A Sense of Time for Javascript and Node.Js: First-Class Timeouts As a Cure for Event Handler Poisoning

Total Page:16

File Type:pdf, Size:1020Kb

A Sense of Time for Javascript and Node.Js: First-Class Timeouts As a Cure for Event Handler Poisoning A Sense of Time for JavaScript and Node.js: First-Class Timeouts as a Cure for Event Handler Poisoning #24, Anonymous Abstract tecture — from the One Thread Per Client Architecture The software development community has begun to (OTPCA) used in Apache to the Event-Driven Architec- adopt the Event-Driven Architecture (EDA) to pro- ture (EDA) championed by Node.js. vide scalable web services, most prominently through The EDA is not a passing fad. Perhaps inspired Node.js. Though the EDA offers excellent scalability, by Welsh et al.’s SEDA concept [99], server-side EDA it comes with an inherent risk: the Event Handler Poi- frameworks like Twisted [27] have been in use since at soning (EHP) Denial of Service attack. In essence, EHP least the early 2000s. But the boom in the EDA has come attacks say that the scalability of the EDA is a double- with Node.js. Node.js (“server-side JavaScript”) was in- edged sword: the EDA is scalable because clients share troduced in 2009 and is now used by many organizations a small set of threads, but if an attacker causes these in many industries, including IBM, Microsoft, Apple, threads to block then the server becomes unusable. EHP Cisco, Intel, RedHat, GE, Siemens, NASA, Wikipedia, attacks are a significant threat, as hundreds of popular and the NFL ([34, 67, 81, 77, 38, 18]). The associated Node.js-based websites were recently reported to be vul- package ecosystem, npm, boasts 575,000 modules [12]. nerable to forms of EHP attacks. It is not an exaggeration to state that Node.js is becoming In this work we make three contributions. First, we a critical component of the modern web [20, 37]. formally define EHP attacks, and we show that EHP at- Given the importance of the EDA to the modern web, tacks are a common form of vulnerability in the largest it has received surprisingly little study from a security EDA community, the Node.js ecosystem. Second, we perspective [53, 78]. We present the first formal treat- design and evaluate an EHP-safe defense: first-class ment of the weaknesses in the EDA, and describe a De- timeouts. Although realizing first-class timeouts is dif- nial of Service attack, Event Handler Poisoning (EHP), ficult in a complex real-world framework like Node.js, that can be used against EDA-based services like Node.js our Node.cure prototype defends Node.js applications applications (x3). against all known EHP attacks. Third, we have identified EHP attacks observe that the source of the EDA’s scal- and documented or corrected vulnerable APIs in Node.js, ability is also its Achilles’ heel. Where the OTPCA gives and our guide on avoiding EHP attacks is now available every client its own thread, the EDA multiplexes many on nodejs.org. clients onto a small number of Event Handlers (threads) Node.cure is effective, defeating all known EHP at- to reduce per-client overheads. Because many clients tacks with application overheads as low as 0%. More share the same Event Handlers, an EDA-based server generally, we show that Node.cure offers strong security must correctly implement cooperative multitasking [90]. guarantees against EHP attacks for the majority of the An incorrect implementation of cooperative multitasking Node.js ecosystem. enables an EHP attack: an attacker dominates the time Millions of developers have embraced the EDA, but spent by an Event Handler, preventing the server from without strict adherence to the EDA paradigm their code handling all clients fairly. We found that although the is vulnerable to EHP attacks. Node.cure offers the cure. EHP problem is little discussed in the Node.js documen- tation, EHP vulnerabilities are common in npm (x4). 1 Introduction In x5 we define criteria for EHP-safety, and use these Web services are the lifeblood of the modern Internet. To criteria to evaluate four EHP defenses (x6). Though vari- minimize costs, service providers want to maximize the ations of three of these defenses are used today, they are number of clients each server can handle. Over the past ad hoc and thus impractical in an ecosystem dominated decade, this goal has led the software community to se- by third-party modules. The fourth defense, the Timeout riously consider a paradigm shift in their software archi- Approach, requires extending existing EDA languages 1 and frameworks, but it provides a universal solution for Loop. The Event Loop may offload expensive Tasks EHP-safety with strong security guarantees. The Time- like file I/O to the queue of a small Worker Pool, whose out Approach makes timeouts a first-class member of an Workers execute Tasks and generate “Task Done” events EDA framework, securing