OS infrastructure: Security functions for Hana

It is well known that there is a steadily increasing number of attacks from outside (and unfortunately also from inside) on internal IT systems. This has led to company and IT managers pushing protective measures against such attacks and threats.

In many places, holistic security architectures or concepts have been and are being developed and implemented to minimize IT security risks in the long term.

This usually includes policies (e.g., for password handling and data protection guidelines) for users and IT specialists, the protection of IT systems/components including the use of firewalls and attack detection software, VPN/network security, the use of encryption software and "hardened" servers, and the use of automated security reports.

Regular security checks are then also carried out to ensure the maximum possible protection of an IT system landscape at all times.

From the whole to individual elements

As part of the data center readiness of Hana, the topic of security is a given, so to speak. SAP has developed a comprehensive Hana Security Guide that describes in detail security protection and mechanisms from a database perspective. It also includes the interaction of the database and database-relevant components such as the operating system (OS), network and storage from a security perspective.

SAP also provides numerous security functions for Hana.

Security Package

As a Hana and non-Hana operating system supplier, Suse also provides SAP customers with a security package for Suse Linux Enterprise Server (SLES) for SAP Applications.

This package takes comprehensive account of security-relevant aspects of Hana Suse deployment. This includes a dedicated Hana Security Guide developed by Suse, which describes, for example, the specific hardening of the SAP in-memory database together with SLES.

In addition, Suse provides regular security updates and patches for SLES. And numerous security certificates (such as GCL, FIPS 140-2 Validation for Open SSL and Common Criteria Security Certifaction EAL4+) are met with SLES.

Special Hana Security Guide

The Hana Security Guide from Suse (with Security Hardening SLES for Hana Databases) offers two things. Namely, on the one hand, a concrete action guide for protection or threat prevention in Hana Suse deployment and, on the other hand, concrete software functionality.

This makes it possible, for example, to set SLES to define various security levels (settings) according to individual prioritization.

Reduce attack surfaces

But that is not all. A Suse Firewall for Hana is also provided for use, which protects against network attacks or the opening of certain ports (from outside).

The following can also be shown via software functionality: which OS packages should be used and which can be dispensed with under certain circumstances. After all, fewer packages offer a smaller attack surface against possible threats.

Summary: For Hana data center readiness, especially in terms of security, protection mechanisms or software functionality that go beyond the standard are available. The OS platform SLES with its diverse security features contributes significantly to a "secure" Hana usage.