Embed Size (px)
Citation preview
SUSE® Linux Enterprise (SLE)
SUSE® Linux Enterprise Server
SUSE® Mission-Critical Computing
SUSE® Linux Enterprise for SAP Applications
SUSE® Linux Enterprise ServerYou need an enterprise operating system
Do you need an Enterprise Operating System?
The Operating System Challenge
3
• Buy support and services, not software
• Extensive IHV/ISV partner ecosystem
• Fully tested software upgrades and updates
• Technical support from the developers
• Thirteen year support lifecycle
“Linux is free as long as your time is worth nothing.” - Jay Ashford
SUSE Linux Enterprise Server is the Platform to Support
YOUR IT Transformation...
4
Mode 2Mode 1
Operating System Requirements
5
Traditional Infrastructure
Multiple use cases
Manual and automatic installation
Variety of updates, upgrades, legacy
Variable packaging and installation
Might become huge in size and
management
Software-defined Infrastructure
Single use case, multiple systems
Automatic and centralized installation
Always up-to-date
Fit one purpose
Small as possible for size and
management
Evolution of the Operating System
6
SUSE Linux
Enterprise
Server
PastMonolithic
SUSE Linux
Enterprise
Server
Live
Patch
HA
GEO
Real
Time
JeOS
Squeezed
Public Cloud
Web/Script
Toolchain
Containers
PresentModular
HASAP
Integr.
ServerUnified
Installer
Live
Patch
Unified
Installer
ServerWeb/
Script
Unified
Installer
MicroOS
Just fit
SUSE CaaS Platform
FutureModular + Single Case
Building Bridges – SUSE Linux Enterprise Linux 15
7
SUSE Linux Enterprise
SUSE Linux Enterprise Server is a world-class,
secure open source server operating system
8
Increase Uptime Improve
Operational
Efficiency
Accelerate
innovation
9
2017 2018 2019 2020
SUSE Linux Enterprise—Base OS / Modules
12 SP3
15
12 SP4
15 SP1
12 SP5
Base OS SUSE & partner selected
HW enablement, including
driver updates
Improved performance
Common code base with
SUSE Container as a
Service Platform
Foundation for SDN/NFV
Modules Toolchain update
Salt software stack in the
Advanced Systems
Management module
HPC module for x86-64
and arm
12 SP3
Base OS Last service pack for SUSE
Linux Enterprise 12
(tentative)
Consolidation release
Constant user land (minor
version upgrades by need
or business case)
Reuse kernel from SP4 +
very selected hardware
innovations (including
graphic stack)
Modules Latest GCC version in
the Toolchain module
Multi mode OS delivery SUSE Linux
Enterprise Server and Desktop, SUSE Linux
Enterprise Server for SAP Applications +
Modules + Extensions General purpose OS versions
Multiple use cases (physical, virtual, containers
Full set of deployment, management
options; Full control of the installed packages,
updates, upgrades
Continue major version upgrade support
including auto-upgrade
Common Code Base
Architecture/platform support Arch64, x86-64, ppc64le, s390x
Designed for physical, virtual, clouds &
containers - Ready for IoT
Security Cryptography (TLS 1.3), trusted computing,
prepared for certifications
Base OS SUSE & partner selected
HW enablement, including
driver updates. NVDIMM!
Improve “system roles”
Finalize common criteria
certifications and FIPS 140-
2 validation
Migration from SUSE Linux
Enterprise 11 SP4 to SUSE
Linux Enterprise 15 SP1
Improve SAML2 single sign-
on framework
Modules Enhancements to
Developers Module
according to customer and
partner demand
Ease of use Quarterly updates of
installation media
Base OS HW enablement via Kernel
version update, following
upstream
Update of the graphics
stack, not including Gnome
Modules Toolchain update
Refresh of module
packages according to
separate lifecycle of
modules
15 12 SP4 15 SP1 12 SP5
* Information is forward looking and subject to change at any time.
Hardware Architectures: Intel 64 / AMD64 – IBM z and LinuxONE – IBM Power – arm
SUSE Linux Enterprise Server for SAP Applications inherits features from BaseOS
and modules. Available on Intel/Arm and IBM Power
SUSE Linux Enterprise 15 – Themes
10
Multimodal – address traditional & containerized infrastructureProvide a common code base for traditional and software defined data center.
Unified InstallerInstall all SUSE Linux Enterprise 15 products starting from a single medium.
Modular+Everything is a module: A stable base, progressive options, flexible delivery.
Ease of use – hassle-free use of modules & extensionsEasily search, install, and use packages across the SUSE universe.
