Introducing the SUSE Geeko Gazette
Welcome to the Geeko Gazette, a newsletter for SUSE Linux Enterprise users. The Geeko Gazette will provide you with the latest information on technical solutions, product updates and training, as well as hardware and software certifications. Our mission is to ensure that you have the resources and know-how to get the most out of your SUSE Linux Enterprise environment, improve the efficiency of your data center and make your job easier.
SUSE Linux Enterprise 11 SP2 is Now Available
Latest Platform Release Delivers Smart Innovation, Enterprise Quality, Investment Protection
On February 28, SUSE announced the general availability of SUSE Linux Enterprise 11 SP2. This latest release offers new features and enhancements that improve performance, reliability and security while maintaining enterprise quality and application compatibility.
The products updated with this release include:
As a result of our new forward-looking development model, SUSE Linux Enterprise 11 SP2 ships with a modern Linux 3.0 kernel, offering scheduler and memory management optimizations. More importantly, it offers support for the latest hardware, networking and storage devices. And it fully supports all the applications supported by Service Pack 1.
Experience smart innovation, enterprise quality and investment protection. Call your local SUSE representative to learn more.
Try SUSE Linux Enterprise 11 SP2 free for 60 days.
SUSE Tips and Tricks
No Need for UNIX!
Not When You Have SUSE Linux Enterprise Server 11 SP2
Until recently, classical, RISC-based UNIX systems have dominated the data center. However, organizations are increasingly concerned with the cost and vendor lock-in associated with the UNIX model of one hardware and one operating system from one vendor.
Fortunately for these organizations, the emergence of Linux, as a UNIX-like open source operating system that follows the established POSIX standard on the programming interface level, has given them choice and set them free from vendor lock-in.
At SUSE, we have spent years developing SUSE Linux Enterprise Server into the platform of choice for customers that are making the decision to migrate from UNIX to Linux. We've spoken with you, our customers, to understand what it would take to replace Solaris in your environments and ensure you enjoy the same level of functionality as you did with Solaris.
We have answered the challenge.
SUSE Linux Enterprise Server supports:
- 1024+ CPU cores on three hardware architectures and 4096 CPU cores on AMD64 / Intel 64
- Up to 64 TiB RAM on certified hardware
- SWAP over NFS
- 8 EiB in one filesystem with XFS
- System design with security in mind, e.g. minimal set of running services
- Built-in firewall
- Support for AppArmor, implementing Mandatory Access Control mechanisms
- And SUSE Linux Enterprise Server is currently under evaluation for a Common Criteria Certification in Evaluation Assurance Level 4 with Augmentation
- SUSE Linux Enterprise Server is the leading operating system for SAP deployments on Linux and is the clear choice of organizations running Linux workloads on IBM System z
- Integration with the most recent hardware capabilities on Intel 64 / AMD64 to support mission-critical environments
- SUSE Linux Enterprise is the leading Linux application platform with more than 8,700 applications, certified from more than 1,300 ISVs
But, this is only the first step. We have found three additional areas where you expected SUSE to improve, in order to be "on par" with UNIX systems, and Solaris specifically:
- Copy on Write filesystem and Snapshots
- OS level virtualization / Container support
And with the release of SUSE Linux Enterprise Server 11 SP2, we have addressed these last requirements.
Let's look at the details.
SUSE Linux Enterprise Server 11 SP2 provides support for the btrfs file system. btrfs delivers support for Copy on Write. It also includes powerful snapshot capabilities, integrated volume management and scalability through effective (online!) shrink. It also supports offline, in-place migration from ext2, ext3 and ext4. Other capabilities of btrfs include compression, checksums for improved data integrity and SSD optimization.
Installed as a file system for the OS, you can use the SUSE "snapper" tool on top of btrfs to perform:
- Snapshots for YaST2 and zypper activities
- Time-based automated snapshots
- Snapshot cleanups—single file rollback ("undochange") to correct administrative errors
Briefly described, OS-level virtualization, often referred to as System Containers, is virtualization without a hypervisor. Your system runs one kernel, and the containers, while independent from their inside view, run under the control of this one kernel. Compared to hypervisor-based virtualization, this method provides benefits in terms of I/O-performance and deployment.
