Recently, NVIDIA has introduced Heterogeneous Memory Management (HMM) in its open source kernel drivers which simplifies GPU Application Development with CUDA. It unifies system memory access across CPUs and GPUs and removes the need to copy memory content between CPU and GPU memory. It extends Unified Memory to cover both system allocated memory as well as memory allocated by cudaMallocManaged().
You may ask, “how do I make this work on my system?” If you are a SUSE Linux Enterprise Server (SLES) or SUSE Linux Enterprise High Performance Computing (SLE HPC) 15 SP5 user, the open driver is already available to you. Therefore, if you have an NVIDIA chipset with a GPU System Processor (GSP), ie. NVIDIA Turing or later, we have you covered (openSUSE Leap users, check here). Here is how:

Installation on SLES/SLE HPC 15 SP5

Log into your system as root.
Due to the modular nature of SLES, you need to add two additional modules which are not enabled by default (they are enabled on SLE-HPC, though):

SUSEConnect -p sle-module-desktop-applications/15.5/x86_64
SUSEConnect -p sle-module-development-tools/15.5/x86_64

Note that your SLE system needs to be registered for these commands to work. On SLES and SLE HPC add the NVIDIA compute module now, and install the required packages by running:

SUSEConnect -p sle-module-NVIDIA-compute/15/x86_64
zypper --gpg-auto-import-keys refresh
zypper -n install -y --auto-agree-with-licenses --no-recommends nvidia-open-gfxG05-kmp-default cuda

In case you require secure boot or deploy in a public cloud environment, you may want to take advantage of the G06 open kernel drivers which are pre-built and signed by SUSE and are shipped with SLE. To install these drivers, add an additional repository with the following commands instead of the above:

zypper ar https://download.nvidia.com/suse/sle15sp5/ NVIDIA
SUSEConnect -p sle-module-NVIDIA-compute/15/x86_64 --gpg-auto-import-keys
zypper --gpg-auto-import-keys refresh
zypper -n in -y --auto-agree-with-licenses --no-recommends nvidia-open-driver-G06-signed-kmp-default nvidia-drivers-minimal-G06 cuda

This eliminates the need to enroll a separate MOK for secure boot as well as a separate build stage when the kernel drivers are installed or updated. It helps to reduce the size of cloud images since no extra build tools are required. It installs user space driver packages which are not available in the CUDA repository, yet.

Preparation

For chipsets with a display engine (i.e. which have display outputs), the open driver support is still considered alpha. Therefore, you may have to add or uncomment the following option in /etc/modprobe.d/50-nvidia-default.conf:

options nvidia NVreg_OpenRmEnableUnsupportedGpus=1

Once these steps have been performed, you may either reboot the system or run:

modprobe nvidia

as root to load all required kernel modules.

Testing the Installation

To check if HMM is available and enabled, query the ‘Addressing Mode’ property:

nvidia-smi -q | grep Addressing
Addressing Mode : HMM

If you see above output, HMM is available on your system.

Compile HMM Sample Code

NVIDIA discusses some code examples for HMM in its blog post. The examples can be found here on GitHub. Some these need a newer gcc than the stock version shipped with SLE 15, which you can install with:

zypper -n in -y gcc12-c++

In order to compile the examples, the PATH environment variable needs to be extended to point to the CUDA binaries:

export PATH=/usr/local/cuda/bin/:${PATH}

You may now compile the examples under the path src using the following commands:

nvcc -std=c++20 -ccbin=/usr/bin/g++-12 atomic_flag.cpp -o atomic_flag
nvcc -std=c++20 -ccbin=/usr/bin/g++-12 file_after.cpp -o file_after
nvcc -std=c++20 -ccbin=/usr/bin/g++-12 file_before.cpp -o file_before
nvcc -std=c++20 -ccbin=/usr/bin/g++-12 ticket_lock.cpp -o ticket_lock

‘weather_app’ Example

For this example application, the system gcc compiler is sufficient. Only $PATH has to be set to:

export PATH=/usr/local/cuda/bin/:${PATH}

Now, build the binary weather_app by running:

make

The blog by NVIDIA describes how to obtain the data required to run the app. If you’re unable to download the ~1.3 TB of data, you may also use the random data generator from this PR on GitHub. The random data app can be compiled with:

g++ create_random_data.cpp -o create_random_data -O2 -Wall

The application has no command line parameters, and the start and end year for the random data has to be set in the source code itself.

NOTE: If your graphic card doesn’t have sufficient VRAM to run the original sample code, you may scale down the data size by reducing the input_grid_height and input_grid_width parameters in both create_random_data.cpp and weather_app.cu.

To do a sample run:

mkdir binary_1hr_all
./weather_app
./weather_app 1981 1982 binary_1hr_all/

NOTE: The Makefile doesn’t compile CUDA kernels for the NVIDIA Turing GPUs and also has a faulty error message handling. You might want check out https://github.com/NVIDIA/HMM_sample_code/pull/2 which fixes this issues.

