SUSE Linux Live Patching for Power – A key tool for availability

SUSE_Toolpouch

All system outages are bad. They result in lost revenue, reputation damage, lost productivity and other impacts to the business. Outages of enterprise applications such as SAP HANA can have an even greater impact on a business due to the pervasive nature of those applications.  One reason you choose the IBM Power platform is the excellent hardware reliability of Power servers. Similarly, you choose SUSE Linux as the infrastructure for your SAP HANA deployments because of its track record of providing a reliable, secure computing environment.

SUSE Linux for SAP Applications includes a broad set of tools to manage unplanned software outages for SAP HANA environments, including the High Availability Extension, automated failover of SAP HANA, and specialized monitoring to detect problems before they result in an outage. SUSE also built specific features into SUSE Linux to provide higher availability for SAP HANA such as support for 512TB virtual address space size to avoid outages caused by address space fragmentation.

Unfortunately, there are some outages that are difficult to avoid. Outages are often required install patches for critical or security exposures that affect the Linux kernel. These patches must be installed to avoid potentially more severe outages. In 2017 there were more than 400 Common Vulnerabilities and Exposures (CVE) identified for the Linux Kernel. While not all of those vulnerabilities may be applicable to every environment, outages to install kernel security patches can significantly impact overall system availability.

SUSE has been a pioneer in developing technology to address this issue. SUSE first introduced SUSE Linux Enterprise Live Patching as a product in 2014. This product uses technology called kGraft, allowing you to install kernel patches with no outage. SUSE developed kGraft with the Linux Community because it does not require the system being patched to pause execution during the patch process. This gives customers great flexibility to use SUSE Live Patching to address serious vulnerabilities quickly. SAP has supported live patching since 2016.

The SUSE Live Patching process works by redirecting calls to kernel functions to a new, patched version of that function. Multiple live patches can be installed to a kernel function. SUSE recommends that customers reboot their system at least yearly.

Live Patching Diagram

SUSE can provide live patches for SUSE CVSS (Common Vulnerability Scoring System) level 6+ vulnerabilities as well as bug fixes related to system stability or data corruption. For more information on CVSS, see http://nvd.nist.gov/cvss.cfm/. It is not possible to produce a live patch for all kernel bugs.

SUSE released support for Kernel Live Patching on the IBM Power platform in January 2018 https://www.suse.com/c/live-patching-helps-deliver-nonstop-ibm-power-systems/ and requires at least SLES 12 Service Pack 2 for the ppc64le platform. Live Patching is a separate product that must be purchased in addition to SLES for SAP Applications for Power.

In summary, SUSE and IBM provide a number of tools to help you keep your SAP HANA system running smoothly and reliability on IBM Power systems. Live Patching provides an important tool for customers that need the ultimate level of availability for their SAP HANA systems.

Jay

Advertisements

About Jay Kruemcke

Jay has had more than twenty years of experience in the information technology industry. Starting from a rather humble beginning at IBM, Jay became a mainframe systems support programmer. Eventually Jay joined the AIX operating systems development team early in that product's development. Jay leveraged technical skills that he built in systems management to establish himself as a member of the IBM Austin Executive Briefing Center. His expertise in systems management with the SAP ERP system enabled his first product management role, as the owner of the Tivoli management product for SAP. Over the next three years he established that product as a success with the help of a strong development team. Jay returned to AIX in a product management position initially focusing on managing new requirements for the AIX operating system. Jay established himself as a subject manager expert in AIX and Power Systems virtualization and became a frequent guest at conferences around the world. Jay succumbed to the dark side and spent four years in IBM marketing in which he introduced AIX version 6 and AIX version 7 and many product innovations including the first every open beta program for an AIX release and a significant restructuring of the AIX offering structure and prices. Jay was part of the cloud software development organization and and focused on managing development engagements for clients deploying clouds using Power Systems servers with PowerVC and related products. In March of 2016, Jay retired from IBM and started in a new role as a product manager for SUSE, the Open Software company. Jay new focus is on enterprise Linux for POWER and ARM processor based systems. The postings on this site solely reflect the personal views of the author and do not necessarily represent the views, positions, strategies or opinions of my employer. Follow me on twitter @mr_sles, @cloudrancher and @chromeaix.
This entry was posted in AIX & Power Systems Blogroll, Information Technology, Open Source, SAP HANA, SUSE Linux and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s