Meet Christine Puccio: Breaking Cloud Barriers at SUSE

In the three months since Christine Puccio joined SUSE as Global VP of Cloud, a huge wave of energy has swept across the cloud team. It’s received extra visibility and cloud is now getting the excitement about the opportunity ahead.

I caught up with the transformation powerhouse behind this shift to ask her about herself and the opportunity she sees for cloud at SUSE.

Tell us a bit about yourself, Christine

“I’m a native Californian, living with my daughter in Oakland, on the opposite side of the Bay from San Francisco. 

During my career I have embraced different roles in sales, marketing – contracting, and partnering, across companies like Sun Microsystems, RedHat, and NGINIX, (which was acquired by F5 Networks) and JFrog. This work has allowed me to work with SAP, Microsoft, Google, AWS and other software companies which have given me immense experience in technology innovation and driven my appetite to become a leader within the IT and Cloud Sector.

What has been your most proud moment (in your career)?

I am very proud of the work I did at Red Hat leading the global SAP alliance. While at Sun, I led the SAP Americas market development strategy and learned the business. I translated that to Red Hat where the competition was steep as SUSE was dominating the SAP space! I then led the negotiation of RHEL for SAP HANA – bringing Red Hat’s business with SAP from thousands (USD) to multiple millions (USD) in less than a year. 

It’s interesting to now be at SUSE, realizing how large this business is and how happy I was just to get a small portion (at Red Hat).

What’s your approach to transformation?

“I find Geoffrey Moore’s book, Zone to Win: Organizing to Compete in an Age of Disruption very inspiring. He talks a lot about four quadrants: product, performance, incubation, and transformation. But I think the most important thing I took from him is that a company can’t transform if people aren’t behind it.

In a recent article about the value of Open Source software, it talks about the rise in terms of benefits vs. costs. From my perspective, it’s not just technical benefits but people benefits. A developer who contributes to open source learns about other developer perspectives, they learn new skills, tools and technologies. Also, contribution gives you confidence and an opportunity to build your reputation. The same can be said about tapping into a diverse workforce. It just makes good business sense. 

“Transformation is an opportunity to build and scale – bringing ideas, people, and technologies together is the perfect recipe for innovation. That is exactly the open source model. I am a builder at heart. The cloud team are also builders. SUSE’s power is adding value to open source and we need to amplify that. That’s how, together, we’re going to build a world-class cloud business for SUSE.”

What’s the cloud opportunity for SUSE?

“The opportunity is for SUSE to stand up a new business: marketplaces. Customers are continuing to move workloads to the cloud and many ISVs have created a fast path to consume software through the marketplace. So, marketplaces are now the place to be. However, the marketplace is just one component. We are looking at an entire end-to-end Cloud GTM approach that has our new business with the marketplace – but also incorporates our first party offers with SLES and SLES for SAP. SUSE is one of the few in the industry in which customers can choose a variety of ways to purchase. 

• Directly on their consumption contract or 
• Through the marketplace. 

We are designing our Go-to-Market (GTM) to capitalize on both motions. 

This strategy allows SUSE to be a top technology partner, where customers have committed spend with the cloud providers. With over $300B in unspent committed funds, we are now positioned to help customers design a platform to support their workloads in the cloud.

“The question for SUSE is ‘How do we participate?’ We are continuing with our ongoing strategy for the need to make it easy for customers to purchase SUSE solutions that tap into their committed spend and spend it with us. We’re already a leading open source company – the opportunity is for us to continue to dominate the market, but increasingly through the marketplace channel.

“That’s not to say that GSI’s and channel partners are any less important. They’re massively important to our growth with the cloud. We are working on some exciting programs that include incentives and co-sell opportunities across all three clouds, providing SUSE the opportunity to co-sell with all its partners. It’s about growth, not substitution.

“Hyperscalers provide the platform and the marketplace – our key objective is to architect our offerings to transact through each marketplace. We need to think of a listing as a product, with its own lifecycle, and get Product, Alliances, Sales, Partners, Marketing and Operations aligned.

What will be the key factors that customers are looking for from the cloud in 2024?

I’ve found that there are 4 key themes that customers are thinking about.

1. Security: Customers are looking for cloud providers that offer robust security measures to protect their data and applications from cyber threats. NeuVector Prime and Rancher Prime solutions offer real-time compliance, visibility, and protection for critical applications and data during runtime.
2. Portability: Customers want to be able to move their applications and data between different cloud providers or back to on-premise infrastructure without significant disruption. NeuVector Prime and Rancher Prime solutions provide information on optimizing cross-cloud workload portability and scale in a consistent way that satisfies KPIs and addresses compliance and security requirements.
3. Scalability: Customers require cloud infrastructure that can scale up or down quickly to meet changing business needs. NeuVector Prime and Rancher Prime solutions provide container-based solutions that offer automatic deployments, portability, scalability, multi-cloud capabilities, and openness.
4. Speed: Customers expect cloud infrastructure that can deliver fast and reliable performance for their applications and services. NeuVector Prime and Rancher Prime solutions provide Linux kernel updates to mitigate security risks and vulnerabilities, allowing customers to keep their SUSE product patched and up to date.

What’s the most important thing in a successful transformation?

“People”.

