The global and independent platform for the SAP community.

Live/online patching in Linux Enterprise deployment

Live or online patching of the Linux kernel in the enterprise environment is already a reality - without typical system stop-and-go scenarios. Sophisticated management software acts as an additional benefit provider.
Friedrich Krey, Suse
April 5, 2018
Linux Column
avatar
This text has been automatically translated from German to English.

Service interruptions such as updates or patches are indeed common procedures in corporate IT divisions. But actually they are not wanted. Not frequently, and not with disproportionately long downtimes or with a use of resources that is not justified.

Suse, as a Linux pioneer and innovator, has dealt with the topic of Linux kernel patches very intensively for quite some time and has undertaken considerable development work.

The result: Suse Linux Enterprise Live Patching, a component of SLES for SAP Applications that in effect supports a kind of non-stop IT usage. The solution was first made available for x86-64 servers (Hana-on-Intel servers) in SLES 12 for SAP Applications (SP1), and has recently become available for IBM Power (Hana-on-Power servers) (SP3).

One aspect of the developments was to extend the classic Dynamic Software Updating (DSU), primarily used for security patches (CVEs) and patches with limited size. The result is a standard live patching solution for Linux Enterprise use with high automation.

State-of-the-art Linux technologies were taken into account. For example INT3/IPI-NMI (with self-modifying code), an RCU-like update mechanism, mount-based NOP space allocation or standard kernel loading/linking mechanisms.

The Suse-Live-Patching functionality in SLES for SAP Applications significantly improves risk/security management and compliance by, for example, automatically (proactively) suggesting and - if desired - (automatically) implementing Linux patches. And this without a typical stop-and-go.

Combined with the system management

Ideally, live patching, like all the other building function blocks in Suse Linux Enterprise Server for SAP Applications, is managed, controlled and monitored via Suse Manager.

Among other things, Suse Manager audits the software patch status. Configuration changes can be detected, modified or reset to a certain state in the past, if necessary.

In principle, the complexity of Hana environments can be significantly minimized with Suse Manager. This is because all components and elements of the infrastructure and their patch/update status, as well as the overall systems themselves, can only be managed from a central location.

It can also be used to precisely control individual environments required for enterprise operations (for example, for development, test, integration and production systems).

Furthermore, with Suse Manager it is possible to implement compliance requirements in a simplified manner, for example in the security environment, or to prove adherence to compliance requirements.

Last, but not least, there are significant cost advantages, because above all manual and recurring work and the necessary costly capacities/resources for platform management are reduced.

Management is possible across all hardware x86 Intel vendors, across all Hana-on-Power systems, across all hypervisors and also in mixed environments - native and virtualized. Of course, Suse Manager also takes cloud computing or DevOps models into account.

Conclusion

Live or online patching supports non-stop IT operations and, ultimately, non-stop business continuity. Suse Manager helps to manage, automate and control both online patching and all other Suse Function Building Blocks in Hana deployment, and thus achieve significant cost benefits.

https://e3mag.com/partners/suse-linux-gmbh/

avatar
Friedrich Krey, Suse

Friedrich Krey is Head of SAP Alliances and Partners EMEA Central SUSE Linux GmbH and one of our esteemed E3 SAP Community Magazine columnists.


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 20, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.