both types of Event Handlers for the Event Loop when they finish [61]. We refer to the with a universal timeout mechanism. Event Loop and the Workers as Event Handlers. Our Node.cure prototype (x7) demonstrates the Time- out Approach in the complex Node.js framework, com- pletely defending real applications against EHP attacks. Node.cure spans the entire Node.js stack, modifying the Node.js JavaScript engine (V8, C++), core modules (JavaScript and C++), and the EDA mechanism (libuv, C), and can secure real applications with low overhead (x8). We feel our work is timely, as Staicu and Pradel recently reported that hundreds of popular websites are vulnerable to one type of EHP attack with minimal at- tacker effort [93]; Node.cure defeats this and all other EHP attacks. Figure 1: This is the AMPED Event-Driven Architecture. Incoming In summary: events from clients A and B are stored in the event queue, and the as- 1. We formally define Event Handler Poisoning (EHP) sociated Callbacks (CBs) will be executed sequentially by the Event (x3), a DoS attack against the EDA. We systemati- Loop. We will discuss B’s EHP attack (CBB1), which has poisoned the cally demonstrate that EHP attacks are common in the Event Loop, in x3.3. largest EDA community, the Node.js ecosystem (x4). 2. We describe a general antidote for Event Handler Because the Event Handlers are shared by all clients, Poisoning attacks: first-class timeouts. We demon- the EDA has a particular development paradigm. Each strate effectiveness with our Node.cure prototype for Callback and Task is guaranteed atomicity: once sched- Node.js in x7. We evaluate the security guarantees of uled, it runs to completion. Atomicity calls for coopera- timeouts (strong, x6) and their costs (small, x8). tive multitasking [90], and developers partition the gen- 3. Our findings have been corroborated by the Node.js eration of responses into multiple stages. The effect of community. Our guide on EHP-safe techniques is on this partitioning is to regularly yield to other requests by nodejs.org, and our PRs documenting and improving deferring work until the next stage [54]. This partition- unsafe Node.js APIs have been merged (x9). ing results in a Lifeline [41], a DAG describing the parti- tioned steps needed to complete an operation. A Lifeline 2 Background can be seen by following the arrows in Figure 1. In this section we review the EDA (x2.1), explain our 2.2 Node.js among other EDA frameworks choice of EDA framework for study (x2.2), and introduce Examples of EDA frameworks include Node.js directly related work (sections 2.3 and 2.4). (JavaScript) [15], libuv (C/C++) [10], Vert.x (Java) [28], 1 2.1 Overview of the EDA Twisted (Python ) [27], and Microsoft’s P# [57]. These frameworks have been used to build a wide There are two paradigms for web servers, distinguished variety of industry and open-source services (e.g. by the ratio of clients to resources, which corresponds [7, 81, 67, 77, 32, 31, 8, 4]). to an isolation-performance tradeoff. The One Thread Most prominent among these frameworks is Node.js, a Per Client Architecture (OTPCA) dedicates resources to server-side event-driven framework for JavaScript intro- each client, for strong isolation but higher memory and duced in 2009. The popularity of Node.js comes from its context-switching overheads [83]. The Event-Driven Ar- promise of “full stack JavaScript” — client- and server- chitecture (EDA) tries the opposite approach, with many side developers can speak the same language and share clients sharing execution resources: client connections the same libraries. This vision has driven the rise of the Event Loop are multiplexed onto a single-threaded , with JavaScript package ecosystem, npm, which with 575,000 Worker Pool a small for expensive operations. modules is the largest of any language [12]. Node.js is All mainstream server-side EDA frameworks use the still accelerating: use doubled between 2016 and 2017, Asymmetric Multi-Process Event-Driven (AMPED) ar- from 3.5 million developers [33] to 7 million [35]. chitecture [82]. This architecture (hereafter “the EDA”) The Node.js codebase has three major parts [63], is illustrated in Figure 1. In the EDA, the OS or a frame- whose interactions complicate top-to-bottom extensions work places events in a queue, and the Callbacks of pending events are executed sequentially by the Event 1In addition, Python 3.4 introduced native EDA support. 2 like Node.cure. An application’s JavaScript code is ex- ity. The attacker knows how to exploit this vulnerability: ecuted using Google’s V8 JavaScript engine [3], its pro- they know the victim feeds user input to a Vulnerable grammability is supported by Node.js core JavaScript API, and they know evil input that will cause the Vulner- modules with C++ bindings for system calls, and the able API to block the Event Handler executing it.
