Cloud deployments and containerization let you provision infrastructure as needed, meaning your applications can grow in scope and complexity. The results can be impressive, but the ability to expand quickly and easily makes it harder to keep track of your system as it develops.

In this type of Kubernetes deployment, it’s essential to track your containers to understand what they’re doing. You need to not only monitor your system but also ensure your monitoring delivers meaningful observability. The numbers you track need to give you actionable insights into your applications.

In this article, you’ll learn why monitoring and observability matter and how you can best take advantage of them. That way, you can get all the information you need to maximize the performance of your deployments.

Why you need monitoring and observability in Kubernetes

Monitoring and observability are often confused but worth clarifying for the purposes of this discussion. Monitoring is the means by which you gain information about what your system is doing.

Observability is a more holistic term, indicating the overall capacity to view and understand what is happening within your systems. Logs, metrics and traces are core elements. Essentially, observability is the goal, and monitoring is the means.

Observability can include monitoring as well as logging, tracing, continuous integration and even chaos engineering. Focusing on each facet gets you as close as possible to full coverage. Correcting that can improve your observability if you’ve overlooked one of these areas.

In addition, using black boxes, such as third-party services, can limit observability by making monitoring harder. Increasing complexity can also add problems. Your metrics may not be consistent or relevant if collected from different services or regions.

You need to work to ensure the metrics you collect are taken in context and can be used to provide meaningful insights into where your systems are succeeding and failing.

At a higher level, there are several uses for monitoring and observability. Performance monitoring tells you whether your apps are delivering quickly and what resources they’re consuming.

Issue tracking is also important. Observability can be focused on specific tasks, letting you see how well they’re doing. This can be especially relevant when delivering a new feature or hunting a bug.

Improving your existing applications is also vital. Examining your metrics and looking for areas you can improve will help you stay competitive and minimize your costs. It can also prevent downtime if you identify and fix issues before they lead to performance drops or outages.

Best practices and tips for monitoring and observability in Kubernetes

With distributed applications, collecting data from all your various nodes and containers is more involved than with a standard server-based application. Your tools need to handle the additional complexity.

The following tips will help you build a system that turns information into the elusive observability that you need. All that data needs to be tracked, stored and consolidated. After that, you can use it to gain the insights you need to make better decisions for the future of your application.

Avoid vendor lock-in

The major Kubernetes management services, including Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS) and Google Kubernetes Engine (GKE), provide their own monitoring tools. While these tools include useful features, you need to beware of becoming overdependent on any that belong to a particular platform, which can lead to vendor lock-in. Ideally, you should be able to change technologies and keep the majority of your metric-gathering system.

Rancher, a complete software stack, lets you consolidate information from other platforms that can help solve issues arising when companies use different technologies without integrating them seamlessly. It lets you capture data from a wealth of tools and pipe your logs and data to external management platforms, such as Grafana and Prometheus, meaning your monitoring isn’t tightly coupled to any other part of your infrastructure. This gives you the flexibility to swap parts of your system in and out without too much expense. With platform-agnostic monitoring tools, you can replace other parts of your system more easily.

Pick the right metrics

Collecting metrics sounds straightforward, but it requires careful implementation. Which metrics do you choose? In a Kubernetes deployment, you need to ensure all layers of your system are monitored. That includes the application, the control plane components and everything in between.

CPU and memory usage are important but can be tricky to use across complex deployments. Other metrics, such as API response, request and error rates, along with latency, can be easier to track and give a more accurate picture of how your apps are performing. High disk utilization is a key indicator of problems with your system and should always be monitored.

At the cluster level, you should track node availability and how many running pods you have and make sure you aren’t in danger of running out of nodes. Nodes can sometimes fail, leaving you short.

Within individual pods, as well as resource utilization, you should check application-specific metrics, such as active users or parts of your app that are in use. You also need to track the metrics Kubernetes provides to verify pod health and availability.

Centralize your logging

Kubernetes pods keep their own logs, but having logs in different places is hard to keep track of. In addition, if a pod crashes, you can lose them. To prevent the loss, make sure any logs or metrics you require for observability are stored in an independent, central repository.

Rancher can help with this by giving you a central management point for your containers. With logs in one place, you can view the data you need together. You can also make sure it is backed up if necessary.

In addition to piping logs from different clusters to the same place, Rancher can also help you centralize authorization and give you coordinated role-based access control (RBAC).

Transferring large volumes of data will have a performance impact, so you need to balance your requirements with cost. Critical information should be logged immediately, but other data can be transferred on a regular basis, perhaps using a queued operation or as a scheduled management task.

Enforce data correlation

Once you have feature-rich tools in place and, therefore, an impressive range of metrics to monitor and elaborate methods for viewing them, it’s easy to lose focus on the reason you’re collecting the data.

Ultimately, your goal is to improve the user experience. To do that, you need to make sure the metrics you collect give you an accurate, detailed picture of what the user is experiencing and correctly identify any problems they may be having.

Lean toward this in the metrics you pick and in those you prioritize. For example, you might want to track how many people who use your app are actually completing actions on it, such as sales or logins.

