suse linux enterprise server for sap applications: hp partner event, april 2015 bob fidrych hp...
TRANSCRIPT
SUSE Linux Enterprise Server for SAP Applications:HP Partner Event, April 2015
Bob FidrychHP Partner Executive
Rodolfo BejaranoSales Engineer
Over x% of SAP customers using Linux prefer SUSE Linux Enterprise
Server for SAP Applications
Question
70%
Agenda
HP- SUSE Partnership
Linux/SUSE in SAP ecosystem
SAP specific offering: SLES for SAP
Hardening your HANA System
Additional Info/Big Winner
HP and SUSE – Alliance OverviewBroad Relationship
Partners for over 23 years—OEM, Reseller, Engineering, Support
Product Offering Integration HP offers a great selection of SUSE Linux Enterprise Server (SLES)
offerings on the HP price list, including SLES, SLES for SAP, SLEHA, and SLES for HPC
HP Technology Services provides the SUSE technical support for all of the HP OEM SUSE Linux Enterprise offerings they provide
Technical Collaboration SUSE Linux Enterprise is certified across the HP ProLiant and
BladeSystem server lines (incl. Moonshot Servers); also certified across HP Storage line
EVERY Gen8 ProLiant Server ships with/initially boots off of SUSE technology—base of HP’s Gen8 ProLiant server feature called “Intelligent Provisioning”
Many HP-SUSE Reference Architecture’s including HANA and new HP-SUSE-Hortonworks
Benchmark Release with SLES11 SP3
New HP ConvergedSystem 900 for SAP HANA captures top spots on SPECjbb2013-MultiJVM benchmark
• Performance Brief
http://h20195.www2.hp.com/V2/GetDocument.aspx?docname=4AA5-3288ENW&cc=us&lc=en
Benchmark Release with SLES11 SP3
“Record-breaking performance never happens by chance. The HP ConvergedSystem 900 for SAP HANA is the best platform for real-time in-memory computing, and our work with SUSE helps customers get the most out of the architecture.”
-- Paul Miller, Vice President of Marketing, HP Converged Systems
HP Uses SUSE Linux
HP Video
Business Case for migrating SAP to SUSE Linux
SAP installations on Linux steadily increasing each year (SCN)
• Most SAP UNIX migration goes to Linux
• Linux on Intel achieves 5x SAPS/$
• No Limits for SAP workloads on Linux
• Competitive Advantage‒ Improved Performance
‒ High Availability
‒ Increased Reliability
‒ Tightened SecuritySource: The Trend from UNIX to Linux in SAP Data-
Centers, RealTech Consulting, Oct 2012
SAP’s #1 Linux (since 1999)
1999 First Linux certified for SAP
2006 First OS certified for SAP ACC
“ Only OS selected for use with SAP BWA
“ SAP's Linux/UNIX software development platform
2007 First virtualization validated for SAP
“ First joint support through SAP Solution Manager
2008 Installation Wizard for SAP and SUSE software
“ Only OS selected for use with SAP Business ByDesign
“ SAP Pinnacle Award 2008 Winner
2009 Only OS recommended and supported for SAP HANA
“ SAP Pinnacle Award 2009 Finalist
2010 4 validated high availability best practices with SAP Linux Lab
“ First Linux supported on Amazon Web Services
2011 SUSE Linux Enterprise Server for SAP Applications
2012 Distribution of ClamSAP (anti-virus connector to ClamAV)
“ SUSE celebrates 20th anniversary
“ First Linux certified for SAP NetWeaver High Availability
2013 SUSE ads new channel program for SAP Business One HANA
SAP customers are using Linux to run the database and/or application server
of these are running their workloads on SUSE Linux Enterprise
SUSE Linux Enterprise is SAP's development platform for UNIX and Linux
SUSE Linux Enterprise is the recommended and supported OS of choice for SAP HANA
First Linux distributor to certify HA extension for integration with SAP Netweaver
20,000+
70%
#1
#1
#1
Why SUSE® for SAP ?
SUSE Linux Enterprise Server for SAPThe only operating system optimized for SAP Applications
• Built in HA components to enable you to protect Mission Critical Applications
• Extended Update Cycle (18 months) to fit your needs
• Enables High Performance of Large Workloads
• Integrated Priority Support from both SUSE and SAP
• Enables Fast and Easy Deployment with Installation Wizard
The Recommended OS for SAP HANASUSE Linux Enterprise Server for SAP Applications
•SLA•Built-in HA•Supported
•Up to 13 years•Flexibility•Guidance
•Settings•Firewall•JeOS
•5000 customers•SAP IT reference•HP, IBM, Dell, Cisco, Fujitsu, Hitachi, Huawei, VCE, NEC, SGI,
Unisys, Lenovo
Reliability Security
AvailabilityMaintenance
News Headlines
16
Securing SAP HANA with SUSE LinuxCustomized OS Security Hardening for SAP HANA
SUSE Linux Enterprise Security Guide for SAP HANA
Security Hardening Settings for HANA
SUSE Firewall for HANA
Minimal OS package selection
SUSE Security Updates
Classification of the Hardening Guide
SUSESecurity Guide
OS SecurityHardening Guidefor SAP HANA
SAP HANASecurity Guide
Operating System genericSAP HANA specific
18
Security Hardening SettingsCategories
• Authentication Settings→ User login restrictions, password policy, etc.