Summary

• The NVIDIA open driver provides HMM (Heterogeneous Memory Management) which extends the simplicity of the CUDA Unified Memory programming model even further on supported chipsets by including system allocated memory.
• HMM is available for SLES and SLE HPC 15 SP5
• The open driver allows for pre-built kernel drivers signed by SUSE.
  • This greatly simplifies the installation in a secure boot environment.
  • It streamlines the installation in public cloud environments by eliminating an extra build stage and reducing the size of the final image.
• We have demonstrated how to install and test HMM on SLES and SLE HPC 15 SP5.

Join us in this review of ‘What is Linux‘, tracing its evolution, the significance of open source, and SUSE’s role in this journey. From humble origins to future aspirations, we spotlight the challenges and milestones that define Linux’s legacy, rooted firmly in the ethos of open-source collaboration.

Table of contents:

Introduction to Linux

Understanding Open Source

Linux Distributions

Linux internals

Linux in the Enterprise

Future Trends and Developments

SUSE, Linux and the Open-Source movement

Conclusion

Introduction to Linux

Linux is an open-source kernel, similar to Unix, that forms the base for various operating system distributions. While the term “Linux” is commonly used to refer both to the kernel and the entire operating system built around it, a more precise term is “GNU/Linux”. This name highlights the combination of the Linux kernel with the extensive tooling provided by the GNU Project, turning something that was just a kernel into a full-fledged operating system.

Linux stands as a testament to the power of community collaboration. It has significantly shaped the software landscape through the combined efforts of tens of thousands of developers, leading to a broad collection of software. For those interested in a detailed history, we recommend this Wikipedia entry.

Given the recent turbulence in the Linux landscape, it makes sense to take a step back and look at what is Linux: its beginnings, its core structure, and its main milestones.

Going over its journey and key achievements will give us a clearer idea of how to better deal with the challenges coming ahead, and the potential developments that could help shape it for the next 30 years.

Understanding Open Source

Beyond its technical excellence, one of the key achievements of the GNU/Linux project has been the widespread adoption of the open-source development model, where developers share code for others to use, rebuild, and redistribute.

The legal foundation for this approach is primarily provided by the GNU Public License and other OSI-compliant licenses. These licenses have nurtured a broad open ecosystem and facilitated the growth of a plethora of software solutions, fostering a vibrant and innovative ecosystem.

It’s vital to remember that a genuine commitment to open source is a core reason for the success of GNU/Linux compared to other projects. It has even surpassed its closed-source counterparts in success. This is a testament to countless individual contributors and companies. And it’s a legacy that we should safeguard, no matter what challenges lie ahead.

Companies built on open source should always remember their roots. They’ve stood on the shoulders of giants, so recent events, like HashiCorp’s sudden license change or Red Hat’s moves to severely limit access to their distribution source code, endanger the true spirit of open source.

Linux Distributions

The initial complexity of configuring and compiling a Linux kernel and adding on top all the necessary GNU exiting tooling to build a running system (partitioning, file systems, command interpreters, GUI, …) led to the birth of the so called Linux Distributions.

A Linux Distribution is a way of packaging all the required software, together with an installer and all the necessary life-cycle managing tooling to be able to deploy, configure and keep updated over time a GNU/Linux environment.

The first really comprehensive distribution is considered to be SLS with the first distribution as we know them now being Slackware published in 1993. Founded in that very same year, SUSE was the first company to introduce an enterprise Linux distribution back in 1995.

There’s a very interesting timeline covering the origins and evolution of all linux distribtions available in Wikipedia

Linux internals

Linux Kernel

The Linux kernel is the central component of the Linux operating system, bridging software applications with the computer’s hardware. When a program or command is executed, it’s the kernel’s duty to interpret this request for the hardware. Its primary functions include:

• Interfacing with hardware through modules and device drivers.
• Managing resources like memory, CPU, processes, networking, and filesystems.
• Serving as a conduit for applications and facilitating communications through system libraries, user space libraries or container engines.
• Providing support for virtualization through hypervisors and virtual drivers
• Overseeing foundational security layers of the OS.

By 2023, the Linux kernel is based on more than 30 million lines of code, distinguishing it as the largest open-source project in history and with the broadest collaboration base.

Command-Line Interface (CLI)

Echoing Unix’s design, from which Linux draws inspiration, the primary interaction mode with the OS is through the Command-Line Interface. Of the various CLIs available, BASH is the most widely adopted.

Graphical User Interface (GUI)

For those preferring visual interaction, Linux offers diverse GUIs. Historically rooted in the X-Windows system, there’s a noticeable shift towards modern platforms like Wayland. On top of these foundational systems, environments like GNOME, KDE, or XFCE serve as comprehensive desktop interfaces. They provide users with organized workspaces, application launching capabilities, window management, and customization options, all while integrating seamlessly with the core Linux kernel.

Linux Applications and Software Ecosystem

Understanding an operating system involves not only grasping its core mechanics but also the myriad applications it supports. For GNU/Linux, an intrinsic part of its identity lies in the vast array of software that’s been either natively developed for it or ported over. This wealth of software stands testament to the versatility and adaptability of Linux as an operating system platform.

