SAP HANA System and Storage Replication
Automation of Failover using SUSE Linux HA Extensions
Supported DR scenarios:
scale-up performance optimized
scale-up cost optimized
scale-up multi-tier (chained)
scale-up multi-tenant
scale-up mixed scenarios
outlook: Ramp-up for HANA DR scale-out
SAP HANA System and Storage Replication
Automation of Failover using SUSE Linux HA Extensions
Supported DR scenarios:
scale-up performance optimized
scale-up cost optimized
scale-up multi-tier (chained)
scale-up multi-tenant
scale-up mixed scenarios
outlook: Ramp-up for HANA DR scale-out
Mastering SAP Monitoring - SAP HANA Monitoring, Management & AutomationLinh Nguyen
Part 7 of Mastering SAP Monitoring series http://www.itconductor.com/blog/mastering-sap-monitoring-without-sap-ccms-or-solman explains SAP HANA monitoring and management challenges and solutions.
HANA use cases have grown rapidly from BW to Suite on HANA to S/4HANA, along with myriads of choices for platforms such as on-premise, HANA Cloud Platform, HANA Enterprise Cloud, Public Cloud like AWS, and Private clouds such as VirtualStream, etc. No matter what scenario or platform, one thing is certain - it has to be monitored and managed to ensure the best possible performance, availability and ROI. Run Simple with SAP may mean simple for users, however for Basis and IT Operations we also need tools to help simplify the life cycle management aspects.
We will explain these topics in detail with regards to SAP and the 10 principles of Application-Centric Service Management & Automation
Benefits:
1) Look at an updated list of tools available from SAP and other solutions
2) Focus on availability, performance, alerts management
Proactive health checks
3) Automation of common housekeeping tasks
Trend analysis
Audience: SAP Basis Administrator, SAP DBA, HANA Admin, IT operations and managers of environments.
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
Donovan Tindall of Honeywell at the S4x15 Operations Technology Day (OTDay). A meaty, but practical technical session on how to use Active Directory to help manage and secure your ICS.
OOW15 - managing oracle e-business suite auditing and securityvasuballa
Come to this session to learn recommendations for auditing, monitoring, and securing your Oracle E-Business Suite environment and sensitive data. Configuration guidelines for monitoring and auditing activity in your Oracle E-Business Suite application and database are provided. The session provides an overview of Oracle’s secure configuration guidelines, updates to the secure configuration scripts, and optional security integrations. It wraps up with a summary of some of the new security features available in Oracle E-Business Suite 12.2 including enhancements for proxy user functionality and ways to reduce your attack surface by reducing cookie scope, allowed JavaServer Pages, and external redirects.
Network Architecture review in context of Information security helps to understand how to actually review the components of network with respect to best practices.
Unified Connectivity (UCON) for SAP NetWeaver OverviewSAP Technology
For more info: http://scn.sap.com/community/security.
To help you keep up with ever-growing security challenges, SAP NetWeaver 7.40 includes a new framework, Unified Connectivity (UCON), for securing Remote Function Calls (RFCs). UCON reduces the number of Remote-Enabled Function Modules (RFMs) that can be accessed from outside, thus dramatically reducing the potential attack surface.
ClearPass Extensions allow ClearPass to integrate with multiple enterprise services to cover dynamic real-time requirements like automatic guest registration and MDM integration. Microsoft Intune, McAfee ePolicy Orchestrator are some examples of integrations achieved using ClearPass Extensions. Check out the webinar recording where this presentation was used: https://community.arubanetworks.com/t5/Security/Technical-Webinar-Recording-Slides-ClearPass-Extensions-and-how/td-p/292221
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
This guide covers the deployment of Aruba remote access points (RAP) in fixed telecommuter and micro branch office sites, and it is considered part of the base designs guides within the VRD core technologies series. This guide covers the design recommendations for remote network deployment and it explains the various configurations needed to implement a secure, high-performance virtual branch office (VBN) solution with Aruba RAPs.
Mastering SAP Monitoring - SAP HANA Monitoring, Management & AutomationLinh Nguyen
Part 7 of Mastering SAP Monitoring series http://www.itconductor.com/blog/mastering-sap-monitoring-without-sap-ccms-or-solman explains SAP HANA monitoring and management challenges and solutions.
