Subscribe to the feed

The Red Hat Enterprise Linux (RHEL) web console is a simplified web-based management tool that lets you manage many aspects of RHEL more efficiently. For more information on the web console and how to get started with it, refer to the Managing systems using the RHEL 9 web console documentation. 

RHEL versions 9.1 and 8.7 were released in November 2022, and included a number of new features and enhancements related to the web console that will be highlighted in this blog:

  • Support for system-wide cryptographic policies
  • Improved kernel live patching
  • Ability to edit custom firewall services
  • Support for pinning services to the top of the services list
  • Improvements to the diagnostic reports page
  • Improved performance monitoring functionality
  • Improved workflow when creating RHEL virtual machines
  • Support for Podman container health checks

Support for system-wide cryptographic policies

Configuring the core cryptographic subsystems included in RHEL can be complex, and administrators previously had to manually configure many different configuration files to implement their desired settings across the system. RHEL 8 introduced the ability to set a system-wide cryptographic policy that configures many of the core cryptographic subsystems included in RHEL.  

RHEL 8 and 9 include several predefined policies: DEFAULT, LEGACY, FUTURE and FIPS, which are explained further in the using system-wide cryptographic policies documentation.  

The web console was enhanced in RHEL 9.1 and 8.7 to now support viewing and changing the system-wide cryptographic policy.  

To configure this policy, go to the Overview page in the web console, and refer to the Configuration card, where you’ll see the currently configured crypto policy:

RHEL web console configuration card, with "Crypto policy" set to default and highlighted with a red box.

This system is currently using the Default policy, and you can change the policy by clicking on it, which will bring up the following screen:

RHEL web console "Change crypto policy" settings, with "Default" as active.

Note that the web console will reboot the system when changing the crypto policy.  

Improved kernel live patching 

RHEL supports kernel live patching, and this functionality was initially supported in the web console in RHEL 8.5 (for more information, see the Applying patches with kernel live patching in the web console documentation). To enable this feature (in RHEL 8.5 and later), navigate to the Software updates section of web console, and look for the option to enable kernel live patching:

RHEL web console "Settings" options with "Kernel live patching" set to disabled and highlighted with a red box.

When you enable kernel live patching in the web console, the currently-available kernel live patch is installed. Until RHEL 9.1 and 8.7, however, after that point, if a new kernel live patch was released, you could not use the web console to install only the latest kernel live patch—you also had to install all other security patches.  

That changed in RHEL 9.1 and 8.7, when an enhancement was added to the web console, so you can now only install the latest kernel live patch without updating other packages on the system. If a new kernel live patch is available, you will now see an Install kpatch updates button:

RHEL web console "Install kpatch updates" button highlighted with a red box.

Editing custom firewall services

The web console lets you manage the firewall, including adding custom ports to a zone. Prior to RHEL 9.1 and 8.7, however, once added to the firewall, these custom ports could not be further configured—changes required you to delete the custom service from the firewall, and then re-create it with the edits/updates.  

With RHEL 9.1 and 8.7, the web console now supports editing custom firewall services.  

For example, I’ll log in to the web console, and click Networking from the menu.  From here, I can click the Edit rules and zones button on the Firewall card. I’ll then click the Add services button and select Custom ports. From here, I’ll specify TCP ports 8080 through 8090, and 9090 through 10000, and change the ID to my-custom-ports.  

RHEL web console "Add ports to public zone" option, with "Custom ports" selected, TCP set to "8080-8090,9090-10000", and ID set to "my-custom-ports".

After clicking Add ports, the firewall will be reloaded and the specified ports will be enabled in the firewall.  

With RHEL 9.1 and 8.7, I can now click on the ellipsis to the right of my-custom-ports, and click on Edit. At this point, I can make any necessary changes to the TCP ports, UDP ports, or description, and click on the Edit service button to apply the changes.  

Pinning services to the top of the services list

It is now possible to pin services to the top of the services list, so you can quickly see the services that are most important to you. As an example, I’ll go to the Services menu in the web console and click on the sshd service. I can then click on the ellipsis, and select Pin unit.  

RHEL web console OpenSSH server daemon dialog, with the services menu opened and "Pin unit" highlighted with a red box.

If I go back to the services list, the sshd service now shows up at the top of the list, with a pin icon next to it.  

RHEL web console screenshot showing the OpenSSH server daemon as Enabled.