• Diverse Software Availability: Linux boasts a plethora of applications catering to almost every imaginable need, from office suites and graphics design tools to web servers and scientific computing utilities.
• Package Managers and Repositories: One of the distinctive features of Linux is its package management systems. Tools like apt (used by Debian and Ubuntu), dnf (used by Red Hat-based systems), zypper (for SUSE/openSUSE), and more recently, universal packaging systems like flatpak, enable users to easily install, update, and manage software in a confined model that simplifies portability across distributions. These package managers pull software from repositories, which are vast online libraries of pre-compiled software and dependencies.
• Emergence of Proprietary Software: While open-source software is the cornerstone of the Linux ecosystem, proprietary software companies have also recognized its value. They understand the importance of providing compatibility and packages for Linux platforms, further expanding the user base.

Linux in the Enterprise

Originally started as a hobby and a collections of research projects and tools, the potential of GNU/Linux as a platform for enterprise workloads rapidly became apparent. The closed nature of Unix, coupled with the fragmentation among Unix-based solutions back in the day, opened doors for Linux. This was particularly prominent as Linux exhibited its compatibility with widely adopted tools, such as GNU’s GCC, bash or the X-Windows system. Moreover, the dot-com bubble further spotlighted Linux’s prowess, with a surge in Linux-based services driving internet businesses that started to transform the IT landscape and set the roots for the Linux dominance in the server space that we can see today.

And how did it make its way from a hobbyist’s playground to a powerhouse in the enterprise world?

• Open-Source Advantage: The open-source model became an invaluable asset in the corporate realm. As Linux showcased, the more developers and specialists that could access, review, and enhance the code, the higher the resultant software quality. This open-review mechanism ensured rapid identification and rectification of security concerns and software bugs.
• Emergence of Enterprise Vendors: Enterprise solutions providers, notably Red Hat and SUSE, went beyond mere software distribution. These vendors began offering comprehensive support packages, ensuring businesses received consistent, reliable assistance. These packages, underpinned by enterprise-grade Service Level Agreements (SLAs), encompassed a wide range of offerings – from hardware and software certifications to implementation of security standards and legal assurances concerning software use.

Today, Linux reigns in the enterprise ecosystem. It is not only the go-to platform for a vast majority of new projects but also the backbone for the lion’s share of cloud-based services. This widespread adoption is a testament to Linux’s reliability, scalability, and adaptability to diverse business needs.

Future Trends and Developments

Despite having celebrated its 30th anniversary, Linux’s journey of expansion and adoption shows no signs of deceleration:

• Containerization Surge: Modern software deployment has been revolutionized by containerization, with Linux playing a pivotal role. Containers package software with its required dependencies, ensuring consistent behavior across diverse environments. Linux underpins this movement, providing the foundation for technologies like Docker and Kubernetes.
• Cloud Services Boom: The phenomenal growth of cloud services, powered by giants like AWS, Azure, and Google Cloud, has further solidified Linux’s dominance. This platform’s adaptability, security, and performance make it the choice foundation for these expansive digital infrastructures.
• AI and Supercomputing: Linux stands at the forefront of cutting-edge technologies. Every significant AI initiative today relies on Linux. Furthermore, the top 500 supercomputers globally, including those currently under construction, are Linux-powered, showcasing its unmatched capabilities in high-performance computing.
• IoT and Edge Computing: The proliferation of Internet of Things (IoT) devices and the growth of edge computing highlight another avenue where Linux shines. Its lightweight nature, modularity, and security features make it the preferred OS for these devices.

However, as the proverbial horizon brightens, challenges loom. While Linux has technically outpaced competitors and cemented itself as the de-facto standard for many new products and technologies, preserving its essence is crucial. The ethos of Linux and open-source, characterized by community, transparency, and collaboration, must be safeguarded. Initiatives like the Linux Foundation’s CNCF, which offers a blueprint for effective open source software development and governance far beyond just Linux, or the Open Enterprise Linux Association (OpenELA), are dedicated to keeping that spirit alive.

SUSE, Linux and the Open-Source movement

Introduction to SUSE

Originating as a German software company, SUSE has a long-standing history with Linux. It’s not only one of the earliest Linux distributions around but also one of the most preeminent advocates of the open-source philosophy.

Features and Benefits

SUSE Linux Enterprise Server (SLES) stands out for its enterprise-grade support, extensive HW and SW certifications database, robustness, and commitment to security.

SLES can be used on desktops, servers, HPC, in the cloud, or on IoT/Edge devices. It works with many architectures like AMD64/Intel 64 (x86-64), POWER (ppc64le), IBM Z (s390x), and ARM 64-Bit (AArch64).

SUSE’s Position in the Enterprise World

In the enterprise world, SLES is recognized as a reliable, secure, and innovative Linux distribution. It’s at the core of many demanding environments and powers business-critical systems, including those for SAP and the world’s largest supercomputers.

SLES isn’t just a standalone product; it’s part of a broader enterprise solutions portfolio. This includes, among others, SUSE Manager for scalable Linux systems management, Rancher Prime as a Kubernetes management platform, and NeuVector for enterprise-level Zero-Trust security for cloud-native applications.