Although OS-level virtualization is commonly used by hosters and outsourcers to implement compartmentalized infrastructures, it also can be used by enterprises in their data centers. Typical examples include shielding of databases (which may need a lot of memory) against middleware (which may need more CPU power), thus ensuring that every type of application gets the resources it needs.
Based on Linux Control Groups technology, SUSE Linux Enterprise Server 11 SP2 supports "System Containers" via the powerful open source LXC environment.
Later in 2012, we will provide LTTng (Linux Trace Toolkit next generation) for SUSE Linux Enterprise Server 11 SP2, as part of a special offering for customers and partners who need the latest capabilities in Linux tracing.
Is there a need for UNIX? Now that we provide the last mile of UNIX functionality as part of SUSE Linux Enterprise Server 11 SP2, you can leave vendor lock-in behind and enjoy the freedom and power of Linux.
Enhancing SUSE Manager Compliance Capabilities
Introducing the New Audit Log Keeper
SUSE Manager was built with compliance in mind. And the new Audit Log Keeper in SUSE Manager goes one step further. It enables you to maintain compliance with even the most rigorous regulatory requirements and corporate policies.
The Audit Log Keeper provides a comprehensive and simplified method for tracking and reporting changes to your managed servers. It offers one consolidated log of all actions initiated using the SUSE Manager web interface, command line client, or API. The detailed record delivered by the Audit Log Keeper includes not only the operation performed, but also the user responsible for the change and the date and time.
With the addition of the Audit Log Keeper, SUSE Manager is the only systems management solution for Linux that ensures enterprises in industries that have high auditing requirements, such as banking, insurance, government and health care, possess all of the necessary information to easily demonstrate their compliance.
Now let's get you started.
The Audit Log Keeper framework consists of three basic building blocks:
- The Audit Log Keeper itself: a buffer for incoming log messages that makes sure logs are delivered reliably to a local or remote backend
- Schema validators: you need at least one, and currently, there is one for SUSE Manager (called AuditLogKeeperSpacewalk). The schema validators make sure that only the desired log entries are recorded and that they are in the right format. Apart from using this framework in SUSE Manager, you could also write your own validator plugins in Java and use Audit Log Keeper for your applications' audit logging needs.
- Output plugins: current options include logging to STDOUT, syslog, SQL databases, or XML files. Several output plugins can be served at the same time. For example, you may want to use the syslog for quick alerting, but keep a tamper-proof copy as an XML file that is archived as read-only, as well as have a searchable version in a relational database.
On SUSE Manager you will need to install the Audit Log Keeper first (do this as root or use sudo):
[zypper install auditlog-keeper]
Then you install the SUSE Manager validator plugin:
[zypper install auditlog-keeper-spacewalk-validator]
Finally, install at least one plugin (unless STDOUT is all you need). Let's use the syslog plugin here:
[zypper install auditlog-keeper-syslog]
Now you can start the service:
To make sure the log keeper starts automatically, issue the following command:
[chkconfig auditlog-keeper on]
This enables Audit Log Keeper in run levels 3 and 5:
This will open the configuration file "/etc/auditlog-keeper.conf" in your default editor. But, if you are fine with using the syslog backend it is already pre-configured.
However, what you should definitely change are the "backend.db.auth.user" and "backend.db.auth.password". This can be a password that is hard to remember because it does not need to be entered manually.
If you are using the syslog output plugin and haven't changed your default settings, all messages from the Audit Log Keeper will end up in your local "/var/log/messages" file. For secure and tamper-proof logging you may want to change this to a remote logging location.
Finally you need to tell SUSE Manager to use logging:
In "/etc/rhn/rhn.conf" add a line that says:
[audit.enabled = 1]
Restart SUSE Manager after that change.
For more information on the Audit Log Keeper and additional configuration options please see this Wiki page.
Begin using SUSE Manager Audit Log Keeper today. You can ensure you are maintaining compliance with regulatory requirements and corporate policies by being able to prove to your auditors that you are keeping a detailed log of all changes to your systems from end-to-end.
Put No Limits on Protecting Workloads
Geo Clustering Enables Linux Clusters Between Data Centers Located Around the Globe
With the release of SUSE Linux Enterprise 11, we launched SUSE Linux Enterprise High Availability Extension. The initial version packaged and enhanced the high availability components of earlier SUSE Linux Enterprise releases into a single, integrated suite of robust, open source clustering technologies. This offering allowed organizations to eliminate single points of failure by implementing highly available physical and virtual Local Area clusters. All nodes within the Local Area cluster environment are housed in the same data center, connected to the same storage network and on the same network segment.