“First you need executive support. Cloud is CEO-level driven at SUSE. It has cross-functional engagement and workstreams with leads who make sure we meet the KPI’s from each stream. I have enjoyed helping to build this structure and cadence. The success of cloud at SUSE is because of the leaders and sponsors who have supported the strategy. Our GM and SVP of Global Ecosystems has been critical to drive the importance and a true support of the business. Her openness to change models and look at “the art of the possible” with our ecosystem partners has been a game changer. I know the SUSE leadership team has my back in what we’re doing and that is such a winning recipe.

“We’ve already restructured the cloud sales team to align closer to our sales and partner teams with a specific focus on co-sell with the providers. We’re also hiring a few marketplace blackbelts to handle the multi-million-dollar custom deals through marketplaces. It’s really exciting! 

I encourage the team to take risks. Ask the question, “what would have to be true to make this happen”. To scale and grow a business, it takes risk. I’ve fallen down many times, but I’ve always learned in the process. You can’t grow unless you take risks. I see the team coming along with our change with such confidence. I am in this with them and repeat over and over – Success will always be at the end.

“I love helping people in their careers. I’m a mentor as much as a leader. I want people to find and harness their own superpower and amplify it. In fact, changes were made on the team to do just that. If we continue to do that, individually and as a company, we will undoubtedly ignite a spectacular new future for SUSE in the cloud. That’s what really excites me.”

Join the conversation 

Send us an email at cloud@suse.com with your thoughts and/or questions. And, watch this space for more on SUSE’s cloud transformation journey and hear more about how we’re Getting Loud About Cloud.

Follow Christine Puccio on LinkedIn.

AWS users can now find a usage-based Rancher Prime listing on the AWS Marketplace. Like the previous contract listing, this is a fully supported version on Rancher, but now offered on a pay-as-you-go basis.

Rancher Prime: Simplifying Container Orchestration

Rancher Prime, a widely acclaimed container management platform, has joined the AWS Marketplace, a solution to efficiently deploy, manage, and scale container applications from AWS.

Rancher Prime benefits as an AWS Marketplace monetized offering:

1. EDP Efficiency: Users can capitalize on EDP discounts, ensuring cost-effectiveness in orchestrating containers from AWS. Rancher’s integration with the marketplace ensures it aligns with AWS’s commitment to providing value-driven solutions.
2. Streamlined Procurement: By choosing Rancher Prime from the marketplace, users benefit from a simplified procurement process. The already approved purchase method ensures a seamless experience in acquiring and implementing Rancher Prime for container orchestration.

Pricing Options:

Rancher Prime has a six tier pricing model, the same as the one used for data center implementations. This pricing approach is very cloud friendly and was designed to properly support bursting use-cases. Monetization is through AWS and leverages a monthly on-demand usage model based on the same average node count model.

The usage tiers that govern pricing discounts are:

• 5-15 nodes:  $450 per node per month*
• 16-50 nodes: $321 per node per month
• 51-100 nodes: $221 per node per month
• 101-250 nodes: $175 per node per month
• 251-1000 nodes: $142 per node per month
• >1000 nodes: $100 per node per month

* There is a 5 node minimum on monthly usage.

You can find the marketplace offers at:

Rancher Prime

https://aws.amazon.com/marketplace/pp/prodview-f2bvszurj2p2c?sr=0-10&ref_=beagle&applicationId=AWSMPContessa

Rancher Prime (EMEA Orders Only)

https://aws.amazon.com/marketplace/pp/prodview-ocgjwd5c2aj5i?sr=0-12&ref_=beagle&applicationId=AWSMPContessa

Deployment Flexibility

With this new usage-based marketplace offering, you have several deployment options, all of which take advantage of the inherent usage discounts. This is made possible by leveraging the control plane for each product that is installed into EKS. With the control plane within EKS, it is possible to manage downstream Kubernetes clusters everywhere. (Managed clusters can run anywhere, but will appear as a logical extension of the control plane in AWS EKS.)

This means that the downstream clusters will monetize through the AWS marketplace regardless of where they are deployed. If they are all in EKS, all is good. But even if they are not, with managed clusters on-premise, in a hybrid deployment, or elsewhere, the marketplace control plane will still govern and monetize all managed clusters. The bottomline, with this new usage-based marketplace offering, you get to take advantage of the node usage discounts and apply them to your entire federated deployment, and monetize through the marketplace regardless of the deployment scenario.

Take the leap towards enhanced container management and orchestration on AWS by exploring Rancher Prime on the Marketplace today.

There’s big news from SUSE and Amazon Web Services (AWS) this week, as SUSE extends its commitment to AWS and our joint customers.

First, SUSE NeuVector Prime has achieved Amazon Elastic Kubernetes Service (Amazon EKS) Ready designation from AWS. This prestigious designation recognizes full-lifecycle container security solution NeuVector Prime, which is currently available on AWS Marketplace, as a validated software solution, ensuring flawless integration with Amazon EKS and Amazon EKS Anywhere. Amazon EKS customers can now easily identify and have access to an AWS architect-validated security solution that is ready to run on premises or the edge, with proven architecture and adherence to best practices. Customers spend less time evaluating solutions and more time scaling their use of solutions on AWS.

In addition, SUSE Rancher Prime is now available on AWS Marketplace (US/ROW users | EU/UK users). Top Kubernetes management solution Rancher Prime allows customers to take full control of clusters on Amazon EKS as they import, observe, secure and configure all clusters from the Rancher management console. Rancher Prime provides best-in-class security with end-to-end auditing of clusters under management to ensure compliance, along with GitOps-based cluster management and provisioning.