The Open-Open Movement

Beyond its product offerings, SUSE’s commitment to the “open-open” philosophy sets it apart from other players. It embraces not only open-source but also open communities and open interoperability. This ensures that SUSE’s solutions promote flexibility and freedom while remaining true to the principles of the open-source movement.

Evidence of this commitment is visible across our entire portfolio. For instance, SUSE Manager has the capability to manage and support up to 12 different Linux distributions. Similarly, Rancher Primer doesn’t only run on SLES; it’s also compatible with openSUSE Leap, RHEL, Oracle Linux, Ubuntu, and Microsoft Windows. Additionally, it’s interoperable with major managed Kubernetes providers and public cloud vendors such as GCP, Azure, AWS, Linode, DigitalOcean, and many more. This commitment extends beyond our product lineup. SUSE also financially supports and donates software to organizations like the CNCF, as seen with K3s, and leads initiatives like the Open Enterprise Linux Association.

These initiatives highlight SUSE’s commitment to delivering solutions that promote genuine openness and user choice, while avoiding the pitfalls of single-vendor ecosystems that claim to be “open-source” yet offer non interoperable software stacks or restrict access to source code.

Conclusion

Over the past 30 years, this community effort has consolidated, transforming the way software is built, licensed, and distributed. Linux, now ubiquitous, continues to grow steadily, serving as the foundation for the latest IT solutions and technologies.

Now it’s time to transform how Linux distributions are built and delivered to achieve even higher levels of speed and flexibility. Initiatives like SUSE’s ALP Project aim to shape how Linux distributions will be built in the future, allowing for more use cases and scenarios, and a more flexible foundation to integrate the Linux kernel, along with the tooling and applications.

Want to join the open-open revolution? SUSE is growing and always looking for talent. Check all the open positions on our Jobs Website.

Cloud native, edge, security, and AI is where innovation happens today. Next week, Linux will be 32 years old. Is Linux with all its flavours a dinosaur, or can it play a vital role in a cloud native world?

To help answer this question, Vojtech Pavlik, SUSE’s General Manager for Business-critical Linux, discusses the future of the industry, SUSE’s plans for Linux, and its role in a cloud native world.

The cloud drives digital transformation. But while cloud adoption is rapidly growing, many CIOs are still hesitant to move their business-critical workloads to the cloud due to security concerns and/or for regulatory reasons. What role can Enterprise Linux play here?

Linux is the de-facto standard for running business-critical workloads – on premises and in the cloud. You won’t find a hyperscaler who doesn’t offer Linux for the enterprise or one that doesn’t run their own services on Linux. With edge and IoT, the usage of cloud computing will become an enabler for our global sharing economy, driving innovative use cases with massive economies of scale. In my keynote at SUSECON in June, I had the opportunity to converse with leaders from our customers Geberit and MTU Aero Engines, who innovate with SUSE Linux Enterprise (SLE).

But why is Enterprise Linux important for our customers’ transformation to cloud native? SUSE continuously innovates and invests to ensure we deliver the most secure open source software stack, and customers know they can rely on any of our products across our entire product portfolio to rapidly and securely transform to cloud native environments – Enterprise Linux, cloud native technology, and NeuVector for zero-trust full lifecycle security, all in lockstep.

SUSE Linux Enterprise Server (SLES) is certified for Common Criteria in EAL 4+, which includes that software production and delivery processes follow a secure software supply chain: This is a huge advantage for customers in light of NIS-2 regulations, as this certification provides a significant reduction in legal liability because the scope of the evaluation includes the entire security of the software supply chain, which can therefore be considered verified by the German Federal Office for Information Security (BSI).

In addition, with live-patching for the Linux Kernel and user-space, SUSE customers can run critical security updates and serious bug fixes without service interruption. With the help of SUSE Manager, customers simplify and secure their mixed Linux environments – on premises, on the edge or in clouds – to maintain infrastructure security and compliance at any scale.

With our latest version, SUSE Linux Enterprise Server 15, we have also introduced support for Confidential Computing, which sets new standards for protection data in use and thus security in cloud environments. This will be a game-changer for our customers in the adoption of cloud, enabling cloud native transformation.

In your SUSECON Keynote you talked about Confidential Computing, which has been around for several years. What is SUSE’s part here, and what impact does Confidential Computing have on cloud native transformation?

The concept of Confidential Computing has been around for many years, but primarily as a future concept. However, today it has become a reality with the recent emerging of two new technologies for the 64bit AMD/Intel architecture:  AMD’s SEV-SNP and Intel’s TDX. With the proper support of the operating system, customers can now run fully encrypted virtual machines (VM), no matter the environment. That’s why SUSE has been at the forefront of enabling this technology in its Linux operating system products and in Linux generally. SLES 15 SP5 supports the latest system innovations from AMD, Arm, IBM and Intel.

