Prepare for CentOS Linux 7 EOL: Transitioning to Red Hat

Braden Stringer:

Welcome everyone to today’s webinar. We’re really excited to be presenting today on preparing for CentOS Linux 7 end of life and transitioning to Red Hat. We’re really grateful for all of you who’ve decided to join us. We’re especially grateful to Rebecca for presenting. We have a couple of quick housekeeping items to go over before we get into the, to the content here.

So first off is this is being recorded and we’ll share that recording with you. So keep an eye out for that. Within the next couple of days, we’ll send an email. With the link for you. And then the 2nd thing is we do, we highly encourage participation. So if you have questions, especially, please throw those into the little Q and a panel, which you’ll see at the bottom of your screen.

If you click on that it’ll pop up and you can ask questions and we’re going to do our best to answer all the questions today. If they’re not answered during the presentation itself, we do have time at the end where we’ll go through and we’ll review those and we’ll answer those for you. for your attention.

But those are the announcements we have. So we’ll go ahead and get it started. I’m super pleased to introduce Rebecca to everyone. I love working with Rebecca. It’s the best. She’s so great. She’s got a ton of experience. She’s been here at angle point for just a little while now, and it’s been a blast.

She is our resident red hat expert though, and we’re so excited to have her. So I’ll go ahead and turn it over to you, Rebecca, and we’ll get started.

Rebecca Horton:

Thank you. Thank you. Yeah, no, it’s been it’s been, I think four months officially since I joined and it has been just the most wonderful experience. And I’m really excited to work with the whole angle point team and a whole new set of customers in an area that I’ve been super passionate about for many years.

And a little bit about me and why I know about red hat, back in, I would say probably about 2014, 2015 I’d been in, in the SAM and licensing and compliance industry for about, I guess I would say about 10 years already. And I started hearing about open source and open source hygiene and what that meant.

And I knew from working with SAM customers. Whenever we would create a document that would be like the policy document, it would always state something along the lines of, proprietary software vendors, blah, blah, blah, blah. Everything except in house developed open source software. There’s always that phrase in there, except.

Except in house open source developed software. I was why, like, why is that excluded? And then I started learning about the risks around open source software and how it actually underpins so many vital systems that exist in the world, like banking systems, airline booking systems all different kinds of travel finance.

Transportation systems, um, basically every website in the world, has open source components to it. And so I, I really got interested in understanding more about open source, and then I went to work actually for Red Hat back in 2000 and I think 16, it was worked as the EMEA.

Director for their subscription education awareness program. And that’s why I learned a ton more about Red Hat specifically. What are the contractual rules, rights, grants, restrictions? I learned tons about the GPL and what is open source? And what are vendors like Red Hat actually selling?

Because they’re this, the code is free, right? The open source is free. So what are they selling? I asked that probably for nine months before I started getting answers that I really connected with. So what I love doing is sharing with customers about their own, talking about open source talking about why it’s important, helping them to understand again, what their contractual requirements are.

Rules, rights, grants and restrictions are and how they can leverage just like what their proprietary vendors the most value. So just a quick agenda where we do have a couple of poll questions. We’re going to do. I’m going to talk a little bit about what is sent us and what’s happening. What is it going end of what’s going end of life.

What is the community some of the risks and considerations? Why is this important? How can you actually action? Some of these things? How do you discover and manage your sent us regardless of whether you are going to migrate to red hat or. One of the other open source Linux distribution support providers, and then we should have a little bit of time for some Q and a after that.

The 1st poll question that we have is, when is the last time you went through a CentOS self audit, which a self audit is really around. How do you discover what’s been distributed what the various versions are and what you’re. Okay. potential support options are. Again, CentOS is free. It’s open source.

Nobody quote unquote provides or sells CentOS, but there are vendors who do sell support wrapped around CentOS. What you need to do is understand where is it? What am I using? What support do I need? If any, is it in test? Is it in dev? Is it in prod? All of that kind of stuff. We do self audits just like we do with our proprietary vendors, where we understand what our position is against the contractual requirements.