You can track these by monitoring task success rates as well as how long actions take to complete. If you see a drop in activity on a particular node, that can indicate a technical problem that your other metrics may not pick up.

You also need to think about your alerting systems and pick alerts that spot performance drops, preferably detecting issues before your customers.

With Kubernetes operating in a highly dynamic way, metrics in different pods may not directly correspond to one another. You need to contextualize different results and develop an understanding of how performance metrics correspond to the user’s experience and business outcomes.

Artificial intelligence (AI) driven observability tools can help with that, tracking millions of data points and determining whether changes are caused by the dynamic fluctuations that happen in massive, scaling deployments or whether they represent issues that need to be addressed.

If you understand the implications of your metrics and what they mean for users, then you’re best suited to optimize your approach.

Favor scalable observability solutions

As your user base grows, you need to deal with scaling issues. Traffic spikes, resource usage and latency all need to be kept under control. Kubernetes can handle some of that for you, but you need to make sure your monitoring systems are scalable as well.

Implementing observability is especially complex in Kubernetes because Kubernetes itself is complicated, especially in multi-cloud deployments. The complexity has been likened to an iceberg.

It gets more difficult when you have to consider problems that arise when you have multiple servers duplicating functionality around the world. You need to ensure high availability and make your database available everywhere. As your deployment scales up, so do these problems.

Rancher’s observability tools allow you to deploy new clusters and monitor them along with your existing clusters from the same location. You don’t need to work to keep up as you deploy more widely. That allows you to focus on what your metrics are telling you and lets you spend your time adding more value to your product.

Conclusion

Kubernetes enables complex deployments, but that means monitoring and observability aren’t as straightforward as they would otherwise be. You need to take special care to ensure your solutions give you an accurate picture of what your software is doing.

Taking care to pick the right metrics makes your monitoring more helpful. Avoiding vendor lock-in gives you the agility to change your setup as needed. Centralizing your metrics brings efficiency and helps you make critical big-picture decisions.

Enforcing data correlation helps keep your results relevant, and thinking about scalability ahead of time stops your system from breaking down when things change.

Rancher can help and makes managing Kubernetes clusters easier. It provides a vast range of Kubernetes monitoring and observability features, ensuring you know what’s going on throughout your deployments. Check it out and learn how it can help you grow. You can also take advantage of free, community training for Kubernetes & Rancher at the Rancher Academy.

Roughly six weeks ago, we launched our new yearly documentation survey on documentation.suse.com.

Participation to date

We are very grateful for all the responses that are coming in.  KUDOS to our SUSE partners: As of now, you are very active and make up two thirds of the survey participants. On the one hand, that’s wonderful. It proves to us that documentation is also an important part of our solutions for our implementation and technology partners. On the other hand, it takes us a bit by surprise.

Our survey addresses all of our technical users who work regularly with the SUSE documentation. It provides a good opportunity to give detailed feedback. That way, you can directly influence what we deliver to support your daily business. Not only you can request improvements such as new categories of documents, changes in structure and layout, or additional topics to be covered, you also influence the general direction we take in documentation.

Reasons to participate

Need proof? During past surveys, you

• told us you need more detailed explanations and solution descriptions. We came up with the SUSE Best Practices series, documents adapted from implementation and usage experiences.
• pointed to the complex structure of documents on the Web page. We answered with the 3-column design, which makes navigation much easier.
• explained that you’d like to see more reference information. Together with our subject matter experts from the Global Alliances teams, we provided you with the Technical Reference Documentation series.
• rightly criticized missing search options on documentation.suse.com. Just recently, we introduced new search capabilities with filters that help you find quickly what you need.
• let us know that you need to understand technology topics and their context. We initiated the (ongoing) Smart Docs project, featuring topic-oriented modular articles to help you keep important information at your fingertips.

These are only a few examples of how your participation and feedback find their way into the documentation. You see, participation pays back 😃.

Call to action

But we would like to see the entire picture. That’s why we’re now specifically asking all customers (and those who want to become one) to grab their pen (uh, keyboard in our case … 😁) and get involved. You use our solutions daily, and in production environments. Thus, your perspective on the documentation might be different than, for example, that of an implementation partner. Just fill out the survey—you can access it via:

• our Web page documentation.suse.com
• the link on the Qualtrics platform
• the QR code below

The survey will be available online for another 4-5 weeks. Give us a few minutes of your time. And you’ll see, it’s worth it. Because over time, you will benefit from it. Thank you!

As we all know, application containerization is prevalent and the preferred application deployment architecture of the day. However, with increased container adoption comes the crucial responsibility of securing these dynamic environments. To help enterprises manage this challenge, SUSE has NeuVector, and per this announcement, is making NeuVector available on the AWS Marketplace as a fully supported enterprise offering.

NeuVector is a market leading container security platform that focuses on protecting applications running in containers and Kubernetes environments. Its value lies in its ability to provide real-time threat detection, vulnerability management, and network segmentation for containerized applications. By ensuring the security of containers and Kubernetes, NeuVector helps organizations prevent unauthorized access, data breaches, and other security risks, ultimately safeguarding their applications and sensitive information.