HANA use cases have grown rapidly from BW to Suite on HANA to S/4HANA, along with myriads of choices for platforms such as on-premise, HANA Cloud Platform, HANA Enterprise Cloud, Public Cloud like AWS, and Private clouds such as VirtualStream, etc. No matter what scenario or platform, one thing is certain - it has to be monitored and managed to ensure the best possible performance, availability and ROI. Run Simple with SAP may mean simple for users, however for Basis and IT Operations we also need tools to help simplify the life cycle management aspects.
We will explain these topics in detail with regards to SAP and the 10 principles of Application-Centric Service Management & Automation
Benefits:
1) Look at an updated list of tools available from SAP and other solutions
2) Focus on availability, performance, alerts management
Proactive health checks
3) Automation of common housekeeping tasks
Trend analysis
Audience: SAP Basis Administrator, SAP DBA, HANA Admin, IT operations and managers of environments.
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
Donovan Tindall of Honeywell at the S4x15 Operations Technology Day (OTDay). A meaty, but practical technical session on how to use Active Directory to help manage and secure your ICS.
OOW15 - managing oracle e-business suite auditing and securityvasuballa
Come to this session to learn recommendations for auditing, monitoring, and securing your Oracle E-Business Suite environment and sensitive data. Configuration guidelines for monitoring and auditing activity in your Oracle E-Business Suite application and database are provided. The session provides an overview of Oracle’s secure configuration guidelines, updates to the secure configuration scripts, and optional security integrations. It wraps up with a summary of some of the new security features available in Oracle E-Business Suite 12.2 including enhancements for proxy user functionality and ways to reduce your attack surface by reducing cookie scope, allowed JavaServer Pages, and external redirects.
Network Architecture review in context of Information security helps to understand how to actually review the components of network with respect to best practices.
Unified Connectivity (UCON) for SAP NetWeaver OverviewSAP Technology
For more info: http://scn.sap.com/community/security.
To help you keep up with ever-growing security challenges, SAP NetWeaver 7.40 includes a new framework, Unified Connectivity (UCON), for securing Remote Function Calls (RFCs). UCON reduces the number of Remote-Enabled Function Modules (RFMs) that can be accessed from outside, thus dramatically reducing the potential attack surface.
ClearPass Extensions allow ClearPass to integrate with multiple enterprise services to cover dynamic real-time requirements like automatic guest registration and MDM integration. Microsoft Intune, McAfee ePolicy Orchestrator are some examples of integrations achieved using ClearPass Extensions. Check out the webinar recording where this presentation was used: https://community.arubanetworks.com/t5/Security/Technical-Webinar-Recording-Slides-ClearPass-Extensions-and-how/td-p/292221
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
This guide covers the deployment of Aruba remote access points (RAP) in fixed telecommuter and micro branch office sites, and it is considered part of the base designs guides within the VRD core technologies series. This guide covers the design recommendations for remote network deployment and it explains the various configurations needed to implement a secure, high-performance virtual branch office (VBN) solution with Aruba RAPs.
The 2013 Queensland PGA Championship provides a variety of opportunities for businesses to partner with the PGA Tour of Australasia and City Golf Club, Toowoomba via this prestigious and historic professional golf tournament.
SUSE, Hadoop and Big Data Update. Stephen Mogg, SUSE UKhuguk
This session will give you an update on what SUSE is up to in the Big Data arena. We will take a brief look at SUSE Linux Enterprise Server and why it makes the perfect foundation for your Hadoop Deployment.
Build Platform as a Service (PaaS) with SUSE Studio, WSO2 Middleware, and EC2 WSO2
To view recording of this webinar please use the below URL:
http://wso2.com/library/webinars/2015/04/build-platform-as-a-service-paas-with-suse-studio-wso2-middleware-and-ec2
Raise your Cloud program up a notch by delivering Platform as a Service (PaaS) to application teams. SUSE Studio, WSO2, and EC2 helps you assemble, build, and deploy portable application services instead of platform silos. In this session, Chris will demonstrate how you can rapidly build standardized application stack environments and offer a policy compliant Platform as a Service to your application project teams.
3.6.2015 järjestimme Konesali -ja tietoturvatapahtuma Best of Brainsharen asiakkaille ja kumppaneillemme.