So we’ll give you a second just to go ahead and pop those up

to are we going to show the results? Yep. There we go. Perfect. Perfect. Perfect. Okay. So looks like less than 12 months. Not very many 12 to 24 makes sense. Don’t know. That is a very common statement as well. Yeah, the 12 to 24 doesn’t surprise me because I think it was about 12 months ago when Central’s version 8.

When end of life, so probably a lot of organizations took a look at Santos eight, and now seven is it’s going to end of life. oNe of the common questions that I get is, what is open source? What is the community? And where does sent us? Fit into to all of this sort of community and all of that.

The community is literally millions. It’s more than just a million. It’s millions of little projects that exist out in the cloud, out in the ether where people are developing. Code. Now, for anybody that knows me, if you’re on this call, you’ve spoken to me at least once, I’ve probably mentioned I’m not technical.

So for me, the way I think about open source code is I liken it to when I was very young many moons ago, and I would play with Lego. And our Lego table had all of these bins of all the different shapes and colors and types of Lego pieces. That is the community. Okay, people are creating new Lego pieces, but they’re also taking Lego pieces and building them into different things.

You might build a car, you might build a house, you might build a plane, you might build a robot, you might build a rocket. So you can take those Lego pieces, you can take that code. And you can compile it into really whatever you want. Now, what happens in the first layer, the first downstream or up, sorry, upstream layer of the community is where you then start having packaged open source.

So that’s where we get things like CentOS and you get things like Atomic and FeedHenry and Fedora and Foreman and previously Ansible was part of that. And then Red Hat bought them and turned it into an upstream product. So what we’re talking about in that sort of second layer, outside of the, all the little cloud in the middle is pre packaged, pre compiled houses, rockets.

Cars airplanes that you can go out and you can take advantage of. Okay. Through the community through various distribution resources. Now, you can buy support for these products. Okay. Usually they’re done by some business that has developed an expertise in. JaVa or CentOS or Apache or whatever it might be.

And they say, okay, we’re going to support you in your technical journey. Using these pre packaged, pre compiled, pre made Lego bits and pieces of open source. Then if we go one more level out, this is where you have organizations like Red Hat, also IBM Linux, Oracle Linux, Oracle Java Red Hat, JBoss.

Ansible, Red Hat Ansible. Now what you’ve got is you’ve got vendors who not only compile but also then sell their own support. So they’re doing their own compilation, they’re building their own versions of those cars and those robots and those rockets, and they’re also selling support wrapped around it.

So the big difference between what you’re getting in that First layer of compiled software. And the second layer is a access to support direct from the person who’s compiling it and B it’s typically going to be what we would call enterprise ready, meaning it’s been hardened. It’s been tested. It’s secure, it’s safe, and it is ready for use in an enterprise environment.

So when we talk about and think about open source, what we need to remember is open source really is what is driving innovation in the I. T. industry right now. If you’ve heard of edge computing, if you’ve heard of a, I, if you’ve heard of containers, those are all open source. Okay. Those are all open source technologies, which depending on where you’re getting and who you’re getting it from, for example, chat is.

Free or at least it was now somebody is charging for chat GPT, but it is open source. Okay. And it is truly foundational to every organization’s transformation. As I mentioned, critical systems are built on open source websites. applications phone apps, web apps are all built. Some components somewhere in there is embedded open source.

And so when you think about the potential risks, as well as the importance of open source to an organization and its ability to operate and its ability to generate Revenue it is genuinely foundational and quite often the biggest area where organizations are trying to transform is in those systems that are the closest to their customers.

A lot of organizations are depending on where you sit in the organization don’t realize that they have so much open source running. Okay. I suspect this number is actually higher than just 78 percent of open sources sorry, enterprises run on open source. Run open source. I would actually hazard a guess that it’s 100%.