SLES 15 Install and module selection
12
13
14
15
16
17
Linux Kernel
Kernel 4.12
• Preliminary Radeon Vega support
• USB Type-C support
• New BFQ I/O scheduler for a more responsive desktop
• New Kyber I/O scheduler
• Upstream Progress in Live kernel patching
• Add support for Intel IMSM's Partial Parity Log
• Expose OpenChannel SSDs as device blocks
18
Additional Changes
• GCC7 as system compiler
Will stay the same during SLE 15 lifetime, Yearly updates will be provided in a channel
• OpenSSL
1.1.x as default, 1.0.x available in Legacy for a grace period
• Scripting languages
Ruby 2.5, PHP7, Perl 5.26, Python 3.6 (Python 2 will be in Legacy Module for a grace period)
• Gnome 3.26
• High Availability
• Hawk2 UI improvements
• DRBD multi-node three-way replication
• Cluster-raid 10 (as Technical Preview)
19
Additional Changes
• Chrony (ntpd will be in Legacy for a grace period)
• Firewalld (replaces SUSEFirewall2)
• SALT in Base system
• TLS 1.3
• Improved: Package search
Across modules
• FIPS 140-2 (post GA)
• NVDIMM improvements
• and much more...
20
SUSE & openSUSE – Working Together
21
Mutual collaboration
Upstream innovations
Stable code and contributions
The New openSUSE Distributions
openSUSE Tumbleweed
• Rolling Release
• Continuously Updated & Tested
• Perfect for Upstream Developers &
Power Users
22
openSUSE Leap
• Regular release
• Shared core with SUSE Linux
Enterprise
• Perfect for SysAdmins, Enterprise
Developers and Users
Long Future Ahead
23
Leap
42.2
SLE
12 SP2
Core
12.2
Leap
42.3
SLE
12 SP3
Core
12.3
Leap
15
SLE
15
Core
15
openSUSE Tumbleweed
Broadening software choices for enterprise users, save to install
Community built and maintained
SUSE-approved and built at no extra cost
Public download and SCC integration
https://packagehub.suse.com/
SUSE Package Hub
24
Upstream packages
What is Open Build Service (OBS)?
25
OBS user submits source to OBS and gets a product
PackageSource Image
Online
Repository
SUSE® Mission-Critical ComputingBuild zero downtime into your systems
Real Time
Live Patching Extension
High Availably Extension
31
Real Time (SLE RT)
Standard Kernel
Throughput-sensitive Workloads
• Non-time sensitive workloads, applications with no
process or transaction priority hierarchy, environments
with no performance SLAs
• When fair scheduling algorithms are required across
compute resources (time sharing)
• Web farms serving FIFO-based requests
• Enterprise mail servers
• Batch processing
When is Real Time the Right Platform?
Real Time Kernel
Latency-sensitive Workloads
• Most improvement attained for applications with a
limited number of threads or clear hierarchy with
priority; applications requiring faster, predictable data
delivery, low data latency
- Market data feeds (e.g., Reuters)
- Algorithmic trading
- Real Time Enterprise Risk Management
• High volume transaction processing and high volume
query processing applications (e.g., ATM transactions,
credit card authorizations)
Analyze and identify bottlenecks while
isolating tasks away from ordinary
scheduling and interrupts – for low
latency response on events and
communications
Mission-critical applications
need lower latency to respond
more rapidly to changing
conditions
Challenges Addressed By Real Time Systems
Mission-critical applications
need to complete processes
on time and be more
predictable
Mission-critical applications
require precision timing for
higher reliability
Guarantee workload deterministic
timing through prioritizing
processes and command
execution
Achieve predictable timing of
shielded processes and excluding
processes with real time
requirements from scheduling by
running them separately
“Lack of prioritization” “Unpredictable timing”“Slow response to events”
Overview of a Real Time Operating System
Precise and predictable timing
• Smart scheduling and prioritization
• Process of determining when and where each task will be
executed
• Quick response on events and communication
• Guarantees that all interrupts will be serviced within a
certain maximum amount of time
• Predictable execution timing
• Constraints of all tasks can be met with 100% certainty
(time, resource, environment, performance, precedence)
Dynamic World Today Drives Precise Real Time Operations
Strong growth in RTOS and Embedded
software markets fueled by:
• Automotive
• Consumer Electronics
• Industrial
• Healthcare
• Military & Defense
• Telecommunications
35
“The global embedded software or the real-time operating system (RTOS) market worth USD 10.46
billion in 2015, is forecast to surpass a revenue of USD 18.60 billion by 2023.” Global Market Insights, Inc.
Real Time Use Cases
Banking & Finance
Automotive & Transportation
Entertainment
• Trading
applications
• High speed
messaging
• Algorithmic
trading
• Vehicle
subsystems
control
• Driverless
vehicles
• Multimedia
animation
systems
• Interactive
video games
• Video
cameras
Aerospace & Military
Manufacturing & Utilities
Telecom
• Aircraft control
and simulation
systems
• Air traffic control
• Communications
• Fighter jet
simulations
• Weapon systems
• Training systems
• Robotics and
assembly lines
• Industrial
process control
• Nuclear power
systems
• Chemical plants
• Device
simulation
• Data acquisition
• Network routers
and telecom
switches
• Web sites and
services
• IoT
• VoIP
• Audio/video
streaming
Soft Real Time System
• Can only guarantee a maximum most of
the time, where the processor and other
scheduling algorithms may be optimized to
give preference to higher-priority processes
and no absolute guarantee of performance
can be made
• Also known as “best effort” systems
• Most modern operating systems can serve
as the base for a soft real time system
• Examples:
• Multimedia transmission and reception
• Networking
• Web sites and services
• Computer games
• Telecom (cellular) networks
Types of Real Time Systems
Source: What is a Real-Time Operating System (RTOS)?