But, what happens if a fire, a flood, or some other unfortunate event strikes your data center?
Recognizing that our customers' mission-critical workloads needed additional protection against catastrophic data center loss, we introduced Metro Area clustering as part of SUSE Linux Enterprise High Availability Extension 11 SP1. With Metro Area clusters, enterprises can stretch their cluster up to approximately 20 miles or 30 kilometers. In a Metro Area clustering scenario, administrators handle configuration, storage and networking as if a Local Area cluster were running, but with the added protection of separating nodes between locations.
However, what if you have another facility, but the distance between the two is too far for a Metro Area cluster? Or, what if you are concerned about the impact of a regional catastrophic event, such as an earthquake?
Now you can rest easy. With the launch of Geo Clustering for SUSE Linux Enterprise High Availability Extension, you can deploy clusters across unlimited distances. By combining the capabilities of SUSE Linux Enterprise High Availability Extension and Geo Clustering for SUSE Linux Enterprise High Availability Extension, you can maximize business continuity, protect data integrity, and minimize unplanned downtime for mission-critical Linux workloads under any circumstance.
How does Geo Clustering for SUSE Linux Enterprise High Availability Extension work?
Geo clusters are built between groups of Local or Metro Area clusters and provides the last line of defense. For instance, SUSE Linux Enterprise High Availability Extension will take a failing workload and first transfer it within the Local or Metro Area cluster. This move helps to keep the service near its local user and infrastructure while minimizing latency, in the event of a hardware failure or an issue with the data center.
However, if a regional catastrophe occurs that impacts the entire cluster, the workload must be restarted on another cluster in a location far removed from the disaster. This is where Geo Clustering for SUSE Linux Enterprise High Availability Extension starts its work.
Our rules-based geo clustering software can make this switch automatically. The workload transfer can also be done manually, since we find that most organizations have processes and policies that demand complete control and approval of moving workloads around the world. Using manual failover also ensures that other necessary resources, including human and material resources, are assigned or moved as well.
Through full quorum coverage, Geo Clustering for SUSE Linux Enterprise High Availability Extension also ensures that workloads do not mistakenly failover because of a failed network connection between any two sites. Given the long distances between sites in a geo cluster, missing connectivity might occur more often than in a local or metro area cluster. A lost network connection can make it appear as though the service is failing even though it may actually be functioning properly. That is why we recommend that you design and install a geo cluster between three sites that are independently connected. With three sites, full quorum coverage will check with the third site to determine if there is a connection issue or an actual failure. These precautions will prevent split brain scenarios and maintain the integrity of your workloads.
With Geo Clustering for SUSE Linux Enterprise High Availability Extension there is no limit to the protection of your workloads. So, when disaster strikes your operations within a region, you will be able to meet your service-level agreements, while maintaining compliance with corporate policies and external regulations. Learn More.
The Symbiotic Relationship Between openSUSE and SUSE
A Conversation with Alan Clark, openSUSE, Board Chair
SUSE and the openSUSE project are both essential to enterprises that need an innovative, cutting-edge operating system platform that also offers the stability and support an enterprise can depend on. However, the roles of these two organizations may sometimes seem confusing. To gain a clear picture of what each does and the value they provide together, we spoke with Alan Clark, the openSUSE community moderating board chair. He explains the role of the openSUSE project and why SUSE is such an enthusiastic sponsor.
The openSUSE project is an open source community whose volunteer members develop code and adopt code developed within other open source communities. They turn those efforts into the Linux-based openSUSE operating system for several platforms, including workstations and servers. Members keep their work product on the cutting edge, releasing new versions every few months—for example, the community recently released openSUSE 12.1. They are so leading edge that any code they write that is more than two versions old is usually obsolete. This is ideal for enterprise engineers who want some insight and want to plan for the direction of the Linux platform and test applications with new features. But, this ever-changing environment doesn't fit the whole enterprise. This is where SUSE the company comes in. SUSE employees work symbiotically with openSUSE community members, taking what they produce, reworking parts and hardening it into SUSE Linux Enterprise. This platform provides years of stability, and SUSE provides the support enterprises can't survive without.
