What is new in SUSE Linux Enterprise Server 16.0

We are thrilled to announce the general availability of SUSE Linux Enterprise Server 16.0 (SLES 16.0) in 4th November 2025. As the successor to the highly successful SLES 15 family, SLES 16.0 is a modernized, traditional Linux operating system designed to meet the next generation of IT challenges.

This major release focuses on enhancing systems management, hardening security, and delivering a future-proof platform that is ready for everything from datacenter operations to the AI-ready edge.

SUSE® Linux Enterprise Server 16

Here’s a technical deep dive into what’s new.

A New Era of Systems Management

In SLES 16, we are modernizing the entire systems management stack to prioritize automation, remote accessibility, and integration with modern DevOps practices.

Agama: The Future of SUSE Installation

SLES 16 introduces Agama as the new system installer, replacing the YaST installer. Agama is a modern, API-driven installer built for today’s workloads.

• Web-Based & Remote-First: You can now run the installation entirely from a local web browser, allowing for easy remote deployments.
• API-Driven: A full HTTP API allows for deep integration with third-party automation tools and monitoring.
• Secure & Stable: The core is written in Rust, ensuring memory safety and enhanced security.
• AutoYaST Compatibility: To ensure a smooth transition, Agama maintains a high level of backward compatibility with existing AutoYaST profiles.

BTRFS + Snapper: Filesystem snapshots for easier rollbacks and more control

SLES 16 is extending the reach of our integrated and automated filesystem snapshots capability, built on BTRFS and snapper, to cover cloud images, meaning that all footprints can benefit it. Introduced in SLES 12, the filesystem snapshots technology is battle-tested and an integral part of the operating system.

• Control + Z: An easy way to rollback changes in your system, independently of the footprint you are using. Whether in the edge, on the cloud, on-prem virtualized or directly on baremetal, administrators can count on a consistent behaviour for snapshots of their deployments.
• Deeper introspection:  Being done at the filesystem level, the snapshots provide an easy way to review changes being done to the system down to seeing changes in individual files.
• OS Integration: SLES 16 is extending automatic snapshot integration into new management tools like Cockpit. In every update done using zypper, or cockpit, a new snapshot will be created, the system will  maintain a fixed number of them to ensure system changes can always be rolled back.

Cockpit: Modern, Web-Based Server Management

For 1:1 remote management, SLES 16 transitions from YaST2 to Cockpit. Cockpit is a web-based, remote management console that is the industry standard for modern Linux distributions.

• Remote Access: Easily manage servers from any device with a web browser.
• Real-Time Insights: View system state, logs, and performance in real-time.
• SUSE Integration: We have developed new Cockpit applications to seamlessly manage SLES-specific functions like software repositories, package installation, and SUSE subscriptions.

Ansible: Automation Built-In

SLES 16 now includes Ansible as part of the operating system, providing a powerful, widely-adopted automation framework out of the box.

• Linux System Roles: We are delivering standardized Ansible roles for consistent OS-level configuration. This includes roles for firewall, ha_cluster, selinux, podman, and more.
• Salt Support: For existing environments, Salt remains fully supported through the SUSE Multi-Linux Manager.

A New, Predictable Lifecycle

With SLES 16, we are making our lifecycle more predictable and flexible. We’ve also aligned our terminology, changing “Service Packs” (SPs) to “Minor Releases” and “Long Term Service Pack Support” (LTSS) to “Long Term Support” (LTS) to match industry standards.

16 Years of Support, Ready for 2038

The SUSE Linux Enterprise Server 16 major release will have a total of 16 years of support. It is planned to have 7 minor releases (from 16.0 to 16.6), with a new release delivered every November. This long-term commitment ensures your platform is stable, secure, and ready to surpass the 2038 milestone.

Extended 5-Year Lifecycle for Minor Releases

We are extending the lifecycle of each individual minor release to 5 years. This gives you more flexibility and a longer runway for planning updates and migrations. This 5-year period is broken down into:

• 2 years of General Support
• 3 years of optional Long Term Support (LTS)

Hardened Security for the Modern Threat Landscape

Security is a core goal of SLES 16, and this release introduces fundamental changes to harden the OS.

Transition to SELinux

The most significant security update is the transition from AppArmor to SELinux as the default Mandatory Access Control (MAC) framework.