The question is, do you know it? And 65 percent of enterprise organizations are actually contributing back into the community. Okay. That, that graphic that we had, it had arrows going both ways, right? Red Hat is actually the single largest contributor to the Linux Foundation the CentOS product so a lot of businesses actually contribute back into the community and help develop and further open source development.

Another quick poll question here when do you plan to complete your migration from CentOS to RHEL or Some other vendor that supports Linux distribution. So rel is not your only option. Let’s just make that very clear. There’s lots of different versions of supported vendor provided supported Linux.

I mentioned, Oracle Linux, IBM Linux Suze so lots of different options out there. But a lot of organizations are. Recognizing the need to move off of Santos. Number 1, it’s no longer supported in any way, meaning there’s no further development of Santos 8, which I think was about 2 years ago.

And now Santos 7, which is at the end of June, which we’ve got lots more information on so many organizations are realizing, okay, we’ve got to get out of it. We’ve got to get off of it. And I’ll talk a little bit about why they need to get off of it, because there’s a couple of different triggers that might be driving your organization or other organizations as to why they need to get off of the CentOS distribution packages.

So again 12 to 24 months and I don’t know, yeah, a very common I would expect a lot of organizations don’t really have a plan quite yet. Open source is something that either doesn’t make it out to procurement teams or Sam teams. It quite often stays with your dev or DevOps. So depending on what your role is here on this call today you might not be aware and that’s okay.

But the idea is you can actually start a conversation and say, Hey guys, what are we doing about this? Because there’s very likely going to be a commercial impact. Whereas before CentOS was free now, probably going to have some paid requirements. So as far as risks and requirements for end of life one of the big things with regards to products like CentOS going end of life is going to be vulnerabilities.

What we see happen quite often is when any product, not just open source, but especially open source, when open source goes end of life. That is when we see a significant spike in threat vulnerabilities being leveraged by various nefarious people, right? They know that something is now end of life.

They know that there are going to be no more. Patches, bug fixes, security updates, all of those kinds of things happening. And so they will dig deep into that code and look for every potential vulnerability that they can find. And that then becomes the new hot target for open source code. Keeping in mind, there is a statistic out there, and I can’t remember where I heard it, probably at an open source event, but 60 percent of all security attacks are actually targeted at open source technology.

And I think we all remember a few years ago, gosh, about 5 or 6 now, where there was a significant, let’s call them financial organization that was subject to a huge data breach. That was targeted at open source. So it’s something to really consider. So even if you don’t know what’s happening with your plans around CentOS or really any of your open source management practices, a great place to start is just asking questions and especially of the security team and also the DevOps team.

How are we going to start managing this new risk? It’s just a great conversation starter to have and it can lead to lots of different other conversations, but ultimately it’s about building a plan and making sure that you get off of the things that become a risk to you and hopefully get onto things that will reduce or mitigate that risk.

So CentOS end of life In January 2014, Red Hat I guess you could say, took over the CentOS project. The ownership of the CentOS trademarks were transferred to Red Hat. So you, I guess you could say they bought it. All right. In December of 2020, the CentOS project announced Which is really red hat announced that distribution would be discontinued at the end of 2021 to focus on sento stream.

Okay. Now, again, I’m not technical. I don’t know the difference between sent us the regular Linux and sent us stream. I couldn’t tell you, so please don’t ask that in the questions. It’s something I’ve been meaning to Google and look up so that I can at least explain high level. But there must be something different in the way that it’s developed a new type of operating system.

I’m sure there’s a reason for it, but I don’t know what that reason is. So December 2021, CentOS 8 went end of life and in June 2024, CentOS 7 goes end of life. sO those are the dates that we’re currently shooting for right now. The actual date is June 30th, 2024. So as of June 30th, there will be no more patches or bug fixes or security updates released by CentOS.

