FAQ Server SUSE Linux Enterprise Point of Service December 2014 What is SUSE Linux Enterprise Point of Service? SUSE Linux Enterprise Point of Service is the only enterpriseclass Linux operating system optimized and tailored specifically for the retail industry. Built on the solid foundation of SUSE Linux Enterprise, it provides a reliable, flexible and open platform for point of service and point of sale terminals, kiosks, self-service systems and reverse-vending systems. point of service terminals. These can be standard PCs running retail check-out applications or specialized point of sale machines such as cash registers and customer kiosks. What challenges does SUSE Linux Enterprise Point of Service address? With SUSE Linux Enterprise Point of Service, you can: Reduce your total cost of ownership through lower-cost software and hardware and simplified management Increase the flexibility of your point of service devices and image building and management Enhance the reliability and uptime of your point of service devices Utilize stronger security to prevent data loss Explore all vendor options: SUSE Linux Enterprise Point of Service is open and compatible with many systems and virtually eliminates vendor lock-in Get a complete solution through the global SUSE partner ecosystem How does SUSE Linux Enterprise Point of Service work? The SUSE Linux Enterprise Point of Service architecture consists of three main components: one centralized administration server, one or more branch servers and the All system information (system structure, image information, the configuration and deployment method for each branch server and point of service terminal, etc.) is stored in an LDAP database on the administration server. The administration server usually also holds the master repository for the images required to boot and configure the terminals and provides the utilities required to build those images. Each branch server downloads the system information and images required for its local point of service terminals from the administration server. The terminals, in turn, download their respective images from the branch server when they boot.
Server FAQ SUSE Linux Enterprise Point of Service What kind of subscriptions do I need for a SUSE Linux Enterprise Point of Service environment? Subscriptions for SUSE Linux Enterprise Point of Service include access to SUSE Linux Enterprise Server ISO images and maintenance updates. Support and maintenance are limited to the use of those components in a Point of Service solution as outlined below. In order for any individual device to be eligible for maintenance and support according to the support level chosen, all servers and client devices used as part of a SUSE Linux Enterprise Point of Service solution need to have a valid subscription. The Administration Server At least one administration server is needed in a typical SUSE Linux Enterprise Point of Service 11 environment. The administration server manages all point of service devices and serves as the central repository for configuration information. It also keeps the master operating system images for the point of service devices. Point of service operating system images are built from templates, using SUSE Linux Enterprise and its maintenance updates as the base. Images can be built on the same server instance used as the administration server or on a separate physical or virtual server instance. All physical administration servers or image build servers need a SUSE Linux Enterprise Point of Service Admin Server subscription. Additional server applications or databases can be run on an administration server only if they are directly related to running the point of service infrastructure. All other server workloads need to use a general purpose SUSE Linux Enterprise Server subscription. The Branch Server Typically, at least one branch server is needed per branch. It is possible to run the branch server directly off the administration server for small-scale implementations of SUSE Linux Enterprise Point of Service. In that case, only an administration server subscription is needed. The branch server provides the server infrastructure for booting the POS clients from the local network, registering new client devices at the site and distributing operating system image updates to the client devices. It can also hold a local copy of the central configuration directory to allow setting up a site offline and running a site offline for a certain period of time. SUSE Linux Enterprise Point of Service Branch Server subscriptions can be used for the actual POS branch server as well as other SUSE Linux Enterprise Server instances running at a branch, as long as they are used to serve data or applications to the POS client devices. Servers in branches that are used in other roles need a generic SUSE Linux Enterprise Server subscription. The POS Client All point of service client devices that are running a SUSE Linux Enterprise operating system image, either deployed by the SUSE Linux Enterprise Point of Service solution or installed from installation media, need a SUSE Linux Enterprise Point of Service Client subscription. Client devices need to be used for running typical POS applications or supporting client applications (for example, a web browser). If the POS application needs certain server services to run, for example a local instance of a database, this is also covered by the client subscription. POS devices that are used as a combined POS terminal and branch server, or POS hardware used in any other server role, need at least a branch server subscription. SUSE Linux Enterprise Point of Service Client subscriptions are not meant to be used for any general purpose desktop or server use such as running an office-productivity suite or a web server. 2