• Why the Change? SELinux offers more granular control and has seen greater traction in high-security environments, such as Android.
• Enforcing by Default: SLES 16 ships with SELinux in enforcing mode by default, with over 440 policy modules providing broad system coverage from day one.
• SLES for SAP: For SAP workloads, SELinux will be set to permissive mode.

Future-Ready: Post-Quantum Cryptography

SLES 16 is built to be future-ready by integrating Post-Quantum Cryptography (PQC) algorithms. This proactively protects data against “Harvest now, decrypt later” attacks, where adversaries may be storing encrypted data today to decrypt with quantum computers tomorrow.

Core libraries have been updated with PQC support, including:

• Openssl 3.5 (with native support for ML-KEM, ML-DSA, etc.)
• Libgcrypt 1.11.1
• Mozilla NSS 3.112
• Go 1.24+

First Enterprise Distribution with Reproducible Builds

SLES 16 is the first major enterprise Linux distribution to be built using Reproducible Builds. This set of practices creates an independently-verifiable path from source to binary, allowing customers to verify that the software packages they receive have not been altered and protecting against build infrastructure attacks.

A Modernized, Future-Proof Platform

We’ve updated the entire stack and streamlined the OS to reduce its footprint and complexity.

Core Stack Updates

SLES 16.0 is built on the latest stable upstream components, including:

• Kernel: 6.12
• glibc: 2.40
• systemd: 257
• python: 3.13
• perl: 5.42
• grub2: 2.12
• openssh: 9.9

Year 2038 Ready

SLES 16 is fully ready to go beyond 2038. The 32-bit time_t counter overflow issue (the “Y2038 problem”) has been addressed by updating key components and interfaces, such as lastlog, utmp, and systemd-logind.

Streamlined Components and Technology Changes

We have consolidated our stack to focus on a single, best-in-class tool for the job.

• Networking: NetworkManager is now the sole networking stack, replacing wicked.
• Firewall: NFTables is now the default, replacing IPTables.
• DHCP: KEA DHCP replaces the older ISC DHCP server.
• Virtualization: SLES 16 focuses exclusively on KVM as the general-purpose hypervisor. The Xen hypervisor has been removed.
• Key-Value Store: Valkey, the community-driven fork, replaces Redis.
• Display Server: Wayland replaces the X.org server as the default, though support for X11 applications remains.

Improved Configuration File Management

SLES 16 adopts the “UsrEtc” (or “hermetic-usr”) model for configuration files.

• Distributor defaults now reside in /usr.
• Local administrator customizations are placed in /etc/example.conf.d/*.conf. This separation makes updates cleaner and finally eliminates the long-standing problem of managing .rpmsave and .rpmnew files.

Tech Preview: Agentic AI and Model Context Protocol

As a Technology Preview, SLES 16 also includes the Model Context Protocol (MCP) host, an innovative step towards incorporating Agentic AI directly into the operating system.

What’s New in SLES for SAP applications 16

SLES for SAP applications 16, the OS optimized for SAP workloads, receives all the above updates plus several key enhancements.

• New Lifecycle Included: SLES for SAP 16 now includes 5 years of support for each minor release (2 years of General Support + 3 years of Long Term Support).
• Unified Tuning: sapconf has been removed. saptune is now the single, consolidated tool for tuning the OS for SAP workloads, and it’s even included in the base SLES product.
• Modernized HA Agents: We are introducing SAPHanaSR-angi, a new, single-codebase resource agent for SAP HANA System Replication that replaces the older SAPHanaSR and SAPHanaSR-ScaleOut agents.
• Simple Mount for HA: The “simple-mount” solution is now used for high availability  of S/4HANA and NetWeaver ABAP Central Services with Enqueue Replication Server (ASCS/ERS), thus simplifying cluster configuration.
• Trento Operations: The upcoming major version of Trento will, for the first time, include operational capabilities, allowing you to stop/start SAP systems and clusters directly from the Trento interface.

Upgrading and Getting Started

A dedicated tool is available to support upgrades from SLES 15 SP7 to SLES 16.0. Please note that direct migration from SLES 11 or SLES 12 is not supported.

We are incredibly proud of this release and believe it sets a new standard for enterprise Linux.

• Learn More: www.suse.com/server

Read the Documentation: Documentation is available at documentation.suse.com.