Achievement of the Amazon EKS Ready designation and the availability of the best integrated Kubernetes management and security solution in Rancher and NeuVector on AWS Marketplace is a testament to SUSE’s commitment to delivering high-quality solutions that cater to the evolving needs of AWS customers. SUSE remains dedicated to helping businesses achieve and maintain their technology goals by leveraging the agility, extensive service offerings, and rapid pace of innovation provided jointly by SUSE and AWS.

SUSE’s Amazon EKS Ready designation and growing portfolio of offerings on AWS Marketplace are significant milestones in the ongoing collaboration between SUSE and AWS. They not only showcase SUSE’s commitment to providing top-tier solutions, but they also reinforce our dedication to empowering businesses with the tools they need to thrive in the rapidly evolving landscape of cloud computing. As businesses increasingly turn to Kubernetes for their container orchestration needs, SUSE ensures that customers have a trusted, proven partner to navigate the complexities of Kubernetes deployments on AWS, on premises or at the edge.

As customers continue to invest in important business technology — such as launching a new consumer-facing app, developing a business line built around AI, or expanding into a new market — they all  inadvertently create cyber vulnerabilities.  According to PWC, over the next five years, cyber risks join climate change, inflation, macroeconomic volatility and geopolitical conflict in the top tier of risk exposure.

Microsoft Azure users can now find SUSE NeuVector and Rancher products on the Azure Marketplace. This strategic move not only expands the Azure ecosystem but also offers users enhanced security and container orchestration capabilities.

SUSE NeuVector: Fortifying Container Security

SUSE NeuVector Prime, a leading container security solution, is now accessible directly through the Azure Marketplace as a marketplace monetized offering. With a focus on threat detection and prevention in containerized environments, SUSE NeuVector provides a comprehensive security blanket for your Azure workloads.

Benefits of SUSE NeuVector on Azure Marketplace:

• MACC Advantage: Leveraging Microsoft Azure Committed Consumption (MACC) discounts, users can optimize their costs while ensuring top-notch container security. This not only enhances financial efficiency but also aligns with Microsoft’s commitment to providing flexible and cost-effective solutions.
• Approved Purchase Method: The availability of SUSE NeuVector on the Azure Marketplace streamlines the procurement process. Users can benefit from an already approved purchase method, reducing the complexity of acquiring cutting-edge security solutions.

Pricing Options:

SUSE NeuVector on Azure Marketplace offers flexible pricing options to cater to various user needs. Whether you’re a small business or an enterprise, you can choose a plan that aligns with your requirements.

This is the first fully enterprise supported NeuVector presence on Azure’s Marketplace where support comes directly from SUSE. Monetization is through Azure and leverages a monthly on-demand usage model. And to make the usage model cloud friendly, discount tiers are built-in to the pricing model and are automatically applied as usage grows.

There are six price tiers that govern the usage discounts. Note, usage is based on average monthly rate, not the maximum monthly count, keeping this as a cloud friendly and burst friendly usage model.

The usage tiers are:

• 5-15 nodes:  $112 per node per month*
• 16-50 nodes: $105 per node per month
• 51-100 nodes: $98 per node per month
• 101-250 nodes: $91 per node per month
• 251-1000 nodes: $84 per node per month
• >1000 nodes: $78 per node per month

* There is a 5 node minimum on monthly usage.

Explore SUSE NeuVector on Azure Marketplace

NeuVector on Azure marketplace: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/suse.neuvector-prime-llc?tab=Overview

NeuVector for EMEA orders: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/suseirelandltd1692213356027.neuvector-prime-ltd?tab=Overview

Rancher: Simplifying Container Orchestration

Rancher Prime, a widely acclaimed container management platform, has joined the Azure Marketplace, a solution to efficiently deploy, manage, and scale container applications on Azure.

Like NeuVector, Rancher benefits as an Azure Marketplace monetized offering:

• MACC Efficiency: Users can capitalize on MACC discounts, ensuring cost-effectiveness in orchestrating containers on Microsoft Azure. Rancher’s integration with MACC aligns with Azure’s commitment to providing value-driven solutions.
• Streamlined Procurement: By choosing Rancher from the Azure Marketplace, users benefit from a simplified procurement process. The already approved purchase method ensures a seamless experience in acquiring and implementing Rancher for container orchestration.

Pricing Options:

Rancher also has a six tier pricing model that offers the same cloud and burst friendly attributes. Monetization is through Azure and leverages a monthly on-demand usage model based on the same average node count model.

The usage tiers that govern pricing discounts are:

• 5-15 nodes:  $450 per node per month*
• 16-50 nodes: $321 per node per month
• 51-100 nodes: $221 per node per month
• 101-250 nodes: $175 per node per month
•  251-1000 nodes: $142 per node per month
• >1000 nodes: $100 per node per month

* There is a 5 node minimum on monthly usage.

Rnacher on Azure marketplace: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/suse.rancher-prime-llc?tab=Overview

Rancher for EMEA Orders: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/suseirelandltd1692213356027.rancher-prime-ltd?tab=Overview

Deployment Flexibility for both NeuVector and Rancher

With both of these marketplace offerings, you have several deployment options, all of which take advantage of the inherent usage discounts. This is made possible by leveraging the control plane for each product that is installed into AKS. With the control plane within AKS, it is possible to protect and manage downstream Kubernetes clusters as a single logical deployment. (Downstream clusters can run anywhere, but will appear as a logical extension of the application’s control plane residing in AKS.)