The CentOS project, AKA Red Hat. So what does that mean? That means that you’re going to need to do something about it. Also on this date, June 30th, coincidentally, if you believe in those types of things Red Hat Enterprise Linux 7 is going to end of regular support. Okay. And I’ll talk a little bit more about what’s the difference between regular support and extended support.

ELS extended life support, those kinds of things. But if you’re on Red Hat Enterprise Linux seven and you need to continue to access those patches fixes, they will only be available if you have a subscription for ELS. Okay, there will be no new product development. On Red Hat Enterprise Linux 7.

So there’s no, I guess you could say upgrades. It’s just patches and fixes. Okay they will continue to do upgrades on version 8, version 9 and version 10 whenever it’s coming out. Usually we see Red Hat has about 3 versions that are. I guess full support, you could say at any given time. So I suspect that if it hasn’t been announced already, we will soon see version 10 coming out.

So if you’re on CentOS 7 and you want to keep getting support, Red Hat Is one of the ways, as I mentioned, that you can get support and you can get phone support as well as access to ongoing patches and fixes. The cool thing is, because CentOS is the downstream version of Red Hat Enterprise Linux 7.

It’s really easy to migrate, relatively speaking. Again, I’m not technical. What we see most often is organizations will actually have heavy use of CentOS in their test dev environment. The reason being is because it is virtually exactly the same as the Red Hat version of that product. Okay, so if you’re developing on Red Hat Enterprise Linux 7, you can essentially put RHEL into your sandbox environment, and you can put your applications that you’re building on top of it or whatever you were doing with that instance of RHEL and and Do some, I would say, brief testing in your sandbox or pre prod and then move it very quickly into prod.

The reason that organizations would do this is because there was no requirement for you to have any kind of support. On you didn’t have to have support if you wanted it, you could have it and support being phone support through some sort of 3rd party that would help you with standardized and known.

Fix issues and bugs and whatnot. Or you could just go to the free community that we talked about and get your support through them. wIth the ELS though, in order to continue to get those fixes and patches, you have to add ELS to your re subscription. For example, if you needed that support in your pre.

pre prod, or sorry, before pre prod, so your test dev UAT, if you needed that support, okay and you were running Red Hat Enterprise Linux, not only did you have to have a Red Hat Enterprise Linux subscription, but if you wanted to continue to get those patches updates and fixes, you would also have to purchase for it an ELS subscription.

Now, this is just happening, where 7 is moving into ELS, but you will have seen this with previous versions around you. Version 4, version 5, version 6. We’ve gone through this cycle many times before. So ELS is available currently for version 6 and version 7. Many organizations are already starting to plan what they need to add ELS onto for their Red Hat Enterprise.

Linux version seven, are they going to add ELS or are they going to upgrade to version eight? That’s really the big question that you need to ask yourself. Just as a reference, ELS is no longer available for Red Hat Enterprise Linux 3 or 4. You also don’t need a subscription for those, which is great news.

I’ve always, it was one of my biggest frustrations when I was there is when I was there, they still required a subscription for version 4. And I always kept asking the question, why are we requiring a subscription for version 4 when we provide no value for it? You can’t phone in, you’re not getting patches, bug fixes, updates, nothing.

It’s literally just running and it’s so legacy, you just can’t touch it. So it was one of my biggest frustrations as to why are we still charging customers for that? Never really got a good answer. So how would you buy ELS if you did want or need to migrate over to version 7 or version 6 and the other old legacy versions that will have ELS available?

First of all, it’s an optional add on. So if you are familiar with Red Hat right now, you know that there’s something called the all or nothing rule, which says if you have one subscription of Red Hat, you have to cover all your instances of Red Hat with a subscription. Add on products do not follow that rule.

Okay. So if you’ve got, for example, an environment that is currently CentOS 7, you’re going to migrate it to RHEL 7. Which, like I said, is relatively easy to do. You can take a look at that environment and go, okay, I’ve got, 80 percent of what I’m moving to rail. 7 is actually test of and it’s for, of that 80 percent 50 percent is for critical systems.