• System Access Settings→ Local and remote access restrictions
• Networking Settings→ i. e. behavior of the Linux IP stack
• Linux Service permissions→ i. e. disallow of 'at'-jobs
• File permissions→ Access rights of security-critical files
• Logging and Reporting→ Behavior of the system logging, security reports, etc.
19
Security Hardening SettingsDetailed Example: Prohibit login as root via ssh
Description
By default, the user “root” is allowed to remotely log in via ssh. This has two disadvantages: First, root logins are logged, but cannot be associated with a particular user. This is especially a disadvantage if more than one system administrator makes changes on the system. Second, a stolen root password allows an attacker to login directly to the system. Instead of logging in as a normal user first, then doing “su” or a “sudo,” an attacker just requires the root password.
Procedure
Edit /etc/ssh/sshd.conf and set parameter
PermitRootLogin no
Impact
Root no longer can be used to login remotely, so that users are required to use “su” or “sudo” to gain root access when using ssh.
Priority: high
20
SAP HANA Technical Operation Manual
2.1.4.1 Updating and Patching the Operating System
• The customer is generally responsible for implementing operating system patches.
• OS security patches may be installed immediately after they are available.
• Any updates related to kernel or runtime libraries (glibc) need to be validated and approved by SAP beforehand (and the relevant HW partner).
• OS Service Packages (SPs) can be downloaded and applied to the SAP HANA system only according to agreements with the respective hardware partner.
• Do not change configuration settings when you patch the operating system unless explicitly stated in the corresponding SAP release note.
21
Availability of the Hardening Guide
• Download link→ www.suse.com/products/sles-for-sap/resource-library/
• About the Authors→ Developed by Markus Guertler (SUSE @ SAP Linux Lab) and Alexander Bergmann (SUSE Maintenance & Security Team)
• Future OutlookAdditional and improved hardening settings
Improvements of the firewall (i. e. automatic detection of installed HANA systems)
Further reduction of the minimal set of packages
22
Competitive Assessment
Product Elements SLES 11SLES for SAP
Applications 11RHEL 6 for SAP
Basic Priority Basic Priority Premium
Maintenance / Update X X X X X
Dedicated SAP Update Channel X X
Priority Support 24X7 X X X
SAP Solution Manager Integration X X
Installation Wizard X X
Linux Kernel 3.0 X X X X
Xen Virtualization supported by SAP X X X X
KVM Virtualization supported by SAP X X X X X
Page-Cache Limit X X
Expanded Service Pack Overlap Support
X X
High Availability Clustering X X
Cluster File System support X X
Support for SAP required JVM X X X
ClamSAP integration X X
Additional Information
CLP Training Academy for Partners(Certified Linux Professional)
New to Linux Administration
SUSE Linux Enterprise 11 Fundamentals – 3 days
SUSE Linux Enterprise 11 Administration – 5 days
SUSE Linux Enterprise 11 Professional – 5 days
Exam: CLA & CLP
• By invitation only
• Flexible 11-week
• Self-study
• Training portal
• Regular assignment
• Weekly webcast
• Live instructor
4,000 USD Value
• All of this is at No Charge to HP Partners and Includes the Test Vouchers• Academy occurs twice a year• Contact [email protected] to get on list for next training
Linux Training for SAP AdministratorsSUSE administration course with relevant SAP technical content
SUSE Linux Enterprise Server 11 for SAP Applications Administration
– Designed for SAP administrators
– Become Linux administrator
– Learn SAP specific Linux configurations
– 4 days online hands-on technical training
– Price €1,750
– Help prepare for the SUSE CLA 11 certification exam
– www.suse.com/training
Appendex- SAP Notes
Relevant SAP Notes*
# 171356 - SAP Software on Linux: Essentials
# 1310037 - SUSE LINUX Enterprise Server 11: Installationsguide
# 1056161 - SUSE Priority Support for SAP Applications
# 1557506 - Linux paging improvements
# 1122387 - Linux: SAP Support in virtualized Environments
VMware Knowledge base
• 1034165 Disabling simultaneous write protection provided by VMFS using the multi-writer flag
* SAP S-User Id required
Appendex- More InformationSUSE Websites
• www.suse.com/smart
• SUSE Linux Enterprise Server for SAP applications
• SUSE and SAP Alliance
• SUSE Linux Enterprise and SAP HANA
SUSE Linux Enterprise for SAP Applications
• Overview and Features
• Video Introduction
• Solutions Guide
• Success Stories
• Whitepapers
• Best Practice Guides (High Availability)
• FAQ
• Technical Information
• Evaluation Download
Grand Prize
Summary- SUSE LinuxThe First Linux for SAP HANA is still the best for Linux for HANA
SummaryThe First Linux for SAP HANA is still the best for Linux for HANA
#1 The leading platform for SAP solutions on Linux
#1 The only Enterprise Linux optimized for SAP solutions
#1 SUSE Linux Enterprise is SAP's development platform for UNIX and Linux
#1 SAP HANA was first developed and built on SUSE Linux Enterprise
#1 SUSE Linux Enterprise is the recommended and supported OS of choice for SAP HANA with over 5,000 servers to date
#1 The most secure OS available for SAP HANA
All Rights Reserved. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of SUSE. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. SUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for SUSE products remains at the sole discretion of SUSE. Further, SUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All SUSE marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.