You can imagine that a diverse community of volunteers writing future-looking code could become chaotic very quickly. That's where the openSUSE community moderating board comes in. The elected board helps organize, coordinate and support the planned releases; resolves conflicts; and provides support for members' work. Alan describes the relationship between the openSUSE community and SUSE, the value of that relationship to customers and what's in store for the future. He explains that the openSUSE community is made up of volunteer software developers, evangelists, documentation writers, marketing specialists and the many other roles you might find in a software company. Besides keeping openSUSE on the leading edge of capabilities, the community's evangelism helps drive the growth of Linux, openSUSE and consequently SUSE. One of the ways this occurs in many large corporations is that small groups within the enterprise decide to run openSUSE in test beds. Leaders in the organization soon recognize the advantages of openSUSE and decide to adopt it across the enterprise. That's when they turn to the enterprise-ready SUSE Linux Enterprise Server.
Alan tells us that SUSE has a lot of experience both with Linux—he is also a director of the Linux Foundation, a formal umbrella community that supports Linus Torvalds and the kernel community—and many other open source communities that are working on many aspects of code. This places SUSE in an excellent position to identify important features, resolve issues and help connect community members with education resources for understanding and writing to the Linux platform. SUSE also helps enterprise customers with its knowledge and experience and by identifying ways to protect their investments legally.
You can easily become a part of the community. All types of opportunities are available with any size commitment. Take a look at how you can participate:
- Go to www.opensuse.org and click Discover It.
- In the next window look for the Navigation menu in the top left corner and click Project. The Project portal opens.
- Explore the portal. You can attend events, participate in biweekly project meetings, join mailing lists, connect with other members through the openSUSE social tool and much more.
- Find the bullet that says Join the openSUSE community as a contributor! and click how to participate. This will show you a host of ways you can contribute, document, develop, spread or lead openSUSE.
The Linux platform enjoys a development environment unlike anything found in a software house with a typical research and development, marketing and sales organization. The flexible and scalable Linux platform enjoys the benefit of a host of creative and passionate developers and promoters in a community with unlimited innovation. It also benefits from a company that hardens the community's results into a durable platform enterprises can depend on for many years to come.
More Clouds, More Choice
SUSE Continues Expansion of Public Cloud Options, while Developing OpenStack Powered Solution for Private Clouds
At BrainShare® last year, we proclaimed Cloud Computing as one of the key pillars of our strategy. To deliver on our cloud vision, we are focusing on:
- Working with a wide variety of cloud service providers to enable organizations to run SUSE Linux Enterprise Server in their preferred public cloud
- Bringing to market an open source solution to enable enterprises to build their own private cloud
- Delivering a set of tools to help customers bridge the gap between public and private clouds by building, deploying and managing hybrid cloud solutions.
SUSE in the Public Cloud
And we have hit the ground running since BrainShare. For instance, the number of cloud providers that are offering SUSE Linux Enterprise as an option for customers continues to grow. You can find the most current list of cloud partners here.
In addition to the new service providers, our existing partners continue to address new markets and bring more capabilities to SUSE customers in public cloud environments.
Amazon Web Services, recently, launched two new regions for EC2: US-West2, located in Oregon, and LA-1, located in Sao Paolo, Brazil. SUSE Linux Enterprise is available in both of these regions, and SUSE Studio has been updated to enable one-click deployment into either region.
Amazon also launched a number of new instance types, all of which are available for SUSE Linux Enterprise deployments. Cluster instances, which provide customers with performance usually associated with HPC servers have been available since the summer and have proven to be popular with SUSE customers. For customers requiring even more capacity, Amazon recently launched the CC1-8xlarge instance size. This instance provides twice the compute power of the existing CC1-4xlarge instance and is ideally suited for highly parallel jobs.
To date, a number of SUSE customers have been opting to take advantage of Amazon's reserved instances to ensure access to compute resources when needed, or to lower the cost of long-running workloads in EC2. For customers that want to use a reserved instance, but may have a lower total usage requirement, Amazon has introduced the low and medium resource reserved instances. With each of these options, the upfront reservation charge is reduced, as is the level of discount that the customer receives on their hourly rate. These instance types are ideal for the customer that has occasional usage requirements, but wants to ensure that the capacity is available when it is needed.
