SlideShare ist ein Scribd-Unternehmen logo

Architecting the SUSE Manager deployment

Gábor Nyers
Gábor Nyers

The purpose of these slides is to provide a summary of the considerations when planning a SUSE Manager deployment: * Deployment scenario's * Client connection types * Considerations for network connectivity and services * System Requirements * Database considerations

1 von 24
Downloaden Sie, um offline zu lesen
Architecting your SUSE Manager deployment SUSECon 2015, Amsterdam, The Netherlands Gábor Nyers Consultant & Trainer @Trebut gnyers@trebut.com Sean Rickerd Sales Engineer @SUSE srickerd@suse.com Anthony Tortola Sales Engineer @SUSE atortola@suse.com
Architecting the SUSE Manager deployment
3 Agenda • Deployment scenario's • Client connection methods • Network connectivity requirements • System Requirements • Database considerations • Checklist for deployment
4 Deployment scenario's Typical deployment scenario SUSE Manager (embedded DB) SUSE Customer Center Internet Firewall / proxy ←443 Internal Firewall Managed systems optional Oracle DB (external DB) Hosts: ● https://nu.novell.com, https://ssc.suse.com ● https://secure-www.novell.com and all their CNAME aliases!
5 Zone A Deployment scenario's Multi-zone scenario with Proxy SUSE Customer Center Internet Firewall / proxy Zone A Internal Firewall SUSE Manager Proxy Managed systems Managed systems SUSE Manager Server Zone B Zone interconnect Zone B Uplink Firewall (/ proxy) Zone B
6 Deployment scenario's Multi-zone, multi-Manager scenario SUSE Customer Center Internet Internal Firewall SUSE Manager Server Managed systems Managed systems SUSE Manager Server Zone interconnect Zone B Uplink Firewall / proxy Zone B Firewall / proxy Zone A Zone A Uplink Zone A Zone B
7 Deployment scenario's Disconnected Zone scenario SUSE Customer Center Internet Firewall / proxy ← 80, 443 Internal Firewall SUSE Manager Server SUSE Manager Server or SMT Managed systems External disk to carry downloaded patches over Disconnected Zone
8 Client connection methods Overview Client Connection Methods (1) Managed systems (Pull) SUSE Manager Server or SUSE Manager Proxy (2) Managed systems (Pull+OSAD) (3) Managed systems (Push) (4) Managed systems (Push+SSH Tunnel) 1 2 3 4 443 (rhn_check) 5222 (osad), 443 (rhn_check) 443 (rhn_check) 22 (ssh) 22 (ssh) Scheduled check-in (default every 4h), triggered by 'rhnsd' service and performed by 'rhn_check' utility on managed system. Default connection method. 'osad' service on client logs in to SUSE Manager. On available updates, SUSE Manager sends real-time notification to managed system. Fetching updates is initiated by 'rhn_check' on managed system. SUSE Manager initiates check-in through SSH connection on available updates. Fetching updates is initiated by 'rhn_check' on managed system. SUSE Manager initiates check-in through SSH connection on available updates. SSH session also provides a port- forwarding tunnel. Fetching updates is initiated by 'rhn_check' on managed system through SSH tunnel.
9 Client connection methods Choosing Client Connection Method 1/3 Basic considerations: • Clients may connect to both SM Server and Proxy with any one of the connection methods. • Clients may change connection methods at any time, without disruption to client, server or proxy. • Default client connection method is (1). • More than one connection method may be used within a deployment, zone or segment. • Connection methods have different resource requirements: (1) < (2) < (3),(4) • Max nr. of managed systems per SM Server: ~1000, when using (1)
10 Client connection methods Choosing Client Connection Method 2/3 Basic considerations (cont.): • By replacing the “rhnsd” package with the “osad” package on a managed system, connection method (2) is used. • Connection methods (3) and (4) require neither “rhnsd” nor “osad” packages. • Retrieval of updates will always be initiated by the “rhn_check” utility on the managed system. ‒ On systems with method (3) and (4) “rhn_check” will always be executed by SUSE Manager remotely through an SSH Tunnel. • “rhn_check” may be executed manually. ‒ On systems with method (3) and (4) from SUSE Manager. • Evenly distributed check-ins in time will allow SUSE Manager to serve more managed systems.
11 Client connection methods Choosing Client Connection Method 3/3 A few qualifying questions to choose the connection method: • Are there managed systems, that can not initiate TCP connections to SUSE Manager? ‒ Yes: type (4) is required for these systems ‒ No: no restrictions on connection types from this point of view • Nr. of clients > 500 for SUSE Manager Server(*)? ‒ Yes: (1) is preferred; (3) and (4) may require additional Proxy • Delay allowed between availability of an update on SUSE Manager and check-in of the managed system? ‒ Yes: (1) preferred ‒ No: (2), (3) or (4) may be required (*) excluding all other managed systems connecting through a SUSE Manager Proxy
