What's the difference? Why two versions of one enterprise Linux distro? While under the hood there are many specific differences, the big one is that the RHEL 8 distro family is based on older, battle-tried code. RHEL 9, however, is based on the leading-edge CentOS Stream Linux distribution. So, in short, RHEL 8 is what you use if you prefer stability over innovation, while RHEL 9 is the distro for those who want the latest and greatest stable code.
For example, as Gunnar Hellekson, Red Hat's RHEL VP and general manager, put it, "As enterprise IT expands to encompass traditional hardware, multiple public cloud environments, and edge devices, complexity grows in parallel. The latest versions of Red Hat Enterprise Linux continue our commitment to making hybrid cloud computing more than just accessible, but successful at the scale of global business by pairing reliability and stability with features designed for innovation and flexibility."
RHEL 9.1 also puts security front and center. This is a good thing with security disasters on every side of us.
Specifically, RHEL 9.1 and 8.7 come with pre-configured Linux images designed to meet specific OpenSCAP security demands. OpenSCAP is an open-source project for scanning programs for security problems and setting up default security configurations. For instance, the default RHEL 9.x OpenSCAP is set to use Postfix as the standard e-mail server with specific configurations to make it safer for use. It also discourages you from using the tried and true, but not terribly secure, Sendmail server.
The new RHEL also includes multi-level security (MLS) support for agencies or other sensitive operations to better document and control classification needs. Red Hat Insights, Red Hat's security service, which comes with RHEL, also boasts a malware detector. In addition, RHEL now comes with the SigstoreSoftware Bill of Materials (SBOM) service to double-check your native container for unauthorized programs.
For people who are serious about security, you want to use RHEL's SELInux mode. This newest release comes with SELinux 3.4. The most important changes include:
Improved relabeling performance through parallel relabeling
Support for SHA-256 encryption in the semodule tool
New policy utilities in the libsepol-utils package
Put together, this makes SELinux easier to use and more secure than ever.
Returning to Insights, Red Hat Smart Management now combines Red Hat Satellite, the operating system's default manual configuration and management tool, with Insight's remediation plans. That makes it easier to run recommended, repetitive life cycle management tasks.
If you prefer, you can also use the latest Ansible DevOps to run your RHEL 9.1 instances. One new feature I especially like with this edition of Ansible is you can remotely verify an RHEL system's boot environment. Again, it's all about security.
Finally, you have more time to plan your RHEL life cycle upgrades. RHEL makes it simpler to plan your long-term operating system needs by supporting two-year Extended Update Support (EUS). Specifically, Leapp now supports in-place upgrades to the latest versions of RHEL, while Convert2RHEL now supports more flexible simultaneous landing releases.