Can you explain more in detail what exactly are the functions of the administration server? The administration server is the central administration point for SUSE Linux Enterprise Point of Service. It is usually located in the main office and is used to manage the entire point of service infrastructure, to host the LDAP database and to create images to send to the branch servers. The LDAP server running on the administration server stores the configuration of the point of service clients; the configuration of new terminals (and which images to deploy to the terminal) needs to be accepted in a YaST module. The administration server: Maintains the master LDAP directory for the branch server systems Usually provides the tools to create and customize system images and stores the system images for distribution to the branch servers and point of service terminals Stores the configuration parameters for the branch servers Provides the infrastructure to distribute the system images and software updates to the branch server systems Supports Network Time Protocol (NTP) time synchronization for the branch servers Consolidates the syslog output from the branch servers (optional) What exactly does the branch server do? The branch server provides the network boot and system management infrastructure for the point of service terminals. It can also serve as a generic system platform for in-store applications such as database systems and back-ends for point of service applications. In your system, the branch server: Runs DNS services for the local network May run DHCP to control the network boot process. Conversely, instead of setting up the DHCP service on the branch server, an external DHCP server can be used. Provides a multi-cast boot infrastructure for point of service terminals Transfers system images from the administration server t o the terminals The branch server uses a software distribution mechanism to pull new system images from the administration server. It then downloads the system images and configuration files to the point of service terminals. Other than emergency handling, no system administration is necessary on the branch server. All administrative tasks are controlled from the central administration server or are regularly executed by daemons running on the branch server. For emergencies and debugging, all administrative functions can be triggered locally or via SSH login by calling scripts with few or no command line parameters. If you need to update the point of service images stored on the branch server, you can manually trigger the update process and download new image files from the administration server. Similarly, if you need to update the hardware configuration information stored on the branch server, you can run commands that regenerate the hardware configuration and configuration address files for all point of service terminals found in LDAP. How are the point of service client images created? SUSE Linux Enterprise Point of Service automates the roll-out of terminals as much as possible. To assist in this automation, the product makes extensive use of image building technology. For each type of terminal, whether it is a non-graphical system or a graphical environment, you can create customized images to be downloaded automatically from the branch server when the terminal boots. To help get you started, SUSE Linux Enterprise Point of Service comes with a set of pre-built image templates that you can customize to set up your own system. Every terminal requires two images: a boot image and a system image. The boot image contains the kernel and a bootstrap image, providing the minimum your terminals need to initially start up from a bootable CD or USB stick or from the network (via remote boot technology). You can also create your own images. SUSE Linux Enterprise Point of Service uses KIWI as the main tool for creating system images. YaST provides Image Creator, a GUI front end to KIWI for easy image building, but you can also use a command line tool. Install the image building tools by selecting the SUSE Linux Enterprise Point of Service Image Server and the SUSE Linux Enterprise Point of Service images software patterns in YaST. www.suse.com 3
Server FAQ SUSE Linux Enterprise Point of Service When you build images for the point of service terminals, all the information required to run the terminal the Linux operating system, drivers, configuration settings, application files and so forth can be compiled into a single image file. This file can then be electronically distributed to terminals over the network. Additionally, you can generate an ISO version of the image file that can be burned to a CD or copied to a USB stick for manual distribution. What are some of the key capabilities in SUSE Linux Enterprise Point of Service 11? SUSE Linux Enterprise Point of Service 11 includes several exciting innovative capabilities, such as: Templates for use by the KIWI image building tool instead of inflexible, prebuilt images Support for the offline branch server setup to help install the environment for newly opened shops that have no direct connection with the central LDAP yet. You can export all LDAP data for