Konesalin SUSE esityksistä vastasi SUSE Suomen asiantuntijat. Esittelyssä SUSE OpenStack Cloud 5 - Privaatti, hybridi ja julkinen pilvi ja ratkaisun uudet ominaisuudet.
OSMC 2010 | Insides SUSE Linux by Joachim WernerNETWAYS
SUSE Linux Enterprise is the most interoperable platform for mission-critical computing - both in traditional client-server and in virtual environments - from the desktop to the datacenter. In this talk some basic information about the data for the monitoring of SUSE LINUX and which opportunities for monitoring SUSE LINUX offers will be given.
Akash Mahajan, Appsecco
Ansible offers a flexible approach to building a SecOps pipeline. System hardening can become just another software project. Using it we can do secure application deployment, configuration management and continuous monitoring. Security can be codified & attack surfaces reduced by using Ansible.
Who is this talk for?
This talks and demo is relevant and useful for any practitioner of DevSecOps.
It introduces the concepts of declarative security
Showcases one of the tools (Ansible) to embrace DevSecOps in a friction free no expense required manner
Implements security architecture principles using a structured language (YAML) as part of the framework (playbooks) which is ‘Infrastructure As Code’
Gives a clear roadmap on how to find the best practices for security hardening
Covers how continuous monitoring can be applied for security
Technical Requirements
While 30 minutes short for letting attendees do hands-on, the following will be required
- A modern Linux distribution with Python and Ansible installed
- Basic idea of running commands on the Linux command line
SUSE Enterprise Storage - a Gentle IntroductionGábor Nyers
SUSE Enterprise Storage is a scalable and resilient software-based storage solution. It lets you build cost-efficient and highly scalable data storage using commodity, off-the-shelf servers and disk drives.
SUSECon 2021 SUSE Linux Enterprise server for SAP applications session on current status and future direction, including roadmap update, deployment automation, SAP monitoring project and Project Trento, the upcoming SAP management console project from SUSE
S/4 HANA Editions
S/4 HANA Deployment options:
- on premise
- private, managed cloud
- private cloud
- public cloud
- TCO reductions by using SUSE Linux
- SUSE Linux as the foundation for S/4 HANA
SAP HANA typical implementations today
Outlook for the next 12-18 months
Disaster Recovery capabilities of SAP HANA
Complete automation of Disaster Recovery for SAP HANA with SUSE Linux High Availability
Speakers: Dan Lahl (VP Database Product, SAP), Markus Guertler (Senior SAP Architect, SUSE)
COMPLETE Cloud – Capgemini’s Business Platform – Powered by AWS/SUSEDirk Oppenkowski
COMPLETE is an enterprise ready framework and intelligent platform that integrates and supports applications in the Cloud that provides clients a cost effective service allowing multiple applications to run in a consolidated platform.
The first phase includes the architecture and development of scale-up scenarios, which will be tested together with SAP in the coming weeks. System replication will help to replicate the database data from one computer to another computer in order to compensate for database failures (single-box replication). This will be followed by a second project phase involving an extension for scale-out scenarios (multibox replication).
Realtech Consulting Webinar about SAP Migrations worldwide
- Migration source platforms are overwhelmingly UNIX (more than 90%)
- Migration target platforms are Linux (58%) and Windows (27%)
- No Limits in terms of SAP workloads to be migrated
70% of all SAP on Linux customers rely on SUSE Linux
Reduce your SAP infrastructure TCO by up to 80%
Intel's Enterprise Computing Platform is pulling ahead of UNIX
How to get your SAP landscapes to SUSE Linux on Intel: SAP Consulting by Texperts
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Your Digital Assistant.
Making complex approach simple. Straightforward process saves time. No more waiting to connect with people that matter to you. Safety first is not a cliché - Securely protect information in cloud storage to prevent any third party from accessing data.
Would you rather make your visitors feel burdened by making them wait? Or choose VizMan for a stress-free experience? VizMan is an automated visitor management system that works for any industries not limited to factories, societies, government institutes, and warehouses. A new age contactless way of logging information of visitors, employees, packages, and vehicles. VizMan is a digital logbook so it deters unnecessary use of paper or space since there is no requirement of bundles of registers that is left to collect dust in a corner of a room. Visitor’s essential details, helps in scheduling meetings for visitors and employees, and assists in supervising the attendance of the employees. With VizMan, visitors don’t need to wait for hours in long queues. VizMan handles visitors with the value they deserve because we know time is important to you.
