Overview of Red Hat Enterprise Linux for SAP Solutions Subscription

Red Hat Enterprise Linux for SAP Solutions 8

Red Hat Customer Content Services

Abstract

This publication provides a technical description of Red Hat Enterprise Linux for SAP Solutions subscription’s features and how it can support SAP business applications, such as SAP NetWeaver, SAP S/4HANA and the SAP HANA platforms.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code and documentation. We are beginning with these four terms: master, slave, blacklist, and whitelist. Due to the enormity of this endeavor, these changes will be gradually implemented over upcoming releases. For more details on making our language more inclusive, see our CTO Chris Wright’s message.

Providing feedback on Red Hat documentation

We appreciate your feedback on our documentation. Let us know how we can improve it.

Submitting feedback through Jira (account required)

  1. Make sure you are logged in to the Jira website.
  2. Provide feedback by clicking on this link.
  3. Enter a descriptive title in the Summary field.
  4. Enter your suggestion for improvement in the Description field. Include links to the relevant parts of the documentation.
  5. If you want to be notified about future updates, please make sure you are assigned as Reporter.
  6. Click Create at the bottom of the dialogue.

Chapter 1. Introduction to Red Hat Enterprise Linux for SAP Solutions

Red Hat Enterprise Linux for SAP Solutions is a SAP specific offering, tailored to the needs of SAP workloads such as SAP NetWeaver, SAP S/4HANA and SAP HANA platform.

1.1. Red Hat Enterprise Linux for SAP Solutions

Built on the foundation of Red Hat Enterprise Linux (RHEL) for SAP Applications with its packages and components, in addition to this foundation, the RHEL for SAP Solutions subscription includes the following:

  • SAP-specific technical components to support SAP S/4HANA, SAP HANA, and SAP Business Applications.
  • SAP-specific High Availability solutions for SAP S/4HANA, SAP HANA, and SAP Business Applications.
  • RHEL System Roles for SAP for automation of operating system configuration to run SAP workloads.
  • SAP tailored Red Hat Insights Dashboard and Smart Management helps streamline operations and to reduce costs
  • Update Services for SAP Solutions or Extended Update Support (EUS), providing support for specific minor RHEL releases for up to four years from General Availability. See the RHEL Life Cycle web page for more information about EUS and Update Services for SAP Solutions.
Note
  • Update Services for SAP Solutions is only provided with RHEL for SAP Solutions. It is not available on any other RHEL products.
  • Update Services for SAP Solutions is only provided on specified minor RHEL releases, which may be different from the EUS releases.
  • The RHEL for SAP Solutions subscription may be used with Red Hat Enterprise Linux 6, but it does not include Update Services for SAP Solutions. However, EUS is available on specific RHEL 6 releases, and it can be used under the RHEL for SAP Solutions subscription to allow for easier migration.

Chapter 2. How business continuity is achieved with SAP Solutions

High availability and disaster recovery solutions for SAP are essential. Tier-1 application outages are costly and disruptive to the business. Even short periods of planned downtime for maintenance events such as software updates or hardware upgrades can negatively impact the end-user, IT productivity, as well as critical business processes.

Red Hat Enterprise Linux for SAP Solutions subscription provides high-availability SAP solutions as well as SAP HANA tested in-place upgrades and live patching capabilities for critical and important Common Vulnerabilities and Exposures (CVEs).

2.1. Red Hat Update Services for SAP

Red Hat Update Services provides up to four years of support, including security patches and critical fixes for select minor releases of Red Hat Enterprise Linux. When you upgrade to the next minor release, binary compatibility and kernel stability ensure that your system remains stable and that both SAP and custom applications continue to execute smoothly.

2.2. Red Hat Insights dashboard for SAP

Red Hat Insights analyzes IT infrastructure against Red Hat’s constantly expanding knowledge base to provide real-time assessment for risks related to performance, availability, stability, and security. Previously an independent service offering, Red Hat Insights has further evolved into a family of proactive monitoring services and is included into the Red Hat Enterprise Linux subscription. RH Insights will help customers gain better operational efficiency and support in security and compliance risk management. For more information on Red Hat Insights, see Red Hat Insights product page.

RHEL for SAP Solutions customers will gain the following benefits by using Red Hat Insights for monitoring your SAP environment:

  • Auto detection and profiling of SAP workloads
  • Intuitive grouping by SAP SystemID or within SAP dashboard
  • SAP application specific recommendations, facts, and filter rules
  • Support of automated remediation through corresponding Ansible playbooks for SAP
  • Support of configuration drift analysis and policies based e.g. by SAP System ID

Additional resources

2.3. Red Hat Enterprise Linux High Availability solutions for SAP

Red Hat Enterprise Linux High Availability Add-on provides all the necessary packages for configuring a pacemaker-based cluster that provides reliability, scalability, and availability to critical production services. In addition, the components for the Red Hat High Availability solutions for SAP NetWeaver, S/4HANA and SAP HANA

RHEL for SAP Solutions also provides the components required for support of the SAP HA interface. The interface allows customers to manage SAP ABAP application servers, which are controlled by the Red Hat HA solutions for SAP that uses SAP management tools like SAP MMC or SAP Landscape Manager.