a specific branch server on the administration server to a file, and you can set up a branch server with local LDAP cache from an export file. Tools to migrate LDAP settings and configuration from Novell Linux Point of Service 9 servers to SUSE Linux Enterprise Point of Service servers Security enhancements (e.g., encrypted LDAP communication, ACL certificates) New features in the KIWI image building tools Extended documentation, including ready-to-run setup example scripts What enhancements had been added with SUSE Linux Enterprise Point of Service 11 Service Pack 1 With SUSE Linux Enterprise Point of Service 11 Service Pack 1, we have added features such as: Role-based configuration: You can choose from several images directly on the point of service terminal at boot time. Delta image support: The service pack comes with a tool that takes one operating system image as the baseline and another as the target. It then creates a file that only contains the difference (or delta) between the two images. This feature helps you deploy critical security updates much faster and at a much lower cost. It also helps you keep the initial download size low if you have many similar images to deploy to your branch. Customizable images Easy rollback to a previous image version directly from the terminal and that is triggered remotely Problem solving tools, based on SUSE Linux Enterprise 11 support tools What has been added with SUSE Linux Enterprise Point of Service 11 SP2? SUSE Linux Enterprise Point of Service 11 Service Pack 2 features several enhancements and updated functionalities. To name just a few enhancements, SUSE Linux Enterprise Point of Service 11 SP2: Integrates the Subscription Management Tool for SUSE Linux Enterprise to easily help you keep your environment up-to-date. This tool lets you centrally manage software updates within the firewall on a per-system basis. You can maintain corporate security policies and regulatory compliance while also tracking your entitlements across large deployments. By downloading all patches at once, the Subscription Management Tool helps reduce redundant use of bandwidth. While SUSE provides this Linux management tool with every subscription, other companies charge for it. Offers an extended rollback functionality that stores all related configuration files, custom PXE configurations and similar associated files Allows you to set the host name of a terminal at register time (first boot), a functionality that is very similar to the IBM IRES2 role-based configuration Supports RAID-1 (redundant array of independent disks level 1) with SUSE Linux Enterprise Point of Service PXE images. This makes it possible to create images that provide for two-disk mirroring on a terminal in a transparent way in order to deliver better resilience and availability of data while also improving performance. Improves security by offering support for encrypted disks on terminals to encrypt both data and root partitions and provides the administrators with the functionality necessary to build Payment Card Industry Data Security Standards (PCI DSS) compliant systems. 4
Ships with the latest version of KIWI, a full-blown imaging suite that allows you to configure, build and deploy your own operating system images. As KIWI is also used within other SUSE products (e.g., SUSE Studio ), this provides for a better integration with the entire product family. Comes with an image template to create a complete branch server, based on the central configuration information stored in the central LDAP database. Using the imaging infrastructure on the administration server, you can easily build ready-togo branch server images with Image Creator and KIWI. Features a new posadmin-gui, a graphical tool that makes it easy for you to create new branch server and image and cash register objects. Ships with built-in LDAP (Lightweight Directory Access Protocol) validation and checking. You can automatically perform a simple validation and checking during each posadmin addition or modification call. What is new with SUSE Linux Enterprise Point of Service 11 SP3? With SUSE Linux Enterprise Point of Service 11 Service Pack 3, our primary purpose is to consolidate patches and updates and to deliver specific enhancements to the product to provide you with an incomparably stable, secure and easily manageable platform for your retail business. Here are just a few of the most important enhanced or new features: Easy remote management of SUSE Linux Enterprise Point of Service clients with SUSE Manager. As part of the ongoing development of tight cooperation between SUSE Manager and SUSE Linux Enterprise Point of Service, you can now register SUSE Linux Enterprise Point of Service images with your SUSE Manager server. This ensures that the superior management and monitoring tools of SUSE Manager are serviceable on your SUSE Linux Enterprise Point of Service clients. Enhanced high availability for branch and administration servers. Thanks to enhanced configuration scripts for the branch server, you can easily set up a highly available solution for your SUSE Linux Enterprise Servers and the point of service services and workloads running on top of them. The high availability functionality for administration servers has been updated to the latest code level of the most recent SUSE Linux Enterprise High Availability Extension. Ready-to-go image templates. Starting with Service Pack 3, we provide and support image templates for all components of