What is our primary use case?
It's what we run our primary mission systems on. Our office automation runs on Microsoft, which includes Word, email, etc. For everything that we present to the customers through the agency, the backend is an RHEL platform.
How has it helped my organization?
Through the various tools that we've utilized, RHEL was able to help improve our security posture. We run a very tight ship.
We use Satellite to do patch management and limited repository so that we don't have folks going out to the internet to get the repos. You have to get the repos through our Satellite system. We also do patches through that. We use Ansible for our automation to build boxes, to install all the security patches on them, and to run the vulnerability scan against them. It initiates that. Also, implementing IdM on them is done through Ansible. So, we use Ansible quite a bit, and we're just starting with OpenShift.
One benefit of using multiple Red Hat products is compatibility. Compatibility is the most important. We haven't had an issue where the tool doesn't understand the OS or doesn't understand the platform. Ansible written for Red Hat works perfectly. It understands the plugins and satellites, and it's having one ecosystem where it also gives one phone call. If there's a problem, we call Red Hat. That has been very handy.
RHEL’s built-in security features and security profiles are very good for reducing risk and maintaining compliance, but as a government agency, we have to use other baselines. CIS baseline is what we primarily rely on. We also put in a little bit of DISA as a baseline, but they're standard out-of-the-box solutions. It's pretty good. It just has to be tweaked slightly to get it to the level we have to run at.
It's relatively easy to troubleshoot using RHEL. Sometimes, the troubleshooting can take quite a bit of work, but it's an easily understandable OS. If you understand the basic key principles, you can pretty much work it out.
What is most valuable?
We're very happy with the amount of security customization we've been able to do with RHEL. The fact that Red Hat is really on top of security issues is also valuable. We get daily emails from Red Hat letting us know of possible issues and fixes, which is incredibly helpful for us.
Other than that, we use it as our primary DNS. So, DNS is an important piece of it.
Compatibility is also extremely important. We get the ability to run as many applications on it. They are widely supported.
What needs improvement?
There are some things that we've seen from RHEL that have given us a little bit of consternation. Their IdM product could be improved greatly. It would be great if they had some type of application built in that would let you do whitelisting for applications. On the government side, for zero trust, that's becoming very important. We're currently using a third-party solution, and it's tough to get it to match up because anytime the kernel changes, you have to match the software to the kernel. If we get a critical vulnerability on a kernel, we have to roll out the new kernel but then our third-party software isn't cooperating, and it starts breaking down the system. So, it would be great if Red Hat could integrate that type of functionality into the product so that when a new kernel comes out, it includes the updated software to do whitelisting and blacklisting of applications and processes.
For how long have I used the solution?
At the agency, we have been using it for about 10 years. For me personally, it has been about six years.
What do I think about the stability of the solution?
It has been relatively stable. The only time we see stability issues is when we introduce new third-party products. We have some mandates as a government agency to do some endpoint security stuff and integrating that in has caused us a few stability issues, but that's not so much the fault of Red Hat. It's a quagmire of the chicken and the egg. You have to run a certain kernel, but that kernel is not compatible with the other software that you are forced to run. So, we've artificially created stability issues.
They eventually work out or work themselves out. When the vendors get on board and update their products to match the kernel, then everything tends to function smoothly at that point until we introduce another hiccup. We're constantly throwing hurdles, but we also have a very good system for bringing stuff back to life after it's dead, and we've done it enough that we're pretty timely. We can get one of our servers up in about 10 minutes.
What do I think about the scalability of the solution?
It has been relatively scalable. We don't have any super large deployments, but we've had some scaling of specific applications, which has worked out great. We're integrating it more into Ansible and using our virtual hypervisor platform to recognize times when it needs to scale, and when we expect a large deluge of customers coming into our website, we have to have the backend expand. We've been doing that manually up to this point, but we're looking forward to being able to automate that.
How are customer service and support?
We wanted an enterprise platform that was going to be supported. So, support from the vendor has been very important to us, and Red Hat has always provided that. When IBM took over Red Hat, we were very afraid that it was going to change our relationship with Red Hat, but it worked out very well. We've got a great sales team that has helped us, and they've always been able to get us the technical support we need when we run into an issue.
Until we got our new salesperson, I would have rated them a two out of five. Now that we've gotten our new sales team, we've gotten the right people in the right places, it's definitely a five out of five. We had a salesperson who was more focused on larger agencies, and we're a relatively small agency. So, we weren't getting the amount of focus that we needed, but that changed when our Director and our CIO engaged Red Hat's Enterprise Management. They were able to get us someone who could be more focused on smaller agencies and be a lot more helpful, and he has absolutely done that.
How would you rate customer service and support?
How was the initial setup?
I was involved in the deployment or setup of RHEL to a degree, but it was mostly during our life cycle refreshes when we moved from RHEL 6 to RHEL 7 to RHEL 8. And now, we're looking at RHEL 9.
On the backend development of the base image, I'm part of the team that puts together the base design, and then we put the steps into our repository so that we can rebuild the images easier. Right now, it's a manual process. We want to get to the point where we have all of the changes documented in a GitHub solution or something where we can make a change, push a button and have it implement those changes in there by using a script or something else. I'm mostly the one yelling to the Linux developers to get their stuff done because they have a tendency to run multiple instances while they're transitioning. They'll run an RHEL 6 box, an RHEL 7 box, and an RHEL 8 box at the same time when they have to get off of RHEL 6 and RHEL 7. So, I'm more of the management yelling at them to get this stuff done.
What other advice do I have?
I would advise making sure you get a good support contract and you have a very good salesperson to work with.
In terms of RHEL's effect on our organization's management and efficiency, it can always be improved, but we probably are a three out of five on efficiency. As we move into OpenShift and get a lot more automation working, we will move slowly to the five, but that's not the fault of Red Hat. That's the fault of our organization having limited resources, and Red Hat is helping to provide the tools to get us to the next level.
Given that we started running everything on Microsoft, Red Hat is a lot more flexible in giving us the ability to span out specifically as we move into containers. It's going to give us the ability to stand up a lot more resiliency. When we're getting a heavy load, we can expand. Even currently, we have the ability to expand slightly but moving into containers will give us even more capability. We've chosen Red Hat as our platform. Red Hat has done well enough for us, and that's the platform that we're moving to with containers.
At this point, I would rate it an eight out of ten because there's always room for improvement. I don't feel that there's a perfect OS. I would even rate Windows as a seven. There's definitely room for improvement, and with Red Hat being one of the larger targets out there for hackers and people, there are always issues coming up.
*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