Recommended publications
  • Elastic Storage for Linux on System Z IBM Research & Development Germany
    Peter Münch T/L Test and Development – Elastic Storage for Linux on System z IBM Research & Development Germany Elastic Storage for Linux on IBM System z © Copyright IBM Corporation 2014 9.0 Elastic Storage for Linux on System z Session objectives • This presentation introduces the Elastic Storage, based on General Parallel File System technology that will be available for Linux on IBM System z. Understand the concepts of Elastic Storage and which functions will be available for Linux on System z. Learn how you can integrate and benefit from the Elastic Storage in a Linux on System z environment. Finally, get your first impression in a live demo of Elastic Storage. 2 © Copyright IBM Corporation 2014 Elastic Storage for Linux on System z Trademarks The following are trademarks of the International Business Machines Corporation in the United States and/or other countries. AIX* FlashSystem Storwize* Tivoli* DB2* IBM* System p* WebSphere* DS8000* IBM (logo)* System x* XIV* ECKD MQSeries* System z* z/VM* * Registered trademarks of IBM Corporation The following are trademarks or registered trademarks of other companies. Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used under license therefrom. Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
    [Show full text]
  • IBM Spectrum Scale CSI Driver for Container Persistent Storage
    Front cover IBM Spectrum Scale CSI Driver for Container Persistent Storage Abhishek Jain Andrew Beattie Daniel de Souza Casali Deepak Ghuge Harald Seipp Kedar Karmarkar Muthu Muthiah Pravin P. Kudav Sandeep R. Patil Smita Raut Yadavendra Yadav Redpaper IBM Redbooks IBM Spectrum Scale CSI Driver for Container Persistent Storage April 2020 REDP-5589-00 Note: Before using this information and the product it supports, read the information in “Notices” on page ix. First Edition (April 2020) This edition applies to Version 5, Release 0, Modification 4 of IBM Spectrum Scale. © Copyright International Business Machines Corporation 2020. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. iii iv IBM Spectrum Scale CSI Driver for Container Persistent Storage Contents Notices . vii Trademarks . viii Preface . ix Authors. ix Now you can become a published author, too . xi Comments welcome. xii Stay connected to IBM Redbooks . xii Chapter 1. IBM Spectrum Scale and Containers Introduction . 1 1.1 Abstract . 2 1.2 Assumptions . 2 1.3 Key concepts and terminology . 3 1.3.1 IBM Spectrum Scale . 3 1.3.2 Container runtime . 3 1.3.3 Container Orchestration System. 4 1.4 Introduction to persistent storage for containers Flex volumes. 4 1.4.1 Static provisioning. 4 1.4.2 Dynamic provisioning . 4 1.4.3 Container Storage Interface (CSI). 5 1.4.4 Advantages of using IBM Spectrum Scale storage for containers . 5 Chapter 2. Architecture of IBM Spectrum Scale CSI Driver . 7 2.1 CSI Component Overview. 8 2.2 IBM Spectrum Scale CSI driver architecture.
    [Show full text]
  • File Systems and Storage
    FILE SYSTEMS AND STORAGE On Making GPFS Truly General DEAN HILDEBRAND AND FRANK SCHMUCK Dean Hildebrand manages the PFS (also called IBM Spectrum Scale) began as a research project Cloud Storage Software team that quickly found its groove supporting high performance comput- at the IBM Almaden Research ing (HPC) applications [1, 2]. Over the last 15 years, GPFS branched Center and is a recognized G expert in the field of distributed out to embrace general file-serving workloads while maintaining its original and parallel file systems. He pioneered pNFS, distributed design. This article gives a brief overview of the origins of numer- demonstrating the feasibility of providing ous features that we and many others at IBM have implemented to make standard and scalable access to any file GPFS a truly general file system. system. He received a BSc degree in computer science from the University of British Columbia Early Days in 1998 and a PhD in computer science from Following its origins as a project focused on high-performance lossless streaming of multi- the University of Michigan in 2007. media video files, GPFS was soon enhanced to support high performance computing (HPC) [email protected] applications, to become the “General Parallel File System.” One of its first large deployments was on ASCI White in 2002—at the time, the fastest supercomputer in the world. This HPC- Frank Schmuck joined IBM focused architecture is described in more detail in a 2002 FAST paper [3], but from the outset Research in 1988 after receiving an important design goal was to support general workloads through a standard POSIX inter- a PhD in computer science face—and live up to the “General” term in the name.