This means that the downstream clusters can monetize through the Azure marketplace regardless of where they are deployed. If they are all in AKS, all is good. But even if they are not, with logically controlled downstream clusters on-premise, in a hybrid deployment, you are still good. The bottomline, with the application’s AKS controlled control plane, you get to take advantage of the node usage discounts and apply them to your entire logical deployment, monetizing through the marketplace regardless of the deployment scenario.

The availability of SUSE NeuVector and Rancher on Azure Marketplace marks a significant step forward in the collaboration between these industry-leading solutions and Microsoft Azure. Users can now fortify container security and streamline orchestration with the assurance of MACC benefits and approved purchase methods.

Take the leap towards enhanced container security and orchestration on Microsoft Azure by exploring SUSE NeuVector and Rancher on the Azure Marketplace today. 

When you run your SAP on-premises, nobody doubts you need a dedicated, certified Linux environment with enterprise support to run this business-critical application. But what happens when you need to run the new containerized SAP Integration Suite component on-premises? Why an enterprise-supported Kubernetes like SUSE’s Rancher Prime is needed and why you should consider a standalone Kubernetes environment is what we are going to explain in this blog.

In the ever-evolving landscape of SAP Cloud adoption, two fundamental considerations emerge: the role of a secure Kubernetes infrastructure and the necessity of running on-premises integration components. SUSE’s Rancher Kubernetes, included in Rancher Prime, has been selected by SAP as one of the first on-premises supported enterprise Kubernetes platforms for running integration components. As previously done by SAP with SAP Data Intelligence, SUSE is chosen by default again as a trusted Kubernetes provider to run SAP containerized software. This choice prompts us to delve deeper into the criticality of integration layers and the platforms that support them.

The SAP Edge Integration Cell: Keeping Your Data and Applications Secure

At the heart of this discussion is the “SAP Integration Suite,” with a pivotal on-premises component known as the “SAP Edge Integration Cell.” This integration software serves as the linchpin that seamlessly connects your on-premises applications and data with the evolving SAP Cloud, all within the secure confines of your data center. By avoiding direct connections between the Cloud and on-premises applications, it safeguards data confidentiality and ensures the security of your on-premises operations, as explained in the blog “Keeping sensitive data on-premise with Edge Integration Cell”. This synergy aligns perfectly with SAP’s strategic shift towards cloud-based solutions, empowering your business to embrace the future of SAP while maintaining the integrity of your on-premises operations.

The Key Question: How Critical is SAP Integration for Your Business?

As you contemplate the significance of SAP Cloud integration for your business, consider this: What happens if the connection between SAP Cloud and your billing system or factory is disrupted? The answer is clear: if your SAP integration layer is down, your business is stopped, making downtime not an option. And there is the derivative question: what happens if your Kubernetes environment is compromised and a hacker can breach it? It means security is not optional. These questions underscore the importance of choosing an enterprise-supported software platform, just as with any other critical SAP software. Such a platform is essential for quickly resolving incidents and ensuring uninterrupted business operations. When you are talking about on-premises environments, only SUSE’s RKE2 (Rancher Kubernetes Environment) supported in Rancher Prime will offer today the enterprise-grade support needed. An enterprise-supported and secure platform to run this integration layer becomes paramount to ensure the reliability of your system. SUSE, with its extensive experience, is well-equipped to support this critical SAP environment. Rancher Prime, in turn, provides the necessary infrastructure, much like SUSE Linux Enterprise Server for SAP Applications supported SAP HANA for years.

Why use my own Kubernetes environment in my SAP project

As you contemplate the multifaceted world of SAP Cloud integration, another pivotal consideration emerges: the significance of deploying your own Rancher Kubernetes environment within your SAP department.

SAP Integration in a Containerized World

Like many other modern applications, the new Edge Integration Cell for SAP’s Integration Suite is designed for and operates on a Kubernetes based container management environment. Nevertheless, relying on your existing corporate Kubernetes environment for the SAP Integration may not always be the best solution because existing general-purpose Kubernetes environments may not have a specific SAP architecture in terms of availability, life cycle and security. Moreover, not all Kubernetes platforms are certified to host the SAP integration components, so you need a solution tested and trusted for business-critical SAP solutions like the new Edge Integration Cell.

Therefore, there will be challenges that need to be addressed before adopting a Kubernetes environment for your SAP integration layer, some of the most relevant will be:

Avoid Delays in the SAP Project and Control the SAP Environment.

A Company’s corporate Kubernetes environment typically falls under the purview of a separate IT department, distinct from the SAP department and partners in charge of the SAP projects. This department separation can lead to delays in project execution due to the need for interaction and coordination between these departments. A dedicated Kubernetes environment may help you avoid delays and enhance control over the SAP Integration project.

The Criticality of the Integration Layer

The SAP Integration Suite plays a central role in connecting critical SAP and enterprise non-SAP applications that handle confidential data. Many corporate Kubernetes environments within organizations are multitenant setups, overseeing thousands of containers, each subject to its security measures and Service Level Agreements (SLAs). Unfortunately, this complex setup often falls short of meeting the criticality and security requirements of the SAP integration layer. And changes in a corporate environment are not easy to manage.

Near to Your Applications Environments, Anywhere Including Edge

Another compelling reason to consider the “SAP Edge Integration Cell” and its supporting infrastructure is its proximity to your connected applications. This proximity might entail various locations, including edge environments, such as factories. These will require a Kubernetes environment flexible enough to fit in any environment where Kubernetes is required. Rancher is an ideal choice for this approach, as its architecture is more compact compared to most other enterprise Kubernetes solutions, allowing for a wider set of scenarios and topologies covered, from the edge to enterprise-grade datacenters.