With today’s listing on the AWS marketplace, SUSE is answering the numerous requests on how enterprises like to do business in the cloud. This is due, in large part, to the prevalence of AWS customers using marketplace purchases to draw down AWS Enterprise Discount Program (EDP) quota. In addition, when using the marketplace to acquire NeuVector, AWS customers can leverage their existing AWS buying programs without having to get approvals for additional vendor specific purchase agreements. This both simplifies the purchase while auto-applying the purchase to the customer’s AWS EDP quota.

A few specifics of NeuVector on the AWS Marketplace

This is the first fully enterprise supported NeuVector presence on AWS’s Marketplace where support comes directly from SUSE. Monetization is through the AWS marketplace and leverages a monthly on-demand usage model. And to make the usage model cloud friendly, discount tiers are built-in to the pricing model and are automatically applied as usage grows.

There are six price tiers that govern the usage discounts. Note, usage is based on average monthly rate, not the maximum monthly count, keeping this is a cloud friendly and burst friendly usage model.

The usage tiers are:

• 5-15 nodes:  $112 per node per month*
• 16-50 nodes: $105 per node per month
• 51-100 nodes: $98 per node per month
• 101-250 nodes: $91 per node per month
• 251-1000 nodes: $84 per node per month
• >1000 nodes: $78 per node per month

* There is a 5 node minimum on monthly usage.

Deployment Flexibility

With the marketplace offering, you have several deployment options, all of which take advantage of the inherent usage discounts. This is made possible by leveraging NeuVector’s capability for federated deployments, the ability to deploy to and natively protect multiple Kubernetes clusters as a single logical deployment. Using federation, downstream clusters can run anywhere, but will appear as a logical extension of the master running in AWS EKS.

This means that as long as the primary (Master) cluster is running in EKS, the downstream clusters can monetize through the AWS marketplace regardless of where they are deployed. If they are all in EKS, all is good. If the downstream clusters are on AWS, but not in EKS, still good. Even if the downstream clusters are on-premise, in the data center for a hybrid deployment, good again. Regardless of the deployment model used, monetization will route through the AWS marketplace. The bottomline, you get to take advantage of the node usage discounts and apply them to your entire federated deployment regardless of the deployment scenario.

Conclusion

The collaboration between NeuVector and AWS Marketplace presents an exciting opportunity for businesses to elevate their container security while taking advantage of their EDP quota and the simplicity of transacting through the AWS marketplace.

In a world where security threats continue to evolve, NeuVector’s presence on AWS Marketplace serves as a beacon of hope, providing customers with the tools they need to safeguard their containerized applications effectively. As the digital landscape evolves, NeuVector remains committed to securing the future of containerization, one innovation at a time.

There are two NeuVector listings within the AWS marketplace:

For EU/UK/Norway locations: https://aws.amazon.com/marketplace/pp/prodview-xkfyjdvvkuohs?sr=0-2&ref_=beagle&applicationId=AWSMPContessa

For locations outside of EU/UK/Norway: https://aws.amazon.com/marketplace/pp/prodview-u2ciiono2w3h2?sr=0-3&ref_=beagle&applicationId=AWSMPContessa

Or simply go to the AWS marketplace and search for ‘NeuVector’.

Savings Are Easier Than You Think

Taking control of your costs in the Cloud

Making the right spending choice is essential in moving to Google Cloud. In any cloud migration journey, cost is central to the business case discussion. In a previous webinar, we reviewed the advantages of purchasing SUSE through the marketplace.

Once upon a time, the story of a customer migrating to Google Cloud

You already had SUSE subscriptions on-premises, and your contract was still valid, so you decided to bring the subscriptions to the cloud through Bring Your Own Subscriptions (BYOS), simply because the project timeline didn’t allow thorough investigation of the options on the cloud marketplace.

However, your purchasing department signed a committed Cloud spend with Google last week. Centralizing supplier purchases in one place is making procurement quicker, more efficient, and cost-effective. It is checking a lot of boxes to meet its business objectives. Their strategy is to increase consumption on the marketplace because they negotiated discounts out of the volume of transactions on the marketplace, and they are asking you if you can prioritize marketplace: Pay-As-You-Go (PAYG) or Committed Use Discounts (CUDs).

IT spending is a core part of the FinOps strategy of your IT department. Your management has decided to reinforce the FinOps strategy and take a close look at your bills; you know that you can make some progress here, but you didn’t really have time to think about it – oops!
On top of that, after a few months of experience with Google Cloud, now that your team fully understands the specificities and advantages of the cloud, you might be wondering why you’re paying for a full-year subscription in BYOS when the VM uptime is only 100 hours a month, that represents roughly 14% of the entire year…

You’re now wondering how to switch your BYOS SUSE subscriptions to Marketplace SUSE subscriptions…

The discussion begins here: “Dear customer, please don’t worry; it’s never too late. We have a solution for you.”
Since SAP HANA databases are normally the largest source of spending, let’s start from there.