50 percent is for non critical systems. You could say, I’m going to take that 50 percent that’s for my critical systems in my test dev environment and just have ELS on that. Because those are the systems that I need to get my patches, my bug fixes, my updates on. Anything that’s in prod, same thing. Is it a critical system?

Do I have to get those patches update, sorry, not updates, patches and fixes, the security fixes? And that question is individual to every organization. There’s no easy answer. And quite often what it ties back to is what are your business operational rules? And in particular, what are your governance rules?

A little bit more about how long the ELS is going to be available for. So you can see ELS for version six retires on the same day that Sorry, version 7 starts. So again, not a coincidence. So if you are receiving or have received an email with regards to this, all the dates are, you can still go to the Red Hat Errata system and take a look at all of these dates.

Now, the interesting thing with ELS. This is oops, sorry went too many. So we mentioned it’s, it doesn’t have to follow the all or nothing rule, but what it does do is you, they have to, they backdate it if you add it after the fact. Okay. So let’s say hypothetically speaking you move a bunch of stuff to RHEL 7.

You decide not to get the ELS. You’re like, yeah, no, I’m good. Let’s say six months from now, you go, Ooh, shoot, there’s a really big security patch that I need access to, big threat has been discovered. I got to get that. REd Hat has a script subscription model. Most subscriptions will start on the day that you purchase or distribute that that software, but because ELS will have previously released patches and fixes.

and they are quite often iterative, meaning you have to build onto them. You can’t skip a release. You actually, they will ask you to backdate that ELS right back to June 30th, 2024. Okay. So it is something to keep in mind. Do expect that if you do make a decision not to buy ELS, whether it’s for 7 or in the future 8 or any of the other versions, that is a bit of a gotcha that you might get caught up on.

Just a little bit about what you get access to. I’m not going to go through this whole thing everybody will get access to the the recording, so you can take a look at this, but you can also find this graphic on the Red Hat website. Okay. If you do have access to the Red Hat website, meaning you have a subscription, or you have some sort of membership you can get tons and tons of great information.

If you don’t have an actual subscription, or whether it’s a dev subscription or a paid subscription you’ll find that you’ll probably get to a certain point where you can look at certain information and then you get a wall put up and they want you to have, at the very least, just sign up for an individual free developer subscription.

That’s okay. That’ll work for you. And that will allow you access to information. Just be careful that you don’t use that information in the course of your enterprise operations. Okay. So don’t take any of that information in code and use it in your operations. That would be in it’s against the rules for the individual developer subscription.

But if you just, if you’re like me and you just like to do research, If you’re a SAM person and you just want to look stuff up, not a problem. You can do that with a free developer subscription. So as far as Discovery goes there’s lots of different ways that you can get a handle on, what do I have out there?

And this is for CentOS, this is for RHEL so Red Hat, this is for SUSE, right? This is a sort of a graphic that we use with our customers to talk to them about what I call the quality, completeness, and coverage of your Discovery data. Okay manual reporting where you phone someone up and go, Hey, Bob, how many rel do you have deployed?

And he goes in and he looks something up. It’s horrible. It’s painful. And quite often it’s inaccurate. And it times out, right? Meaning, By the time you’re done calling everybody, you’ve got to start all over again, because the first person you talked to was a year ago, and it’s probably all changed. So manual reporting, not ideal.

The next opportunity is around having a CMDB or some sort of automated discovery tools. CMDBs, Can be great. They can also be challenging in that. They don’t always discover the right things that need to be discovered. You can get a lot of CIs created as opposed to being able to identify, what is the red hat or Santos bundle of products you’ll find all of its individual components, but not necessarily be able to compile that into a product for the purposes of tracking management and whatnot.

