Thursday, December 8, 2011

Updating SUSE Linux Enterprise based appliances

Recently a number of questions regarding the options for updating SUSE Linux Enterprise (SLE) based appliances were posted to the mailing list / forum. This article provides insight into this subject matter.

In SUSE Studio it is just as easy to create an appliance based on SLE as it is to create an openSUSE based appliance. One of the differences in the choice of the base distribution (SLE or openSUSE) is that SUSE Linux Enterprise is the "pay for" distribution developed and maintained by SUSE, while openSUSE is a community developed and maintained distribution. SUSE Linux Enterprise offers hardware certification, exceptional reliability, stability, and the backing of the industries best support team.

An appliance built with SLE in SUSE Studio contains all updates available at the time. However, the appliance does not contain the repository configuration necessary to receive future security and bug fix updates.

Update repositories for SUSE Linux Enterprise are accessed through the Novell Customer Center (NCC) and require appropriate credentials. Credentials for NCC are part of the various support offerings for SLE available from SUSE. The offerings can be grouped into 3 levels:
  1. Basic Support
  2. Standard Support
  3. Priority Support
Details about the SUSE support offerings can be found here. Maintenance updates are available to subscribers for up to 10 years.

Update management for appliances follows four models, depending on the use case and the number of appliances. We'll look at these models in more detail below.

Distribution of a SLE based appliance

In this case you basically fall into the ISV category, whether or not you actually bundle your own software with the appliance is immaterial. Your value add can simply be bundling open source software that is not supported by SUSE, and you support it for your customers.

In this model of using SLE in an appliance you have two options to enable your customers to receive updates. One option basically sets up a 2 way relation ship for your customer, meaning a relationship between your customer and yourself and a relationship between your customer and SUSE. The other option establishes a relationship between yourself and your customer and a relationship between yourself and SUSE, but this latter relation ship is hidden from the customer.

The choice you make determines how you build your appliances and thus you have to think about how you want to handle this ahead of time. For the option that establishes a 2 way "support" relationship you need to include the "yast2-registration" package. Preferably you will include the registration step in the firstboot procedure. With the registration package included in your appliance you can then provide your customer instructions about how to obtain access credentials from SUSE. Once the customer has their access code they can register the appliance with NCC and the update repositories will automatically get added to the appliance. Money flows from your customer to you for the appliance and from your customer to SUSE for the maintenance updates, and support of the base OS if the customer chooses this option.

From an appliance build point of view this is very easy for you, but because of the dual relationship at the customer end this option is a bit more cumbersome for your customer. If you decide that the customer should only deal with you, then your appliance does not get the "yast2-registration" package. In this case you enter into a so called OEM relationship with SUSE.

Through this relationship you get access to the SLE update repositories. Using SUSE Lifecycle Management Server you then make the updates available to the appliances you provide to your customers. In this case you need to setup the SLMS infrastructure and have some server that can be accessed by the appliances you distribute over the Internet. SLMS also allows you to distribute updates over other channels than the wire. Therefore, using this approach makes things a bit easier at your customers end, as the customer only has a relationship with you and the appliance the customer gets is already set up to receive updates. From your perspective things are a bit more involved as you will need to run the SLMS infrastructure.

Obviously there are a number of details in both setups that need to be taken care of but this paints the bigger picture of how things work when you distribute an appliance based on SUSE Linux Enterprise.

In house use of an SLE base appliance

If you do not distribute an appliance based on SLE, but you want to build SLE based appliances for your shop and are interested in getting maintenance updates for these appliances you have 4 options. In any of these 4 options you will have a relationship with SUSE.
The first two options basically mirror the options described above. You can still register each system/appliance/image with NCC using the "yast2-registration" module. You can also run SLMS and update your internal appliances with this mechanism. In this case the SLMS infrastructure does not have to be accessible from the outside world.

The third option is to use the Subscription Management Tool. In this case your appliances register with the SMT server and use it as the source for updates. The SMT server in turn is connected to NCC (Novell Customer Center) and obtains maintenance packages from NCC. In this case you can automate the registration process of your appliances with your SMT server as you will know all the required parameters. This automation can be built right into your appliances and when you deploy any given appliance for the first time all the "magic" happens and your system is automatically is configured to receive updates from your SMT server.

The latest addition to the SUSE product portfolio is SUSE Manager and with it you can also manage your SLE based appliances and other Linux systems. In this case you just build your appliance and then once it's up and running you pull it into the fold of "machines" to be managed by SUSE Manager from within the SUSE manager interface. Following this approach your appliances will then get updates from SUSE Manager, which in turn access' NCC.
On the surface the use of SMT and SUSE Manager may appear quite similar. However, these are two distinct options and the tools (SMT or SUSE Manager) have vastly different capabilities. SMT is a passive proxy between NCC and your appliances, or other SUSE installations. SUSE Manager on the other hand is an application that provides active management capabilities for you appliances and other Linux systems such as, configuration management, monitoring, and logging, and of course update management as mentioned above.

When building appliances based on SLE it is pretty easy to get updates for these appliances. If you distribute these appliances you have two options to provide updates to the appliances in the field. Using SLE based appliances in your shop affords you 2 additional options to handle updates of your appliances.

No comments:

Post a Comment

© 2013 SUSE