Use HANA System Replication to Change the Consumption Model

In most cases, switching instance and consumption models can be tricky and require downtime. The following techniques and procedures can be followed to help customers achieve a smoother process for SAP HANA.

SAP HANA System Replication

SAP HANA system replication (HSR) provides the ability to copy and continuously synchronize an SAP HANA database to a secondary location in the same or another data center. SAP supports using HANA System Replication, for instance, exchange with minimum downtime.

In this technique, the user can set up HANA system replication between the databases running on a BYOS SLES for SAP Applications instance (source) and a PAYG/CUD SLES for SAP instance (target); both are running SAP HANA. The version on the target must be the same or higher, and the configuration, such as SID and Instance Number, must be identical (please refer to the SAP manual for details). Once the source database is replicated to the target system, perform a takeover to make the target system the new primary, direct applications to connect to the new primary HANA database, and unregister the System Replication configuration; now the HANA system is running on the PAYG/CUD instance. The old source instance can be repurposed or disposed of.

The downtime for changing the instance will be the runtime of the takeover from the primary system to the secondary system. Usually, this is within the range of a few minutes. For more information, see SAP Note 1984882: Using HANA system replication for Hardware Exchange with Minimum Downtime.

Prerequisite: Both the source and target instances should be listed in the Certified and Supported SAP HANA Hardware Directory.

Use Case

Because SAP HANA System Replication allows minimum downtime, it has many use cases. The change consumption model is one of them. Other usages include instance resize, instance retirement, OS upgrade, change region, etc. Customers are strongly recommended to perform testing in non-production first.

Conclusion

Converting BYOS Subscriptions into Marketplace Subscriptions is a very common question that we receive from many of our customers; we hope that this blog answers your questions.

If you need any support and want to discuss with the Google Cloud team, please feel free to contact us at google@suse.com. 

By Elodie Mallea and Sherry Yu

Cloud native, edge, security, and AI is where innovation happens today. Next week, Linux will be 32 years old. Is Linux with all its flavours a dinosaur, or can it play a vital role in a cloud native world?

To help answer this question, Vojtech Pavlik, SUSE’s General Manager for Business-critical Linux, discusses the future of the industry, SUSE’s plans for Linux, and its role in a cloud native world.

The cloud drives digital transformation. But while cloud adoption is rapidly growing, many CIOs are still hesitant to move their business-critical workloads to the cloud due to security concerns and/or for regulatory reasons. What role can Enterprise Linux play here?

Linux is the de-facto standard for running business-critical workloads – on premises and in the cloud. You won’t find a hyperscaler who doesn’t offer Linux for the enterprise or one that doesn’t run their own services on Linux. With edge and IoT, the usage of cloud computing will become an enabler for our global sharing economy, driving innovative use cases with massive economies of scale. In my keynote at SUSECON in June, I had the opportunity to converse with leaders from our customers Geberit and MTU Aero Engines, who innovate with SUSE Linux Enterprise (SLE).

But why is Enterprise Linux important for our customers’ transformation to cloud native? SUSE continuously innovates and invests to ensure we deliver the most secure open source software stack, and customers know they can rely on any of our products across our entire product portfolio to rapidly and securely transform to cloud native environments – Enterprise Linux, cloud native technology, and NeuVector for zero-trust full lifecycle security, all in lockstep.

SUSE Linux Enterprise Server (SLES) is certified for Common Criteria in EAL 4+, which includes that software production and delivery processes follow a secure software supply chain: This is a huge advantage for customers in light of NIS-2 regulations, as this certification provides a significant reduction in legal liability because the scope of the evaluation includes the entire security of the software supply chain, which can therefore be considered verified by the German Federal Office for Information Security (BSI).

In addition, with live-patching for the Linux Kernel and user-space, SUSE customers can run critical security updates and serious bug fixes without service interruption. With the help of SUSE Manager, customers simplify and secure their mixed Linux environments – on premises, on the edge or in clouds – to maintain infrastructure security and compliance at any scale.

With our latest version, SUSE Linux Enterprise Server 15, we have also introduced support for Confidential Computing, which sets new standards for protection data in use and thus security in cloud environments. This will be a game-changer for our customers in the adoption of cloud, enabling cloud native transformation.

In your SUSECON Keynote you talked about Confidential Computing, which has been around for several years. What is SUSE’s part here, and what impact does Confidential Computing have on cloud native transformation?

The concept of Confidential Computing has been around for many years, but primarily as a future concept. However, today it has become a reality with the recent emerging of two new technologies for the 64bit AMD/Intel architecture:  AMD’s SEV-SNP and Intel’s TDX. With the proper support of the operating system, customers can now run fully encrypted virtual machines (VM), no matter the environment. That’s why SUSE has been at the forefront of enabling this technology in its Linux operating system products and in Linux generally. SLES 15 SP5 supports the latest system innovations from AMD, Arm, IBM and Intel.

