Data Mission Critical Storage

Protecting your most vital applications and data with HPE Mission Critical Software

5
(3)

Maximize application uptime and accelerate security compliance

In our connected 24×7 economy, experiencing downtime for most applications has become cost-prohibitive for business, not only financially but also in loss of reputation. Minimizing downtime has long been a core tenet of IT teams the world over, especially those working with vital applications such as enterprise resource planning, core banking, electronic healthcare and more. In HPE, we have vast experience and proven solutions in the mission-critical computing space. We start at the infrastructure level with our well known mission-critical servers, with a unique and comprehensive set of built-in RAS (reliability, availability, and serviceability) capabilities that result in high levels of single-system uptime. Single-system availability is of great value, and a fundamental component of any mission-critical environment; but it´s not enough when the end result must be maximum application uptime across the IT stack. Ultimately, the business cares about the availability of business functionality, and that comes directly from the applications. And so, application-targeted high availability is paramount for this type of IT deployment.

Together with the need for continuous application availability, data security and data integrity are top of mind for businesses worldwide. Security threats continue to increase, and with them, damaging cyberattacks and data breaches that translate into loss of revenue and more importantly and costly, loss of customer trust. Securing environments and complying with security policies and guidelines is often a time-consuming, error-prone manual process that is difficult to scale throughout the data center.

In order to address the challenges of maximizing application uptime, minimizing disruption when failures occur and ensure IT environments are compliant with security standards and policies, we offer two software suites that complement our mission-critical platforms to protect your enterprise and those workloads and data that are of highest value to you and your customers. One of them is a leading high availability and disaster recovery solution, HPE Serviceguard for Linux, and the other is in the security compliance space, HPE Workload Aware Security for Linux. Both these offerings run on top of the standard Linux distributions and help protect environments regardless of the underlying HPE platform; in other words, they are compatible not only with HPE mission-critical servers including HPE Superdome Flex, but also with HPE ProLiant, HPE Synergy, HPE Apollo and more.

 

Say “no” to downtime with HPE Serviceguard for Linux

HPE Serviceguard for Linux (SGLX) is a high availability (HA) and disaster recovery (DR) clustering solution that increases uptime for your critical applications. Over a thousand customers worldwide protect their mission-critical business operations with SGLX. It is supported with any x86_64 server and SCIS 3 compliant storage and is available on RHEL, SUSE and Oracle Linux. It also works and complements standard virtualizations stacks such as VMware, Hyper-V and KVM.

Maximizing application availability

There are two major operational scenarios in which SGLX helps protect your business:

Unplanned downtime: In this scenario, you experience a failure that you did not expect and SGLX can help reduce the impact of unplanned downtime through a variety of ways:

  • Fast detection and unattended recovery: With the ability to detect failures in as little as 4 seconds, SGLX offers application protection from a multitude of infrastructure or application faults, across physical or virtual environments that are spread over long distances.
  • Avoid operator errors: Human error is at the root of many IT outages. SGLX provides fully automated recovery eliminating the need for any human intervention. It also provides features such as cluster verification which help you prevent operator errors.
  • Graceful failover: In failover scenarios where the primary node is not fully down, SGLX gracefully shuts down a failing application instance to ensure it can be ready for the next recovery quickly.

 

 

All of this is done without any compromise of data integrity, which is of paramount importance when dealing with vital applications and sensitive data.

Planned downtime: this scenario is a standard aspect of regular IT operations, whenever teams have to take systems, applications and databases down whether for maintenance, patching or other planned reasons. SGLX helps you achieve near-zero planned downtime with advanced features such as Rolling Upgrades and Live Application Detach. Rolling Upgrades allow you to move the application to a standby node as you perform upgrades on another cluster node. Live Application Detach allows you to freeze a particular cluster node or the entire cluster and perform maintenance operations without having to move or shutdown the application.

One of the most valued aspects of SGLX is its application-centric approach to high availability. HPE has developed a set of integration toolkits that provide out-of-the-box solutions for many popular databases and applications including SAP HANA, SAP NetWeaver, S/4 HANA, Oracle, Microsoft SQL and others. Because of the complexity of these applications/databases, appropriate handling when those services crash, hang, or restart is critical to rapid and transparent recovery.  The integration toolkits greatly simplify and accelerate the integration of these complex applications into a standardized and proven framework. They handle initial integration of these applications into a cluster, as well as provide ongoing monitoring, failover, and failback operations of the clustered application. This means you get it done right and faster, saving much time and effort versus doing it yourself.

