As companies look to contain the costs associated with their IT infrastructures, it is understandable that they would investigate deploying CentOS as their enterprise Linux environment. The notion of deploying an “enterprise-class” Linux for free and supporting it yourself can sound very compelling to any IT depart- ment that is dealing with budgetary pressures. While a well-trained and well-staffed technical team may be capable of deploying and managing a CentOS installation, there are risks and limitations in deploying CentOS in today’s enterprise environment. These challenges are not something that training and staffing can resolve.
What a Red Hat subscription delivers versus what risks and added duties you have to accept when you choose to deploy CentOS.
Vendor versus community project
Red Hat has been in the Linux business since 1993 and is the No. 1 commercial enterprise Linux vendor, with more than $700 million in revenue and more than 3,500 employees worldwide. Red Hat is listed on the S&P 500, and Red Hat Enterprise Linux is trusted to power millions of servers, from simple websites and blogs to many of the world’s stock exchanges and highly secure, mission-critical systems for governments.
Red Hat has achieved this success by acting as a catalyst between the open source development community, customers, and hardware and software vendors to deliver a true enterprise platform. Red Hat makes this platform available to its customers through its comprehensive and affordable subscription model. Red Hat Enterprise Linux subscriptions deliver exceptional value by ensuring that customers have access not only to the platform and maintenance, but also to Red Hat’s knowledgebase, expertise, and support throughout the entire lifecycle of their IT infrastructure.
By contrast, CentOS is an open source project — not a company. A dozen or so volunteers download and repackage Red Hat Enterprise Linux and make it available for those individuals who have the expertise to install, operate, and maintain the components of a Linux distribution themselves. Since CentOS is produced by volunteers who have day jobs and personal lives, delivery of new versions of CentOS and binaries can be unpredictable. There have been documented occurrences of CentOS production and testing coming to a halt while the team dealt with non-technical issues around team dynamics and organization.
CentOS is not a legal corporate entity. CentOS sells no products and offers no warranties; they have no contractual obligations that are normally associated with a commercial vendor.
The CentOS project assumes no liability for the code they produce and distribute, nor do they indemnify their users against legal action for use of their software. Red Hat Enterprise Linux subscribers are automatically eligible for Red Hat’s intellectual property assurance program, which provides some safe- guards in the event of an intellectual property infringement claim while you have a Red Hat subscription.
Creation versus derivation
Even the CentOS team will tell you that they derive CentOS from Red Hat Enterprise Linux, meaning that they use most, but not, all of Red Hat Enterprise Linux’s source code, and they assemble the binaries in their own build environment. The result is a Linux distribution that is different from Red Hat Enterprise Linux, yet dependent on the availability of Red Hat Enterprise Linux source code. That means new security features, utilities, or updates that enable new applications or enable new hardware won’t be delivered in CentOS until sometime after they are delivered in Red Hat Enterprise Linux and published as source by Red Hat.
The time lag between updates could leave you vulnerable to online attacks longer or unable to leverage the latest advances in hardware. The CentOS team’s stated target goal is to release new versions of CentOS within four weeks of a Red Hat Enterprise Linux release. Sometimes they do better than that, but in the case of Red Hat Enterprise Linux 6, CentOS is behind by more than two months. Deciding to deploy CentOS means deciding to be behind the curve in matters of security and technology.
A security team versus a security forum
Red Hat’s industry-leading Security Response Team works with our customers, partners, security watchdog groups, and the global open source community to identify security vulnerabilities. Red Hat provides fixes immediately as they become available and tested. For example, with Red Hat Enterprise Linux 5, from the day it was generally available until the release of Red Hat Enterprise Linux 5.6, Red Hat had fixes for 97% of critical security issues for its customers within a day of them being publicly reported.
CentOS users have the option of sending private emails to the team to report security issues and concerns or to seek help for their issues in the CentOS online forums. But because CentOS is derived from Red Hat Enterprise Linux sources, the CentOS team waits for Red Hat to find, fix, and publish security updates before they build and distribute a corresponding CentOS version. This leaves CentOS users vulnerable to security breaches in their platforms for hours and sometimes days longer than Red Hat Enterprise Linux subscribers, who have access to security updates as soon as they are published.
Additionally, the CentOS Linux distribution has not achieved the security certification required for deployment in many government agencies and commercial enterprises.
Enterprise support versus community support
The most obvious difference between a deployment of CentOS and Red Hat Enterprise Linux is in how the two distributions are supported. Choosing to deploy CentOS means making a deliberate decision to adopt a self-support model. In this self-support model, your IT staff will have to not only configure, deploy, and manage your application delivery platforms but also spend time and effort supporting the underlying oper- ating system, CentOS. This includes monitoring the latest developments in Red Hat Enterprise Linux and verifying that the CentOS team is delivering that same content you need, as well as diagnosing and resolving mission-critical platform issues without the benefit of real-time support by Red Hat and its partners.