Hard Real Time System
• Can absolutely guarantee a maximum
time for certain operations, designed for
specialized purposes where even the
smallest amount of latency can be the
difference between life or death
• Absolutely, positively, first time every time
• Requires formal verification and
guarantees of always being able to meet its
hard deadlines (except for fatal errors)
• Examples:
• Air traffic control
• Nuclear power plant control
• Vehicle subsystems control
(e.g., air bag)
What are the “must haves” of a real time OS?
• Ensure that important deadlines are met with a high level of control over
how tasks and processes are prioritized
• Improve predictability of task completion through a hierarchical priority
scheme, resulting in deterministic timing
• Improve reliability and lower “jitter” by using Precision Time Protocol and
repeated execution in the same time period
What are the “must haves” of a real time OS?
• Ensures mission-critical processes have the resources they need
through CPU Shielding technology
• Provide tighter process control along with a graphical user interface
providing easy identification of any timing problems
• Optimizes response times to external events through kernel preemption
and smarter scheduling
The result of a RTOS bringing this all together
0
20
40
60
80
100
120
Pro
ce
ssin
g tim
e in
mic
rose
co
nds
higher jitter
lower jitter
SUSE Linux Enterprise Real Time 12 SP3Building Enterprise IT with Precision
An enterprise-class, open source Real Time Operating System built on SUSE Linux
Enterprise, designed to reduce latency and increase the predictability and reliability of
time-sensitive, mission-critical applications
www.suse.com/products/realtime
Strengthens reliability of mission-critical workloads with process and
task prioritization
Reduces latency and maximize application performance through
virtualization and by identifying and resolving bottlenecks
Increase predictability of critical business process response times
through real time scheduler classification & hierarchical priority scheme
SUSE Linux Enterprise Real Time 12 SP3What‘s new?
www.suse.com/products/realtime
Inherited hardware enablement and new features of SUSE Linux
Enterprise Server 12 SP3 kernel along with 4.4 PREEMPT_RT kernel.
LTTng Userspace Tracing has been fully enabled in the product
(upgraded LTTng to 2.7.1)
Technology Preview of SCHED_DEADLINE, a scheduling class which
predicts based on application deadlines.
Extended virtualization support, allowing admins to run both RT and
non-RT guests on a single host.
43
Live Patching (SLE LP)
We build to minimise downtime, is anything missing?
Load Balancer
RAIDVirtualization
UPS
RASSystem
Rollback
High Availability
and GEO
?
Update and reboot or…
45
Linux Kernel
Nov-11, 2015
December
2015
January
2016
February
2016
March
2016
April
2016
May
2016June
2016
July
2016August
2016
September
2016
Update and reboot or…
46
Linux Kernel
Nov-11, 2015
CVE-2015-6937
CVE-2015-7872
CVE-2015-7990
December
2015
January
2016
February
2016
March
2016
April
2016
May
2016June
2016
July
2016August
2016
September
2016
Update and reboot or…
47
Linux Kernel
Nov-11, 2015
Linux Kernel
Dec-11, 2015
CVE-2015-6937
CVE-2015-7872
CVE-2015-7990
Reboot
December
2015
January
2016
February
2016
March
2016
April
2016
May
2016June
2016
July
2016August
2016
September
2016
Update and reboot or…
48
Linux Kernel
Nov-11, 2015
Linux Kernel
Dec-11, 2015
CVE-2015-6937
CVE-2015-7872
CVE-2015-7990
CVE-2016-0728 CVE-2016-0728
December
2015
January
2016
February
2016
March
2016
April
2016
May
2016June
2016
July
2016August
2016
September
2016
Update and reboot or…
49
Linux Kernel
Nov-11, 2015
Linux Kernel
Dec-11, 2015
Linux Kernel
Jan-15, 2016
CVE-2015-6937
CVE-2015-7872
CVE-2015-7990
CVE-2016-0728 CVE-2016-0728
Reboot
December
2015
January
2016
February
2016
March
2016
April
2016
May
2016June
2016
July
2016August
2016
September
2016
Update and reboot or…
50
Linux Kernel
Nov-11, 2015
Linux Kernel
Dec-11, 2015
Linux Kernel
Jan-15, 2016
CVE-2013-7446