In multi-site scenarios like edge environments, the addition of Rancher Management Server becomes invaluable for seamlessly managing multiple locations in a centralized way. Additionally, SUSE’s Harvester virtualization solution empowers your SAP project by enabling the deployment of virtualization environment appliances in edge locations to run Rancher Kubernetes clusters. Harvester backed virtualization appliances can efficiently convert any virtualization needs and allocate the required virtualized resources with the flexibility needed for your SAP projects

SUSE’s Rancher Prime: Streamlining Management

To overcome these challenges, deploying your own dedicated, simple Kubernetes environment within your SAP department for SAP projects becomes an appealing solution. This dedicated environment operates like a specialized appliance designed to efficiently run the necessary SAP components.
In this complex landscape, SUSE’s Rancher solutions provide the necessary tools and support to expedite and simplify SAP environment deployment, management, and security. This approach ensures that you can keep pace with your SAP projects, meet the critical SLAs required for SAP operations, ensure business continuity, and most importantly, operate within an SAP-certified platform. This alignment with industry standards and best practices secures the efficiency and security of your SAP environment.

Conclusion:

As we navigate the intricate world of SAP Cloud integration, one truth becomes evident: the integration of your on-premises processes with the cloud is not a matter of choice but a necessity for uninterrupted business operations. The secure and reliable platform you choose to run these integration layers serves as the foundation for your success.
With SUSE’s Rancher Prime offering, you have the experience, infrastructure, and tools you need to safeguard your critical SAP environment and confidently embrace the future of SAP. Your strategic decisions in this ever-evolving landscape pave the way for efficient SAP management practices, unwavering security, and compliance with industry standards, positioning your organization for a successful journey into the SAP Cloud era.

Introduction

In this blogpost we will show how to use one of the new and interesting features Rancher 2.8 brings, Rancher Turtles, it will help you deploy clusters using Cluster API (CAPI).

It is an addition to the existing methods for deploying Kubernetes clusters using Rancher and it’s currently in early access technology state but expected to become fully supported in future versions.

Now with Rancher Turtles and the help of Fleet, Rancher’s GitOps tool, we can automate your clusters lifecycle on platforms that support CAPI in an easy manner.

When a provider supports CAPI, it means we can instruct them, using a common API, to provision and manage the resources we need for our cluster, without having to resort to use their platform-specific APIs. CAPI makes our job easier since we can have our Kubernetes clusters in a hybrid environment without too much customization and this allows us to easily switch providers if there is a need to do so.

What is CAPI?

CAPI stands for Cluster API and it is a “Kubernetes sub-project focused on providing declarative APIs and tooling to simplify provisioning, upgrading, and operating multiple Kubernetes clusters.” ( source: https://cluster-api.sigs.k8s.io/ ).

It is meant to help manage the lifecycle of Kubernetes clusters, independently if they are deployed on premises or in the cloud, making it platform agnostic, allowing you to define common cluster operations.

It is not meant to manage the lifecycle of the infrastructure underneath the clusters that is not required for Kubernetes to run, manage clusters spanning across different infrastructure providers or to configure cluster nodes other than at the creation or upgrade times.

For more information we recommend you to check The Cluster API Book ( specially the introduction and concepts part )

Setup Rancher Turtles (optional)

As mentioned in the introduction, Rancher Turtles is the technology that allows us to integrate with different CAPI providers, it doesn’t come by default with older versions of rancher but if you want to try it on an older cluster, this is how it can be done.

Requirements: Rancher 2.7 or higher

From the console, disable the embedded CAPI feature:

kubectl apply -f feature.yaml

---
apiVersion: management.cattle.io/v3
kind: Feature
metadata:
name: embedded-cluster-api
spec:
value: false
...

kubectl delete mutatingwebhookconfiguration.admissionregistration.k8s.io mutating-webhook-configuration

kubectl delete validatingwebjookconfigurations.admissionregistration.k8s.io validating-webhook-configuration

Add the Rancher Turtles repository

Now we switch to the management cluster, and add the Rancher Turtles application repository:

helm repo add turtles https://rancher-sandbox.github.io/rancher-turtles

Install Rancher Turtles

helm -n rancher-turtles-system install rancher-turtles --create-namespace --set cluster-api-operator.cert-manager.enabled=false

Please note that Cert Manager is currently a requirement for Rancher Turtles. In this example we assume it’s installed, but, if you wish for the operator to install it automatically, please set cluster-api-operator.cert-manager.enabled=true (default option).

Install additional CAPI provider

kubectl apply -f capd-provider.yml

---
apiVersion: v1
kind: Namespace
metadata:
name: capd-system
...
---
apiVersion: operator.cluster.x-k8s.io/v1alpha1
kind: InfrastructureProvider
metadata:
name: docker
namespace: capd-system
spec:
secretName: capi-env-variables
secretNamespace: capi-system
...

After this we are ready to provision a new cluster following GitOps principles.

Provisioning a new cluster following GitOps with Fleet!

We have talked about how CAPI makes it easy for you to deploy clusters in different platforms without having to learn new APIs and apply a lot of customization for each of them, now we are going to show you how we can use this CAPI definitions with Fleet to manage Kubernetes clusters following GitOps principles.

