Update Infrastructure Access – Adios http

Earlier this year we enabled access to the update infrastructure through the data center. This was made possible by a refresh of the update infrastructure last year. Also earlier this year SUSE Linux Enterprise Server 11 SP4 reached EOL w.r.t on-demand image maintenance and this allowed us to switch all our traffic to run over https. The redirection of traffic from http to https happened shortly after SLES 11 SP4 images reached EOL but until now we didn’t come around with making this change stick on the client side. This

remaining gap is now resolved and after updating to the latest packages you will be able to close port 80 (http) in your egress rules for SLES and SLES For SAP systems that you run in the Public Cloud.

Images with date stamps v20200920 have the new packages built in and no action is required. For running instances you can make the switch by installing the following packages:

AWS

regionServiceClientConfigEC2-2.2.1 or later
cloud-regionsrv-client-9.1.3 or later

Azure

regionServiceClientConfigAzure-1.0.5 or later
cloud-regionsrv-client-9.1.3 or later

GCE

regionServiceClientConfigGCE-3.0.1 or later
cloud-regionsrv-client-9.1.3 or later

These updates set the new “https_only” option in the configuration file for the region server client and the client code in version 9.1.3 respects this setting to only sent traffic via https. This applies to both SLES and SLES For SAP as well as SLE 12 and SLE 15 based instances. The version numbers are consistent across all distributions. After installation no additional action is required in the instance.You can change your egress rules to no longer allow outgoing http traffic.