CVE-2015-6937
CVE-2015-7872
CVE-2015-7990
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2016-0728
CVE-2013-7446
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2016-0728 CVE-2013-7446
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
December
2015
January
2016
February
2016
March
2016
April
2016
May
2016June
2016
July
2016August
2016
September
2016
Update and reboot or…
51
Linux Kernel
Nov-11, 2015
Linux Kernel
Dec-11, 2015
Linux Kernel
Jan-15, 2016
Linux Kernel
Feb-10, 2016
CVE-2013-7446
CVE-2015-6937
CVE-2015-7872
CVE-2015-7990
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2016-0728
CVE-2013-7446
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2016-0728 CVE-2013-7446
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
Reboot
December
2015
January
2016
February
2016
March
2016
April
2016
May
2016June
2016
July
2016August
2016
September
2016
Update and reboot or…
52
Linux Kernel
Nov-11, 2015
Linux Kernel
Dec-11, 2015
Linux Kernel
Jan-15, 2016
Linux Kernel
Feb-10, 2016
CVE-2013-7446
CVE-2015-6937
CVE-2015-7872
CVE-2015-7990
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0728
CVE-2016-0774
CVE-2016-2384
CVE-2013-7446
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0728
CVE-2016-0774
CVE-2016-2384
CVE-2013-7446
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0774
CVE-2016-2384
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0774
CVE-2016-2384
December
2015
January
2016
February
2016
March
2016
April
2016
May
2016June
2016
July
2016August
2016
September
2016
Update and reboot or…
53
Linux Kernel
Nov-11, 2015
Linux Kernel
Dec-11, 2015
Linux Kernel
Jan-15, 2016
Linux Kernel
Feb-10, 2016
Linux Kernel
Mar-22, 2016
CVE-2013-7446
CVE-2015-6937
CVE-2015-7872
CVE-2015-7990
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0728
CVE-2016-0774
CVE-2016-2384
CVE-2013-7446
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0728
CVE-2016-0774
CVE-2016-2384
CVE-2013-7446
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0774
CVE-2016-2384
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0774
CVE-2016-2384
Reboot
December
2015
January
2016
February
2016
March
2016
April
2016
May
2016June
2016
July
2016August
2016
September
2016
Update and reboot or…
54
Linux Kernel
Nov-11, 2015
Linux Kernel
Dec-11, 2015
Linux Kernel
Jan-15, 2016
Linux Kernel
Feb-10, 2016
Linux Kernel
Mar-22, 2016
CVE-2013-7446
CVE-2015-6937
CVE-2015-7872
CVE-2015-7990
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0728
CVE-2016-0774
CVE-2016-1583
CVE-2016-2384
CVE-2016-3134
CVE-2013-7446
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0728
CVE-2016-0774
CVE-2016-1583
CVE-2016-2384
CVE-2016-3134
CVE-2013-7446
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0774
CVE-2016-1583
CVE-2016-2384
CVE-2016-3134
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0774
CVE-2016-1583
CVE-2016-2384
CVE-2016-3134
CVE-2016-1583
CVE-2016-3134
December
2015
January
2016
February
2016
March
2016
April
2016
May
2016June
2016
July
2016August
2016
September
2016
Update and reboot or…
55
Linux Kernel
Nov-11, 2015
Linux Kernel
Dec-11, 2015
Linux Kernel
Jan-15, 2016
Linux Kernel
Feb-10, 2016
Linux Kernel
Mar-22, 2016
Linux Kernel
Jun-09, 2016
CVE-2013-7446
CVE-2015-6937
CVE-2015-7872
CVE-2015-7990
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0728
CVE-2016-0774
CVE-2016-1583
CVE-2016-2384
CVE-2016-3134
CVE-2013-7446
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0728
CVE-2016-0774
CVE-2016-1583
CVE-2016-2384
CVE-2016-3134
CVE-2013-7446
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0774
CVE-2016-1583
CVE-2016-2384
CVE-2016-3134
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0774
CVE-2016-1583
CVE-2016-2384
CVE-2016-3134
CVE-2016-1583
CVE-2016-3134
Reboot
December
2015
January
2016
February
2016
March
2016
April
2016
May
2016June
2016
July
2016August
2016
September
2016
Update and reboot or…
56
Linux Kernel
Nov-11, 2015
Linux Kernel
Dec-11, 2015
Linux Kernel
Jan-15, 2016
Linux Kernel
Feb-10, 2016
Linux Kernel
Mar-22, 2016
Linux Kernel