Extending protection in case of a disaster

Outages due to catastrophic events are something you can’t entirely avoid, but can certainly prepare for. SGLX helps you against site outages, not only when your data centers are located on different floors of a building, but even separate buildings, different cities, or even continents. Regardless of distance, you can survive the loss of a data center and maintain access to critical data and applications with a suite of disaster recovery solutions that can seamlessly extend your high availability deployment with no changes to your operations. Depending on your specific requirements, we offer different choice points based on distance and data replication types to fulfill a wide array of demands. This results in data centers that are resistant to multiple points of failure and to singular, massive failures.

Nissan leverages HPE Serviceguard for Linux for high availability and disaster recovery
Nissan North America deployed its production SAP HANA database in a SUSE Linux® operating environment running on an HPE mission-critical platform. The solution includes HPE Serviceguard for Linux, which replicates SAP HANA data to a second platform for high availability and a third one for disaster recovery. In tests, Serviceguard for Linux delivered a data recovery point of 15 minutes, a significant improvement over the previous recovery point of 24 hours. Recovery time improved from 48 hours previously to two hours with HPE Serviceguard for Linux.

Accelerate security compliance for SAP HANA and Linux environments with HPE Workload Aware Security for Linux (WASL)

Most organizations still follow a traditional approach in securing IT environments, with professionals manually hardening hundreds of systems, assisted by guidelines and scripts. The industry-standard repository Center for Internet Security (CIS) publishes best practices and some scripts to determine Linux security compliance. And in the case of SAP environments, SAP publishes SAP HANA security guides that are several hundred pages long. The downside of these manual processes is that they are prone to human error and consume significant time to evaluate, remediate, deploy and maintain security compliance.

In Europe, the Data Protection Directive 95/46/EC has recently been replaced with the EU General Data Protection Regulation (GDPR), effective May 25, 2018. From this date, organizations are expected to be compliant, and remain compliant going forward. Ever-changing industry rules and regulations put additional stress on security professionals to maintain system security policies.

WASL helps you achieve security compliance for Linux and SAP HANA environments

If you are deploying SAP HANA appliances or TDI solutions, you need to adhere to the SAP HANA security guidelines. If you are deploying Linux mission-critical applications, you need to meet CIS security compliance. HPE tests found that out-of-box Linux distributions can be only about 50% compliant to industry standards. To directly address these challenges, HPE recently introduced a single-click security product—HPE Workload Aware Security for Linux (WASL). WASL is designed to provide efficient, industry-standard compliance at the operating system and application levels. Unlike other products in the market that rely on security services or have solutions that require substantial effort to configure, WASL uses an automated security compliance process as it meets industry standards. With WASL, you can reduce the security compliance deployment time for Linux operating system instances and SAP HANA workloads from days to minutes.

Ensure industry-standard compliance with an intuitive push-button security compliance tool

HPE WASL automates the rules laid out by the Center of Internet Security (CIS) for Linux at the operating system level and by SAP for SAP HANA at the application level, and then turns them into default policies. WASL hardens both the OS instance and the SAP HANA application achieving over 90% security compliance. The remaining 10% requires user input like a password or a file location for logs. WASL also maintains easy-to-comprehend logs and generates detailed actionable reports, which help users understand and make necessary changes if required.

WASL’s consolidated dashboard—Security Management Station (SMS)—provides a graphical interface to add and remove nodes, check compliance, remediate non-compliance issues and, if needed, rollback to a previous version of security compliance. WASL also adds customized policies and generates audit reports. Because HPE understands the need for strict, role-based security responsibilities, WASL provides the ability to define and enable security roles such as user administrator, policy officer, security operator, security administrator, security auditor and administrator.

HPE IT leverages HPE WASL to secure most sensitive platforms
“HPE WASL allowed us to harden our Linux images to the CIS benchmarks in minutes. Additionally, it allows us to track progress of the platform hardening posture as we work toward our final state of a fully hardened platform. This tool is very easy to use and the reporting is clear and concise; this allows us to share the output with non-technical teams and jointly formulate techniques to close any identified security gaps. This tool has become a fundamental piece of our arsenal for securing our most sensitive platforms.”
– Tim Ferrell, Master Cybersecurity Architect, HPE

 

Strengthen your Linux environment with proven HPE mission-critical software solutions

Increasing the availability of your critical applications and ensuring your systems comply with the latest security policies are surely at the top of your priority list. To help you address the challenges inherent to these significant undertakings, HPE can help you with proven software solutions. Click here to learn more about HPE Serviceguard for Linux and HPE Workload Aware Security for Linux. You can also listen to these short podcasts:  Say “no” to downtime with HPE SGLX and The Value of HPE WASL. And finally, we have trial options for both software suites. Find download instructions and other key information here: SGLX 90-day Trial | WASL 30-day Trial.

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 3

Leave a Comment