Extend and enhance your Red Hat Enterprise Linux support: A guide to lifecycle add-ons

Red Hat Enterprise Linux (RHEL) is the foundation for countless mission-critical deployments. But what happens when your business needs to stay on a specific version of RHEL longer than the standard lifecycle, or requires enhanced security beyond what the already-robust subscription delivers by default? That's where RHEL lifecycle add-ons come in.

This article provides a comprehensive comparison of the add-on subscriptions designed to extend the support lifecycle and enhance the security of your RHEL environments: Extended Update Support (EUS), Enhanced Extended Update Support (EEUS), Extended Life Cycle Support (ELS), and the Security Select Add-On. Understanding these distinctions between these options is crucial for effective long-term planning and maintenance.

RHEL Extended Update Support (EUS) and Enhanced Extended Update Support (EEUS)

EUS and EEUS provide a more stable, static update stream for specific minor releases of RHEL. This allows you to maintain a more consistent, certified environment for an extended period without immediately upgrading to the latest minor release (which typically happens every six months). EUS offers two years of support, and EEUS provides an additional two years again.

Key benefits:

• Extended availability of updates: You continue to receive errata (bug fixes, security updates, and enhancements) beyond the standard minor release maintenance period. This includes priority security errata for CVEs with a Red Hat CVSS score of 7 or higher.
• Reduced upgrade frequency: Minimize disruption and resource allocation by locking into a stable stream, reducing the number of full system upgrades required.
• Stability focus: Targeted support for security updates and critical bug fixes provides stability without introducing new features that could impact compatibility.

Typical use cases:

• Production environments with strict change control processes
• Applications or hardware requiring a specific, certified RHEL minor release
• Organizations where a six-month update cycle for RHEL minor releases is too frequent

RHEL Extended Life Cycle Support (ELS) Add-On

ELS provides critical software maintenance for a RHEL major release beyond its standard 10-year maintenance lifecycle. This is essential for customers who cannot migrate to a newer major RHEL release due to hardware compatibility, application dependencies, or other organizational constraints.

Key benefits:

• Lifecycle extension: ELS extends the lifespan of a RHEL major release, providing a crucial bridge for planning and executing a migration to a newer, fully supported RHEL version.
• Critical updates only: ELS delivers security errata (CVEs) for severe vulnerabilities and critical system stability issues.
• Advisory and technical support: You continue to receive technical support and advisories from Red Hat.

Typical use cases:

• Systems and applications that are difficult or costly to migrate to a newer RHEL major release
• Environments with long-term hardware refresh cycles
• Organizations with significant investments in applications certified only on older RHEL versions

RHEL Security Select Add-On

The Security Select Add-On enhances the security posture of RHEL systems by providing additional security-focused features and extended security content beyond what is available in standard RHEL subscriptions. It is a proactive, comprehensive layer for managing security vulnerabilities.

Key benefits:

• Extended security content: Gain access to a broader range of security updates and patches, including fixes for vulnerabilities that might not meet Red Hat’s standard CVE mitigation criteria but are critical for your organization’s needs (for example, low or moderate CVSS-scored CVEs).
• Compliance support: Helps meet stringent regulatory compliance requirements through a higher level of security patching and vulnerability management.
• Integration with a security or platform TAM: This add-on requires a security or platform technical account manager (TAM) who connects you directly to security teams, providing expertise to assess and address your Red Hat software security needs.

Typical use cases:

• Environments with stringent security and compliance requirements (such as government, finance, healthcare)
• Organizations operating in high-risk sectors or facing advanced persistent threats (APT)
• Customers who need additional updated packages to address CVEs not covered in Red Hat's standard security errata practices

Important considerations for planning

By leveraging extended support options, you can optimize your operations, manage risk, and maintain a stable and secure RHEL computing environment for the long term, adapting to various business needs and technical constraints.

• Subscription requirements: All three services are add-ons and require an active base RHEL subscription.
• Availability: EUS/EEUS allows you to choose which RHEL minor version to apply them to (within the coverage scope). ELS is offered on one specific RHEL major version at a time. Always consult Red Hat's lifecycle policies for precise timings and end-of-life dates.
• Layered security: View the Security Select add-on as an enhancement layer on top of a well-maintained RHEL environment, not a standalone security solution.

For more information about the RHEL Lifecycle, please visit the RHEL Lifecycle web page.