Jun-09, 2016
CVE-2013-7446
CVE-2015-6937
CVE-2015-7872
CVE-2015-7990
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0728
CVE-2016-0774
CVE-2016-1583
CVE-2016-2384
CVE-2016-3134
CVE-2016-4997
CVE-2013-7446
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0728
CVE-2016-0774
CVE-2016-1583
CVE-2016-2384
CVE-2016-3134
CVE-2016-4997
CVE-2013-7446
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0774
CVE-2016-1583
CVE-2016-2384
CVE-2016-3134
CVE-2016-4997
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0774
CVE-2016-1583
CVE-2016-2384
CVE-2016-3134
CVE-2016-4997
CVE-2016-1583
CVE-2016-3134
CVE-2016-4997
CVE-2016-4997
December
2015
January
2016
February
2016
March
2016
April
2016
May
2016June
2016
July
2016August
2016
September
2016
Update and reboot or…
57
Linux Kernel
Nov-11, 2015
Linux Kernel
Dec-11, 2015
Linux Kernel
Jan-15, 2016
Linux Kernel
Feb-10, 2016
Linux Kernel
Mar-22, 2016
Linux Kernel
Jun-09, 2016
Linux Kernel
Aug-16, 2016
CVE-2013-7446
CVE-2015-6937
CVE-2015-7872
CVE-2015-7990
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0728
CVE-2016-0774
CVE-2016-1583
CVE-2016-2384
CVE-2016-3134
CVE-2016-4997
CVE-2013-7446
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0728
CVE-2016-0774
CVE-2016-1583
CVE-2016-2384
CVE-2016-3134
CVE-2016-4997
CVE-2013-7446
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0774
CVE-2016-1583
CVE-2016-2384
CVE-2016-3134
CVE-2016-4997
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0774
CVE-2016-1583
CVE-2016-2384
CVE-2016-3134
CVE-2016-4997
CVE-2016-1583
CVE-2016-3134
CVE-2016-4997
CVE-2016-4997
Reboot
December
2015
January
2016
February
2016
March
2016
April
2016
May
2016June
2016
July
2016August
2016
September
2016
Update and reboot or…
58
Linux Kernel
Nov-11, 2015
Linux Kernel
Dec-11, 2015
Linux Kernel
Jan-15, 2016
Linux Kernel
Feb-10, 2016
Linux Kernel
Mar-22, 2016
Linux Kernel
Jun-09, 2016
Linux Kernel
Aug-16, 2016
CVE-2013-7446
CVE-2015-6937
CVE-2015-7872
CVE-2015-7990
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0728
CVE-2016-0758
CVE-2016-0774
CVE-2016-1583
CVE-2016-2053
CVE-2016-2384
CVE-2016-3134
CVE-2016-4470
CVE-2016-4565
CVE-2016-4997
CVE-2016-5829
CVE-2013-7446
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0728
CVE-2016-0758
CVE-2016-0774
CVE-2016-1583
CVE-2016-2053
CVE-2016-2384
CVE-2016-3134
CVE-2016-4470
CVE-2016-4565
CVE-2016-4997
CVE-2016-5829
CVE-2013-7446
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0758
CVE-2016-0774
CVE-2016-1583
CVE-2016-2053
CVE-2016-2384
CVE-2016-3134
CVE-2016-4470
CVE-2016-4565
CVE-2016-4997
CVE-2016-5829
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0758
CVE-2016-0774
CVE-2016-1583
CVE-2016-2053
CVE-2016-2384
CVE-2016-3134
CVE-2016-4470
CVE-2016-4565
CVE-2016-4997
CVE-2016-5829
CVE-2016-0758
CVE-2016-1583
CVE-2016-2053
CVE-2016-3134
CVE-2016-4470
CVE-2016-4565
CVE-2016-4997
CVE-2016-5829
CVE-2016-0758
CVE-2016-2053
CVE-2016-4470
CVE-2016-4565
CVE-2016-4997
CVE-2016-5829
CVE-2016-0758
CVE-2016-2053
CVE-2016-4470
CVE-2016-4565
CVE-2016-5829
December
2015
January
2016
February
2016
March
2016
April
2016
May
2016June
2016
July
2016August
2016
September
2016
Update and reboot or…
59
Linux Kernel
Nov-11, 2015
Linux Kernel
Dec-11, 2015
Linux Kernel
Jan-15, 2016
Linux Kernel
Feb-10, 2016
Linux Kernel
Mar-22, 2016
Linux Kernel
Jun-09, 2016
Linux Kernel
Aug-16, 2016
Linux Kernel
Sep-12, 2016
CVE-2013-7446
CVE-2015-6937
CVE-2015-7872
CVE-2015-7990
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0728
CVE-2016-0758
CVE-2016-0774
CVE-2016-1583
CVE-2016-2053
CVE-2016-2384
CVE-2016-3134
CVE-2016-4470
CVE-2016-4565
CVE-2016-4997
CVE-2016-5829
CVE-2013-7446
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0728
CVE-2016-0758
CVE-2016-0774
CVE-2016-1583
CVE-2016-2053
CVE-2016-2384
CVE-2016-3134
CVE-2016-4470
CVE-2016-4565
CVE-2016-4997
CVE-2016-5829
CVE-2013-7446
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0758
CVE-2016-0774
CVE-2016-1583
CVE-2016-2053
CVE-2016-2384
CVE-2016-3134
CVE-2016-4470
CVE-2016-4565
CVE-2016-4997