the SUSE Linux Enterprise Point of Service 11 SP3 solution. On the server side you get pre-defined image templates for a standard administration server, branch server or a combination of both for compact installations. For the POS terminals or clients we offer an image template based on SUSE Linux JeOS (Just enough perating System) in addition to the known graphical and minimal image template. Full system images / offline images for clients and installation via USB. This feature enables you to get your branches up and running quickly without a network connection and the initial PXE boot cycle to fill the system partitions. The resulting partitioning/partition table will be identical to what would be the outcome of a regular PXE boot/install. Download of system images to the service partition in the background. In scenarios where you have only limited bandwidth, but you need to download and install new images from a remote server, this feature enables you to download these images in advance while the machine is running in production mode, and deploy them locally and quickly after a reboot. Documentation on migration from SUSE Linux Enterprise Point of Service 11 SP2 to SP3. To help you experience a smooth migration from SUSE Linux Enterprise Point of Service 11 SP2 to SP3, you can benefit from a new chapter in our documentation that describes in a detailed step-bystep tutorial how to migrate your complete production system, including administration servers, branch servers and POS clients. In what environments can I use SUSE Linux Enterprise Point of Service? SUSE Linux Enterprise Point of Service is broadly scalable so that a small shop with five point of service terminals can be managed just as well as a large chain with one thousand branches. For organizations with several branch servers, the link between the branch and administrative servers is maintained over a WAN. During execution of administrative tasks, such as the installation of new point of service terminals in a branch, steps must be taken to ensure that the WAN link to the administration server is available. www.suse.com 5
Server FAQ SUSE Linux Enterprise Point of Service Why should I choose SUSE Linux Enterprise Point of Service over a Windows-based solution? There are several good reasons to choose SUSE Linux Enterprise Point of Service over a Windows-based solution for your retail environment. The most important arguments, however, might be: Technically, image building for point of service clients is made very easy. You can reduce your total cost of ownership (TCO). You ll get a very secure and reliable solution. Can you tell me more about the technical advantages of the image building? From a technical point of view, with SUSE Linux Enterprise Point of Service, you can easily create and deploy tailored images, which is not possible with Windows Embedded Point of Service (WEPOS) or POSReady. SUSE Linux Enterprise Point of Service uses the image builder KIWI, which lets you automatically generate your image templates while with WEPOS you have to manually redo and adapt your images. Also, with SUSE Linux Enterprise Point of Service you can flexibly customize and tailor your images as you need them and as they fit for your hardware, from very small footprints to even large images. Also the deployment of new or patched images works automatically and makes administration and maintenance simpler. How can I reduce my TCO with SUSE Linux Enterprise Point of Service? Regarding total cost of ownership, SUSE Linux Enterprise Point of Service eliminates operating system licensing fees and enables you to pay only for the maintenance subscriptions and services that add value to your business. You can use your SUSE Linux Enterprise Point of Service operating system during your subscription period for whatever hardware system you want. It is not tied to a specific device like WEPOS is. This means you can buy new hardware or re-purpose old hardware as often as you want. You need only one subscription for each machine you have deployed. During the times when you don t use a certain point of service system, you don t even pay for it. With WEPOS you have already paid for that system in advance, even if you don t use it. During the subscription period you can upgrade from an older version of SUSE Linux Enterprise Point of Service to the newest version without any additional costs. And with SUSE Linux Enterprise Point of Service, you don t have to think about client access licenses. In addition, SUSE Linux Enterprise Point of Service is based on the SUSE Linux Enterprise platform and shares a common code base with all other products. You literally have a solution that can work across your entire infrastructure. This helps you reduce the complexity of your environment and leverage the existing skills of your staff. What are the security advantages of SUSE Linux Enterprise Point of Service? For many retailers, Windows security issues are a serious concern. But with Linux there is a proven alternative. The strong security of Linux, like its reliability, comes from its advanced design. Unlike Windows, which typically gives applications and users access to the Windows kernel, SUSE Linux Enterprise creates a strong wall of separation between the kernel and users. Each layer of Linux has limited access to the others, which reduces the risk of unauthorized access to your system and data. What are the technical requirements for SUSE Linux Enterprise Point of Service? The following system requirements should be fulfilled for the administration server: Supported processor platform: x86, x86-64 Disk space: 4 GB (minimum); recommended 15 GB (The required space depends on the size of your images.) RAM: 512 MB (minimum); recommended 512 MB 3 GB (at least 512 MB per CPU) One network card 6