A Red Hat Enterprise Linux subscription guarantees that you will always be able to reach a Red Hat Certified Engineer to help you with your Red Hat Enterprise Linux questions. This means you can be confident that you will be working with someone who will understand your issues immediately. The best support involves making sure you have the right answer when you need it, through a reliable process, and our experienced support staff makes that happen every day.
We also realize that having as much knowledge and expertise available during the design and architectural phases of an IT project can greatly enhance the reliability of the deployed platform. That’s why our Red Hat Enterprise Linux subscriptions provide constant access to our technical reference materials, such as refer- ence architectures, case studies, and our online Knowledgebase. Access to these materials is provided via our customer portal 24 hours a day and in nine languages.
Extensive testing versus best-effort testing
Every release of Red Hat Enterprise Linux is tested extensively by Red Hat and its partners to ensure that your hardware and applications function the way their suppliers intended. CentOS binaries are not built with the same tools as Red Hat Enterprise Linux and do not undergo the same level of testing as Red Hat Enterprise Linux. The CentOS QA testing effort is limited to a small number of installation scenarios and upgrade and repository testing, as they do not have the manpower to test to see if their latest code breaks any applications.
The Red Hat relationships — key to your ongoing it platform success
Relationships with vendors you depend on
Red Hat maintains relationships with thousands of software and hardware partners to create innovative joint solutions. This enables Red Hat to not only help hardware vendors showcase the performance and reliability of their offerings, but also to ensure the performance of the applications your business relies on. In this way, Red Hat has created one of the largest technology certification ecosystems in the world, with more than 4,000 product certifications to date and more being added every day.
This means that if you encounter an operating system issue related to any certified hardware, we can work directly with that vendor to identify and resolve the problem and to create and distribute a binary patch to our customers.
Red Hat has the same collaborative relationships with most enterprise software vendors as well. Your commercial software may install on CentOS, but if it doesn’t perform as advertised, the vendor may require that you prove that the problem also exists on Red Hat Enterprise Linux, as very few software vendors guar- antee that their applications will run on CentOS.
Red Hat Enterprise Linux is a supported platform for almost all of the major enterprise applications. The close relationships we have with those software vendors enable us to collaborate with them to quickly resolve any negative interactions between the application and the operating system. We also collaborate with them as they develop their next-generation applications to ensure that those applications continue to function well in future releases.
Because the CentOS project has no formal relationship with any hardware vendors or software vendors, there is no escalation path between you, CentOS, and the Red Hat Enterprise Linux partner ecosystem to resolve technology interaction issues or make feature requests that involve the OS.
A collaboRative Relationship with you
You can make your IT staff more efficient by simplifying their support duties and providing them with the information and expertise that can help them plan and build for the future, keeping their daily IT operations running smoothly.
Deploying CentOS means self-support or no support. Self-support can mean investing in more technology expertise than you need; the no-support option means accepting potentially costly risks. A Red Hat Enterprise Linux subscription enables that increased efficiency by providing your IT staff with access to the knowledge and expertise to continually optimize your IT infrastructure.
Your subscription provides access to Red Hat’s extensive Knowledgebase, case studies, and reference archi- tectures, which are examples of real-world deployments you can customize. Remember, you don’t have to wait until you have a problem before you interact with Red Hat — you can take advantage of Red Hat’s exper- tise regardless of where you are in your deployment lifecycle. We understand that software deployments done correctly in the first place need less support during operation.
Red Hat’s customer portal https://access.redhat.com provides simple, integrated access to all of the features of your subscription. Through a web-based interface, you can manage your subscriptions, access product and solution knowledge specific to your environment, engage with Red Hat and our partners, and find technical content to help you learn how to get the most from your Red Hat solutions.
Company versus community Project
While CentOS meets the needs of its user community, enterprise IT should not rely on it. Red Hat is a publicly traded, S&P 500 company that creates value for customers by delivering to you the software, support, and expertise you need to run a complete enterprise IT infrastructure that powers your business both today and in the future.
With Red Hat Enterprise Linux, you get the most secure, reliable, flexible, and powerful distribution of Linux available for businesses, backed up by the leading open source vendor in the world, not a volunteer- supported project.
And remember, Red Hat Enterprise Linux subscriptions are also very affordable. You can purchase subscrip- tions for 200 servers for as little as $60K. This can actually be far less expensive than “free” CentOS when you consider the personnel and productivity costs incurred while you wait for patches and upgrades.