Additional resources

2.4. Kernel Live Patching

Kernel live patching allows customers to patch a running RHEL kernel with selected critical and important CVEs without rebooting the system. This provides operational efficiency to support mission critical infrastructure underpinning SAP business applications, where downtime is not an option, and security responsiveness is required.

For more information about the kernel live patching solution and how it works, see the Red Hat Knowledgebase solution:

Note

Kernel live patching is supported starting with version 7.7 and 8.1 and above

2.5. In-place operating system upgrades

As part of the RHEL for SAP Solutions subscription, Red Hat provides validated in-place upgrades of underlying operating system in context of SAP workloads. An in-place upgrade offers upgrading the RHEL system to a later major release of RHEL by replacing the existing operating system without removing applications. Doing so can greatly reduce the costs, for example, highly expensive hardware for an SAP HANA in-memory database does not need to be purchased twice.

Additional resources

Chapter 3. Security and SAP Solutions

Enterprises usually have substantial compliance requirements based on the industry, type of customers, geographic location, and more. Such requirements may need specific certifications, cryptographic modules, and support for encryptions. With Red Hat Enterprise Linux for SAP Solutions, Red Hat delivers a stable, security-focused, high-performance foundation for SAP business applications to support such requirements and provide an easy way to set and validate compliance policies.

3.1. SELinux for SAP production environments

SELinux is a security technology for process isolation to mitigate attacks via privilege escalation. SELinux is enabled on RHEL 8 by default and security policies for system processes are maintained by Red Hat. However, this does not apply to 3rd party applications, such as SAP HANA and S/4HANA. In previous releases, it was recommended to completely disable SELinux on RHEL when installing SAP software.

This has now changed with RHEL for SAP Solutions, and customers may use SELinux in the context of production SAP HANA and S/4HANA deployments.

Additional resources

3.2. SAP HANA disk encryption with NBDE

Red Hat uses the Policy-Based Decryption (PBD) process by using multiple technologies to enable the unlocking of encrypted root and secondary volumes of hard drives.

Network Bound Disk Encryption (NBDE), delivered along with Red Hat Enterprise Linux, is a subcategory of PBD that allows binding encrypted volumes to a special server known as a tang server.

Tested for compliance with SAP HANA, customers of RHEL for SAP Solutions can use NBDE to run SAP HANA DB with encrypted hard drives leveraging automated unlocking capabilities via Tang server.

Additional resources

3.3. File access policy Daemon for SAP

File access policy Daemon fapolicyd is a technology provided in RHEL to determine access rights to files based on a trust database and file or process attributes. It helps customers to ensure data remains protected even in case an attacker has successfully gained control over certain processes.

Chapter 4. SAP Automation and Performance

4.1. RHEL System Roles for SAP

The Red Hat Enterprise Linux System Roles for SAP, provided exclusively with the Red Hat Enterprise Linux for SAP Solutions subscription, removes human error from complex and repetitive SAP configuration tasks, such as configuration of a Red Hat Enterprise Linux system for installation of SAP HANA or SAP NetWeaver software.

Customers can use RHEL system roles for SAP to enforce SAP best practices for configuration and setup of both SAP NetWeaver and SAP HANA deployments based on RHEL.

Additional resources

4.2. tuned

To ensure that RHEL is configured appropriately to best support SAP workloads, the RHEL for SAP Solutions provides tuned profiles “sap” and "sap-hana", which contain many of the SAP best practices and some additional configure settings.

Additional resources

4.3. Compatibility libraries

RHEL for SAP Solutions provides additional GCC runtime compatibility libraries required by newer SAP NetWeaver and SAP HANA releases. These GCC runtime compatibility libraries can be installed independently of the standard GCC runtime libraries provided by RHEL.

4.4. Smart Management

The RHEL subscription includes the Smart Management Add-on to provide easy management and updates of Red Hat Enterprise Linux systems by using Red Hat Satellite Server.

Chapter 5. Differences between RHEL for SAP Applications and RHEL for SAP Solutions

Red Hat Enterprise Linux for SAP Solutions subscription contains more features and capabilities than our lightweight RHEL for SAP Applications subscription. The following table lists the technical differences between the two subscriptions.