What excites me about Confidential Computing is that customers now have what I call an on-site equivalent privacy, in the cloud and at the edge. An absolute game-changer for secure cloud adoption and securely processing data at the edge or in the cloud. Nobody at the cloud provider or elsewhere can read the data running in the encrypted VMs, not even if a person would get a hold of the actual chip hardware. This makes public cloud and edge a secure environment for every business, even for regulated industries and government organizations as well as for those processing highly confidential data or AI/ML workloads in the cloud.

SUSE Linux Enterprise Server (SLE) has been trusted by enterprises for over 20 years. Is SLE still what customers need, or do you plan new concepts for Enterprise Linux?

Firstly, I’m confident that SLE will be around for many years to come – support for SLE 15 will end in late 2030, and we are currently building SP 6, planning for SLE 15 SP7, and the next generation.

A few years ago, we started thinking about how Linux can be optimized for new and emerging use-cases. Our customers need the best support to enable use-cases at the edge and for everything cloud- and container-native that help them go through the digital transformation that we see in businesses today. Think of intelligent vehicles and many other operations at the edge – the huge amount of compute capacity, speed and high availability that AI/ML workloads require. SLE is a comprehensive all-purpose distribution with more than 1.5 billion lines of code.

We started to introduce new concepts with SLE Micro, an immutable and lightweight operating system. We will be extending its functionalities around modulization and flexibility with our new Adaptable Linux Platform (ALP) project that we’re developing to power the next generation of SLE solutions.  Based on this, SLE Micro will continue to grow and will be joined by additional, exciting new products and solutions that help customers drive digital transformation

We’re designing ALP to enable applications to run on containerized and virtualized workloads in addition to traditional distributed software packages. Our vision is to enable users to focus on their workloads whilst abstracting from hardware and the application layer. By doing so, it enables the use of virtualized machines and container technologies via ALP, allowing workloads to run independently from the code stream.

Stay tuned here and watch for more exciting news over the coming months.

SUSE recently announced it will develop and maintain a distribution compatible with RHEL. Why did you decide to do this, and what does it mean for your other projects such as SLE, ALP, Liberty Linux and the openSUSE project?

Customers today operate in mixed environments; that is one of the reasons our Linux management solution SUSE Manager supports more than 15 different Linux distributions. We believe it is important for our customers and the community to run mixed Linux environments. Today, SUSE, CIQ and Oracle announced their intent to form the Open Enterprise Linux Association (OpenELA), which is a collaborative trade association to encourage the development of distributions compatible with RHEL by providing open and free Enterprise Linux source code.

To be clear, this is not a move away from SLE or our development in connection with ALP. We will, of course, stay fully committed to our own Linux portfolio as well as to our openSUSE Linux distributions. With our introduction of Liberty Linux last year, which provides support to former CentOS users and provides a migration path to many other distributions, we set the stage by supporting customers regardless of the distribution they are using, leading to more diversity and openness in the communities.

How will Linux be relevant in 30 years?

I’m sure Linux will become more widely and easily usable as open source experts continue to be able to fine tune and change upstream and downstream Linux. Our forking of RHEL ensures customers will continue to have choice and can freely select their Linux platforms. Security, scalability from very small to very large, and resilience will continue to be important areas of advancement. With Confidential Computing, we are making a big move forward for running Linux workloads at the edge or in the public cloud, as if they were running in their own data center rather than on the other side of the world.

While I can’t predict the Linux kernel will still lead in 30 years, I am absolutely convinced it will still be relevant and that many of the systems that are deployed and used today will still be around in 30 years.

Linux and open source have opened unprecedented potential for innovation, coupled with openness and choice. Many of the approaches created and developed in open source communities will still be pillars of technological progress 30 years from now. Of that I am certain.

For over 25 years, open source has revolutionized our world. From the growth of Linux to virtualization, to the move to the cloud, and more – many, if not most major advances in technology have had open source innovation as a driving force. For me, it’s obvious why. You want to have as many minds as possible working to find solutions – under a framework where those developments are then given back, so everyone benefits. When problems are found, many eyes make all bugs shallow. At the heart of it all is a view that software should be able to be “freely accessed, used, changed, and shared (in modified or unmodified form) by anyone” and that restricting customers from sharing the source they are given by their vendor limits their ability to collaboratively (as users) analyze and audit the final software they depend on. 

SUSE stands behind this view 100 percent. Becoming more proprietary should not be the basis for competition between open source companies. We have all contributed to the open source community – just as in the same way we have all benefited from it. It’s something bigger than the sum of our parts.   

At SUSE, we actively collaborate with the open source community to build enterprise grade products from open source projects. Our customers do not pay for the software, but for the ability to run it in a business-critical environment with long term 24/7 support, security, a certified stack and for being represented in the open source community. This is where we compete to be the best, most reliable and cost-effective vendor for our customers. 

With the latest restrictions to source code availability, we believe that the competitive landscape is shifting in the wrong direction.  

A key priority is to continue to provide choice for customers. SUSE announced today we will build, support and contribute a hard fork of the RHEL codebase to the community. This is what we excel at, and it will give long-term compatibility and choice for customers.  

The best way to explain this is by the following comparison: 

If you are a mobile phone user, you want the ability to switch telco provider while keeping your number, to maximize the value you are consuming. 