Feasible Features
One Subscription, Four Modules – Admin, Employee, Receptionist, and Gatekeeper ensures confidentiality and prevents data from being manipulated
User Friendly – can be easily used on Android, iOS, and Web Interface
Multiple Accessibility – Log in through any device from any place at any time
One app for all industries – a Visitor Management System that works for any organisation.
Stress-free Sign-up
Visitor is registered and checked-in by the Receptionist
Host gets a notification, where they opt to Approve the meeting
Host notifies the Receptionist of the end of the meeting
Visitor is checked-out by the Receptionist
Host enters notes and remarks of the meeting
Customizable Components
Scheduling Meetings – Host can invite visitors for meetings and also approve, reject and reschedule meetings
Single/Bulk invites – Invitations can be sent individually to a visitor or collectively to many visitors
VIP Visitors – Additional security of data for VIP visitors to avoid misuse of information
Courier Management – Keeps a check on deliveries like commodities being delivered in and out of establishments
Alerts & Notifications – Get notified on SMS, email, and application
Parking Management – Manage availability of parking space
Individual log-in – Every user has their own log-in id
Visitor/Meeting Analytics – Evaluate notes and remarks of the meeting stored in the system
Visitor Management System is a secure and user friendly database manager that records, filters, tracks the visitors to your organization.
"Secure Your Premises with VizMan (VMS) – Get It Now"
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
Worried about document security while sharing them in Salesforce? Fret no more! Here are the top-notch security standards XfilesPro upholds to ensure strong security for your Salesforce documents while sharing with internal or external people.
To learn more, read the blog: https://www.xfilespro.com/how-does-xfilespro-make-document-sharing-secure-and-seamless-in-salesforce/
Designing for Privacy in Amazon Web ServicesKrzysztofKkol1
Data privacy is one of the most critical issues that businesses face. This presentation shares insights on the principles and best practices for ensuring the resilience and security of your workload.
Drawing on a real-life project from the HR industry, the various challenges will be demonstrated: data protection, self-healing, business continuity, security, and transparency of data processing. This systematized approach allowed to create a secure AWS cloud infrastructure that not only met strict compliance rules but also exceeded the client's expectations.
1. Operating System Security
Hardening for SAP HANA
Peter Schinagl
Technical Architect Global SAP Alliance
peters@suse.com
Markus Gürtler
Architect & Technical Manager SAP Linux Lab
mguertler@suse.com
3. 3
SUSE Linux Enterprise Server
Security Components
AppArmor
for fine-grained security tuning
Security Certifications
like FIPS, EAL4+, etc.
Security patches
and updates
over the whole product lifecycle
SUSE Firewall2
Easy to administer OS firewall
Intrusion Detection
using AIDE
OS Security Guide
covering all security topics
Linux Audit System
CAPP-compliant auditing system
+ more
4. 4
Classification of the Hardening Guide
SUSE
Security Guide
OS Security
Hardening Guide
for SAP HANA
SAP HANA
Security Guide
Operating System genericSAP HANA specific
5. 5
Content of the Security Guides
SAP HANA Security Guide
OS Security Hardening Guide for HANA
- Network and Communication Security
- User and Role Management
- Authentication and Single Sign-On
- Authorization
- Storage Security
- etc.
Application
Operating
System
SUSE Security Guide
- SUSE Security Features
- Authentication
- Local Security
- AppArmor & SELinux
- The Linux Audit Framework
- etc.
Operating
System
- OS Security Hardening Settings
- Local Firewall for HANA
- Minimal OS Package Selection
- Update & Patch Strategies
- etc.
6. 6
Customized OS Security Hardening for
SAP HANA
Security Hardening Settings for HANA
SUSE Firewall for HANA
Minimal OS package selection
SUSE Security Updates
7. 7
Security Hardening Setttings
Overview
• Covers all relevant security topics (see next slide)
• Provides for each setting
✔ Detailed description
✔ Possible impact on the system
✔ Implementation priority
• Settings based on a professional Security Audit
• Implemented and tested by a large pilot customer
8. 8
Security Hardening Setttings
Categories
• Authentication Settings
→ User login restrictions, password policy, etc.