If you need to set up a dedicated image building server in addition to the administration server, the following system requirements should be met: Supported processor platform: x86, x86-64 Disk space: 4 GB (minimum); recommended 25 GB (The required space is dependent on the size of your images.) RAM: 1 GB (minimum); recommended 1 GB 6 GB (at least 512 MB per CPU) One network card If you decide to run your administration server with image building components, the following system requirements apply: Supported processor platform: x86-64, x86 Disk space: 25 GB (minimum); this will vary depending on the number and size of the images. RAM: 1 GB (minimum); recommended 1 GB 6 GB with at least 512 MB per CPU To run your branch server(s), the following system requirements apply: Supported processor platform: x86, x86-64 Disk space: 4 GB (minimum); recommended 10 GB (The required space is dependent on the size of the images you distribute to your Point of Service terminals.) RAM: 512 MB (minimum); recommended 512 MB 3 GB (at least 512 MB per CPU) At least two network cards per server one for the administration server s public network and one for the branch server s private network With regard to the client, the following system requirements apply: Supported processor platform: x86 Disk space: 4 GB (minimum); recommended 10 GB RAM: 512MB (minimum, lower requirements, e.g., disk-less clients, might be supported depending on your needed feature set) How do I install SUSE Linux Enterprise Point of Service? To install the SUSE Linux Enterprise Point of Service server, you must install the SUSE Linux Enterprise Server base system first. You can choose to install the SUSE Linux Enterprise Point of Service add-on together with your base system during the initial installation process, or you can install the SUSE Linux Enterprise Point of Service add-on on top of an already installed base system at a later time. For the exact installation instructions, please refer to the SUSE Linux Enterprise Point of Service Guide at: www.suse.com/documentation/slepos11/ How can I secure my SUSE Linux Enterprise Point of Service environment?? A SUSE Linux Enterprise Point of Service setup includes various components that should be secured against intentional and unintentional tampering with the data and against software misbehavior. SUSE Linux Enterprise Point of Service comes with tools and capabilities that help you to secure your complete solution. It not only supports encrypted communication between the servers and uses security certificates, but also ships with all security tools delivered with SUSE Linux Enterprise Server, like VPN, Secure Shell, an integrated firewall, the AppArmor application security framework and more. Securing your setup involves several different aspects. First and foremost, every server component of the SUSE Linux Enterprise Point of Service setup must be secured against unauthorized access. Physically isolating the servers from other machines is just one aspect of providing physical security. All servers connected with each other over potentially insecure networks take the administration server and the branch servers, for example need to be secured against unauthorized access via the networks they are connected to. Both the administration server and the branch server contain vital data that needs to be protected to maintain a fully functional and secure setup. The most important part in this is securing the LDAP directory on the administration server, which is used to maintain the system structure, configuration and deployment method for all branch servers and point of service terminals, as well as www.suse.com 7
Server FAQ SUSE Linux Enterprise Point of Service other important data. Finally, once physical, network and data security are provided, you should tighten the security of your setup even further by using AppArmor. AppArmor profiles are used to confine applications and keep them from performing unnecessary file or directory accesses; this helps to make sure that every profiled application just does what it was designed to and does not become a security risk itself. For detailed information on how to secure your SUSE Linux Enterprise Point of Service environment, please refer to the security chapter of the SUSE Linux Enterprise Point of Service Guide at: www.suse.com/documentation/slepos11/ How can I prevent my SUSE Linux Enterprise Point of Service setup from experiencing downtime? TThe SUSE Linux Enterprise Point of Service architecture is highly centralized. However, administrative tasks can also be performed on subunits for role-based administration. Moreover, although the LDAP directory is not replicated on the branch server, the branch server provides all the services necessary for the operation and management of the point of service terminals. Consequently, the branch server can function independently of the administration server in the event of server failure or downed connection. If you need a high availability environment, branch servers can be configured in two-node pairs. The primary node runs all of the scripts and services required to download branch server configuration information, synchronize time and