This will be the process:

After the repository is configured in Fleet or, later on, when somebody makes a change to it.

Fleet will check those changes and when a CAPI cluster definition is found, Fleet will pass it on to Rancher Turtles.

Afterwards Turtles will process the file and contact the CAPI provider/s specified which will proceed to create the Cluster/s:

Since we are talking about new features and Fleet, it is worth mentioning the new coming version of Fleet incorporates a particularly exciting feature:

Drift reconciliation

With this we can now tell fleet that if a resource doesn’t match what has been defined in our GIT repository, it should overwrite it to leave it in the same state, we will create a new blog post about it with more details.

Configure Fleet

First, we will add our git repository to fleet, where we have the instructions.

Remember fleet by itself doesn’t deploy any cluster, it just triggers the process; the actual deployment is executed by the infrastructure provider.

kubectl apply -f myclusters-repo.yaml

---
apiVersion: fleet.cattle.io/v1alpha1
kind: GitRepo
metadata:
name: clusters
namespace: fleet-local
spec:
repo:
https://github.com/rancher-sandbox/rancher-turtles-fleet-example.git
branch: main
paths:
- clusters
...

With this, when fleet detects a change in the repository “main” branch, on the path “/clusters”, it will apply the changes we have defined automatically.

Please note this is just an example, we can customize this repository definition to incorporate more complex conditions but the same concept remains.

So the process of adding clusters is streamlined; creating the cluster definition and approving the pull request should be the only steps required to have a new cluster ready.

Extra: Did you notice we are deploying on fleet-local namespace? If you are curious and want to know more please follow this link.

Configure rancher

Now we can go to rancher and indicate that we want to auto import all the clusters in the namespace where we load the CRDs.

To do so we will simply run the following command to enable rancher-auto-import feature

kubectl label namespace <mynamespace> cluster-api.cattle.io/rancher-auto-import=true

Notice in this example, the cluster definitions are introduced in the namespace “default”.

After a while we can see in Rancher “Cluster Management” section the new cluster has been imported and appears like any other cluster we are managing.

Explore the newly deployed cluster using CAPI

By clicking on the “Explore” button on the right side of the cluster we can manage it like with any other cluster in rancher.

If we copy the kubeconfig into our system and, for concenience, we run the following command to set it as the default to be used by kubectl and other tools:

export KUBECONFIG=<my-new-cluster-kubeconfig-file>

Or specify it on the command line of our tool of choice.

We can start running commands to verify it works, for example:

kubectl get pods -A -w --insecure-skip-tls-verify

Which should show us the pods running on the new cluster.

Conclusion

We have seen how easy it is to do GitOps with Rancher and Fleet by using CAPI and how this new feature opens new possibilities for automation and easy management of Kubernetes clusters.

We have seen how we can do this from the command line, but in the future Rancher will incorporate an UI extension to manage Turtles directly from the web UI, stay tuned!

For more information about Rancher Prime and how we can help your business to grow further and be more secure and agile with containers technology please visit our website.

If you want to learn more about Rancher, please feel free to download our free “Why rancher?” whitepaper, join one of our Rancher Rodeos or join Rancher Academy.

👉 For more information about SUSE products and services, please don’t hesitate to contact us.

SUSE collaborates with Microsoft Azure to secure and safeguard the SAP landscape. Last year we published a blog post with an overview of the high availability solutions on Microsoft Azure by SLES for SAP Applications. Recently several new solutions have been released to help customers reduce downtime and enhance security.

High Availability Solutions

In the recent SAP on Azure Video Podcast, two exclusive SUSE solutions were introduced. The recording is available on YouTube.

1. Fast-dying HANA index server HA Solution

By extending the integration between HANA database and Pacemaker cluster, this solution detects failing SAP HANA indexserver processes, triggers a fast takeover to the secondary site, and significantly reduces the recovery time when HANA indexserver crashes. When SAP HANA indexserver dies, it takes a very long time for the service to fail completely to a point that a failover can be triggered by cluster. However, the long dying time doesn’t match customer SLA. SUSE has implemented this fast-dying indexserver solution. It proactively checks the HANA status change, and based on the pre-configured rules, triggers failover if it’s indexserver loss. As the result, the recovery time after indexserver failure can be reduced, depending on the size of the HANA database, from as long as 1.5 hours that we have observed, to minutes. This solution supports HANA 2.0 SPS 05 or newer, in both Scale-Up and Scale-Out architectures. This SUSE blog contains the technical details: Emergency Braking for SAP HANA Dying Indexserver

Please check Azure documentation that has been updated with the configuration of the susChkSrv hook to supports this solution.

2. Simple Mount Structure for NetWeaver ASCS/ERS HA Solution

Classic ASCS/ERS HA solution uses “Filesystem” resource to manage the shared file system of the instances. However, in certain cases the architecture had issues, thus customers, including SAP HEC who runs SUSE HA solutions, demanded a more robust solution.

SUSE has released a different architecture especially useful in the cloud environment, where NFS is commonly used for the shared filesystems. Shared file systems are no longer managed by the cluster. Instead, they are mounted at OS boot. SUSE created a resource agent “SAPStartSrv”, yes, the same name as the SAPStartSrv framework, because the job of the resource agent is to manage the SAPStartSrv service of the ASCS and ERS, respectively, so it only starts on the corresponding node. This solution is supported on SLES for SAP Applications 15, already certified by SAP HA-Interface certification. Azure is the first cloud that has adopted this solution, now the default for any new implementation. Azure configuration guide “High-availability SAP NetWeaver with simple mount and NFS on SLES for SAP Applications VMs” can be found here.