FeatureRHEL for SAP ApplicationsRHEL for SAP Solutions

Software packages for SAP NetWeaver: Repository rhel-7-SAP / rhel-8-SAP-NetWeaver (check the SAP-specific technical components table for a list of components)

X

X

Software packages for SAP HANA: Repository rhel-7-SAP-HANA / rhel-8-SAP-Solutions (check the SAP-specific technical components table for a list of components)

 

X

RHEL High-Availability Add-On

 

X

RHEL System Roles for SAP

 

X

Extended Update Support (EUS)

Only in Premium

X

Update Services for SAP Solutions (E4S)

 

X

Smart Management Add-On

 

X

Insights

X

X

Note

All future solutions for SAP applications are planned to be added to the RHEL for SAP Solutions repository. See the datasheet Red Hat Enterprise Linux for SAP Solutions for more information.

5.1. Overview of the RHEL for SAP Applications repository

The SAP-specific software packages are available with both, the RHEL for SAP Applications and the RHEL for SAP Solutions subscription.

5.2. Overview of the RHEL for SAP HANA repository

The SAP-specific software packages are available only with the RHEL for SAP Solutions subscription.

  • rhel-system-roles-sap (only in RHEL 7.7 Batch Update 3 and later): Provides the automated RHEL system preparation of a local or remote server for the installation of SAP HANA or SAP NetWeaver, including required packages, kernel parameters, and network parameters. rhel-system-roles-sap has the ability to be integrated into Red Hat Satellite Server and Red Hat Ansible Tower. For more information, see Red Hat Enterprise Linux System Roles for SAP.
  • compat-sap-c++: Provides additional runtime compatibility libraries required by newer NetWeaver and HANA releases. These libraries are installed independently of the standard runtime libraries provided by RHEL.
  • tuned profiles-sap-hana: Provides the sap-hana tuned profile to tune RHEL for running SAP HANA.
  • resource-agents-sap-hana: Resource agents and other components for managing SAP HANA Scale-Up System replication. For more information, see the Red Hat Knowledgebase article Supported Scenarios of Automated SAP HSR in HANA Scale-Up.
  • resource-agents-sap-hana-scaleout: Resource agents and other components for managing SAP HANA Scale-Out System replication. For more information, see the Red Hat Knowledgebase article Supported Scenarios of Automated SAP HSR in HANA Scale-Out.

5.3. SAP related software packages and repositories

The following table contains an overview of the SAP-specific technical components that are included in the respective repositories:

5.3.1. RHEL 7

Packagerhel-7-SAP(*)rhel-7-SAP-HANA(*)

compat-locales-sap

X

 

compat-sat-c++

X

X

resource-agents-sap

X

 

resource-agents-sap-hana

 

X

tuned-profiles-sap

X

 

tuned-profiles-sap-hana

 

X

sapconf

X

 

rhel-system-roles-sap

 

X(**)

_vhostmd/vm-dump-metrics

X

 

(**) starting with RHEL 7.7

(*) Use the following list to identify the full repository labels:

rhel-7-SAP:

  • rhel-sap-for-rhel-7-<arch>-rpms
  • rhel-sap-for-rhel-7-<arch>-eus-rpms
  • rhel-sap-for-rhel-7-<arch>-e4s-rpms

rhel-7-SAP-HANA:

  • rhel-sap-hana-for-rhel-7-<arch>-rpms
  • rhel-sap-hana-for-rhel-7-<arch>-eus-rpms
  • rhel-sap-hana-for-rhel-7-<arch>-e4s-rpms

<arch> denotes the specific hardware architecture as follows:

  • "server"(for x86_64)
  • "for-power-le" (for ppc64le)
  • "for-power" (for ppc64)
  • "for-system-z" (for s390x)
Note

e4s repos are only available for hardware architectures x86_64 and ppc64le.

5.3.2. RHEL 8

Packagerhel-7-SAP(*)rhel-7-SAP-HANA(*)

compat-locales-sap

X

 

compat-sat-c++

X

X

resource-agents-sap

X

 

resource-agents-sap-hana

 

X

tuned-profiles-sap

X

 

tuned-profiles-sap-hana

 

X

rhel-system-roles-sap

 

X

_vhostmd/vm-dump-metrics

X

 

(*) Use the following list and examples to identify the full repository labels:

rhel-8-SAP-NetWeaver:

  • rhel-8-for-<arch>-sap-netweaver-rpms
  • rhel-8-for-<arch>-sap-netweaver-eus-rpms
  • rhel-8-for-<arch>-sap-netweaver-e4s-rpms

rhel-8-SAP-Solutions:

  • rhel-8-for-<arch>-sap-solutions-rpms
  • rhel-8-for-<arch>-sap-solutions-eus-rpms
  • rhel-8-for-<arch>-sap-solutions-e4s-rpms

<arch> denotes the specific hardware architecture as follows:

  • x86_64
  • ppc64le
  • s390x
Note

e4s repos are only available for hardware architectures x86_64 and ppc64le.

Legal Notice

Copyright © 2023 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.