    [Show full text]
  • Filesystems HOWTO Filesystems HOWTO Table of Contents Filesystems HOWTO
    Filesystems HOWTO Filesystems HOWTO Table of Contents Filesystems HOWTO..........................................................................................................................................1 Martin Hinner < [email protected]>, http://martin.hinner.info............................................................1 1. Introduction..........................................................................................................................................1 2. Volumes...............................................................................................................................................1 3. DOS FAT 12/16/32, VFAT.................................................................................................................2 4. High Performance FileSystem (HPFS)................................................................................................2 5. New Technology FileSystem (NTFS).................................................................................................2 6. Extended filesystems (Ext, Ext2, Ext3)...............................................................................................2 7. Macintosh Hierarchical Filesystem − HFS..........................................................................................3 8. ISO 9660 − CD−ROM filesystem.......................................................................................................3 9. Other filesystems.................................................................................................................................3
    [Show full text]
  • A Sense of Time for Node.Js: Timeouts As a Cure for Event Handler Poisoning
    A Sense of Time for Node.js: Timeouts as a Cure for Event Handler Poisoning Anonymous Abstract—The software development community has begun to new Denial of Service attack that can be used against EDA- adopt the Event-Driven Architecture (EDA) to provide scalable based services. Our Event Handler Poisoning attack exploits web services. Though the Event-Driven Architecture can offer the most important limited resource in the EDA: the Event better scalability than the One Thread Per Client Architecture, Handlers themselves. its use exposes service providers to a Denial of Service attack that we call Event Handler Poisoning (EHP). The source of the EDA’s scalability is also its Achilles’ heel. Multiplexing unrelated work onto the same thread re- This work is the first to define EHP attacks. After examining EHP vulnerabilities in the popular Node.js EDA framework and duces overhead, but it also moves the burden of time sharing open-source npm modules, we explore various solutions to EHP- out of the thread library or operating system and into the safety. For a practical defense against EHP attacks, we propose application itself. Where OTPCA-based services can rely on Node.cure, which defends a large class of Node.js applications preemptive multitasking to ensure that resources are shared against all known EHP attacks by making timeouts a first-class fairly, using the EDA requires the service to enforce its own member of the JavaScript language and the Node.js framework. cooperative multitasking [89]. An EHP attack identifies a way to defeat the cooperative multitasking used by an EDA-based Our evaluation shows that Node.cure is effective, broadly applicable, and offers strong security guarantees.
    [Show full text]
  • Shared File Systems: Determining the Best Choice for Your Distributed SAS® Foundation Applications Margaret Crevar, SAS Institute Inc., Cary, NC
    Paper SAS569-2017 Shared File Systems: Determining the Best Choice for your Distributed SAS® Foundation Applications Margaret Crevar, SAS Institute Inc., Cary, NC ABSTRACT If you are planning on deploying SAS® Grid Manager and SAS® Enterprise BI (or other distributed SAS® Foundation applications) with load balanced servers on multiple operating systems instances, , a shared file system is required. In order to determine the best shared file system choice for a given deployment, it is important to understand how the file system is used, the SAS® I/O workload characteristics performed on it, and the stressors that SAS Foundation applications produce on the file system. For the purposes of this paper, we use the term "shared file system" to mean both a clustered file system and shared file system, even though" shared" can denote a network file system and a distributed file system – not clustered. INTRODUCTION This paper examines the shared file systems that are most commonly used with SAS and reviews their strengths and weaknesses. SAS GRID COMPUTING REQUIREMENTS FOR SHARED FILE SYSTEMS Before we get into the reasons why a shared file system is needed for SAS® Grid Computing, let’s briefly discuss the SAS I/O characteristics. GENERAL SAS I/O CHARACTERISTICS SAS Foundation creates a high volume of predominately large-block, sequential access I/O, generally at block sizes of 64K, 128K, or 256K, and the interactions with data storage are significantly different from typical interactive applications and RDBMSs. Here are some major points to understand (more details about the bullets below can be found in this paper): SAS tends to perform large sequential Reads and Writes.