What excites me about Confidential Computing is that customers now have what I call an on-site equivalent privacy, in the cloud and at the edge. An absolute game-changer for secure cloud adoption and securely processing data at the edge or in the cloud. Nobody at the cloud provider or elsewhere can read the data running in the encrypted VMs, not even if a person would get a hold of the actual chip hardware. This makes public cloud and edge a secure environment for every business, even for regulated industries and government organizations as well as for those processing highly confidential data or AI/ML workloads in the cloud.

SUSE Linux Enterprise Server (SLE) has been trusted by enterprises for over 20 years. Is SLE still what customers need, or do you plan new concepts for Enterprise Linux?

Firstly, I’m confident that SLE will be around for many years to come – support for SLE 15 will end in late 2030, and we are currently building SP 6, planning for SLE 15 SP7, and the next generation.

A few years ago, we started thinking about how Linux can be optimized for new and emerging use-cases. Our customers need the best support to enable use-cases at the edge and for everything cloud- and container-native that help them go through the digital transformation that we see in businesses today. Think of intelligent vehicles and many other operations at the edge – the huge amount of compute capacity, speed and high availability that AI/ML workloads require. SLE is a comprehensive all-purpose distribution with more than 1.5 billion lines of code.

We started to introduce new concepts with SLE Micro, an immutable and lightweight operating system. We will be extending its functionalities around modulization and flexibility with our new Adaptable Linux Platform (ALP) project that we’re developing to power the next generation of SLE solutions.  Based on this, SLE Micro will continue to grow and will be joined by additional, exciting new products and solutions that help customers drive digital transformation

We’re designing ALP to enable applications to run on containerized and virtualized workloads in addition to traditional distributed software packages. Our vision is to enable users to focus on their workloads whilst abstracting from hardware and the application layer. By doing so, it enables the use of virtualized machines and container technologies via ALP, allowing workloads to run independently from the code stream.

Stay tuned here and watch for more exciting news over the coming months.

SUSE recently announced it will develop and maintain a distribution compatible with RHEL. Why did you decide to do this, and what does it mean for your other projects such as SLE, ALP, Liberty Linux and the openSUSE project?

Customers today operate in mixed environments; that is one of the reasons our Linux management solution SUSE Manager supports more than 15 different Linux distributions. We believe it is important for our customers and the community to run mixed Linux environments. Today, SUSE, CIQ and Oracle announced their intent to form the Open Enterprise Linux Association (OpenELA), which is a collaborative trade association to encourage the development of distributions compatible with RHEL by providing open and free Enterprise Linux source code.

To be clear, this is not a move away from SLE or our development in connection with ALP. We will, of course, stay fully committed to our own Linux portfolio as well as to our openSUSE Linux distributions. With our introduction of Liberty Linux last year, which provides support to former CentOS users and provides a migration path to many other distributions, we set the stage by supporting customers regardless of the distribution they are using, leading to more diversity and openness in the communities.

How will Linux be relevant in 30 years?

I’m sure Linux will become more widely and easily usable as open source experts continue to be able to fine tune and change upstream and downstream Linux. Our forking of RHEL ensures customers will continue to have choice and can freely select their Linux platforms. Security, scalability from very small to very large, and resilience will continue to be important areas of advancement. With Confidential Computing, we are making a big move forward for running Linux workloads at the edge or in the public cloud, as if they were running in their own data center rather than on the other side of the world.

While I can’t predict the Linux kernel will still lead in 30 years, I am absolutely convinced it will still be relevant and that many of the systems that are deployed and used today will still be around in 30 years.

Linux and open source have opened unprecedented potential for innovation, coupled with openness and choice. Many of the approaches created and developed in open source communities will still be pillars of technological progress 30 years from now. Of that I am certain.

According to the Gartner report, The CTO’s Guide to Containers and Kubernetes, by 2027 more than 90% of companies will have made the decision to run containerized applications in production.  And according to the CNCF, Kubernetes is the second largest open source project in the world, second only to Linux.  

Rancher Prime is SUSE’s enterprise grade, distro-agnostic Kubernetes management platform. Designed to help organizations accelerate their cloud native digital transformation, the platform provides users with a rich ecosystem and world class support to ensure consistent operations, workload management and enterprise-grade security – from core to cloud to edge.  

While Kubernetes is a transformative technology, finding talent and skills to navigate it is not easy.  And enterprises deploying a production-grade environments, need to ensure that they are deploying workloads that are both secure and compliant, while also being scalable and efficient.  

Enter Rancher Prime Readiness Services 

SUSE’s new Rancher Prime Readiness Services are bite-sized consulting offerings that are delivered by experts in Kubernetes and cloud native technology.  These offerings have been designed to validate your designs, architecture, and/or deployments.  Best of all, they will ensure that you achieve fast time to production to level-up your business. 

These new services packages will help Rancher Prime customers jump start their cloud native journey through:  

• Architectural Assessment to ensure that your Rancher Prime-based platform’s design is optimized, resilient and aligned with industry standards and best practices. 
• Platform Readiness Assessment to minimize potential risks and ensure a seamless transition for teams that manage the platform. 
• Security Assessment to gain a clear picture of your platform’s security status so that you can reduce the risk of security breaches, data loss and system downtime.  