With all of these changes, SUSE Linux Enterprise remains the only enterprise Linux available in all instance types and all regions in Amazon EC2.
SUSE Driving Your Private Cloud
We have also begun development of an open source private cloud solution. At BrainShare, SUSE declared its intention to provide a flexible, secure and scalable cloud solution for customers looking to build private clouds. Over the next 11 months, SUSE will be introducing an open source cloud solution based on the OpenStack project. The OpenStack project has built a strong community with over 120 participating organizations and more than 250 developers.
Customers that want to get started, today, with our OpenStack solution, can download the SUSE Cloud Appliance from SUSE Gallery.
This preconfigured software appliance provides a single server cloud image that is perfect for trialling the OpenStack interfaces for creating virtual machines and launching images. In 2Q 2012, SUSE intends to follow up this early development preview with a beta version built on the OpenStack Essex release and a fully supported product in late 2012.
Delivering the OS of Choice for Maintaining Regulatory Compliance
Update on Telecommunication, Networking and Security Certifications for SUSE Linux Enterprise Server
As the regulatory demands on organizations in industries such as Government, Finance, Health Care and Telecommunications increase, so do the requirements for the outsourcing, hosting and cloud providers that service customers who operate in these regulated environments. These organizations must be able to verify that all of their technology infrastructure, down to the operating system, are in compliance with regulatory standards.
This is why SUSE continues to heavily invest in maintaining certifications for SUSE Linux Enterprise in areas such as Telecommunications, Networking and Security.
Early last year, we registered SUSE Linux Enterprise 11 for Carrier Grade Linux 4 (CGL 4) on the AMD64/Intel64 architecture. Learn more about it here.
In mid 2011, SUSE Linux Enterprise 11 SP1 was certified for IPv6 compliance according to the USGv6 testing requirements. Learn more about it here.
Compared to other (not only Linux) operating systems, SUSE Linux Enterprise Server complies to a broader range of functional requirements and tests. For example, we also include IKEv2 support, the highest grade of IPSec functionality in IPv6.
For SUSE Linux Enterprise 11 SP2, we will be re-certifying to document our further achievements in this area.
Eight years ago, SUSE Linux Enterprise 8 became the first Linux distribution to receive a Common Criteria Certification.
Now, with the development of SUSE Linux Enterprise 11 SP2, we are working on a Common Criteria Certification in Evaluation Assurance Level 4 with augmentation according to the Operating System Protection Profile of the BSI (CC EAL 4+ OSPP/BSI). Currently under evaluation by the licensing bodies, we expect certification to be issued soon after the first customer shipment of SUSE Linux Enterprise 11 SP2.
Simultaneously, we have prepared the openSSL package in SUSE Linux Enterprise 11 SP2 to be validated as a "security module" according to the FIPS 140-2 standard. We will start this certification process after its release.
As our recent activity shows, SUSE is committed to ensuring SUSE Linux Enterprise is a mission-critical platform that has the necessary certifications to meet your regulatory requirements.
The Hardware and Software Support You Need
Updates on Hardware and Software Certifications
The dedicated hardware and software certification teams from SUSE have been hard at work ensuring that you get the support for the applications you need and for the systems you want to run them on. In 2011, our hardware team completed 1,720 hardware certifications. Recent certifications include:
- Acer—AR320 F2, AT310 Fe
- Cisco—UCS C250 M1, UCS C250 M2, UCS C260 M2
- Dell—PowerEdge R815/4, PowerEdge R715/2 (AMD Sixteen-Core Opteron)
- HP—ProLiant BL465c G7, ProLiant BL685c G7 (Sixteen Core)
- IBM—System x3100 M4, System, x3755
- Huawei—Tecal E6000 BH620, Tecal RH2285
Search the complete list of hardware certified on SUSE Linux Enterprise.
Our SUSE ISV team helped ISVs add 2,225 software certifications to the SUSE ISV Catalog in 2011. Total unique applications on SLE 9, 10 and/or 11 numbered 8,777 at the end of 2011. This application total came from 1,875 ISV companies.
The SUSE ISV team is working with several of our major application partners as well as many smaller ones to update their catalog entries to reflect their SUSE Linux Enterprise Server 11 support. Look for more updates in the near future.
Search the complete listing of certified applications