SUSECON 2022 – Reflecting on and Recognizing our Strategic Silicon Designers and Providers

Introduction:

SUSECON 2022 is here.  SUSECON is SUSE’s annual technical conference where customers, partners, and community enthusiasts come together to discover open-source solutions, products, and technologies that can address their Linux, Kubernetes, and edge computing needs.

For those of us focused on the technology side of SUSE’s business, SUSECON serves as a checkpoint where we can look back and recognize what SUSE has achieved in collaboration with its partners.  This year, SUSE is privileged to have its major Silicon Design partners participating in the conference.

SUSECON’s theme this year is Future Forward.  Enabling future SUSE products and solutions for our customers relies in no small part on the integration of new hardware capabilities and key software components (from drivers to applications) in SUSE’s product ecosystem.  From CPU optimizations to Confidential Computing, or simplifying and securing GPU usage, SUSE and our Silicon partners work together to make these technology improvements available to our joint customers via the SUSE product stack.

While we partner with our Silicon Design partners across a variety of products, technologies, and solutions, this article will focus on those embracing an open approach that our customers can then use when building their own technology stacks.

Intel:

Intel and SUSE have been working together since SUSE’s inception in 1992 when SUSE was the first company to market Linux for the enterprise.  As Intel’s and SUSE’s products and technologies portfolios have grown throughout the years, so have the breadth and depth of the relationship.

Intel’s portfolio and SUSE collaboration:

Figure 1. The Intel/SUSE Technology ‘tree of life’

It is often stated in the industry that you can’t put a computing solution together without one or more Intel components inside.   

A few months ago, we put together the ‘tree of life’ (above) to explain the role of Silicon Designers in general and Intel in particular.  Like the roots of a tree, Intel’s breadth of portfolio is often unseen.  Yet its enablement and usage via the SUSE product portfolio is fundamental to the development of larger products and solutions built by our joint partners and available through the many routes to market (IHVs, ISVs, CSPs and Embedded Solutions).

With over 15,000 software engineers, Intel plays a significant software leadership role.  For example, Intel is one of the leading contributors to the Linux kernel as well as a significant contributor in the Kubernetes space.

SUSE’s engagement with Intel goes across our three major engineering business units (Business Critical Linux, Enterprise Container Management, and Edge Computing).  Get a glimpse of some of our joint activities through the following sessions:

As you can observe, the Intel and SUSE partnership results in a richer ecosystem for joint customers and partners alike.

AMD:

AMD and SUSE have been collaborating in the upstream Linux community and around AMD-specific optimizations for more than 20 years.  AMD gave the world the first CPU to introduce the x86_64 ISA, and SUSE was an early provider of an enterprise Linux distribution for the then new architecture.

Our most recent collaboration efforts are around two key areas: GCC Compiler and Toolchain optimizations for AMD and Secure Encrypted Virtualization (SEV and SEV-ES).  Given the future forward and security focus of SUSECON, we’ll discuss Secure Encrypted Virtualization.

Secure Encrypted Virtualization Defined:

For many years, data has been protected while at rest (ex: encrypted storage) or in transit across the network (e.g., https data transmission).  However, in memory data protection has been the ‘missing link’ to provide an end-to-end Confidential Computing solution.  With today’s “standard” virtualization, the memory of each virtual machine is visible to the host.  Data processed in guest virtual machines could be compromised by a malicious attack from the host.

AMD’s Secure Encrypted Virtualization (SEV) is a technology that protects KVM-based Linux virtual machines by transparently encrypting the memory of each VM with a unique key.  SEV is especially relevant to cloud computing environments, where VMs are hosted on remote servers which are not under the control of the VM owners.

AMD’s Secure Encrypted Virtualization – Encrypted State (SEV-ES) provides additional security above memory encryption.  The Guest register state is encrypted with a guest encryption key and its integrity protected (only the guest can modify its register state).

AMD and SUSE. Bringing SEV and SEV-ES to life:

SUSE has been playing an important role with AMD since 2016 to bring Confidential Computing ‘upstream’ with collaborations in the areas of the Linux kernel, libvirt and KubeVirt to name a few.  SUSE customers will be the first ones to benefit from AMD SEV-ES host and guest modes, enabling customers to select additional security-strengthening VM isolation.

Where can I learn more and see it in action?

Easy: Attend Jörg Rödel’s session titled “Confidential Computing with SUSE and AMD SEV-ES” (TUT-1210).

