A highly specialized systems integrator and managed services provider for SAP ERP solutions, oXya is going from strength to strength. The company continues to grow at around 20 percent year on year, winning new clients attracted by its reputation for deep technical know-how around SAP business applications. oXya serves midsize and global organizations, providing them with stable, secure, high-performance and flexible hosted SAP infrastructure and support operations.
“We set out to make each client’s landscape more uniform, so that they would have a consistent lifecycle for their operating system,” said Matthieu Fatrez, Systems Administrator at oXya. “In particular, we wanted to have one package repository per client that we would be able to evolve independently of the other clients’ repositories.”
Each client at oXya has different planned dates for deploying OS service packs and new releases, and they all follow a lifecycle that starts with the SAP Dev environment, then moves on to Quality Assurance (QA), pre-production and production environments. According to each client’s update schedule, oXya deploys an updated build of the operating system to the Dev environment. After a period of testing and tuning—again, the length depends on each client’s update schedule—this version is pushed into the QA environment, and the version that was running in the QA environment is pushed into pre-production, and so on.
“The OS lifecycle model enables us to roll out qualified OS builds to all environments in a controlled way, with the exact timing determined by each client,” said Matthieu Fatrez. “However, without a centralized tool for managing the process, this was difficult in administrative terms. For example, if we found a bug in the Linux kernel and needed either to upgrade or downgrade any clients running on the buggy version of the kernel, it was difficult even to determine who was affected.”
When the time came for an update, the technical team at oXya had to manually download the new packages from the SUSE site, put them on one of the relevant client’s machines, build a repository, and then update all the client’s machines from that repository. This process was repeated for all clients and all updates—multiplying the administrative effort, the time to complete the process, the number of repositories, the complexity, and the required disk space.
“As the only Linux distribution certified for clustered SAP environments, SUSE Linux Enterprise Server for SAP Applications gives our clients an enterprise-class option for high availability,” said Yves Dumazy, Systems Unix & Linux Manager at oXya. “Therefore, when a customer is looking to migrate from Unix, we recommend a clustered solution based on SUSE Linux Enterprise Server.”
Today, oXya has more than thirty major customers running their SAP applications on SUSE Linux Enterprise Server, across more than 500 servers—both physical and virtual.
“Given our preference for SUSE Linux Enterprise Server, it was natural to choose SUSE Manager to address our challenge around repositories and updates,” said Matthieu Fatrez. “As an appliance, SUSE Manager was easy to deploy following the guidance and recommendations from SUSE. The next tasks were to define each client’s policies for updates, to define the processes for registering machines, and to define the groups of machines on a client-by-client basis.”
Each server—whether physical or virtual—within a given client’s SAP landscape is registered in SUSE Manager and subscribed to the client channel. For each client, SUSE Manager maintains a separate repository of packages, and a record of the precise OS build used in each part of the SAP landscape (Dev, QA, pre-production, production).
“SUSE Manager makes it easy to maintain a different version of the operating system for each client, depending on their timetable for updates,” said Matthieu Fatrez. “To minimize total downtime, we try to execute major OS updates—for example, the switch from one Service Pack to the next—at the same time as major SAP software updates.”
oXya uses the AutoYaST tool within SUSE Linux Enterprise Server for the initial process of installing the OS, using the standardized set of packages from each client’s repository. For configuration management, oXya utilizes the Puppet tool included in SUSE Linux Enterprise Server.
“We rely on SUSE Manager to handle the whole process of updating our clients’ operating systems and package repositories,” said Matthieu Fatrez. “If a vulnerability emerges in a particular package or version of the kernel, SUSE Manager shows us which clients are affected so that we can respond quickly. We also take advantage of the solution’s Python API to gather all the security updates for each OS build and push them out to the relevant internal team for action. In addition, we have one client who has an audit requirement to understand all the vulnerabilities in their environment week by week. A script gathers the necessary information and sends it to this client, who then lets us know which vulnerabilities need to be patched immediately.”
A CRON scheduled task on SUSE Manager checks the current date against the date listed for the creation of each repository, alerting the relevant client team after a pre-defined amount of time to let them know that they need to make updates.
“SUSE Manager centralizes all the information about the numerous different OS builds that we maintain on behalf of our clients, making it easy to understand a complex landscape and ensure consistency,” said Matthieu Fatrez.
oXya is now extending its use of SUSE Manager to include clients adopting the latest SAP HANA technology, running on SUSE Linux Enterprise Server for SAP Applications. The company has also deployed fully managed instances of SUSE Manager for external clients that do not use its hosting services. These companies are keen to tap into oXya’s expertise in the se of SUSE Manager within business-critical SAP landscapes, particularly in heavily-regulated industry sectors such as pharma, where it is critical to prove compliance with security patching policies.
“We pride ourselves on extremely high levels of technological competence, and SUSE Manager is no exception,” said Matthieu Fatrez. “We have a strong history of training and certification with SUSE, with around 35 people achieving the Certified Linux Professional or Certified Linux Analyst qualifications within the past three years. We also participate in beta testing programs so that we can support our clients as soon as new versions of software become commercially available.”
“Instead of manually retrieving all the latest packages from the SUSE site each time we need to carry out an upgrade—a process that took five hours previously—we use SUSE Manager to create the new repository in just 30 minutes, and execute the updates from that new repository in 20 minutes,” said Matthieu Fatrez. “Cutting a five-hour process to less than an hour is a significant gain, particularly when you multiply it out across all updates for all different clients.”
The ability to apply the right updates within short timeframes is an important benefit of SUSE Manager. “When news of the Shellshock vulnerability broke, SUSE Manager had automatically downloaded the necessary patch overnight, and we pushed it out to each internal client team,” said Matthieu Fatrez. “That same morning, we completed updates to all the affected versions of Bash, rapidly giving our clients peace of mind. This would have taken much more time and effort without SUSE Manager.”
More important than the efficiency and time savings is the ability that oXya now has to demonstrate to clients that their SAP landscapes are controlled and managed to strict, auditable standards.
“With SUSE Manager, we can assure our clients that updates to their SAP environments are managed professionally and in accordance with their own corporate standards,” said Yves Dumazy. “Compliance is a vital issue for many of our clients; SUSE Manager gives us a very valuable capability to tell them exactly what was patched and when. As we continue to build our reputation as the go-to professionals for hosting enterprise SAP systems, it is important that we can demonstrate that we take security and compliance just as seriously as we do operational excellence.”
For most of oXya’s clients, their SAP landscape is the most important corporate system, and one in which downtime and security issues cannot be tolerated. Using SUSE Manager helps oXya to keep each
client’s SAP landscape in optimal health without needing to employ enormous numbers of technical staff. In turn, this helps the company maintain the competitive pricing and economies of scale that
make SAP hosting an attractive prospect for clients.
“SUSE Linux Enterprise Server offers excellent availability and security for business-critical SAP implementations and gives us a number of useful tools to simplify administration,” said Yves Dumazy. “Adding SUSE Manager has further improved our capabilities, accelerating patching for our clients and making it easier for us to prove that we are managing their landscapes in compliance with their requirements.”