So better options would be if you’re using satellite in some way, or in your VMware OpenShift environment then that’s a great way to manage those distributions and help identify and discover those. The best way is a tool called Red Hat Discovery. This is a free discovery tool. If you own a single subscription of Red Hat Enterprise Linux, you have free access to this.

Or Ansible, which is another Red Hat technology. As far as managing patches, updates, fixes the full life cycle is broken into three phases. When you move from ELS, you then get into EU s, which is extended update support. It doesn’t follow the same, or sorry. Sorry, it does not follow the all or nothing rule, but you have to be careful when you’re applying patches, fixes and updates that you get from Red Hat to make sure that you’re not applying it to other areas that are not Red Hat instances, like CentOS, sorry, like SUSE Linux or your Oracle Linux products.

When you’re migrating your subscriptions, it is important to consider the following four areas. What is a subscription? What do you need? Okay. What support levels should be used? What are the rules, right? Grants and restrict and it should say restrictions and how do you optimize those? So I’m just going to go through this a little bit quickly because I’m just cognizant of time guys.

Sorry. I did a lot of talking at the beginning. Essentially a subscription is. Access to the Red Hat prepackaged software and support that could be phone support could be 24 by 7 could be 9 by 5. And then it’s also support through their website. Okay, you get a couple of other benefits and things, but the main value is going to be a the access to the software is prepackaged and pre compiled by Red Hat.

And that support that you will get um, there’s various support options. Again, it’s going to depend really on what is the level of support that you and your business operational rules require. So I mentioned their standard support. There’s premium standard is nine by five premium is 24 by seven. There is a self support option, but that is very limited use case.

Be very careful about buying that because you can get offside really fast with that. A little gotcha to remember is that typically support is follow the sun, or sorry, it’s not follow the sun. So if you buy subscriptions in North America and distribute them in Europe or APAC, you need to be very careful because if you’re just buying standard support 9×5, they’re going to measure you on standard support 9×5 in North America where it was deployed, unless you have a really long argument with them.

When you’re migrating to Red Hat there’s the all or nothing rule. They do have the right to review or audit. Okay, that’s the group that I used to run, Subscription Education and Awareness. We educated people on how to manage their subscriptions, but if and where necessary, we also did reviews. tHey have done a lot of growth in that area as far as goals around backdating IBM, in my opinion, sorry, in my opinion, this is an IBM influence.

That is coming through. anD it’s important to really take a look and make sure that you’re optimizing your red hat environment. If you’re using it in the cloud, there’s lots of considerations to take there. You want to make sure that you create an effective entitlement. Report or position you want to have an effective license, or in this case, subscription position.

So that’s comparing what you’re entitled to your actual consumption. And then you want to try to look for opportunities to optimize that. Where can you use dev instead of prod? Where can you use the high density virtualization versus the sort of typical and standard subscription rights?

So sorry, guys. Again, we ran a little bit over there. My apologies. I think do we have a couple of other question? foR the exception for all or nothing on extended life cycle added, is there any formal documentation or it’s a gray area? I do believe so. There’s 2 resources that I strongly recommend that you access and I save it on my desktop.

Every single computer I own, it’s saved on there’s if you Google. Red hat. Enterprise agreement, go to the enterprise agreement, and that’s going to be your big T’s and C’s document. The other document where you can find information about the all or nothing rule, as well as also the add on rules. And that it doesn’t require all or nothing is in the appendix 1.

Okay, I do believe in the appendix 1 that it does very specifically state that add ons can be applied ad hoc as needed. There isn’t a, an all or nothing rule with add ons. And that is our only question. So I think that is it. Thanks guys for staying late. Glad you were able to attend. If you do have any questions, please do feel free to reach out to me.

You can connect with me on LinkedIn. You can also reach AnglePoint at info at anglepoint. com. And if you have something to talk about just put in there that you’d like to talk to Rebecca or the Red Hat team and we’ll make sure we get connected. So thank you everybody again. And I think that’s it.

Braden Stringer:

Thank you. Thanks, Rebecca.