NVIDIA:

NVIDIA is a long-standing SUSE partner around accelerated computing.  As NVIDIA expanded its business into data center-scale networking, artificial intelligence and machine learning, and edge computing, and SUSE expanded its reach into the cloud-native space so th breadth and depth of our collaboration has also grown.

NVIDIA is optimizing accelerated compute across GPUs, CPUs, DPUs, complete systems and specialized software,  and SUSE aims to enable its availability and usage to our joint customers through our operating system offering (SUSE Linux Enterprise Server, SUSE Linux Enterprise Server for Arm, SUSE Linux Enterprise Micro, and SUSE Linux Enterprise Base Container Images) as well as our cloud-native product stack (SUSE Rancher, and RKE2/K3s Kubernetes engines).

As mentioned in the introduction, this article centers around open products, technologies, or solutions with our key Silicon Design partners.  When it comes to NVIDIA, everyone agrees that their biggest open announcement this year is the release of NVIDIA Open-Source GPU Kernel modules.

The availability of these modules is a big deal for SUSE and its customers. The ability for Linux distribution providers like SUSE to add the driver directly to its kernel is significant because this could not be accomplished before due to license incompatibility. It also enables SUSE to perform security reviews of the drivers and sign the drivers.  Last, but certainly not least: it allows for SUSE engineers to debug, integrate, and contribute back.

Availability via SUSE Linux Enterprise

To paraphrase our General Manager of the Business-Critical Linux unit, Markus Noga: “We are excited that NVIDIA is releasing its kernel-mode driver as open source.  SUSE is proud to be the first major Linux distribution to deliver this breakthrough with SUSE Linux Enterprise 15 SP4 in June”.

The Future:

NVIDIA and SUSE continue to collaborate in other open-source areas, particularly in the cloud-native space.  Stay tuned for future announcements as new solutions become available.

Arm Ecosystem:

Arm is a leading semiconductor intellectual property (IP) supplier.  It develops technology it licenses to other companies who design and manufacture their own products that implement the Arm architecture.  This includes system on a chip (SoC) as well as system on module (SOM) designs.  It also designs IP cores that implement the Arm instruction set architecture and licenses these designs to many companies that incorporate the designs into their own products.

Because of its approach to the market, the collaboration is better defined as SUSE and the Arm ecosystem.

SUSE’s Business-Critical Linux unit provides SUSE Linux Enterprise Server for Arm, SUSE Linux Enterprise Micro, as well as SUSE Linux Enterprise Base Container Images for Arm’s 64-bit Armv8-A architecture, enabling Arm ecosystem and partners to build products and solutions with a world-class, enterprise supported Linux distribution.  SUSE Linux Enterprise can be deployed today on Silicon from Broadcom (Raspberry Pi), Ampere Computing (Gigabyte Mount Snow), as well as cloud-based instances from AWS (Graviton) with Azure Virtual Machines availability coming soon.

SUSE Rancher’s K3s is available for AArch64 and can be managed via Rancher Management. It provides a robust, opinionated Kubernetes distribution that can be deployed on devices as small as Raspberry Pis or as large as 128 cores on Ampere Computing’s Altra devices or in the cloud.

The partnership between Arm and SUSE is about providing partners and customers with open-source based infrastructure products and solutions for the Arm architecture.

Learn More:

Attend:

• Philippe Robin’s session: “Building Arm Neoverse Cloud to Edge Infrastructure with SUSE” (SPO-1325)
• Jeffery Tu (Ampere Computing) and Bryan Gartner’s (SUSE) session: “Video-On-Demand Consumption from Workloads on Kubernetes Edge Services” (TUT-1302).

Summary:

The ongoing collaboration between SUSE and the Silicon Designers enables joint downstream partners to build enterprise-class solutions, leveraging Silicon-based features and capabilities, through an open-source OS and Cloud-native set of tools.    These foundational building blocks are available through partners (IHVs, ISVs, and CSPs to name a few) who in turn are delivering the solutions our joint customers need to run their business.

Call to Action:

• Register for SUSECON 2022 if you haven’t done so already (https://susecon.com). It’s 100% online and free.
• Choose from over 100 sessions to attend by experts on Linux, Kubernetes management, and edge solutions.
• Taste a sample of the ongoing collaboration between SUSE and key Silicon Designers.