Does the following situation sound familiar to you? You get an SAP HANA system without a pre-installed SLES operating system (as part of an HANA tailored data center integration setup) and don’t know what to do? Or you already had an installed SLES operating system (as part of classical SAP HANA appliance shipment), but it does not fit your needs?
While working on my last blog on SAP HANA virtualized, I realized the information is scattered and not easy to follow. It’s also not yet widespread, that SAP changes its perception towards the installation and modification of SAP HANA and the underlying OS installation through customers. While in the early days of the SAP HANA appliance it was forbidden to customers to install OS and SAP HANA software, customers now have the flexibility and trust to install also the SLES operating system on their SAP HANA system themselves. All what remains is to comply with the guidelines & constraints provided by SAP and its hardware / technology partners in regards to installation, configuration and maintenance of the various parts and pieces.
The default installation of Suse Linux Enterprise Server 11 SP2 (SLES) comes, from an SAP HANA point of view, with lots of unnecessary packages. It is around 3 GB big and has more than 1300 packages in it. Shouldn’t we consider a smaller package with only the necessary things in it? – Of course we should! Around 475 packages on 1 GB disk space are enough to operate SAP HANA properly. All you need to do is to start with the “base”-pattern of the SLES installation and add a few more packages required for operating SAP HANA. By excluding the not needed packages from the installation we are already in a much more comfortable situation, as all potential security issues arising from any no longer installed packages are gone. Only the really needed programs are installed on your system, tremendously reducing the possible attack surface.
In the picture on the right you will see our details on operating system & security expectations. First of all we have to cover our basic parts like hardware and software. We opened our mind to storage as a TDI solution and software as an operating system bundle for SAP HANA. When you are using the verified and certified options we give you, the next security requirements are being made from your hardware partner. These are more or less standards that can be found on every server. Once you reach this point you are allowed to tailor the OS to your needs.
I have organized the information about SAP HANA on SLES in SAP Note 1944799. If you are interested in some topics referring to that, feel free to take a look.
VN:F [1.9.22_1171]SAP HANA guidelines for operating system setup ,