12 Network connectivity Firewall rules: SUSE Manager Server • Inbound connections ‒ 67: if SM is a DHCP server for systems requesting IP addresses. ‒ 69: if SM is a PXE server ‒ 80: to access SM WebUI ‒ 443: to access SM WebUI through SSL ‒ 5222: incoming OSAD connections (connection type (2)) from clients ‒ 5269: push actions to Proxy • Outbound connections ‒ 80: to *.novell.com, *.suse.com in order for SM to access Customer Center ‒ 443: to *.novell.com, *.suse.com in order to mirror patches/upgrades ‒ 4545: in order for SM to access Monitoring daemon on clients ‒ 5269: push actions to Proxy
13 Network connectivity Firewall rules: SUSE Manager Clients • Inbound connections ‒ 4545: in order for the SUSE Manager Server to access Monitoring daemon on clients ‒ 22: in case of “Push via SSH Tunnel” contact method • Outbound connections ‒ 80(plain) and/or 443(SSL): in order for client to access SM ‒ 5222: initiate OSAD connections (connection type (2)) to SM/SMProxy
14 Network connectivity Firewall rules: SUSE Manager Proxy • Inbound connections ‒ 5222: for incoming OSAD connections (connection type (2)) from clients ‒ 5269: for push actions to SM ‒ 22: in case the Proxy is used to access clients with the “Push via SSH Tunnel” contact method • Outbound connections ‒ 80(plain) and/or 443(SSL): in order for SMProxy to access SM ‒ 4545: in order for SMProxy to access Monitoring daemon on clients ‒ 5269: for push actions with SM
15 Network infrastructure services SUSE Manager as deployment server 1/2 Two necessary roles for deployment: ‒ DHCP server ‒ Serving basic network configuration ‒ Serving “next-server” parameter ‒ Deployment server ‒ Serving bootloader and bootloader configuration ‒ Serving unattended installation answer files (AutoYaST, Kickstart) ‒ Serving installation images and packages
16 Network infrastructure services SUSE Manager as deployment server 2/2 Basic Considerations: • SUSE Manager can perform both aforementioned roles. • Existing DHCP servers may be used, however the served “next-server” parameter must point to SUSE Manager. • To be deployed managed systems don't necessarily have to be on the same L2 LAN as SUSE Manager. • DHCP Relays may be used when deploying managed systems
17 System requirements SUSE Manager ‒ Physical / Virtual machine ‒ 64bits Intel/AMD ‒ RAM: ‒ 4GB (minimal) ‒ 8GB (recommended) ‒ Disk: ‒ 30GB for installation, ‒ 100 GB for repository mirrors SUSE Manager clients ‒ SLES 10: ‒ SP3 LTSS, SP4 LTSS ‒ x86, x86_64, Power, System z, Itanium ‒ SLES 11: ‒ SP3 or SP2 LTSS, SP1 LTSS ‒ x86, x86_64, Power, System z, Itanium ‒ SLES 12: ‒ GA ‒ x86_64, Power, System z, Itanium ‒ RHEL 5,6,7: ‒ x86, x86_64 PoC Test clients ‒ At least 4 VMs
18 Database Considerations Considerations for Choosing a DB External Oracle DB Embedded Postgres DB Additional costs yes no 3rd party DB access (eg. reporting) yes yes SUSE Manager deployment supported by SUSE yes yes See also: ● SUSE Manager Documentation: Database Requirements ● Database HOWTO on SUSE Manager Wiki
19 Database Considerations Database preparation for Oracle If deploying SUSE Manager with an external Oracle DB, you'll need to prep your DB. Please make sure that an Oracle DBA performs these instructions(*) ! (*) http://wiki.novell.com/index.php/SUSE_Manager/RDBMS#Additional_Setup
20 Checklist / BOM in preparation for deployment • Choose deployment scenario • SUSE Manager Server ‒ Prepare physical or virtual system ‒ Network resources: reserve Hostname, IP address ‒ Database (Postgres/Oracle) ‒ Customer Center ‒ Entitlement for SUSE Manager ‒ Customer Center: credentials corporate account(s) containing product entitlements • Database (only in case of Oracle) ‒ Provision DB ‒ DB credentials ‒ Apply DB requirements • Network ‒ Firewall rules (if applicable) ‒ to Internet ‒ to the managed clients ‒ Proxy settings/credentials ‒ DNS: Add record(s) for SUSE Manager Server ‒ Configure DHCP “next-server” parameter for deployments (if applicable)
21 Questions If you prefer email, please direct your questions to gnyers@trebut.com, srickerd@suse.com or atortola@suse.com. (click on above link to open your email client) The slides are available via the SUSECon website and via Slideshare.
Thank you. 22 For more information on SUSE Manager please visit www.suse.com/products/suse-manager/
Corporate Headquarters Maxfeldstrasse 5 90409 Nuremberg Germany +49 911 740 53 0 (Worldwide) www.suse.com Join us on: www.opensuse.org 23
Unpublished Work of SUSE. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary and trade secret information of SUSE. Access to this work is restricted to SUSE employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of SUSE. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. SUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for SUSE products remains at the sole discretion of SUSE. Further, SUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All SUSE marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

