SUSE Linux Live Patching for Power – A key tool for availability

SUSE_Toolpouch

All system outages are bad. They result in lost revenue, reputation damage, lost productivity and other impacts to the business. Outages of enterprise applications such as SAP HANA can have an even greater impact on a business due to the pervasive nature of those applications.  One reason you choose the IBM Power platform is the excellent hardware reliability of Power servers. Similarly, you choose SUSE Linux as the infrastructure for your SAP HANA deployments because of its track record of providing a reliable, secure computing environment.

SUSE Linux for SAP Applications includes a broad set of tools to manage unplanned software outages for SAP HANA environments, including the High Availability Extension, automated failover of SAP HANA, and specialized monitoring to detect problems before they result in an outage. SUSE also built specific features into SUSE Linux to provide higher availability for SAP HANA such as support for 512TB virtual address space size to avoid outages caused by address space fragmentation.

Unfortunately, there are some outages that are difficult to avoid. Outages are often required install patches for critical or security exposures that affect the Linux kernel. These patches must be installed to avoid potentially more severe outages. In 2017 there were more than 400 Common Vulnerabilities and Exposures (CVE) identified for the Linux Kernel. While not all of those vulnerabilities may be applicable to every environment, outages to install kernel security patches can significantly impact overall system availability.

SUSE has been a pioneer in developing technology to address this issue. SUSE first introduced SUSE Linux Enterprise Live Patching as a product in 2014. This product uses technology called kGraft, allowing you to install kernel patches with no outage. SUSE developed kGraft with the Linux Community because it does not require the system being patched to pause execution during the patch process. This gives customers great flexibility to use SUSE Live Patching to address serious vulnerabilities quickly. SAP has supported live patching since 2016.

The SUSE Live Patching process works by redirecting calls to kernel functions to a new, patched version of that function. Multiple live patches can be installed to a kernel function. SUSE recommends that customers reboot their system at least yearly.

Live Patching Diagram

SUSE can provide live patches for SUSE CVSS (Common Vulnerability Scoring System) level 6+ vulnerabilities as well as bug fixes related to system stability or data corruption. For more information on CVSS, see http://nvd.nist.gov/cvss.cfm/. It is not possible to produce a live patch for all kernel bugs.

SUSE released support for Kernel Live Patching on the IBM Power platform in January 2018 https://www.suse.com/c/live-patching-helps-deliver-nonstop-ibm-power-systems/ and requires at least SLES 12 Service Pack 2 for the ppc64le platform. Live Patching is a separate product that must be purchased in addition to SLES for SAP Applications for Power.

In summary, SUSE and IBM provide a number of tools to help you keep your SAP HANA system running smoothly and reliability on IBM Power systems. Live Patching provides an important tool for customers that need the ultimate level of availability for their SAP HANA systems.

Jay

Advertisements

About Jay Kruemcke

Jay Kruemcke is passionate about helping customers and partners achieve their goals. Jay is a currently a Senior Product Manager at SUSE. Jay is responsible for the SUSE Linux for High-Performance Computing, Linux for Arm, and Linux for Power servers. Jay released the first commercially supported Linux distribution for Arm in 2016. Jay completely restructured SUSE’s HPC offerings in 2017 to add support for Arm systems, provide longer term support, and continue to enhance the HPC Module. The HPC Module provides support for open software such as slurm as part of the SUSE HPC subscription. Jay has built an extensive career in product management based on being a bridge between customers and engineering teams. He has extensive experience in many areas including product positioning, driving future product directions, using social media for client collaboration, and evangelizing the capabilities and future directions of enterprise products. Prior to joining SUSE, Jay had a long career at IBM including many roles in the Power and Cloud Engineering and Offering teams. In addition to his product management experience, Jay has held a variety of technology roles at including product marketing, manager of a technical architecture team, briefing center staff, SAP systems management consultant, and as a system programmer and administrator Jay also volunteers with the Boy Scouts in multiple roles and with ProductCamp Austin. The postings on this site solely reflect the personal views of the author and do not necessarily represent the views, positions, strategies or opinions of my employer. Follow me on twitter @mr_sles and @phastflyer
This entry was posted in AIX & Power Systems Blogroll, Information Technology, Open Source, SAP HANA, SUSE Linux and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s