CVE-2016-5829
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0758
CVE-2016-0774
CVE-2016-1583
CVE-2016-2053
CVE-2016-2384
CVE-2016-3134
CVE-2016-4470
CVE-2016-4565
CVE-2016-4997
CVE-2016-5829
CVE-2016-0758
CVE-2016-1583
CVE-2016-2053
CVE-2016-3134
CVE-2016-4470
CVE-2016-4565
CVE-2016-4997
CVE-2016-5829
CVE-2016-0758
CVE-2016-2053
CVE-2016-4470
CVE-2016-4565
CVE-2016-4997
CVE-2016-5829
CVE-2016-0758
CVE-2016-2053
CVE-2016-4470
CVE-2016-4565
CVE-2016-5829
Reboot
December
2015
January
2016
February
2016
March
2016
April
2016
May
2016June
2016
July
2016August
2016
September
2016
Update and reboot or…
60
Linux Kernel
Nov-11, 2015
Linux Kernel
Dec-11, 2015
Linux Kernel
Jan-15, 2016
Linux Kernel
Feb-10, 2016
Linux Kernel
Mar-22, 2016
Linux Kernel
Jun-09, 2016
Linux Kernel
Aug-16, 2016
Linux Kernel
Sep-12, 2016
CVE-2013-7446
CVE-2015-6937
CVE-2015-7872
CVE-2015-7990
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0728
CVE-2016-0758
CVE-2016-0774
CVE-2016-1583
CVE-2016-2053
CVE-2016-2384
CVE-2016-3134
CVE-2016-4470
CVE-2016-4565
CVE-2016-4997
CVE-2016-5829
CVE-2016-6480
CVE-2013-7446
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0728
CVE-2016-0758
CVE-2016-0774
CVE-2016-1583
CVE-2016-2053
CVE-2016-2384
CVE-2016-3134
CVE-2016-4470
CVE-2016-4565
CVE-2016-4997
CVE-2016-5829
CVE-2016-6480
CVE-2013-7446
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0758
CVE-2016-0774
CVE-2016-1583
CVE-2016-2053
CVE-2016-2384
CVE-2016-3134
CVE-2016-4470
CVE-2016-4565
CVE-2016-4997
CVE-2016-5829
CVE-2016-6480
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0758
CVE-2016-0774
CVE-2016-1583
CVE-2016-2053
CVE-2016-2384
CVE-2016-3134
CVE-2016-4470
CVE-2016-4565
CVE-2016-4997
CVE-2016-5829
CVE-2016-6480
CVE-2016-0758
CVE-2016-1583
CVE-2016-2053
CVE-2016-3134
CVE-2016-4470
CVE-2016-4565
CVE-2016-4997
CVE-2016-5829
CVE-2016-6480
CVE-2016-0758
CVE-2016-2053
CVE-2016-4470
CVE-2016-4565
CVE-2016-4997
CVE-2016-5829
CVE-2016-6480
CVE-2016-6480
CVE-2016-0758
CVE-2016-2053
CVE-2016-4470
CVE-2016-4565
CVE-2016-5829
CVE-2016-6480
December
2015
January
2016
February
2016
March
2016
April
2016
May
2016June
2016
July
2016August
2016
September
2016
Maybe we should just Live Patch….
Linux Kernel
Nov-11, 2015
Linux Kernel
Dec-11, 2015
Linux Kernel
Jan-15, 2016
Linux Kernel
Feb-10, 2016
Linux Kernel
Mar-22, 2016
Linux Kernel
Jun-09, 2016
Linux Kernel
Aug-16, 2016
Linux Kernel
Sep-12, 2016
CVE-2013-7446
CVE-2015-6937
CVE-2015-7872
CVE-2015-7990
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0728
CVE-2016-0758
CVE-2016-0774
CVE-2016-1583
CVE-2016-2053
CVE-2016-2384
CVE-2016-3134
CVE-2016-4470
CVE-2016-4565
CVE-2016-4997
CVE-2016-5829
CVE-2016-6480
CVE-2013-7446
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0728
CVE-2016-0758
CVE-2016-0774
CVE-2016-1583
CVE-2016-2053
CVE-2016-2384
CVE-2016-3134
CVE-2016-4470
CVE-2016-4565
CVE-2016-4997
CVE-2016-5829
CVE-2016-6480
CVE-2013-7446
CVE-2015-8019
CVE-2015-8539
CVE-2015-8660
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0758
CVE-2016-0774
CVE-2016-1583
CVE-2016-2053
CVE-2016-2384
CVE-2016-3134
CVE-2016-4470
CVE-2016-4565
CVE-2016-4997
CVE-2016-5829
CVE-2016-6480
CVE-2015-8709
CVE-2015-8812
CVE-2015-8816
CVE-2016-0758
CVE-2016-0774
CVE-2016-1583
CVE-2016-2053
CVE-2016-2384
CVE-2016-3134
CVE-2016-4470
CVE-2016-4565
CVE-2016-4997
CVE-2016-5829
CVE-2016-6480
CVE-2016-0758
CVE-2016-1583
CVE-2016-2053
CVE-2016-3134
CVE-2016-4470
CVE-2016-4565
CVE-2016-4997
CVE-2016-5829
CVE-2016-6480
CVE-2016-0758
CVE-2016-2053
CVE-2016-4470
CVE-2016-4565
CVE-2016-4997
CVE-2016-5829
CVE-2016-6480
CVE-2016-6480
CVE-2016-0758
CVE-2016-2053
CVE-2016-4470
CVE-2016-4565
CVE-2016-5829
CVE-2016-6480
December
2015
January
2016
February
2016
March
2016
April
2016
May
2016June
2016
July
2016August
2016
September
2016
SUSE Linux Enterprise Live Patching
SUSE Linux Enterprise Live Patching is a cutting edge technology that improves
business continuity and saves costs by reducing downtimes, increasing service
availability and enhancing security & compliance.