Equally, as an Enterprise Linux user, you can switch to SUSE while keeping your existing Linux. At SUSE, we are experts at providing enterprise value to users of open source software in a highly competitive way without compromising what is important to customers. 

SUSE is uniquely placed to do this. We have over 30 years of engineering expertise contributing to Linux and ensuring it is ready for mission-critical workloads. Our team is highly experienced in supporting mixed environments. Last year, we successfully introduced SUSE Liberty Linux for our customers who need CentOS and RHEL support. Furthermore, SUSE Manager has long been renowned for its ability to efficiently manage a wide range of Linux distributions, showcasing our dedication to empowering users with flexibility and choice. SUSE is steadfast in its commitment to share this work. We will ensure others have free and open access to the source code and that the project will never be restricted.   

One more point I want to add. It goes without saying that SUSE remains fully committed to SUSE Linux Enterprise (SLE) and Adaptable Linux Platform (ALP) solutions as well as the openSUSE Linux distributions. We want to ensure that enterprises and communities remain empowered to innovate freely across mixed environments. 

If you are as excited as we are about making choice happen, then join us.  Get in touch with us: Choice@SUSE.com

Choice Happens! 

DP 

Red Hat last week made a substantial shift in its source code access policy. The implications for vendors, developers and users are significant, and the move has caused some concern within the open source community. I want to shed as much light as I can on the decision and provide reassurance to the community in general, and SUSE’s customers and partners in particular.

What has happened?

Red Hat has decided to remove public access to the Red Hat Enterprise Linux (RHEL) source code. It’s a big change in its source code access policy and this decision has caused significant concern within the open source community. That’s understandable. RHEL’s existence owes much to the collaborative efforts of many upstream projects, including the Linux kernel developed by many different contributors, among them SUSE. At the center of our world is innovating together. We are all working to build something greater than the sum of all our parts. We are all interdependent.

Upholding Open Source Values

At SUSE, the principles of open source and power of collaboration are dear to us. While changes in the open source landscape may shift dynamics, we firmly believe that the freedom to access, modify, and distribute software should remain open to all. Our commitment to customer satisfaction, stability and reliability remains unwavering. We will continue to invest in robust support infrastructure, deliver timely updates and provide a best-in-class user experience to our community users and customers.

Our Commitment to SUSE Liberty Linux Customers

SUSE helps many enterprise customers run and manage heterogeneous environments including CentOS and RHEL. Our solution for these customers is SUSE Liberty Linux. We want to reassure our customers that we remain fully committed to delivering a seamless experience for SUSE Liberty Linux. Red Hat’s decision does not change that. We will continue to collaborate with our partners in the open source community and leverage our decades of expertise to provide Red Hat binary compatible updates and security fixes going forward.

Looking Ahead

SUSE also recognizes that open source innovation thrives on collaboration, extending beyond code availability. We remain dedicated to fostering a vibrant ecosystem around the openSUSE community, with Adaptable Linux Platform  and our SUSE Linux Enterprise suite, by actively engaging with industry experts, developers and partners. We are committed to strengthening the open source movement and ensuring a prosperous future for all stakeholders.

We’ll have more to share soon on how we intend to enhance our existing collaboration with the open source community to stay truly open and collaborative. It’s the best way forward, the only way forward.

In just a little more than a week, the open source communities will be gathered in beautiful Vancouver, Canada for the Linux Foundation’s Open Source Summit.  And as the world’s largest independent open source company, SUSE is thrilled to be a Gold sponsor.

The Open Source Summit is an opportunity for developers, technologists, community leaders and champions to come together to learn, collaborate, and innovate.  Put simply: it is the place to be if you are doing anything with open source.  Given that the Linux Foundation estimates that there are currently more than 850 active projects with more than 777 million developers, we hope to see you there!

Visit our booth for innovative open source solutions!

SUSE is excited to sponsor OSS and a proud and active member of many open source communities!  We will have experts at the booth showcasing how you can solve your digital challenges with innovative solutions. Come visit us at Booth G6 and:

• Take advantage of the opportunity to get live demos of our technologies – tailored to solve your business challenges.
• Get a sneak peek into the next releases of SUSE Linux Enterprise 15 and SUSE Manager 4.3 focused on security.
• Learn about our new open source, innovative project called the Adaptable Linux Platform (ALP) and how we are baking in confidential computing capabilities.

In addition, each day we will be giving away a different color of our beloved chameleon, Geeko.  And don’t forget to enter to win our grand prize: a Meta Quest 2 VR System!

Attend our session on confidential computing!

If you are interested in securing your infrastructure and your cloud data in use, you won’t want to miss this special session given by our very own Vojtěch Pavlik, General Manager, Business-Critical Linux at SUSE. Vojtech will be talking about advances in Confidential Computing.

Confidential Computing safeguards data in use without impacting business-critical workloads.  SUSE is at the forefront of developments in open source security, from secure software supply chain to Linux security to secure containers to Confidential Virtual Machines.

Vojtech’s session will focus on SUSE’s involvement in Confidential Computing efforts  – including what we are building into our new Adaptable Linux Platform — from the core to the cloud to the edge.

