The RHEL 7.3 release brings the following main enhancements:
- The SELinux userspace has been rebased and provides various enhancements and performance improvements. Notably, the new SELinux module store supports priorities, and the SELinux Common Intermediate Language (CIL) has been introduced.
- OpenSCAP workbench now provides a new SCAP Security Guide integration dialog and enables modification of SCAP policies using a graphical tool.
- The OpenSCAP suite now includes support for scanning containers using the atomic scan command.
- Upgraded firewalld starts and restarts significantly faster due to a new transaction model. It also provides improved management of connections, interfaces, and sources, a new default logging option, and ipset support.
- The audit daemon introduces a new flush technique, which significantly improves performance. Audit policy, configuration, and logging have been enhanced and now support a number of new options.
- Media Access Control Security (MACsec) encryption over Ethernet is now supported.
- Identity Management
- Improved performance of both IdM servers and clients in large customer environments.
- Enhanced topology management and replica installation.
- Extended smart card support for Active Directory (AD) users.
- Fine-grained configuration of One-Time Password (OTP) authentication.
- Improved troubleshooting capabilities of IdM clients.
- Introduction of the Red Hat Single Sign-On as a web SSO solution based on the Keycloak community project as a replacement for the Ipsilon identity provider service.
- Core Kernel
- Support for Checkpoint/Restore in User space (CRIU) has been expanded to the the little-endian variant of IBM Power Systems architecture.
- Heterogeneous Memory Management (HMM) feature has been introduced as a Technology Preview.
- OpenvSwitch now uses kernel lightweight tunnel support.
- Bulking in the memory allocator subsystem is now supported.
- NetworkManager now supports new device types, improved stacking of virtual devices, LLDP, stable privacy IPv6 addresses (RFC 7217), detects duplicate IPv4 addresses, and controls a host name through systemd-hostnamed. Additionally, the user can set a DHCP timeout property and DNS priorities.
- Platform Hardware Enablement
- Support for the Coherent Accelerator Processor Interface (CAPI) flash block adapter has been added.
- Real-Time Kernel
- A new scheduler policy, SCHED_DEADLINE has been introduced as Technology Preview. This new policy is available in the upstream kernel and shows promise for certain realtime use cases.
- Storage and File Systems
- Support for Non-Volatile Dual In-line Memory Module (NVDIMM) persistent memory architecture has been added, which includes the addition of the libnvdimm kernel subsystem. NVDIMM memory can be accessed either as a block storage device, which is fully supported in Red Hat Enterprise Linux 7.3, or in Direct Access (DAX) mode, which is provided by the ext4 and XFS file systems as a Technology Preview in Red Hat Enterprise Linux 7.3.
- A new Ceph File System (CephFS) kernel module, introduced as a Technology Preview, enables Red Hat Enterprise Linux Linux nodes to mount Ceph File Systems from Red Hat Ceph Storage clusters.
- Support for pNFS SCSI file sharing has been introduced as a Technology Preview.
- LVM2 support for RAID-level takeover, the ability to switch between RAID types, is now available as a Technology Preview.
- Clustering (Red Hat High Availability Add-On)
- Ability to better configure and trigger notifications when the status of a managed cluster changes with the introduction of enhanced Pacemaker alerts.
- Ability to configure Pacemaker to manage multi-site clusters across geo-locations for disaster recovery and scalability through the use of the Booth ticket manager. This feature is provided as a Technology Preview.
- Ability to configure Pacemaker to manage stretch clusters using a separate Quorum Device (QDevice), which acts as a third-party arbitration device for the cluster. This functionality is provided as a Technology Preview, and its primary use is to allow a cluster to sustain more node failures than standard quorum rules allow.
- A new instant messaging client, pidgin, has been introduced, which supports Off-The-Record (OTR) messaging and the Microsoft Lync instant messaging application.
- Internet of Things
- Red Hat Enterprise Linux 7.3 provides latest Bluetooth support, including support for connecting to Bluetooth Low Energy (LE) devices.
Controller Area Network (CAN) device drivers are now supported.
Red Hat Enterprise Linux 7 kernel is now able to use the embedded MMC (eMMC) interface version 5.0.
- Linux Containers
- The System Security Services Daemon (SSSD) container is now available for Red Hat Enterprise Linux Atomic Host as Technology Preview.
The RHEL 7.3 release also introduces changes in the way certificate verification is made by Python librairies (source).
In addition, an official technical overview is available here.
Finally, an article was written about the IPv6 routing scalability enhancements in RHEL7.3.