Don’t Forget the Training 

Training your team to upskill their Kubernetes knowledge is not only a good idea for them, but also for your business.  According to the Linux Foundation’s 2023 State of Tech Talent Report, 91% of respondents felt that upskilling was even more important than university degrees. SUSE offers a variety of learning options — from our Rancher Academy to learn the basics to our flexible , eLearning platform that offers more complete Rancher Prime learning paths that lead to industry-respected certification. 

eLearning is on-demand technical training for the skills you and your team needs.  It is designed for today’s workforce, providing both immediate answers and defined learning paths.  And, if you add one Silver eLearning subscription to your Rancher Prime subscription purchase (or renewal), you will now get an additional Silver subscription at no extra cost.

Learn More! 

Level up your business and go into production with confidence with Rancher Prime Readiness Consulting Services and SUSE eLearning. For more information on our Readiness Services, download the flyer here, contact us directly, or speak with your account executive today.   

The Essence of Confidential Computing

At its core, confidential computing addresses the vital need of safeguarding data while it is in use. SUSE and IBM work together to deliver advanced technical capabilities, like confidential computing. IBM Z® and LinuxONE systems provide key hardware capabilities for the trusted execution environment. SUSE Linux Enterprise Server on IBM Z and LinuxONE (SLES) is designed to deliver performance, security, reliability, and efficiency for your mission-critical workloads on IBM Z® and LinuxONE systems. 

Challenges 

Businesses face several critical challenges related to data security and privacy. Some of the common customer challenges include: Data Protection, Cloud and Edge Security, and Confidentiality Concerns.  

SUSE and IBM Solution: Technical Reference Documentation

We have published this technical reference document which outlines a joint solution that addresses the issues outlined above. The guide emphasizes the significance of container technologies in enhancing business agility, resilience, and scalability. While containers offer unprecedented advantages, securing sensitive workload data remains a top priority. Hence, the collaborative efforts of SUSE and IBM pave the way for confidential computing within containerized workloads, ensuring unparalleled security and confidentiality. Throughout this guide, readers will learn how to effectively deploy containerized confidential computing workloads in IBM Z® and LinuxONE trusted execution environments, employing SUSE Linux Enterprise Base Container Images (SLE BCI) in conjunction with the IBM Hyper Protect Platform.

You can access the full document to learn how to deploy a containerized confidential computing workload.

Please reach out to our IBM team (ibmteam@suse.com) if you would like more information.

Welcome to the first in our series of articles focusing on the Industrial Internet of Things (IIoT), manufacturing, and real-world applications. Our goal is to enrich your understanding of these transformative technologies, and how you could adopt them.

Industrial Internet of Things (IIoT) and Edge computing are driving industries to evolve in ways unseen since the Industrial Revolution in the 18th century. Fields such as agriculture, manufacturing, logistics, automotive, and retail are harnessing the power of Edge Computing and IIoT to become more efficient, sustainable, and adaptable. But before diving into the intricacies of IIoT, it’s essential to understand IoT, its industrial counterpart – IIoT, and their significance.

Understanding the Internet of Things (IoT)

IoT is a network of interconnected devices that communicate and exchange data. These devices range from your home’s Alexa devices and thermostats to industrial machinery. Connected via the internet, these devices integrate the physical data collected with computation, making this data readily available for processing. It is at this processing stage that Edge computing shines, offering the capability to process data close to its source. IoT can be used in Edge or Cloud Computing, we can convey that IoT and Edge computing are two sides of the same coin.

Exploring Industrial IoT

As an extension of IoT for industrial applications, IIoT leverages smart sensors and actuators to enhance manufacturing and industrial processes. A classic use case involves a beer brewery, where production lines equipped with cameras capture images of empty bottles for real-time analysis. This process determines whether a bottle can be cleaned and reused or needs to be discarded. This is but one example among millions where these technologies are creating a significant impact.

Better together

IIoT and Edge computing together provide diverse solutions to an almost limitless array of industrial use cases. Computing resources deployed at the Edge, say in a factory, can run software to process data from IIoT devices, analyze the results, and make real-time decisions. This approach minimizes latency issues and potential connectivity problems, making it ideal for industrial scenarios.

Let’s delve deeper into the wide range of applications IIoT presents across various sectors:

1. Real-Time Monitoring and Control: IIoT provides a constant stream of real-time data for monitoring and controlling industrial operations, optimizing performance, and detecting anomalies early.
2. Enhanced Supply Chain Management: IIoT enhances supply chain management by tracking products throughout the chain, ensuring goods’ integrity, and improving efficiency for better planning and forecasting.
3. Energy Management: IIoT is instrumental in smart energy management, balancing energy supply and demand, reducing waste, and boosting reliability.
4. Safety and Efficiency: IIoT can improve workforce safety and increase efficiency by aiding in complex tasks or automating routine ones.
5. Informed Decision Making: IIoT-generated data, combined with advanced analytics and AI, facilitates data-driven decision making.

Now that we’ve explored IIoT, Edge Computing, and their synergy, let’s examine a real-world industrial application: Predictive maintenance.