Session Info:

Date:  Wednesday, May 10

Time: 3 :00pm – 3:40pm

Location (Room): CloudOpen Agenda – 116-117 – Level 1

At SUSE, we believe every business is on a journey of digital transformation.  And, doing business in a digital economy demands agility. But as enterprises race towards being agile, they must also secure their infrastructure and protect their data.

SUSE provides one of the industry’s most secure, certified, and compliant Linux platforms. And we do that with the highest levels of security and supply chain certifications.

Come visit us at Open Source Summit to find your security solution; we’ll be waiting for you!

SUSE guest blog authored by:

Lior Nabat, CTO & Co-Founder at KubeMQ

In today’s fast-paced world, modern applications require fast and reliable performance, and edge computing has become a critical component to achieving this goal. By processing data near the source, instead of transmitting it to a centralized location, edge computing reduces latency and increases efficiency. To achieve optimal edge computing performance, organizations need the right tools and strategies in place. This is where KubeMQ, Rancher Prime, and K3s come in. Together, they enable edge computing and help organizations achieve their performance goals. In this post, we’ll explore how the KubeMQ, Rancher Prime, and K3s integration can maximize edge performance and take your edge computing strategy to the next level. 

Why are KubeMQ, Rancher Prime, and K3s important for edge computing?

KubeMQ‘s messaging platform allows for the reliable and scalable communication between microservices and applications. It enables the exchange of data between different components of the application while providing high performance, low latency, and fault tolerance. Additionally, KubeMQ has a small footprint container that can be easily deployed on edge devices with limited resources. This ensures that KubeMQ can run seamlessly on edge devices, providing efficient communication infrastructure while minimizing the use of system resources.

Rancher Prime, the leading open-source multi-cluster orchestration platform by SUSE, provides users the flexibility to provision any CNCF certified Kubernetes distribution, including K3s, in a low touch fashion.

K3s is the leading lightweight Kubernetes distribution that enables easy deployment and management of containerized applications at the edge. It provides a simplified approach to Kubernetes that’s optimized for resource-constrained environments such as the edge, allowing for easy deployment and management of applications even in remote and disconnected locations.

Together, KubeMQ, Rancher Prime, and  K3s complement each other to create a powerful edge computing solution. KubeMQ’s messaging capabilities provide the necessary communication infrastructure for edge applications, while Rancher Prime and K3s enable easy deployment and management of containerized applications in edge environments. This integration provides a reliable and efficient way to process data at the edge, enabling faster and more responsive applications.

How does the KubeMQ – Rancher Prime integration work?

The integration between KubeMQ and Rancher Prime is made possible with the KubeMQ helm chart, which are available in the built-in Rancher Prime apps catalog. The helm chart is a Kubernetes extension that simplifies the deployment and management of KubeMQ clusters on K3s clusters deployed with Rancher Prime.

Once the KubeMQ helm chart is deployed, users can create KubeMQ clusters using the Rancher Prime interface. The KubeMQ clusters can be configured with various options, such as the number of replicas, persistence settings, and network settings. The Rancher Prime interface provides a user-friendly way to manage KubeMQ clusters and monitor their health and performance.

Use Case: POS – Store to Cloud using KubeMQ and K3s 

In the retail industry, point of sale (POS) systems are used to process transactions and manage inventory. With the rise of cloud computing, it has become common to connect POS systems to cloud-based stores for real-time updates and centralized management. The use of KubeMQ and K3s enables efficient and reliable infrastructure for the POS system and the cloud-based store. By deploying a lightweight KubeMQ instance on K3s at the edge and KubeMQ in Rancher Prime in the cloud, companies can ensure reliable message transmission, reduce latency, and provide scalability and flexibility for their system. This architecture provides several benefits, including support for thousands of stores, handling high message loads, and 24-hour communication failure recovery, ensuring continuous uptime and the ability to support peak hours scenarios in stores.

Summary

Together, KubeMQ, Rancher Prime, and K3s provide organizations with a powerful set of capabilities to improve their edge computing performance. By using KubeMQ for messaging, Rancher Prime for container orchestration, and K3s as the Kubernetes distro optimized for edge environments, organizations can build a scalable, reliable, and efficient edge computing infrastructure that can support a wide range of use cases.

To learn more about how KubeMQ and SUSE can help you maximize your edge infrastructure performance, visit our website for more information or get in touch with the KubeMQ team. You can also contact the SUSE team.

We’ll be also happy to meet you at KubeCon Europe in Amsterdam – get in touch with us at marketing@kubemq.io to schedule a meeting! Please feel free to stop by the Rancher by SUSE booth as well. 

Author: Lior Nabat

Lior Nabat is KubeMQ’s technology leader and product architect. As a serial technology entrepreneur with over 20 years of experience in software ventures and product development, he brings cloud-native expertise and hands-on experience. Lior founded Tradency (financial trading technology) 14 years ago and led as the CEO since inception. Previously he held key management positions at DSPG, Alpha Cell and TdSoft. Lior holds B.A in Mathematics and Computer science from the Open University in Tel-Aviv Israel and AMP from the University of Pennsylvania-The Wharton School.