Empfohlen

SUSE Linux Enterprise 11 admin 2
SUSE Linux Enterprise 11 admin 2SUSE Linux Enterprise 11 admin 2
SUSE Linux Enterprise 11 admin 2Kálmán Kéménczy
 
SUSE Linux Enterprise Server for IBM Power
SUSE Linux Enterprise Server for IBM Power SUSE Linux Enterprise Server for IBM Power
SUSE Linux Enterprise Server for IBM Power Patrick Quairoli
 
Building High Availability Clusters with SUSE Linux Enterprise High Availabil...
Building High Availability Clusters with SUSE Linux Enterprise High Availabil...Building High Availability Clusters with SUSE Linux Enterprise High Availabil...
Building High Availability Clusters with SUSE Linux Enterprise High Availabil...Novell
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawnGábor Nyers
 
SUSE Enterprise Storage - a Gentle Introduction
SUSE Enterprise Storage - a Gentle IntroductionSUSE Enterprise Storage - a Gentle Introduction
SUSE Enterprise Storage - a Gentle IntroductionGábor Nyers
 
Full system roll-back and systemd in SUSE Linux Enterprise 12
Full system roll-back and systemd in SUSE Linux Enterprise 12Full system roll-back and systemd in SUSE Linux Enterprise 12
Full system roll-back and systemd in SUSE Linux Enterprise 12Gábor Nyers
 
Btrfs and Snapper - The Next Steps from Pure Filesystem Features to Integrati...
Btrfs and Snapper - The Next Steps from Pure Filesystem Features to Integrati...Btrfs and Snapper - The Next Steps from Pure Filesystem Features to Integrati...
Btrfs and Snapper - The Next Steps from Pure Filesystem Features to Integrati...Gábor Nyers
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 

Empfohlen

SUSE Linux Enterprise 11 admin 2
SUSE Linux Enterprise 11 admin 2SUSE Linux Enterprise 11 admin 2
SUSE Linux Enterprise 11 admin 2Kálmán Kéménczy
 
