So, what is Linux?
Linux, like Windows, is an operating system. Known to many by
its friendly penguin mascot Tux, the software itself is open-source, with many different versions available.
While not the monopoly operating system, Linux runs many of the world’s web serverand is often preferred by back-end system deployments, especially for larger enterprises— deployments that are running an organisation’s core and mission-critical applications.
Globally, 13.6% of servers run Linux,
and 39.2% of websites use Linux*.
In a fast-paced tech world, it’s crucial to stay updated.
Linux, an open-source operating system, powers many servers and websites worldwide, is known for its flexibility and security.
Red Hat Enterprise Linux (RHEL) offers a subscription-based Linux variant that provides benefits like 10 years of support, regular security patches, support calls, management features, and indemnification.
Any changes Red Hat makes are contributed back to the open-source community, enriching everyone’s experience.
So, what is Linux?
Linux, like Windows, is an operating system. Known to many by its friendly penguin mascot Tux, the software itself is open-source, with many different versions available.
While not the monopoly operating system, Linux runs many of the world’s web serverand is often preferred by back-end system deployments, especially for larger enterprises— deployments that are running an organisation’s core and mission-critical applications.
Globally, 13.6% of servers run Linux,
and 39.2% of websites use Linux*.
What is Red Hat Enterprise Linux?
Linux is open-source, and there are many versions of it that are “free” to use.
Red Hat Enterprise Linux (RHEL) is also a version of Linux – taking the benefits of open-source software
and wrapping them up in one handy package. The paid-for subscription model takes an upstream version of Linux, (more on this later) and adds features that Enterprises and other businesses generally value, such as:
10 years of support and maintenance: CentOS maintains a version for two years with patches. Red Hat guarantees maintaining any version it provides with security and other patches for ten years.
Downloadable release: Deploying open-source can be hard. You may have to compile it yourself and combine other open-source projects as dependencies. With RHEL, Red Hat does this for you.
Support: Ongoing patches, particularly for security vulnerabilities are automatically provided. No more searching for the right patch for your software version.
Support calls: Something’s not working, and you don’t know why? Red Hat have a support team on hand to talk to. And, if necessary, they may also fix the problem with a patch.
Management and other features: New features are added to help you manage the operating system, and systems running on it.
Indemnification: Open-source is often a complex set of many other open-source projects. Each open-source project has a license, and if you breach this license, this may pose a commercial risk to you. Red Hat prevents this from happening through their careful management of open source – but if they fail to get it right, they’ll indemnify you against the commercial risk.
It’s important to note that any changes Red Hat make to “their” open-source software (patches and new features) must also eventually be contributed back into the open-source stream, so that everyone in the community can benefit. In fact, this is a requirement of the Linux version that RHEL is built on.
So, what’s all the fuss about CentOS?
CentOS is another version of Linux, open-source and “free”. Up until recently, the way CentOS was created was from a downstream version of RHEL.
So, if you wanted the benefits of the RHEL software for free, (and were happy to forego support, on-demand patching, indemnification and more) you could get it by using the upstream CentOS version (the version at the bottom of Figure 2).
However, you did have to wait a bit until RHEL released any changes – that would be applied to centOS. If you could wait, this was a good “free” option to consider as you’d get the benefits, just a little bit later down the line. It was this model that made CentOS the choice of Linux for many organisations.
However, things have changed. By 2024, the picture above will look a bit different.
The important difference to note is that CentOS Down Stream has gone, leaving only Fedora and CentOS Streams as free versions available for this flavour of Linux.
In principle, the CentOS Stream is now like the previous CentOS Downstream model, as it still receives or gains updates from RHEL (with any patches or additions made by RHEL, fed back to the original open-source project).
So, in theory, organisations could switch to using CentOS Stream. However, the reality is that using CentOS Stream isn’t that practical, as:
• CentOS Streams also receive changes from Fedora, which are untested by RHEL.
• CentOS Streams are un-versioned, so you can’t easily manage (or guarantee) what version you’re running.
• Add the above across multiple servers in your software environment, and you’ve got a significant problem.
Together, these factors make CentOS Stream a non-viable replacement for CentOS Down Stream if you want to use it to avoid paying for RHEL.
When is this an issue?
Now.
The technical answer is after CentOS version 7, (thereby meaning that anyone using V7 has until 30 June 2024), to decide what to do about their future use of Linux. But now is a good time to consider thinking about your open-source software strategy.
So, what next?
You’ll need to start asking yourself a few questions in relation to your current software deployment.
Here’s what to consider:
Does my use of unsupported software make our organisation vulnerable to security threats?
The short answer is always yes.
However, security is a risk calculation. If the software running on the unsupported version of CentOS is not in production, then there is less of a risk. (For example, it’s an R&D server). However, it is a vector for attack. It’s like having a faulty lock on your garage door (when all you thought you were worried about was your house). But what if someone hides in the garage, out of sight, waiting for you to leave the house? Now they can get in more easily while you are out.
Are other versions of Linux comparable to CentOS?
Not immediately, no. There are other open-source projects working to fill the gap. And by now, some may have. But they will never be exactly the same. So, you may lose features that you and your business relied on.
If you are running a mission-critical service, you will want to go carefully, with appropriate testing, to see what changes have been made—making sure you understand how they affect the operation of what is important to your business.
Is RHEL the obvious choice?
The short answer here is (also) yes.
You may resent paying for it, but you have benefited from a commercial investment with CentOS. Suppose you are running production, or [worse] mission-critical applications. In that case, you owe it to your clients and shareholders to invest in regularly tested, patched, and supported software.
If the economics still offend you, it’s worth considering:
The investment required to find an alternative and support it yourself, (in the way that CentOS downstream has been supported).
It’s pretty hard to quantify, but if you had to do what RHEL was doing to create the downstream version of CentOS, even at a smaller scale of your business, it’s unlikely to be economically justifiable.
If one day, you suffer a failure rendering your service unavailable, or worse – ransomed.
Consider that the losses that you may incur are likely to be at least 10 times the cost of what you were trying to avoid. A ransom attack costs on average ~$2.5 million dollars in AU or NZ, and that’s before you pay any ransom.