs)
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | Unbreakable Linux Network (ULN) h ps://linux.oracle.com
Oracle version of RHN Portal site for Oracle Linux. Download rpm packages.
Unbreakable Linux Network User‘s Guide • How to register your server to ULN • How to setup a ULN mirror site (English) https://docs.oracle.com/cd/E37670_01/E39381/html/index.html (Japanese) https://docs.oracle.com/cd/E39368_01/b72803/index.html
Switching from RHN to ULN https://linux.oracle.com/switch.html
Free to use our public yum repo http://public-yum.oracle.com/
8
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | Oracle Linux security informa on on ULN
• Searching Erratas, CVEs – h p://linux.oracle.com/errata/ – h p://linux.oracle.com/cve/
• New erratas announced through the mailing list – h ps://oss.oracle.com/mailman/lis nfo/el-errata
9
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | Live patching with Ksplice
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. |
10 Ksplice
Zero downtime patching Rollback Patching without rebooting the OS, services. If something goes wrong with the new patch, you can rollback where the apps were fine! Not only the kernel but also the userspace application like, Also used for support, putting the debug kernel temporary. glibc and openssl
Fast errata release Proven history Since the patching data is complete under oracles control we provide the fully tested patches as fast Released from 2008 as we can Joined Oracle from 2011
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | Oracle Confiden al – Internal/Restricted/Highly Restricted 11 Benefits from Ksplice
Vulnerability Reducing administration work Easier to patch vulnerability issues No more maintenance plan for patching. It can also automatically patch instead of you.
Easier to solve problems Security Compliant In some case our support team will give you It will be easier to be security compliant if you don’t a Ksplice debug kernel patch so our support need wait for pathing security fixes can collect more information to find the problem you have. Of course witout reboot
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | Oracle Confiden al – Internal/Restricted/Highly Restricted 12 Using Ksplice on-line or off-line
• Need Oracle Linux Premiumer Support Connect your server to the ULN via Proxy ULN ULN
internet internet
Ksplice Server Ksplice Client Ksplice Server Proxy Ksplice Client
via ULN mirror Offline from the local ULN repo ULN ULN
copy internet internet
Ksplice Server ULN Mirror Ksplice Ksplice Server ULN Mirror Ksplice
(local yum) Client (local yum) Client (local yum)
Copyright © 2015 Oracle and/or its affiliates. All rights reserved. | 13 Ksplice Technology
Before ksplice