• Keep your mission critical services running by reducing planned or unplanned
downtime by patching systems when you need to (or are forced to).
• Shorten response times when fixing critical security issues. No longer need to wait
until a maintenance window (or force one) to fix a problem.
• Maintain your security & compliance position by ensuring systems stay up-to-date
with security patches, supported with the capability to audit any applied patches.
Key Highlights
Available in SLES 12 onwards (x86-64, ppc634le on SP3)
Provides fixes for Kernel bugs which affect
Security (CVSSv2 >=6)
Security (CVSSv3 >=7)
Data Integrity
Stability
No runtime performance impact or interruption of applications
Deploy using existing package management frameworks
Patches available for most recent maintenance kernels (last 12 months)
Allows full review of patch source code
Currently based on kGraft OpenSource project
Live Patching in the user space
• Unlike the kernel, user space has no good boundary call
• Code must not be used at the time you are patching
• “the stack must be empty”
• ftrace can not guarantee correct address return
• Three categories of user space apps
• Transient
- A program that runs and stops
• Unknown
- Solutions will have a penalty overhead as currently counting entrance/exit is required
• Annotated
- Amendment to the code/function to include the ability to patch
• Currently focusing on glibc and OpenSSL
65
High Availability (SLE HA)
66
High availability refers to a system,
component or service that is continuously
operational for a desirably long length of time.
Availability can be measured relative to
100% operational or never failing.
When do we employ HA solutions?
Our service needs to be resilient to any level of outage
We have a legacy or complex infrastructure
We are delivering a component of a higher level service
Where is your single point of failure?
The building blocks of our service are seen as a commodity
CTO/CIO wants his/her “five nines”
Scale does not mean a service is highly available!
© Alexfiodorov | www.dreamstime.com/royalty-free-stock-photography-cow-herd-green-field-image11252937
When is the solution not HA?
When we rely on large scale cloud deployments for availability
When we rely on a dashboard to react quickly to blips/outages
When an outage (even a %) impacts service or users
When we can not guarantee data integrity
Why & how should we use HA?
When our service is vital to business operations
When our component/service underpins a vital business operation
When any fault results in significant effort to recover data or service
When our application or service demands data integrity
We design high availability into our components or services
You can’t build HA around your service.
© Yann Arthus-Bertrand | Maasai cow pen near Kichwa Tembo camp, Kenya
SUSE Linux Enterprise
High Availability Extension
72
Virtually eliminate unplanned downtime with an advanced
clustering system that can be deployed in both physical
and virtual environments.
www.suse.com/products/highavailability
• Get near 100% uptime, maximized for your Linux workloads
• Boost flexibility and maintain continuity by supporting mixed clustering
• Protect data integrity and minimize data loss with data replication across clusters
• HAE and GEO Clustering merging
75%Cost Savings
100%Server Deployment
99.999%Uptime
SUSE® High Availability
The SUSE Approach to HA
Easy to use
Bootstrap clusters, manage with Hawk2, batch mode tests, history reporting
Build to suit your component, application or environment
Service agents, fencing mechanisms, OCF compliant
Platform agnostic
x86_64, AArch64, POWER, and System z, virtual, containers or a mix &
match
Self-healing and self-repair (policy based autonomy)
UPS, VM host, storage based, automatic and manual
SUSE® High Availability
The SUSE Approach to HA
Protect application, component or data integrity
Cluster-aware file systems, volume management, data replication
Manage multiple clusters (even across Geo)
Manage many clusters in a single tool, see all cluster health and reports
Disaster resilience
Failover in cases of major outage, no distance limitations
SUSE® High Availability Use Cases
Use cases and scenarios
Active/Active
OCFS2, databases, Samba file servers
Active/Passive (with fail-over)
Traditional databases, SAP setups, regular services, Geo dispersed
High availability for all workloads
Monitoring, management, all regardless of platform
All topologies
Local, metro, and geographical area clusters
SUSE® High Availability Use Cases
SLES for SAP
• SLES for SAP is built on SLE HA
• The reference architecture for SAP with HA
• High Availability for SAP HANA
• Enables HA for SAP in public clouds
Extended use cases
SUSE Cloud
• OpenStack HA built on SLE HA
• SLE HA for the control plane
• SLE HA for the compute plane using pacemaker_remote
Everyone needs a highly available Lego technics Excavators right….?