SUSE Linux Enterprise Server for IBM Power
SUSE Linux Enterprise Server for IBM Power SUSE Linux Enterprise Server for IBM Power
SUSE Linux Enterprise Server for IBM Power Patrick Quairoli
 
Building High Availability Clusters with SUSE Linux Enterprise High Availabil...
Building High Availability Clusters with SUSE Linux Enterprise High Availabil...Building High Availability Clusters with SUSE Linux Enterprise High Availabil...
Building High Availability Clusters with SUSE Linux Enterprise High Availabil...Novell
 
Containers with systemd-nspawn
Containers with systemd-nspawnContainers with systemd-nspawn
Containers with systemd-nspawnGábor Nyers
 
SUSE Enterprise Storage - a Gentle Introduction
SUSE Enterprise Storage - a Gentle IntroductionSUSE Enterprise Storage - a Gentle Introduction
SUSE Enterprise Storage - a Gentle IntroductionGábor Nyers
 
Full system roll-back and systemd in SUSE Linux Enterprise 12
Full system roll-back and systemd in SUSE Linux Enterprise 12Full system roll-back and systemd in SUSE Linux Enterprise 12
Full system roll-back and systemd in SUSE Linux Enterprise 12Gábor Nyers
 
Btrfs and Snapper - The Next Steps from Pure Filesystem Features to Integrati...
Btrfs and Snapper - The Next Steps from Pure Filesystem Features to Integrati...Btrfs and Snapper - The Next Steps from Pure Filesystem Features to Integrati...
Btrfs and Snapper - The Next Steps from Pure Filesystem Features to Integrati...Gábor Nyers
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations Rajiv Jayarajah, MAppComm, ACC
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data ScienceChristy Abraham Joy
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 

Weitere ähnliche Inhalte

Empfohlen

Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 

Empfohlen (20)

Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 

Architecting the SUSE Manager deployment

  • 1. Architecting your SUSE Manager deployment SUSECon 2015, Amsterdam, The Netherlands Gábor Nyers Consultant & Trainer @Trebut gnyers@trebut.com Sean Rickerd Sales Engineer @SUSE srickerd@suse.com Anthony Tortola Sales Engineer @SUSE atortola@suse.com
  • 3. 3 Agenda • Deployment scenario's • Client connection methods • Network connectivity requirements • System Requirements • Database considerations • Checklist for deployment
  • 4. 4 Deployment scenario's Typical deployment scenario SUSE Manager (embedded DB) SUSE Customer Center Internet Firewall / proxy ←443 Internal Firewall Managed systems optional Oracle DB (external DB) Hosts: ● https://nu.novell.com, https://ssc.suse.com ● https://secure-www.novell.com and all their CNAME aliases!
  • 5. 5 Zone A Deployment scenario's Multi-zone scenario with Proxy SUSE Customer Center Internet Firewall / proxy Zone A Internal Firewall SUSE Manager Proxy Managed systems Managed systems SUSE Manager Server Zone B Zone interconnect Zone B Uplink Firewall (/ proxy) Zone B
  • 6. 6 Deployment scenario's Multi-zone, multi-Manager scenario SUSE Customer Center Internet Internal Firewall SUSE Manager Server Managed systems Managed systems SUSE Manager Server Zone interconnect Zone B Uplink Firewall / proxy Zone B Firewall / proxy Zone A Zone A Uplink Zone A Zone B
  • 7. 7 Deployment scenario's Disconnected Zone scenario SUSE Customer Center Internet Firewall / proxy ← 80, 443 Internal Firewall SUSE Manager Server SUSE Manager Server or SMT Managed systems External disk to carry downloaded patches over Disconnected Zone
  • 8. 8 Client connection methods Overview Client Connection Methods (1) Managed systems (Pull) SUSE Manager Server or SUSE Manager Proxy (2) Managed systems (Pull+OSAD) (3) Managed systems (Push) (4) Managed systems (Push+SSH Tunnel) 1 2 3 4 443 (rhn_check) 5222 (osad), 443 (rhn_check) 443 (rhn_check) 22 (ssh) 22 (ssh) Scheduled check-in (default every 4h), triggered by 'rhnsd' service and performed by 'rhn_check' utility on managed system. Default connection method. 'osad' service on client logs in to SUSE Manager. On available updates, SUSE Manager sends real-time notification to managed system. Fetching updates is initiated by 'rhn_check' on managed system. SUSE Manager initiates check-in through SSH connection on available updates. Fetching updates is initiated by 'rhn_check' on managed system. SUSE Manager initiates check-in through SSH connection on available updates. SSH session also provides a port- forwarding tunnel. Fetching updates is initiated by 'rhn_check' on managed system through SSH tunnel.
  • 9. 9 Client connection methods Choosing Client Connection Method 1/3 Basic considerations: • Clients may connect to both SM Server and Proxy with any one of the connection methods. • Clients may change connection methods at any time, without disruption to client, server or proxy. • Default client connection method is (1). • More than one connection method may be used within a deployment, zone or segment. • Connection methods have different resource requirements: (1) < (2) < (3),(4) • Max nr. of managed systems per SM Server: ~1000, when using (1)
  • 10. 10 Client connection methods Choosing Client Connection Method 2/3 Basic considerations (cont.): • By replacing the “rhnsd” package with the “osad” package on a managed system, connection method (2) is used. • Connection methods (3) and (4) require neither “rhnsd” nor “osad” packages. • Retrieval of updates will always be initiated by the “rhn_check” utility on the managed system. ‒ On systems with method (3) and (4) “rhn_check” will always be executed by SUSE Manager remotely through an SSH Tunnel. • “rhn_check” may be executed manually. ‒ On systems with method (3) and (4) from SUSE Manager. • Evenly distributed check-ins in time will allow SUSE Manager to serve more managed systems.
  • 11. 11 Client connection methods Choosing Client Connection Method 3/3 A few qualifying questions to choose the connection method: • Are there managed systems, that can not initiate TCP connections to SUSE Manager? ‒ Yes: type (4) is required for these systems ‒ No: no restrictions on connection types from this point of view • Nr. of clients > 500 for SUSE Manager Server(*)? ‒ Yes: (1) is preferred; (3) and (4) may require additional Proxy • Delay allowed between availability of an update on SUSE Manager and check-in of the managed system? ‒ Yes: (1) preferred ‒ No: (2), (3) or (4) may be required (*) excluding all other managed systems connecting through a SUSE Manager Proxy