For the complete list of supported HA solutions for SAP, please check this one-stop reference: Supported High Availability Solutions by SLES for SAP Applications.

Live Patching

No disruption during patching is a critical principle for operational efficiency. SUSE has extended support of live patching from kernel to user space, to enhance security compliance and reduce planned downtime. OpenSSL and glibc, two dependencies of SAP HANA, are the libraries commonly affected by security vulnerabilities. Without the User Space Live Patching, a patch on these libraries will require a system reboot. Now, customers can avoid expensive reboot, for up to 1 year, to enhance the uptime of in-memory HANA databases and other mission critical workloads.

Pre-Hardened SLES for SAP Applications Images

To improve overall security, SUSE provides hardened images SLES for SAP Applications 15, based on combination of government and industry standards STIG and CIS, minus rules that can only be applied after instance creation. The profile pcs-hardening-sap.profile is available in the ComplianceAsCode repository. It serves as a baseline for customers to further customize depending on individual application needs. The images are available in both BYOS and PAYG consumption models on Azure Marketplace.

Validation and Monitoring

Complex HA deployments can often fail because of the lack of insights. Issues may not be fixed in a timely manner, leading to outages. Configuration errors are one of the main causes behind outages. These often take the form of minor issues that snowball into a major disruption. Therefore, it’s important to have a clear view of the SAP landscape during operations.

SUSE provides solutions to identify configuration issues and drifts in the Day-2 operation. SUSE Trento provides insights into the SAP landscape to help businesses discover, monitor, and proactively fix SAP system problems with a single console.

Trento 2.0 was recently released with exciting enhancements. Check the announcement here.

SLES for SAP Applications

SLES for SAP Applications is the leading Linux platform for SAP HANA, SAP NetWeaver and SAP S/4HANA solutions and is endorsed by SAP. It consists of the technical components to accelerate SAP deployment, minimize downtime, and increase operational efficiency. The pre-built images of SLES for SAP Applications are available in the Azure Marketplace with significant cost saving options.

SUSE Services

SUSE ASSIST: Optimization Services

This service is ideal for when you are ready to optimize your infrastructure via technical health checks, fine-tune solutions to meet new business demands or integrate new solutions. Optimization Services ensures that you continue to deliver high quality IT services after migrating to Microsoft Azure.

SUSE Premium Support Services

Premium Support Services is an optimization offering for those enterprises that want a direct relationship with named technical professionals, who provide in-depth and custom support services for business-critical production environments. The premium services team is backed by SUSE technical support, product management, and engineering. Since SUSE Premium Support engineers are also experts in HA solutions, the service is highly recommended to any SAP customers running HA solutions.

Find Out More

SUSE Azure Alliance landing page: https://www.suse.com/partners/alliance/microsoft/

Contact SUSE: azure@suse.com

This blog is posted on behalf of Bob Fidrych, Global Alliance Director at SUSE for HPE

As HPE Discover Barcelona fast approaches, I wanted to share three highlights that you can expect from SUSE, a silver sponsor of the event.

1. Revolutionize your edge operations

In today’s fast-paced digital landscape, the demand for streamlined operations is higher than ever. Cloud-native solutions are at the forefront of this transformation, offering flexibility, scalability, and efficiency. SUSE, in partnership with HPE, provides organizations with robust, open-source solutions that empower them to adapt and thrive in this rapidly changing environment.

By harnessing the power of edge computing, companies can bring computation and data storage closer to where it’s needed, reducing latency and improving performance. This is especially critical for industries like manufacturing, healthcare, and retail, where real-time data processing is paramount.

If you’re looking for an edge solution that can revolutionize your IT operations, making them more efficient and seamless, then drop by Booth 1012, and let us demonstrate how SUSE and HPE have collaborated to bring the best of breed technologies and services for customers to build, run and manage the entire application infrastucture stack required for Edge Analytics ecosystems.

More information will also be shared during this breakout session – Using SUSE and HPE solutions for cloud-native edge – where Senior Technology Strategist, Bryan Gartner will share how this solution seamlessly provides agile approaches to user roles and interfaces, model pipelines, data pipelines, device management and zero-trust security. He’ll also demonstrate how you can get meaningful insights as close to the sources of data as necessary, and show how Rancher solutions can be used in-junction with HPE Ezmeral Data Fabric to transfer and store your data.

2. Get an edge with the power of open source

The joint SUSE and HPE solution is built on SUSE’s open source technologies. The technologies included in this solution have a strong and established history and a large number of contributors from the open source community.

Take the example of K3s, a lightweight Kubernetes distribution ideal for running production workloads across resource-restrained, remote locations or on IoT devices. You can see from this chart, the difference in adoption and number of contributors compared to other available distributions:

What this means for you is a tech stack that is robust, and which is also adaptable and customizable to fit your specific needs. This level of flexibility is invaluable in a world where one-size-fits-all solutions no longer suffice.

3. One-stop enterprise support through HPE

One of the most compelling aspects of the SUSE and HPE cloud-native edge solution is the ability to purchase via HPE or your HPE partner. This means that you’re not only getting cutting-edge technology, but also a hassle-free experience when it comes to support and maintenance.

Whether it’s troubleshooting, updates, or any other technical assistance, you can rely on HPE’s dedicated team to provide prompt and effective solutions. This streamlined approach ensures that you can focus on what matters most – driving your business forward.

