SUSE Linux Enterprise Server for SAP Applications:HP Partner Event, April 2015

Bob FidrychHP Partner Executive

rfidrych@suse.com

Rodolfo BejaranoSales Engineer

RBejarano@suse.com

Over x% of SAP customers using Linux prefer SUSE Linux Enterprise

Server for SAP Applications

Question

70%

Agenda

HP- SUSE Partnership

Linux/SUSE in SAP ecosystem

SAP specific offering: SLES for SAP

Hardening your HANA System

Additional Info/Big Winner

HP and SUSE – Alliance OverviewBroad Relationship

Partners for over 23 years—OEM, Reseller, Engineering, Support

Product Offering Integration HP offers a great selection of SUSE Linux Enterprise Server (SLES)

offerings on the HP price list, including SLES, SLES for SAP, SLEHA, and SLES for HPC

HP Technology Services provides the SUSE technical support for all of the HP OEM SUSE Linux Enterprise offerings they provide

Technical Collaboration SUSE Linux Enterprise is certified across the HP ProLiant and

BladeSystem server lines (incl. Moonshot Servers); also certified across HP Storage line

EVERY Gen8 ProLiant Server ships with/initially boots off of SUSE technology—base of HP’s Gen8 ProLiant server feature called “Intelligent Provisioning”

Many HP-SUSE Reference Architecture’s including HANA and new HP-SUSE-Hortonworks

Benchmark Release with SLES11 SP3

New HP ConvergedSystem 900 for SAP HANA captures top spots on SPECjbb2013-MultiJVM benchmark

• Performance Brief

http://h20195.www2.hp.com/V2/GetDocument.aspx?docname=4AA5-3288ENW&cc=us&lc=en

Benchmark Release with SLES11 SP3

“Record-breaking performance never happens by chance. The HP ConvergedSystem 900 for SAP HANA is the best platform for real-time in-memory computing, and our work with SUSE helps customers get the most out of the architecture.”

-- Paul Miller, Vice President of Marketing, HP Converged Systems

HP Uses SUSE Linux

HP Video

Business Case for migrating SAP to SUSE Linux

SAP installations on Linux steadily increasing each year (SCN)

• Most SAP UNIX migration goes to Linux

• Linux on Intel achieves 5x SAPS/$

• No Limits for SAP workloads on Linux

• Competitive Advantage‒ Improved Performance

‒ High Availability

‒ Increased Reliability

‒ Tightened SecuritySource: The Trend from UNIX to Linux in SAP Data-

Centers, RealTech Consulting, Oct 2012

SAP’s #1 Linux (since 1999)

1999 First Linux certified for SAP

2006 First OS certified for SAP ACC

“ Only OS selected for use with SAP BWA

“ SAP's Linux/UNIX software development platform

2007 First virtualization validated for SAP

“ First joint support through SAP Solution Manager

2008 Installation Wizard for SAP and SUSE software

“ Only OS selected for use with SAP Business ByDesign

“ SAP Pinnacle Award 2008 Winner

2009 Only OS recommended and supported for SAP HANA

“ SAP Pinnacle Award 2009 Finalist

2010 4 validated high availability best practices with SAP Linux Lab

“ First Linux supported on Amazon Web Services

2011 SUSE Linux Enterprise Server for SAP Applications

2012 Distribution of ClamSAP (anti-virus connector to ClamAV)

“ SUSE celebrates 20th anniversary

“ First Linux certified for SAP NetWeaver High Availability

2013 SUSE ads new channel program for SAP Business One HANA

SAP customers are using Linux to run the database and/or application server

of these are running their workloads on SUSE Linux Enterprise

SUSE Linux Enterprise is SAP's development platform for UNIX and Linux

SUSE Linux Enterprise is the recommended and supported OS of choice for SAP HANA

First Linux distributor to certify HA extension for integration with SAP Netweaver

20,000+

70%

#1

#1

#1

Why SUSE® for SAP ?

SUSE Linux Enterprise Server for SAPThe only operating system optimized for SAP Applications

• Built in HA components to enable you to protect Mission Critical Applications

• Extended Update Cycle (18 months) to fit your needs

• Enables High Performance of Large Workloads

• Integrated Priority Support from both SUSE and SAP

• Enables Fast and Easy Deployment with Installation Wizard

The Recommended OS for SAP HANASUSE Linux Enterprise Server for SAP Applications

•SLA•Built-in HA•Supported

•Up to 13 years•Flexibility•Guidance

•Settings•Firewall•JeOS

•5000 customers•SAP IT reference•HP, IBM, Dell, Cisco, Fujitsu, Hitachi, Huawei, VCE, NEC, SGI,

Unisys, Lenovo

Reliability Security

AvailabilityMaintenance

News Headlines

16

Securing SAP HANA with SUSE LinuxCustomized OS Security Hardening for SAP HANA

SUSE Linux Enterprise Security Guide for SAP HANA

Security Hardening Settings for HANA

SUSE Firewall for HANA

Minimal OS package selection

SUSE Security Updates

Classification of the Hardening Guide

SUSESecurity Guide

OS SecurityHardening Guidefor SAP HANA

SAP HANASecurity Guide

Operating System genericSAP HANA specific

18

Security Hardening SettingsCategories

• Authentication Settings→ User login restrictions, password policy, etc.