SUSE steps up its focus around data protection and trust with a strong commitment to preserving data integrity from core to cloud to edge.  SUSE is happy to announce we have joined Linux Foundation’s Confidential Computing Consortium, a community focused on projects that deal with securing data in use and accelerating the adoption of confidential computing through open collaboration.

Customers and partners rely on SUSE to deliver a secure, open source platform that fully protects data regardless of its state.  Confidential Computing safeguards data in use without impacting business-critical workloads.  Joining the Confidential Computing Consortium enables SUSE to collaborate with open source leaders to advance these security technologies for our customers.

Why confidential computing?

Security is a top concern for enterprises today with threats of cyberattacks and data breaches increasing.

“82 percent of enterprises would be very concerned if their cloud provider had the ability to access their data.”[1]

Cloud adoption is challenged due to the lack of trust with public cloud vendors, providing motivation for Confidential Computing solutions.  Protecting data-in-use, held within CPU registries and memory, is the focus of the “Confidential Computing” movement.  Confidential Computing encrypts data during processing. In recent years CPU vendors have started to integrate features which allow to setup isolated and trusted execution environments that are inaccessible to the rest of the system.

SUSE’s commitment to security and confidential computing

A “data in use” solution is needed across the entire OS-based software infrastructure stack for workloads migrating into and/or running within cloud environments.  In direct correlation to confidential computing, what SUSE delivers today provides the building blocks for our future investments in this very important endeavor.  This includes:

• A complete software stack that is cryptographically signed including BIOS, Bootloader, OS, and Hypervisor
• Remote measurement and attestation to verify the integrity of a remote system running SUSE Linux Enterprise
• SUSE Linux Enterprise support for Confidential Virtual Machines on Google Cloud Platform and Microsoft Azure (coming soon) using AMD-SEV chipsets (includes Linux kernel, LibVirt, and KubeVirt)
• SUSE Linux Enterprise supports Confidential Computing on IBM zSystems and LinuxONE
• Working with Intel and Arm in delivering Confidential Computing solutions

More resources

• Read our blog post ”SUSE Secure VM Service Module for Confidential Computing”
• Read our blog post ”SAP Security: 5 Critical Considerations to Protect Your Infrastructure”
• Read our blog post “Another Orchestrated Attack: How Do I Protect Myself?”
• Check out our Adaptable Linux Platform project, which helps raise the bar on confidential computing and remote attestation.

Jeff Reser, SUSE

[1] Futurum Research “Confidential Computing: The Future of Data Security and Digital Trust”

We are thrilled to announce the Public Release Candidate (RC 2) of SUSE Linux Enterprise Micro 5.4!

SLE Micro is an ultra-reliable, lightweight operating system purpose built for edge computing. Please check out our Product page to learn more, but for the beta program, please refer to our dedicated beta page.

Notable Changes

• SLE Micro 5.4 is based on SLES 15 SP4 (like SLE Micro 5.3) but plus Maintenance Updates,
• The default setting of SELinux for new installations has been changed from permissive to enforcing mode,
• PCP container integration in cockpit,
• Podman was updated from 3.x to 4.3.1.

Since Public Beta

• The installer now includes packages for being able to run in the FIPS mode,
• FIPS packages are also part of the raw images,
• Including hardware cryptography acceleration packages for s/390x,
• A lot of bug fixes.

As always, we highly recommend to check our Release Notes for a complete overview of the changes in this new version.

Debugging SELinux Denials

SELinux will now be set to enforcing by default. That means that you might run into issues because SELinux prevents you from doing something. This might then result in issues that are hard to debug with the approaches you used up to this point.

If you run into strange issues have a look at the audit log to check for AVC entries like these:

type=AVC msg=audit(1669971354.731:25): avc: denied { create } for pid=1264 comm=”ModemManager” scontext=system_u:system_r:modemmanager_t:s0 tcontext=system_u:system_r:modemmanager_t:s0 tclass=qipcrtr_socket permissive=0

These tell you that SELinux prevented something. You should also check the journal, as some of these messages are only visible there.

The next step is to set the system to permissive mode and try again with executing setenforce 0 command, which switches SELinux to permissive immediately, or with changing the kernel command line too include enforcing=0 and rebooting. After that SELinux will log, but not prevent access. If it works then you have confirmation that SELinux is the culprit.

If you ran in permissive mode you will need to relabel your system until you are in a good state again, as permissive mode allows you to reach states that are not reachable otherwise. For that run touch /etc/selinux/.autorelabel and reboot.

If you identify and issues open a bug for the security team with SELinux in the subject, the AVCs you saw and step by step reproduction steps. We’ll then work on this to get it fixed for future Alpha and Beta snapshots.

Call for feedback

We are eager and excited to retrieve your feedback on this new version of our beloved SLE Micro product! As with any SUSE Public Beta Program, we have a public mailing list in place for technical and product discussion as well as a bugzilla setup to be used for bug report.

Please refer to SLE Micro Beta web page for more information.