Hewlett Packard Co has completed the certification of Linux on its servers and workstations with evaluation assurance level 3 of the Common Criteria security evaluation and is now looking to the next level.
The certification is an important security consideration for North American and European government agencies and departments and puts Palo Alto, California-based HP’s hardware running Linux on the same level as rival IBM Corp.
HP has certified both Red Hat Inc Enterprise Linux and Novell Inc’s SuSE Linux running on its ProLiant and Itanium systems at evaluation assurance level (EAL) 3 with Controlled Access Protection Profile (CAPP). IBM achieved the same with Red Hat in August and SuSE in January.
With EAL3 and CAPP completed, HP is looking to the next level of certification, according to HP’s Linux business strategist, Mike Balma, including potentially EAL4 and multilevel secure (MLS) functionality.
The company has the option to go up a level to EAL4, and also expand the protection profile support at EAL3 to include the LSPP Labeled Security Protection Profile or the RPACC Role-Based Access Control Protection Profile, according to Balma. We are definitely interested in level 4, he told ComputerWire. There are options to do other profiles as well.
Red Hat has already stated that it has the intention to certify its forthcoming Enterprise Linux 4 on IBM’s mainframe and Power-based servers as well as x86, Intel Itanium and AMD64 servers and workstations, while Novell SuSE has previously targeted the end of the year for EAL4 certification.
Balma was talking at the LinuxWorld Conference and Expo in London, where much of the talk among the assembled Linux community was of when the hardware suppliers would make pre-installed Linux desktop PCs widely available to both the business and consumer markets.
The collective response from the assembled Linux vendors was ‘when there is the demand’, however. The ecosystem just hasn’t developed to that level yet, said Balma, adding that the company was more than happy to supply Linux desktops to business customers through its services organization.
We want to make sure we enable it. In quantities, we will install it, pre-load it, no problem, he said. That still means potential customers have to actively search out a Linux desktop configuration, rather than simply being able to place an order with their supplier, but Balma denied that HP was being backward about coming forward.
We’ve tested and certified it on the commercial PC offering and selected laptops he said. And added a thin client for transaction oriented environments. That’s the next phase we see and we’ve responded to that with a fully available commercial product. We think we’re being pretty aggressive, he maintained. More aggressive than our competitors.