2017 2018 2019 2020
SUSE Linux Enterprise—Mission Critical
12 SP3
15
12 SP4
15 SP1
12 SP5
High Availability & GEO
Clustering • Azure cloud support
• Geo bootstrap kit
• HAWK2: edit fencing
topologies
Live Patching• Power LE support
12 SP3
High Availability & GEO
Clustering Improve integration into
Single sign-on
Published API
Live Patching Deeper integration with
other SUSE products
High Availability & GEO Clustering • Rebase stack on SUSE Linux Enterprise 15
common code base
• Expand options for host based mirroring
• Merge GEO clustering into HA
• ClusterAPI**
Live Patching• More architecture support
(following market needs)
High Availability & GEO
Clustering Improve integration into
single sign-on
Published API
Extended RBAC for cluster
ops
Cluster templates (app/use
case specific)
Live Patching Userland LP**
Integration with other SUSE
products
Real Time New: SUSE Linux
Enterprise 15 based RT
capabilities
High Availability & GEO
Clustering Expand options for host
based mirroring
Merge GEO clustering into
HA also for SUSE Linux
Enterprise 12
Live Patching More architecture support
(following market needs)
15 12 SP4 15 SP1 12 SP5
* Information is forward looking and subject to change at any time.
** Items are tech preview
SUSE® Linux Enterprise for SAP ApplicationsPlatform Overview for Business Operations
SAP
NetWeaver
SAP
S/4HANASAP HANA
SUSE Has the Ideal Platform for Your SAP Landscape
81
Unrivaled Relationship Making SUSE the Smart Choice for SAP Workloads
• 17+ years of joint testing and development at the SAP LinuxLab
• Joint collaboration on Cloud Foundry
• SUSE Linux Enterprise is the leading platform for SAP workloads on Linux
• Seamless support from SAP and SUSE
• SUSE Linux Server for SAP Applications delivers built-in high availability, superior performance and
security
• First and leading OS for SAP HANA
• The platform powering SAP HANA Enterprise Cloud
• SUSE OpenStack Cloud powers SAP’s HANA Cloud platform
82
Challenge Solution Results
• Expand HANA
Enterprise Cloud
• Meet enterprise
requirements
• 6,600 servers
• 12,000 CPUs
• 16,000 VMs
• SUSE Linux Enterprise
Server for SAP
Applications
• 99.999% availability
• Reduced TCO
• Streamlined operations
SAP is also a SUSE Customer
83
84
SUSE Linux Enterprise Server for SAP Applications
Extended Service Pack Support18 Month Grace Period
SAP specific update channel
24x7 Priority Support for SAP
......Page Cache Management
SAP specific update channel
SUSE Linux Enterprise ServerSLE High Availability
SAP HANA & SAP NetWeaver
SAP HANAFirewall
SAP HANAResource
Agents
InstallationWizard
24x7 Priority Support for SAP
85
SAP Platform Installation Automation
Installation Wizard now installs:
• A complete SAP high
availability stack
• SAP HANA TDI (tailored data center
Integration) environments
• Uses SUSE Manager
SAP HANA Firewall installation options
• Installation Wizard
• Auto-configuration
86
Overview Supported SAP HA Scenarios
• Manual failover
• Simple stack
• Enqueue replication
• Combined stack
SAP NetWeaver
• Manual failover
• Performance optimized
• Cost optimized
• Multitenant database
containers
• Storage replication
• Public Cloud
• Others
SAP HANA
ScaleUp
• Auto-host failover
• Manual takeover
• Performance optimized
• Storage replication
• Public cloud
• Others
SAP HANA
ScaleOut
31
87
Available with SUSE Linux Enterprise Server for SAP Applications 12 SP2
SAP HANA Scale-Out: Performance Optimized
SAP
HANA
(PR1)
primary
PR1
SAP HANA
(PR1)
secondary
PR1
pacemaker
active/active
System replication
Cluster 1 Cluster 2
vIPCluster 2 usage
Data pre-load on
secondary
Take-over decision
Take-over process
Take-over reaction
time
Take-over speed
Dedicated
Yes
Fully Automated by SUSE cluster
solution
Fully Automated by SUSE cluster
solution
Fast due to pacemaker heartbeat
Fast since data pre-loaded
SUSE Linux Enterprise Server
88
The recommended and supported
operating system for SAP applications.
89