Predictive Maintenance: A Key Application of IIoT

Predictive maintenance, powered by IIoT, is revolutionizing industrial operations. Traditional maintenance approaches—reactive (repairing machines post-breakdown) or preventive (scheduled maintenance irrespective of machines’ condition)—had their pitfalls. Predictive maintenance uses data from IIoT sensors attached to machines, monitoring their conditions in real time. The collected data is analyzed using advanced analytics or machine learning algorithms to predict and prevent potential equipment failures, thereby enhancing efficiency, safety, and cost-effectiveness.

In Conclusion

IIoT is a game-changer for industries, offering substantial advantages over traditional methods. Coupled with Edge computing, it presents innovative solutions for age-old and emerging challenges alike. When open source and cloud-native technologies are added to the mix, innovation skyrockets, and new business lines can be pursued. With IIoT and Edge computing, the future of industries looks not just promising, but extraordinary.

Delivering Kubernetes resources efficiently and securely can be a challenge, particularly at hyperscale and at the edge. Combining CLASTIX Kamaji and Rancher Prime by SUSE gives organizations the power to optimize, secure, and manage large and diverse, multi-tenant Kubernetes landscapes. ~ Terry

SUSE BLOG ARTICLE AUTHORED BY:

Adriano Pezzuto, CEO, CLASTIX

Kubernetes is a powerful tool for container orchestration, but managing it can be challenging, especially when running multiple clusters on different infrastructures and cloud providers. In this article, we explore Kamaji, the innovative architecture by CLASTIX for simplifying control plane management and how, when coupled with Rancher Prime by SUSE, it can make running Kubernetes at scale a breeze.

While managing a few Kubernetes clusters can be easy for an experienced platform team, managing multiple clusters on different and heterogeneous infrastructures can be complex and resource intensive.

Challenges to running Kubernetes at scale

Operational Overhead

Each cluster requires allocation of dedicated resources, component monitoring, lifecycle management, policy enforcement, and more. This can lead to increased operational overhead, longer upgrade times, and increased errors and security risks. Additionally, managing different versions and flavors of Kubernetes across multiple clusters can add to this complexity. Deployments may require different configurations and even different teams and skill sets to manage them.

Efficiency

Cluster sprawl across clouds, edge, and on-premises data centers leads to increased costs and inefficiencies. Unless using only cloud managed Kubernetes, all of your clusters must include at least three nodes for the control plane. “Control plane tax” refers to the overhead of maintaining these dedicated virtual machines for each Kubernetes cluster. This tax can become significant, especially when organizations run multiple clusters, as it leads to increased infrastructure costs and resource utilization. MSPs/CSPs must allocate more hardware resources to serve multiple clusters, reducing profit margins. Large enterprises face difficulties achieving cost savings due to fragmented deployments and complex operations. Additionally, running Kubernetes on the edge usually means running in low resource infrastructure, where setting up the control plane is either a challenge or a mission impossible.

Consistency

Organizations can struggle to achieve consistency in their Kubernetes deployments, especially when it comes to implementing mixed multi-cluster and multi-cloud strategies. Traditional Kubernetes solutions are vendor and cloud specific, and often lack the necessary flexibility for seamless deployments across multiple, heterogeneous environments.

Security and Isolation

Secure access and isolation are essential in multi-tenant deployments with many teams, departments, business units, and customers to serve. Kubernetes natively offers poor support for multi-tenancy.

How CLASTIX Kamaji and Rancher Prime by SUSE enable Kubernetes at scale

CLASTIX Kamaji leverages the Kubernetes machinery to orchestrate and isolate hundreds, even thousands, of tenant clusters. Kamaji is unique because the control planes of tenant clusters are deployed as regular Kubernetes pods running in a unified Management Cluster instead of in separate, dedicated machines in the downstream infrastructure. This approach makes running multiple control planes less costly and much easier to deploy and operate at scale.

Rancher Prime by SUSE is a comprehensive, enterprise container management platform for Kubernetes. Rancher Prime provides global administrators with the ability to securely and efficiently oversee multi-cluster Kubernetes landscapes anywhere – from the cloud to edge to on-premises data centers.

By deploying Kamaji along with Rancher Prime, you have a powerful, multi-tenant, multi-cluster Kubernetes platform that can help you overcome the challenges of running Kubernetes at scale.

Let’s see how Kamaji and Rancher Prime address the challenges … 

Reducing Operational Overhead

Rancher Prime with Kamaji simplifies and centralizes Kubernetes management, enabling control of multiple tenant clusters from a single location. Together, they help you streamline administrative tasks, enhance security, and ensure a unified and consistent experience across all Kubernetes clusters. And, by using Kubernetes itself to manage the tenant control planes, you get high availability, fault tolerance, and autoscaling out of the box.

Moreover, the time it takes to provision and update control planes is reduced from minutes to seconds. A control plane can be brought to life in less than 16 seconds and updated in less than 10 seconds without service disruption. Benchmarks show reconciliation for 100 control planes can take less than 150 seconds.

