CTE OS Support Guidelines
CipherTrust Transparent Encryption supports the latest TWO major versions of an OS, for example RedHat Enterprise Linux 7 & 8, at any given time. CipherTrust Transparent Encryption also supports the latest minor version (or Service Pack) of a major OS. Two examples are RedHat Enterprise Linux (RHEL) 7.9 and RHEL 8.4. Thales will qualify new kernel patches on the most recent minor or service pack version of an OS only. This mainly applies to Linux operating systems where kernel compatibility is critical. CipherTrust Transparent Encryption is generally compatible with new kernel patches for any OS, but Linux creates patches more frequently and there is a higher probability for incompatibility.
CipherTrust Transparent Encryption Compatibility Portal
The CipherTrust Transparent Encryption compatibility portal online compatibility portal lists all of the supported operating system kernels.
In addition, go to CTE Packages Repository to download a JSON file of all of the CTE supported kernels. Upload this file to your Key Manager to monitor agent compatibility. Request credentials to the packages repository from the Thales Support team.
OS Kernel Validation Process
Operating system vendors (especially Linux) release new kernel patches very frequently. Thales will automatically pick up these kernel patches, and test them with the latest version of CipherTrust Transparent Encryption. In the majority of cases, CipherTrust Transparent Encryption will not need an update to support a new kernel patch. Once validation is completed, Thales will announce kernel support with the current CipherTrust Transparent Encryption version, or release a new build. Keep in mind that Thales will test kernel patches from the latest service pack (or minor version) of the two most recent major OS versions. The compatibility matrices will be updated (including the JSON file version) with the new kernel support, and if a new build is required, it will be posted for download from the Thales repositories.
Extended Update or Long-Term Support Kernels
Thales does not regularly validate kernel patches from OS versions that have entered Extended Update (EUS) or long-term support phases. This is in keeping with the policy of supporting the latest two major, and the latest minor version, of an OS. However, OS vendors are required to patch vulnerabilities in their software even if the OS has gone into an extended support or long-term support phase of the lifecycle. They are frequently releasing new kernel patches to their customers on these extended support branches. For this reason, Thales will validate EUS kernels for RHEL and LTSS kernels for SUSE, on a case-by-case basis using a “one-off” (or manual) validation process.
The following tables contain information on the validation processes for the OS distributions:
RedHat Enterprise Linux Support
RHEL Release | Thales Release | Time frame for support (by vendor, from GA date) | Example | Comment |
---|---|---|---|---|
Major | Next major or service pack CTE release | 60 Business Days | RHEL 8 | Major OS releases typically include significant kernel enhancements, new features and file systems. |
Minor/Service Pack | Next major, service pack, or cumulative patch CTE release | 20 Business Days | RHEL 8.4 | OS Service pack or update releases do not include significant new features but on occasion break kernel binary compatibility. |
Critical kernel security patch | Next CTE release, any type | 4 Business Days | In exceptional cases, when more than 4 days are required, Thales will inform customers of the planned release date. | |
One-off EUS Kernel | Next CTE release, any type | 30 Business Days | Must have Product Management approval; contact Thales support to request a one-off validation. |
SUSE Linux Enterprise Server Support
Note
Thales does not generally support long-term service pack support kernels, (LTSS).
SUSE Linux Release | Thales Release | Time frame for support (by vendor, from GA date) | Example | Comment |
---|---|---|---|---|
Major | Next major or service pack CTE release | Up to 90 business days | SLES 15 | Major OS releases typically include significant kernel enhancements, new features and file systems. |
Minor/Service Pack | Next major, service pack, or cumulative patch CTE release | Up to 60 business days | SLES 15 SP1 | OS Service pack or update releases do not include significant new features but on occasion break kernel binary compatibility. |
Critical kernel security patch | Next CTE release, any type | Up to 4 business days | In exceptional cases, when more than 20 days are required, Thales will inform customers of the planned release date. | |
One-off LTSS kernel | Next CTE release, any type | Up to 30 business days | Must have Product Management approval; contact Thales support to request a one-off validation. |
Ubuntu Server Linux Support
Thales Ubuntu support includes an exception. Thales will support two kernel series on the latest two major versions: e.g., the GA kernel and the HWE (hardware enablement) kernel series.
Ubuntu Linux security patches often break compatibility, and require a new build of CTE. Thales will release a new build according to the SLA noted below. The “one-off” kernel validation process does not apply to Ubuntu.
Ubuntu Linux Release | Thales Release | Time frame for support (by vendor, from GA date) | Example | Comment |
---|---|---|---|---|
Major | Next major or service pack CTE release | Up to 90 business days | Ubuntu 20.04 | Major OS releases typically include significant kernel enhancements, new features and file systems. |
Minor/Service Pack | Next major, service pack, or cumulative patch CTE release | Up to 60 business days | Ubuntu 20.04.1 | OS Service pack do not include significant new features but on occasion break kernel binary compatibility. |
Critical kernel security patch | Next CTE release, any type | Up to 15 business days |
Windows Support
Thales supports both Windows Server and Windows Client versions. Check the CipherTrust Transparent Encryption compatibility portalfor the list of supported operating systems.
Windows Release | Thales Release | Time frame for support (from the time of GA by vendor) | Example | Comment |
---|---|---|---|---|
Major/Long-term servicing channel | Next major or service pack CTE release | Up to 90 business days | Windows 2019 | Windows long-term servicing channel releases typically include significant enhancements, new features and file systems. |
Semi-annual channel releases | Next major, service pack, or cumulative patch CTE release | Up to 60 business days | Semi-annual channel releases do not include significant new features, but on occasion break kernel compatibility. | |
Security, Cumulative Patches | N/A | N/A | Windows patches rarely break compatibility. No CTE update required. |
Note
CipherTrust Transparent Encryption Windows will drop support for Operating systems when end of support is announced by Microsoft for an Operating system.
AIX
AIX Release | Thales Release | Time frame for support (from the time of GA by vendor) | Example | Comment |
---|---|---|---|---|
Major | Next major or service pack CTE release | Up to 180 business days | AIX 8.1 | Major releases typically include significant kernel enhancements, new features and file systems. |
Technology Level | Next major, service pack, or cumulative patch CTE release | Up to 90 business days | AIX 7.2 TL1 | Technology Level releases do not include significant new features but on occasion break kernel binary compatibility. |
Kernel & Security patches or service pack for Technology Level | Next major, service pack, or cumulative patch CTE release | Up to 30 business days | AIX 7.2 TL1 SP5 | Kernel patches or TL SP typically do not break compatibility. When they do, Thales will release a new CTE patch. |