Improvements to the diagnostic reports page

The diagnostic reports page on the web console allows you to generate an sosreport, which is often requested when working with Red Hat Support. Sosreports are an archive of information about a system and they include items such as diagnostic and configuration information. In RHEL 9.1 and 8.7, the diagnostic reports page in the web console has had several updates, including the ability to label the sosreport, optionally encrypt the sosreport, optionally obfuscate certain data within the sosreport, and the ability to access previously generated sosreports.  

You can access the page by logging in to the web console and clicking on Diagnostic reports in the menu. From here, you can see a list of previously generated sosreports.

RHEL web console screenshot showing the OpenSSH server daemon as Enabled.

Click on Run report to generate a new sosreport. You can then optionally label the sosreport, specify an encryption passphrase, specify if you’d like to obfuscate certain data within the report, and specify if you’d like to enable verbose logging.

RHEL web console "Run new report" options.

Improved performance monitoring functionality

There were several enhancements related to performance monitoring in RHEL 9.1 and 8.7. For systems with multiple CPUs, the web console now shows two real time CPU status bars—one for the average CPU utilization for all CPUs, and one for whichever CPU has the highest utilization:

RHEL web console "CPU" information dialog, showing 4 CPUSs with an average utilization of 25% and a max utilization of 100%.

In this screenshot, we can see that there are four CPUs on the system, with an average utilization of 25%, and one CPU that is maxed out at 100%. This indicates that there might be a single threaded process maxing out one of the individual CPUs. You can also click View all CPUs to see information about each CPU’s utilization:

RHEL web console CPU dialog with a tooltip popup showing the current utilization of each of the 4 CPUs

The web console now also includes containers in the list of top CPU and memory consumers. For example, in this example, I have a Podman container named ubi8 that is utilizing 24.9% of the CPU.  

RHEL web console CPU information showing the load for various services, including pod ubi8 at 24.9%.

And finally, the web console now shows the current CPU temperature if available, along with a warning or critical icon depending on the temperature.  

RHEL web console CPU dialog showing the current temperature at 27 degrees celcius.

Improved workflow when creating RHEL virtual machines

The web console now supports downloading RHEL when building a RHEL-based virtual machine. When creating a new virtual machine, if you specify the Download an OS option for the Installation type, and choose a version of Red Hat Enterprise Linux as the Operating system, you’ll have a field where you can paste in an offline token from the Red Hat customer portal. A link is provided to the page on the customer portal that can be used to generate the offline token. When you click on the Create and run button, the selected version of RHEL will be downloaded using the offline token.  

RHEL web console "Create new virtual machine" dialog, with Operating system and Offline token options highlighted with red boxes.

Support for Podman container health checks

The web console now supports defining Podman health checks so that you can monitor the health of containers. For more information on Podman health checks, refer to the RHEL documentation.  

To use this functionality, first make sure that you have the Podman application installed by clicking on Applications in the menu.  

Then click on Podman containers in the menu. From here, click on the Create container button. There is a new tab on the create container screen labeled Health check where you can define the health check command and other related attributes.  

RHEL web console "Create container" settings, with the "Health check" tab highlighted with a red box.

Once the container is running, you’ll see the status of the health check under the State column of the list of running containers:

RHEL web console list of running containers.

Learn more

RHEL 9.1 and 8.7 included a number of exciting enhancements and new features related to the web console. If you’d like to try the RHEL web console, check out our interactive self-paced labs that allow you to experiment with and learn more about it:

About the author

Brian Smith is a Product Manager at Red Hat focused on RHEL automation and management.  He has been at Red Hat since 2018, previously working with Public Sector customers as a Technical Account Manager (TAM).  

Read full bio

Browse by channel

automation icon


The latest on IT automation for tech, teams, and environments

AI icon

Artificial intelligence

Updates on the platforms that free customers to run AI workloads anywhere

open hybrid cloud icon

Open hybrid cloud

Explore how we build a more flexible future with hybrid cloud

security icon


The latest on how we reduce risks across environments and technologies

edge icon

Edge computing

Updates on the platforms that simplify operations at the edge

Infrastructure icon


The latest on the world’s leading enterprise Linux platform

application development icon


Inside our solutions to the toughest application challenges

Original series icon

Original shows

Entertaining stories from the makers and leaders in enterprise tech