Increasing Efficiency

By running tenant control planes as regular Kubernetes pods in the Management Cluster, you eliminate the need for additional nodes dedicated to control planes. This results in cost savings and streamlined operations.

With control planes cheaper and easier to deploy and operate, you can optimize resource utilization overall, reduce cluster sprawl, improve efficiency, and unlock cost-saving opportunities in your Kubernetes deployments.

Enabling Consistency

Decoupling the control plane from workloads, you can deploy and manage Kubernetes landscapes across diverse environments, including data centers, public and private clouds, and edge locations. Worker nodes can be placed on any infrastructure while managing them from a unified administrative panel. The ability to maintain consistency in different Kubernetes deployments empowers you to embrace diverse infrastructure options and implement hybrid- and multi-cloud strategies with the flexibility you need to thrive in the modern cloud-native ecosystem.

Ensuring Security and Isolation

Leverage strict isolation between tenant clusters and enforce global security and compliance policies across your Kubernetes landscape. Like how hyperscalers provide managed Kubernetes, control planes are not accessible to your tenants and are consumed “as a service.” This lets you prioritize security while still optimizing resource allocation.

Use cases

Kamaji was initially created as a tool for MSPs/CSPs, but, along with Rancher Prime, it supports a broader range of enterprise use cases that empower organizations to simplify Kubernetes management and harness full potential in diverse scenarios.

Managed Kubernetes Services

Kamaji and Rancher Prime enable independent, local, regional, and national Cloud Providers to offer Cloud Native Infrastructure with unparalleled ease. By introducing a strong separation of concerns between management and workloads, this solution centralizes cluster management, monitoring, and observability. The result is increased productivity and reduced operational costs, empowering Cloud Providers to deliver Kubernetes-as-a-Service efficiently and seamlessly to their customers.

Specialized MSPs

For specialized Managed Services, like GPU-as-a-Service and Database-as-a-Service, Kamaji with Rancher Prime introduces the ability to offer self-service Kubernetes clusters with flexibility in hardware choices through Bring Your Own Device (BYOD). This approach empowers MSPs to cater to unique customer requirements, running management and workloads on different hardware. So, MSPs can optimize resource utilization and deliver specialized Kubernetes solutions with less effort and greater efficiency.

Edge Computing

Kamaji and Rancher Prime unlock the true potential of edge computing by distributing Kubernetes workloads across edge locations. With unified cluster management and no need to deploy control planes into constrained environments, hundreds or even thousands of edge clusters can be effectively and efficiently deployed and managed. Additionally, integration with a service mesh can create a seamless “continuum computing” experience, bridging the gap between edge and central locations.

Hybrid and Private Cloud

Enterprises embracing a hybrid or private cloud approach find Kamaji and Rancher Prime invaluable. Building Kubernetes and cloud-native infrastructure within their data centers becomes seamless, allowing for seamless workload migration from owned facilities to the cloud and vice versa. This approach empowers organizations to maintain their preferred balance of on-premises and cloud-based resources, ensuring adaptability and optimal resource utilization.

Takeaways

Kamaji’s innovative architecture, coupled with Rancher Prime’s comprehensive container management platform, addresses the operational burdens and complexities faced by large organizations. By orchestrating multiple “tenant clusters” thought Kubernetes machinery, the solution eliminates the control plane tax, optimizes resource utilization, and reduces infrastructure costs. Seamless control plane provisioning and upgrades, and consistent management enable organizations to scale Kubernetes effortlessly, responding to dynamic business demands with ease. Efficient reconciliation of control planes empowers enterprises to streamline administrative tasks, enhance security, and centralize Kubernetes management from a single location.

Whether it’s managed Kubernetes services, specialized MSP offerings, edge computing solutions, or hybrid/private cloud deployments, Kamaji and Rancher Prime empower organizations to achieve operational excellence.

Next Steps

• Check out this guide to getting started with CLASTIX Kamaji on Rancher Prime by SUSE.
• Book a personalized demonstration to discover the full potential of Kamaji for your Rancher Prime environment.

Additional References & Resources

• CLASTIX Kamaji Documentation
• Rancher by SUSE Documentation
• Enabling Multi-Tenancy at Scale with CLASTIX Kamaji and Rancher Prime by SUSE
• A Future-Ready Solution for Kubernetes Control Plane
• Operate Kubernetes at scale with Clastix Kamaji and SUSE Rancher
• Scaling Cloud Services with Multi-Tenancy: the ReeVo Journey
• Building A Managed Kubernetes Service with Kamaji

Adriano Pezzuto, CEO, CLASTIX

Adriano started his career at leading global IT companies like Siemens and CISCO. It took him to work at large networks systems, later building scalable and highly available cloud infrastructures and then being accountable for helping customers to embrace Cloud Computing. His interest has always been in cutting edge technologies, being one of the first in his country to spread the Cloud Native revolution. Today, Adriano is turning his large experience into CLASTIX, as a visionary founding member and General Manager.

SUSE One Partner Solution Stacks are featured co-innovations that help our customers address a broad spectrum of challenges with SUSE and partner technologies and services.