Linux vendor Red Hat has announced up to four years of extended support for Red Hat Enterprise Linux 7, further prolonging the usability for customers that are unable to upgrade.
Red Hat releases usually follow a ten-year life cycle. During the first five years, customers receive full support “including bug fixes, security patches, software enhancements, hardware enablement and backports”.
The second five years is maintenance support, which means patches and bug fixes are released on an as-needed basis.
If, after ten years, an organization wishes to remain on that major release it is possible to pay for Extended Life Cycle Support (ELS). This had ensured security and bug fixes were received for two more years.
Red Hat has now doubled this to four years - so long as the organization is on RHEL 7.9.
“Compared to previous major releases, ELS for RHEL 7 (RHEL 7.9) expands the scope of security fixes by including updates that address Important CVEs,” said Red Hat.
The support also includes maintenance for Red Hat Enterprise Linux for SAP Solutions and Red Hat Enterprise Linux High Availability and Resilient Storage add-ons.
The company has also extended the ELS for RHEL 8 and 9 by three years. Both are currently fully supported - although the end of full support for RHEL 8 is due in 2024, with maintenance support ending in 2029.
Who is still using RHEL 7?
A Red Hat spokesperson said: “RHEL subscriptions aren't tied to a version number (when you buy a sub, you can choose any number of supported versions at install)”. As such, a definitive number is difficult to ascertain.
However, the company’s move indicates that there is sufficient demand to justify extending ELS for RHEL 7.
Quantifying the public vulnerability market
Read how the reporting of vulnerabilities is contributing to greater, comprehensive security
Enterprises using the operating system will often be reluctant to go through the upgrade and revalidation process unless there is a clear business case for doing so.
“Some IT shops may have mission-critical systems running RHEL 7 that simply cannot risk downtime for whatever reason, which makes any kind of upgrade too risky for them,” said Red Hat’s spokesperson.
"Others may have third-party or internal dependencies, like an application or service, that is only certified for or requires specific packages from a RHEL 7 version.
“Generally it's likely some combination of these factors that would lead an organization to not upgrade and instead opt for ELS.”
In addition, going through such an upgrade raises the possibility of customers considering alternative vendors.
One observer wrote that “while I’m not enthused about keeping RHEL 7 in prod for 14 years, at least we’ll get security fixes”.
Red Hat’s original support period could have been regarded as a little short by some onlookers.
Rival SUSE also has a ten-year product life cycle for recent versions of SUSE Linux Enterprise, followed by three years of Long Term Service Pack Support (LTSS).
This means that SLES 12, launched in 2014 - the same year as RHEL 7 - will receive support and maintenance until 2027.
Enterprises preferring to stay with legacy operating systems and applications has long been an issue for vendors.
Microsoft called a halt to Enterprise Security Updates (ESU) for Windows Server 2008 and Windows Server 2008 R2 after three years in 2023, although workloads hosted on Azure virtual machines have until 2024.
Windows Server 2012 and Windows Server 2012 R2 have three years of extended security updates, ending in 2026 regardless of location.
CentOS 7 reaches end of life in 2024
“This does not apply to CentOS Linux 7 - ELS is purely for RHEL 7 customers,” said the spokesperson.
ELS source is not usually published after the EOL date for RHEL versions, meaning that a year of support - until 30 June 2024 - remains for CentOS 7.
Once this point is reached, users will need to migrate to either CentOS Stream or consider an alternative distribution.