• System Access Settings
→ Local and remote access restrictions
• Networking Settings
→ i. e. behavior of the Linux IP stack
• Linux Service permissions
→ i. e. disallow of 'at'-jobs
• File permissions
→ Access rights of security-critical files
• Logging and Reporting
→ Behavior of the system logging, security reports, etc.
9. 9
Security Hardening Setttings
Examples
• Prohibit root login via ssh
• Setup password strengthening
• Adjust sysctl variables (i. e. network settings)
• Adjust default umask
• Change permissions of certain system files
• Forwarding of syslog files to a central syslog server
• Configure user login restrictions via access.conf
• etc.
10. 10
Security Hardening Setttings
Detailed Example: Prohibit login as root via ssh
Description
By default, the user “root” is allowed to remotely log in via ssh. This has two
disadvantages: First, root logins are logged, but cannot be associated with a
particular user. This is especially a disadvantage if more than one system
administrator makes changes on the system. Second, a stolen root password
allows an attacker to login directly to the system. Instead of logging in as a normal
user first, then doing “su” or a “sudo,” an attacker just requires the root password.
Procedure
Edit /etc/ssh/sshd.conf and set parameter
PermitRootLogin no
Impact
Root no longer can be used to login remotely, so that users are required to use “su”
or “sudo” to gain root access when using ssh.
Priority: high
11. 11
SUSE Firewall for SAP HANA
Overview
• Local firewall dedicated for SAP HANA
• Predefined service definitions according to “SAP
HANA Master Guide”
• Automatic calculation of ports according to SAP HANA
Instance Numbers
• Supports multiple HANA systems & instances on one
system
• Dropped packages can be logged via syslog
• Easy configuration
→ via the file /etc/sysconfig/hana_firewall
• Available as RPM package
12. 12
SUSE Firewall for SAP HANA
Example of a Logical Network Diagram with External Firewalls
15. 15
Minimal OS Package Selection
Overview
• The fewer OS packages a HANA system has installed,
the less possible security holes it might have
• Just enough Operating System (JeOS) approach not
perfect for HANA
• Approached based on middle ground
→ Installation patterns “Base System” + “Minimal
System” + some additional packages
• Amount of packages reduced to ~550 from ~1200
(SLES standard installation)
• Described in SAP Note #1855805
16. 16
Minimal OS Package Selection
Comparison between package selections
Amount of installed packages
0
200
400
600
800
1000
1200
1400
SLES Standard
Installation
Base + Minimal +
additional packages
Base + Minimal
17. 17
SUSE Security Updates
• Security vulnerabilities are found almost every day;
Most of them are reported & fixed very quickly
• SUSE constantly provides security updates & patches
• Security updates & patches can be received via the
SUSE Linux Enterprise Server update channels
➔ We generally recommend to configure update channels
• Comparison between certain update & patch strategy
➔ Best update & patch strategy: Selective installation of only
security updates on a regular basis + installation of remaining
updates during maintenance windows
18. 18
Availability of the Hardening Guide
• Download link
→ www.suse.com/products/sles-for-sap/resource-library/
• About the Authors
→ Developed by Markus Guertler (SUSE @ SAP Linux Lab) and
Alexander Bergmann (SUSE Maintenance & Security Team)
• Outlook
Additional and improved hardening settings
Improvements of the firewall (i. e. automatic detection of
installed HANA systems)
Further reduction of the minimal set of packages
21. Unpublished Work of SUSE. All Rights Reserved.
This work is an unpublished work and contains confidential, proprietary and trade secret information of SUSE.
Access to this work is restricted to SUSE employees who have a need to know to perform tasks within the scope of
their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated,
abridged, condensed, expanded, collected, or adapted without the prior written consent of SUSE.
Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General Disclaimer
This document is not to be construed as a promise by any participating company to develop, deliver, or market a
product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making
purchasing decisions. SUSE makes no representations or warranties with respect to the contents of this document,
and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The
development, release, and timing of features or functionality described for SUSE products remains at the sole
discretion of SUSE. Further, SUSE reserves the right to revise this document and to make changes to its content, at
any time, without obligation to notify any person or entity of such revisions or changes. All SUSE marks referenced in
this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All
third-party trademarks are the property of their respective owners.