  • 12. 12 Network connectivity Firewall rules: SUSE Manager Server • Inbound connections ‒ 67: if SM is a DHCP server for systems requesting IP addresses. ‒ 69: if SM is a PXE server ‒ 80: to access SM WebUI ‒ 443: to access SM WebUI through SSL ‒ 5222: incoming OSAD connections (connection type (2)) from clients ‒ 5269: push actions to Proxy • Outbound connections ‒ 80: to *.novell.com, *.suse.com in order for SM to access Customer Center ‒ 443: to *.novell.com, *.suse.com in order to mirror patches/upgrades ‒ 4545: in order for SM to access Monitoring daemon on clients ‒ 5269: push actions to Proxy
  • 13. 13 Network connectivity Firewall rules: SUSE Manager Clients • Inbound connections ‒ 4545: in order for the SUSE Manager Server to access Monitoring daemon on clients ‒ 22: in case of “Push via SSH Tunnel” contact method • Outbound connections ‒ 80(plain) and/or 443(SSL): in order for client to access SM ‒ 5222: initiate OSAD connections (connection type (2)) to SM/SMProxy
  • 14. 14 Network connectivity Firewall rules: SUSE Manager Proxy • Inbound connections ‒ 5222: for incoming OSAD connections (connection type (2)) from clients ‒ 5269: for push actions to SM ‒ 22: in case the Proxy is used to access clients with the “Push via SSH Tunnel” contact method • Outbound connections ‒ 80(plain) and/or 443(SSL): in order for SMProxy to access SM ‒ 4545: in order for SMProxy to access Monitoring daemon on clients ‒ 5269: for push actions with SM
  • 15. 15 Network infrastructure services SUSE Manager as deployment server 1/2 Two necessary roles for deployment: ‒ DHCP server ‒ Serving basic network configuration ‒ Serving “next-server” parameter ‒ Deployment server ‒ Serving bootloader and bootloader configuration ‒ Serving unattended installation answer files (AutoYaST, Kickstart) ‒ Serving installation images and packages
  • 16. 16 Network infrastructure services SUSE Manager as deployment server 2/2 Basic Considerations: • SUSE Manager can perform both aforementioned roles. • Existing DHCP servers may be used, however the served “next-server” parameter must point to SUSE Manager. • To be deployed managed systems don't necessarily have to be on the same L2 LAN as SUSE Manager. • DHCP Relays may be used when deploying managed systems
  • 17. 17 System requirements SUSE Manager ‒ Physical / Virtual machine ‒ 64bits Intel/AMD ‒ RAM: ‒ 4GB (minimal) ‒ 8GB (recommended) ‒ Disk: ‒ 30GB for installation, ‒ 100 GB for repository mirrors SUSE Manager clients ‒ SLES 10: ‒ SP3 LTSS, SP4 LTSS ‒ x86, x86_64, Power, System z, Itanium ‒ SLES 11: ‒ SP3 or SP2 LTSS, SP1 LTSS ‒ x86, x86_64, Power, System z, Itanium ‒ SLES 12: ‒ GA ‒ x86_64, Power, System z, Itanium ‒ RHEL 5,6,7: ‒ x86, x86_64 PoC Test clients ‒ At least 4 VMs
  • 18. 18 Database Considerations Considerations for Choosing a DB External Oracle DB Embedded Postgres DB Additional costs yes no 3rd party DB access (eg. reporting) yes yes SUSE Manager deployment supported by SUSE yes yes See also: ● SUSE Manager Documentation: Database Requirements ● Database HOWTO on SUSE Manager Wiki
  • 19. 19 Database Considerations Database preparation for Oracle If deploying SUSE Manager with an external Oracle DB, you'll need to prep your DB. Please make sure that an Oracle DBA performs these instructions(*) ! (*) http://wiki.novell.com/index.php/SUSE_Manager/RDBMS#Additional_Setup
  • 20. 20 Checklist / BOM in preparation for deployment • Choose deployment scenario • SUSE Manager Server ‒ Prepare physical or virtual system ‒ Network resources: reserve Hostname, IP address ‒ Database (Postgres/Oracle) ‒ Customer Center ‒ Entitlement for SUSE Manager ‒ Customer Center: credentials corporate account(s) containing product entitlements • Database (only in case of Oracle) ‒ Provision DB ‒ DB credentials ‒ Apply DB requirements • Network ‒ Firewall rules (if applicable) ‒ to Internet ‒ to the managed clients ‒ Proxy settings/credentials ‒ DNS: Add record(s) for SUSE Manager Server ‒ Configure DHCP “next-server” parameter for deployments (if applicable)
  • 21. 21 Questions If you prefer email, please direct your questions to gnyers@trebut.com, srickerd@suse.com or atortola@suse.com. (click on above link to open your email client) The slides are available via the SUSECon website and via Slideshare.
  • 22. Thank you. 22 For more information on SUSE Manager please visit www.suse.com/products/suse-manager/
  • 23. Corporate Headquarters Maxfeldstrasse 5 90409 Nuremberg Germany +49 911 740 53 0 (Worldwide) www.suse.com Join us on: www.opensuse.org 23
  • 24. Unpublished Work of SUSE. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary and trade secret information of SUSE. Access to this work is restricted to SUSE employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of SUSE. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. SUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for SUSE products remains at the sole discretion of SUSE. Further, SUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All SUSE marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.