download system images from the administration server. The secondary node stays synchronized with the primary, ready to take over and run the scripts and services if the primary fails. For information on installing a high availability environment, refer to the general high availability guide, available from: www.suse.com/documentation/sle_ha/ Does SUSE Linux Enterprise Point of Service scale? The flexibility of the architecture of SUSE Linux Enterprise Point of Service provides broad scalability so that in large environments components can be distributed to improve system performance while in smaller environments components can be consolidated to maximize the use of system resources. However, the recommended maximum number of point of service terminals being serviced by a single branch server is 100. You can adjust this number up or down depending on how frequently the terminals are re-imaged and whether you can control when the terminals come online. I am running SUSE Linux Enterprise Point of Service 10. Can I upgrade to SUSE Linux Enterprise Point of Service 11? SUSE Linux Enterprise Point of Service subscriptions are sold for one- or three-year durations. A subscription entitles you to updates, new product releases, maintenance and installation support. Renewing your subscription ensures that you continue to receive these benefits. Subscriptions cover multiple versions of SUSE Linux Enterprise Point of Service, including SUSE Linux Enterprise Point of Service 10. As long as you have an active subscription to one of the previous versions of SUSE Linux Enterprise Point of Service 11, you can upgrade anytime to the new version. It also ships with tools to migrate the LDAP settings and configurations from SUSE Linux Enterprise Point of Service 10 servers to SUSE Linux Enterprise Point of Service 11 servers. Please also keep in mind that you should always update your administration server to the latest service pack to make sure your environment is up-to-date and fully maintained. 8
What is the lifecycle of SUSE Linux Enterprise Point of Service? SUSE Linux Enterprise Point of Service 11 will be supported on all certified POS hardware until March 31, 2022, for usage within the limits of a typical retail environment. Administration and branch servers inherit the support lifecycle from SUSE Linux Enterprise Server 11. This means: In general, you are entitled to get the full extended support lifecycle, ending March 31, 2022, only if you upgrade to SUSE Linux Enterprise Server 11 SP4 (or later) within the given upgrade periods. If you want to run your administration or branch server on SUSE Linux Enterprise Server 11 SP3 after that service pack has reached the end of general support, you must buy Long Term Service Pack Support for SP3. If you want to run administration and branch servers on SUSE Linux Enterprise Server 11 SP4 (or later) after the end of general support for that service pack, you must buy Long Term Service Pack Support for SP4 (or later). In general, after SUSE Linux Enterprise Server 11 has reached end of regular support (in 2019), you must buy Long Term Service Pack Support for the latest service pack of SUSE Linux Enterprise Server 11. In all of the scenarios above, no extra charges apply for the additional administration or branch server functionality of the server components of SUSE Linux Enterprise Point of Service. If you still run your POS Client systems on SUSE Linux Enterprise Point of Service 11 Service Pack 2 or older you must updated your systems to Service Pack 3 to fully benefit from the extended lifecycle. How much does SUSE Linux Enterprise Point of Service cost? The pricing of SUSE Linux Enterprise Point of Service 11 is as follows: Basic Standard Priority Client 1-year $32 $49 $92 Client 3-year $86 $132 $248 Client 5-year $128 $196 $368 Branch Server 1-year $185 $281 $529 Branch Server 3-year $500 $760 $1,430 Branch Server 5-year $740 $1,130 $2,120 Administration Server 1-year $315 $479 $901 Administration Server 3-year $850 $1,290 $2,430 Administration Server 5-year $1,260 $1,920 $3,610 All prices are in U.S. dollars Please contact your local SUSE sales team for purchase, or visit: www.suse.com/products/linuxpointofservice/ how-to-buy/ Where do I get more information? For more information about SUSE Linux Enterprise Point of Service, please visit: www.suse.com/products/ linuxpointofservice For more information on how to install and configure SUSE Linux Enterprise Point of Service, please visit: www.suse.com/documentation/slepos11/ For general information about SUSE Linux Enterprise subscription and renewals, please visit: www.suse.com/ products/renew_faq.html For detailed information on SUSE Support lifecycle, visit: www.suse.com/support If you run your POS Client hardware on SUSE Linux Enterprise Point of Service 11 SP3, you do not need to update to a new service pack or buy an additional support extension plan during the extended lifecycle period. Also, as of today, there are no plans to deliver a Service Pack 4 for POS clients. www.suse.com 9
www.suse.com Contact your local SUSE Solutions Provider, or call SUSE at: 1 800 796 3700 U.S./Canada 1 801 861 4500 Worldwide SUSE Maxfeldstrasse 5 90409 Nuremberg Germany 288-000001-002 12/14 2014 SUSE LLC. All rights reserved. SUSE, the SUSE logo, AppArmor and YaST are registered trademarks, and SUSE Studio is a trademark of SUSE LLC in the United States and other countries. All third-party trademarks are the property of their respective owners.