Open and Innovative: others don’t have a patch on SUSE
SUSE leading the way with SUSE Linux Enterprise Live Patching.
We have been solving problems in application uptime and delivery for a long time at SUSE, in fact it’s been over 25 years. Our SUSE Linux Enterprise High Availability product has been used by customers since 2009, building out complex environments to power mission critical applications. That was not enough!
In 2014 we released SUSE Linux Enterprise Live Patching. For the first time customers could fix kernel vulnerabilities without the need to stop, pause or reboot systems. What was even more innovative back in 2014 was the fact that customers did not need to discuss applications or architecture, re-configure or change systems to use live patching. I for one welcome innovation throughout the Open Source world and its great to see that after 5 years, Red Hat customers who are able to upgrade to RHEL 8.1 can now get something similar for their systems.
Security and compliance is the real story. It’s all about knowing exactly what you are going to get, and when.
In an ideal world our code would be perfect. Our application architectures flawless in operation and our plans for maintenance just as slick. We all know this sadly is rarely the case. The mitigation to such unplanned change in our roadmaps is knowledge.
When it comes to security, and so being compliant, the industry has a solid knowledge sharing approach using the CVEs (Common Vulnerabilities and Exposures). The CVE, and subsequent fix, underpins the value for patching. Knowing thresholds, values and impacts of any given CVE allows us to plan and act.
At SUSE we determined that live patching CVEs greater than 7 is the sweet spot. Delivering rapid fixes that are high enough to be of impact to any running system is the result. We also do this within 30 days, and we do this for all supported kernels for 12 months!
POWER to keep your critical applications online.
It’s not just general purpose and large x86_64 systems that feel the benefit of fixing vulnerable systems without waiting for a planned maintenance window. We see so many customers in the SUSE world that run critical applications or large database instances on IBM POWER. In many cases these systems do not have the same levels of flexibility built into general purpose systems, and so every minute of downtime hurts.
SUSE Linux Enterprise Live Patching has supported live patching on the POWER systems for almost 2 years now. This is just another example of SUSE always listening to the user community and delivering to them what the users really need and when they need. Customers know and depend on SUSE to be the first to deliver the right technology at the right time.
A to Z of coverage.
The value of live patching is clear and the value is not limited to large single instance applications or databases. Many large-scale systems in finance and banking sectors suffer from unplanned downtimes and the constant surprises of found-and-fixed vulnerabilities.
SUSE know this very well and that’s why we will be adding support for IBM Z to our SUSE Linux Enterprise Live Patching in early 2020. Many large institutions will soon start testing. If you would like to join for testing, please reach out to your SUSE contacts.
“Dublin” your live patching service at SUSECON 2020.
So far everything I’ve covered has been solely about the kernel. We have big plans at SUSE when it comes to keeping your systems compliant and running 24/7.
Just as SUSE led the way with kernel live patching we will be doing the same with the userspace, and we plan to showcase how will provide more than kernel live patching.
If you are coming to SUSECON 2020 early next year, you will see the innovations first hand and our plans to more than double the benefits of live patching in your mission critical application landscape.