The Green Chameleon Rules!

The SUSE team is looking forward to seeing you at HPE Discover Barcelona. Let’s talk about how we can help you bring computation closer to where it’s needed, so your business can be more efficiency and accelerate innovation.

Come talk to our experts at the SUSE Booth – 1012 at HPE Discover Barcelona, and you can also pick up a green chameleon plushie – the perfect souvenir from Barcelona – along with tips on how you can simplify your operations with cloud-native edge solutions!

This is a guest blog by Udo Würtz, Fujitsu Fellow, CDO and Business Development Director of the Fujitsu’s European Platform Business. Read more about Udo, including how to contact him, below.

In the dynamic world of artificial intelligence (AI), businesses are constantly faced with the challenge of how to best utilize their resources. While cloud solutions, with their flexibility and scalability, seem like an appealing option, they come with their own set of disadvantages. This is where the hybrid AI Test Drive shines: an innovative solution that merges the most important aspects of on-premise and cloud technologies.

What is the AI Test Drive?

The AI Test Drive is not a simple test system. It’s a comprehensive solution designed specifically to provide data scientists with the infrastructure they need to run their projects efficiently and effectively. Think of it as a template for a hybrid environment that allows users to take advantage of both worlds – on-premise and in the cloud – as part of on-premise, usage-based billing.

Advantages of the Hybrid AI Test Drive Over Pure Cloud Use:

Cost Control:

A pure cloud approach can become expensive in the long run, especially with consistent data traffic and intensive usage. The hybrid AI Test Drive offers a mix of local and cloud resources, allowing users to save costs by working locally and switching to the cloud only when absolutely necessary.

Optimized Data Transfer:

The necessity to upload vast amounts of data to the cloud can be both time-consuming and costly. With the hybrid approach, businesses can work locally, process data efficiently, and only tap into cloud resources when it makes sense, thus minimizing transfer costs.

Enhanced Security and Compliance:

Data is the lifeblood of any AI project. Therefore, it is often important for companies to keep sensitive data in their local environment, reducing the security risks associated with cloud storage. At the same time, they can take advantage of the cloud without compromising data security and compliance. These aspects are covered by the AI Test Drive as part of a reference infrastructure including software stack.

Independence and Flexibility:

Another downside to pure cloud solutions is potential dependency on a specific provider. The AI Test Drive gives users the freedom to use services from various providers and switch as needed without being wholly invested in one infrastructure.

Pay-per-use On-Premise Billing:

Perhaps one of the most relevant aspects of the AI Test Drive is its billing model. While traditional on-premise solutions often demand high initial investment costs, the AI Test Drive offers pay-per-use billing, (facilitated through uSCALE) much like cloud services but done locally. This ensures businesses only pay for what they genuinely use while enjoying the benefits of a local infrastructure.

The Case for Hybrid Infrastructure for AI Deployments:

At a time when data and AI are becoming increasingly important to businesses, having the right infrastructure is key. Hybrid infrastructure offers a forward-looking solution that meets the specific needs of enterprises and helps them leverage the best of both worlds.

Rather than opting for a pure cloud or on-premise solution, it provides a bridge between the two and adapts to the ever-changing needs of businesses. It is therefore time to rethink the traditional approach and consider a flexible, secure and cost-effective solution that is tailored to the needs of the modern AI era.

Now You Can Evaluate Your AI Projects Practically & Technically:

The Fujitsu AI Test Drive amalgamates tried-and-true technologies into a cohesive platform, granting data scientists the ability to evaluate their AI projects both pragmatically and technically. By accessing such deep technological resources, users can pinpoint the tools and infrastructure that best align with their unique AI challenges.

Share your idea and we share knowledge and resources.

What is your vision for a business model that fully exploits the possibilities of innovative IT concepts? Do you already have a vision that you are implementing concretely? Or do you still lack the necessary resources on the way from the idea to realization, for example technical expertise, budget and sufficient test capacities?

We’re pleased to introduce the Fujitsu Lighthouse Initiative, a special program, designed to foster prototyping and drive technological endeavors, ensuring businesses harness the full potential of emerging technologies.​ The initiative isn’t just about gaining support for your Digital Innovation and prototyping projects; it’s a pathway to joint project realization. Selected projects can benefit from a project support pool of €100,000, to be used tailored to these project’s unique requirements. Together, we will leverage Fujitsu’s resources, expertise, and vast ecosystem to turn visionary ideas into tangible outcomes.

Register today for the Fujitsu Lighthouse Initiative.

See also the previous blog in this series: Business and operational security in the context of AI

Related infographic

About the Author:

Udo Würtz is Chief Data Officer ( CDO of the Fujitsu European Platform Business. In his function he advises customers at C level (CIO, CTO, CEO, CDO, CFO) on strategies, technologies and new trends in the IT business. Before joining Fujitsu, he worked for 17 years as CIO for a large retail company and later for a Cloud Service Provider, where he was responsible for the implementation of secure and highly available IT architectures. Subsequently, he was appointed by the Federal Ministry of Economics and Technology as an expert for the Trusted Cloud Program of the Federal Government in Berlin. Udo Würtz is intensively involved in Fujitsu’s activities in the fields of artificial intelligence (AI), container technologies and the Internet of Things (IoT) and, as a Fujitsu Fellow, gives lectures and live demos on these topics. He also runs his own YouTube channel on the subject of AI.