Red Hat Enterprise Linux 10: An AI-Driven, Quantum-Ready Platform

BOSTON — At its annual Red Hat Summit, Red Hat launched Red Hat Enterprise Linux 10 (RHEL 10), positioning the latest iteration of its flagship operating system as the foundation for its next generation of hybrid cloud and AI-powered enterprise IT.

Like almost every company today, Red Hat CEO Matt Hicks praised AI for what will bring to its programs. Unlike, say, AI-enabled pencil sharpeners, Red Hat is actually delivering useful functionality with its AI offerings. 

As Hicks said, “AI will make Linux admin life better.” How? With the introduction of Red Hat Enterprise Linux Lightspeed. This new feature integrates generative AI (GenAI) directly into the platform, offering context-aware guidance and actionable recommendations through a natural language interface. 

Lightspeed, a New Shell

When Red Hat says “directly,” it means right into the Linux shell itself. With Lightspeed, sysadmins can ask for help with shell commands and scripts. So, for example, if you want to finally perfect an age-old backup or restore script, Lightspeed can work alongside you to clean it up for once and for all. Or, say you’re a new sysadmin, you can also use the optional AI-powered command line assistant to find the specific command and its appropriate syntax for your particular problem.

Red Hat has done this because, according to a Red Hat-sponsored IDC study, The business value of standardizing on Red Hat Enterprise Linux, “organizations [are] struggling to hire the Linux skill sets they need to operate and support their expanding fleet of distributions, which opens them up to further risk around security, compliance, and application downtime.”

Beyond the marriage of AI and Linux administration, RHEL 10 also introduces National Institute of Standards and Technology (NIST) post-quantum cryptography standards. RHEL is the first Linux distro to incorporate quantum-resistant algorithms. The point is that Red Hat wants to enable you to protect organizations from emerging threats such as “harvest now, decrypt later” attacks and help customers meet evolving regulatory requirements. In short, RHEL is the first post-quantum cryptographic Linux. 

Immutable Linux

With RHEL 10, Red Hat introduces “image mode.” This is essentially an immutable Linux. Image model has been a long time coming. With this new model, Red Hat delivers RHEL as a bootable container image, which you work with using container-native tools and workflows. In it, the core programs and filesystems are read-only at runtime. Changes to the OS require building and deploying a new image, followed by a reboot.

While immutable Linux distros, such as Fedora CoreOS, are common, RHEL is the first major server Linux operating system to move to the immutable model. Grey-haired Linux admins who cut their teeth on shell scripts and Cockpit may not be crazy about this move. Red Hat assures its users that this approach unifies the build, deployment and management of both operating systems and applications. This shift minimizes configuration drift and enables IT teams to manage their entire infrastructure with consistent tools and workflows, including containerized apps and their underlying platforms.

Ashesh Badani, Red Hat’s senior VP and chief product officer, explained in an interview that, “patching is something that every sysadmin does and issues always crop up, which lead to deviations from the desired system, and that’s when we end up with drift. Being able to manage that drift is a huge pain point for our customers. So being able to introduce image mode for RHEL is really being that concept of containers, and being able to manage an operating system as a container is a huge boost.”

Salesforce software architect Anish Bhatt praised the new image mode: “It has brought stability to our environments, reducing configuration drift and enabling a more consistent deployment experience. Image mode is a meaningful step towards simplifying cloud-native application development and IT operations in a single pipeline.”

To help both old and new RHEL admins make the move, the latest version of Red Hat Insights, the platform’s analytics engine, now offers image builder package recommendations and enhanced planning tools. Insights helps you to make more informed decisions at build time.

Under the hood, RHEL uses the Linux kernel version 6.11.0 as its baseline. This is a big jump from RHEL 9’s 5.14 kernel. For those wanting a still newer kernel, CentOS Stream is now based on Linux 6.12.

Red Hat Security

There are some other changes that admins must be aware of. The biggest to my mind is that newly created users will have administrative privileges by default. No! The very idea makes me twitch. Fortunately, you can turn this option off.

In a related change, with the new sudo RHEL system role, you can consistently manage sudo configuration at scale across your RHEL systems. That I’m fine with. 

On the security front, RHEL 10 OpenSSL TLS toolkit introduces creation of FIPS-compliant Public-Key Cryptography Standards (PKCS) #12 files, the pkcs11-provider for using hardware tokens, and many additional improvements. Red Hat has also updated the OpenSSH suite in version 9.8, which provides many fixes and improvements over RHEL 9’s OpenSSH 8.7. Finally, the SELinux userspace release 3.7 introduces a new option for audit2allow, providing CIL output mode, Wayland support for the SELinux sandbox and other improvements.

One security change I suspect many companies will find appealing is that Red Hat is offering its customers a new way to customize support for common vulnerabilities and exposure (CVE) fixes. With the Security Select Add-On, subscribers can purchase 10 CVE fixes of their choice. So if you think there’s a security hole you find to be seriously troubling, even if no one else does, you can have Red Hat fix it for you. Red Hat believes this will be particularly useful for those in highly regulated sectors like healthcare, finance, telecommunications and government. 

The RHEL Security Select Add-on will be available to customers with subscriptions that include RHEL Extended Life Cycle Support or RHEL Extended Update Support starting Q3 CY 2025. In other words, if there’s an old, annoying CVE in an otherwise out-of-date RHEL getting on your nerves, Red Hat will fix that bug for you, too. 

Ryan Caskey, IDC research manager, noted the challenge of maintaining diverse Linux environments, stating that RHEL 10 “aims to establish a robust, foundational layer for both current and future IT strategic initiatives.”

Needless to say, RHEL 10 also includes updated languages and toolkits for your developers. 

The new RHEL also comes with pre-tuned, fully supported RHEL images for AWS, Google Cloud, and Microsoft Azure. RHEL is also finally fully supported on Oracle Cloud Infrastructure (OCI). 

Besides the usual x86, 64-bit ARM, IBM POWER and IBM Z architectures, RHEL 10 is also available as a developer preview for the RISC-V architecture, in collaboration with SiFive, targeting early adopters of the HiFive P550 platform.

As always, RHEL 10 is now available through the Red Hat Customer Portal. Developers can access RHEL 10 at no cost via Red Hat’s Developer programs. So, whether you’re already a RHEL customer or just want to kick its tires, RHEL 10 is ready for you.