• System Access Settings→ Local and remote access restrictions

• Networking Settings→ i. e. behavior of the Linux IP stack

• Linux Service permissions→ i. e. disallow of 'at'-jobs

• File permissions→ Access rights of security-critical files

• Logging and Reporting→ Behavior of the system logging, security reports, etc.

19

Security Hardening SettingsDetailed Example: Prohibit login as root via ssh

Description

By default, the user “root” is allowed to remotely log in via ssh. This has two disadvantages: First, root logins are logged, but cannot be associated with a particular user. This is especially a disadvantage if more than one system administrator makes changes on the system. Second, a stolen root password allows an attacker to login directly to the system. Instead of logging in as a normal user first, then doing “su” or a “sudo,” an attacker just requires the root password.

Procedure

Edit /etc/ssh/sshd.conf and set parameter

PermitRootLogin no

Impact

Root no longer can be used to login remotely, so that users are required to use “su” or “sudo” to gain root access when using ssh.

Priority: high

20

SAP HANA Technical Operation Manual

2.1.4.1 Updating and Patching the Operating System

• The customer is generally responsible for implementing operating system patches.

• OS security patches may be installed immediately after they are available.

• Any updates related to kernel or runtime libraries (glibc) need to be validated and approved by SAP beforehand (and the relevant HW partner).

• OS Service Packages (SPs) can be downloaded and applied to the SAP HANA system only according to agreements with the respective hardware partner.

• Do not change configuration settings when you patch the operating system unless explicitly stated in the corresponding SAP release note.

21

Availability of the Hardening Guide

• Download link→ www.suse.com/products/sles-for-sap/resource-library/

• About the Authors→ Developed by Markus Guertler (SUSE @ SAP Linux Lab) and Alexander Bergmann (SUSE Maintenance & Security Team)

• Future OutlookAdditional and improved hardening settings

Improvements of the firewall (i. e. automatic detection of installed HANA systems)

Further reduction of the minimal set of packages

22

Competitive Assessment

Product Elements SLES 11SLES for SAP

Applications 11RHEL 6 for SAP

Basic Priority Basic Priority Premium

Maintenance / Update X X X X X

Dedicated SAP Update Channel X X

Priority Support 24X7 X X X

SAP Solution Manager Integration X X

Installation Wizard X X

Linux Kernel 3.0 X X X X

Xen Virtualization supported by SAP X X X X

KVM Virtualization supported by SAP X X X X X

Page-Cache Limit X X

Expanded Service Pack Overlap Support

X X

High Availability Clustering X X

Cluster File System support X X

Support for SAP required JVM X X X

ClamSAP integration X X

Additional Information

CLP Training Academy for Partners(Certified Linux Professional)

New to Linux Administration

SUSE Linux Enterprise 11 Fundamentals – 3 days

SUSE Linux Enterprise 11 Administration – 5 days

SUSE Linux Enterprise 11 Professional – 5 days

Exam: CLA & CLP

• By invitation only

• Flexible 11-week

• Self-study

• Training portal

• Regular assignment

• Weekly webcast

• Live instructor

4,000 USD Value

• All of this is at No Charge to HP Partners and Includes the Test Vouchers• Academy occurs twice a year• Contact bob.fidrych@suse.com to get on list for next training

Linux Training for SAP AdministratorsSUSE administration course with relevant SAP technical content

SUSE Linux Enterprise Server 11 for SAP Applications Administration

– Designed for SAP administrators

– Become Linux administrator

– Learn SAP specific Linux configurations

– 4 days online hands-on technical training

– Price €1,750

– Help prepare for the SUSE CLA 11 certification exam

– www.suse.com/training

Appendex- SAP Notes

Relevant SAP Notes*

# 171356 - SAP Software on Linux: Essentials

# 1310037 - SUSE LINUX Enterprise Server 11: Installationsguide

# 1056161 - SUSE Priority Support for SAP Applications

# 1557506 - Linux paging improvements

# 1122387 - Linux: SAP Support in virtualized Environments

VMware Knowledge base

• 1034165 Disabling simultaneous write protection provided by VMFS using the multi-writer flag

* SAP S-User Id required

Appendex- More InformationSUSE Websites

• www.suse.com/smart

• SUSE Linux Enterprise Server for SAP applications

• SUSE and SAP Alliance

• SUSE Linux Enterprise and SAP HANA

SUSE Linux Enterprise for SAP Applications

• Overview and Features

• Video Introduction

• Solutions Guide

• Success Stories

• Whitepapers

• Best Practice Guides (High Availability)

• FAQ

• Technical Information

• Evaluation Download

Grand Prize

Summary- SUSE LinuxThe First Linux for SAP HANA is still the best for Linux for HANA

SummaryThe First Linux for SAP HANA is still the best for Linux for HANA

#1 The leading platform for SAP solutions on Linux

#1 The only Enterprise Linux optimized for SAP solutions

#1 SUSE Linux Enterprise is SAP's development platform for UNIX and Linux

#1 SAP HANA was first developed and built on SUSE Linux Enterprise

#1 SUSE Linux Enterprise is the recommended and supported OS of choice for SAP HANA with over 5,000 servers to date

#1 The most secure OS available for SAP HANA

All Rights Reserved. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of SUSE. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. SUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for SUSE products remains at the sole discretion of SUSE. Further, SUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All SUSE marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.