    [Show full text]
  • Intel® Solutions for Lustre* Software SC16 Technical Training
    SC’16 Technical Training All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps Tests document performance of components on a particular test, in specific systems. Differences in hardware, software, or configuration will affect actual performance. Consult other sources of information to evaluate performance as you consider your purchase. For more complete information about performance and benchmark results, visit http://www.intel.com/performance. Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://www.intel.com/content/www/us/en/software/intel-solutions-for-lustre-software.html. You may not use or facilitate the use of this document in connection with any infringement or other legal analysis concerning Intel products described herein. You agree to grant Intel a non-exclusive, royalty-free license to any patent claim thereafter drafted which includes subject matter disclosed herein. No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. The products described may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.
    [Show full text]
  • Comparative Analysis of Distributed and Parallel File Systems' Internal Techniques
    Comparative Analysis of Distributed and Parallel File Systems’ Internal Techniques Viacheslav Dubeyko Content 1 TERMINOLOGY AND ABBREVIATIONS ................................................................................ 4 2 INTRODUCTION......................................................................................................................... 5 3 COMPARATIVE ANALYSIS METHODOLOGY ....................................................................... 5 4 FILE SYSTEM FEATURES CLASSIFICATION ........................................................................ 5 4.1 Distributed File Systems ............................................................................................................................ 6 4.1.1 HDFS ..................................................................................................................................................... 6 4.1.2 GFS (Google File System) ....................................................................................................................... 7 4.1.3 InterMezzo ............................................................................................................................................ 9 4.1.4 CodA .................................................................................................................................................... 10 4.1.5 Ceph.................................................................................................................................................... 12 4.1.6 DDFS ..................................................................................................................................................
    [Show full text]
  • Zfs-Ascalabledistributedfilesystemusingobjectdisks
    zFS-AScalableDistributedFileSystemUsingObjectDisks Ohad Rodeh Avi Teperman [email protected] [email protected] IBM Labs, Haifa University, Mount Carmel, Haifa 31905, Israel. Abstract retrieves the data block from the remote machine. zFS also uses distributed transactions and leases, instead of group- zFS is a research project aimed at building a decentral- communication and clustering software. We intend to test ized file system that distributes all aspects of file and stor- and show the effectiveness of these two features in our pro- age management over a set of cooperating machines inter- totype. connected by a high-speed network. zFS is designed to be zFS has six components: a Front End (FE), a Cooper- a file system that scales from a few networked computers to ative Cache (Cache), a File Manager (FMGR), a Lease several thousand machines and to be built from commodity Manager (LMGR), a Transaction Server (TSVR), and an off-the-shelf components. Object Store (OSD). These components work together to The two most prominent features of zFS are its coop- provide applications/users with a distributed file system. erative cache and distributed transactions. zFS integrates The design of zFS addresses, and is influenced by, issues the memory of all participating machines into one coher- of fault tolerance, security and backup/mirroring. How- ent cache. Thus, instead of going to the disk for a block ever, in this article, we focus on the zFS high-level archi- of data already in one of the machine memories, zFS re- tecture and briefly describe zFS’s fault tolerance character- trieves the data block from the remote machine.
    [Show full text]
  • ZFS Basics Various ZFS RAID Lebels = & . = a Little About Zetabyte File System ( ZFS / Openzfs)
    = BDNOG11 | Cox's Bazar | Day # 3 | ZFS Basics & Various ZFS RAID Lebels. = = ZFS Basics & Various ZFS RAID Lebels . = A Little About Zetabyte File System ( ZFS / OpenZFS) =1= = BDNOG11 | Cox's Bazar | Day # 3 | ZFS Basics & Various ZFS RAID Lebels. = Disclaimer: The scope of this topic here is not to discuss in detail about the architecture of the ZFS (OpenZFS) rather Features, Use Cases and Operational Method. =2= = BDNOG11 | Cox's Bazar | Day # 3 | ZFS Basics & Various ZFS RAID Lebels. = What is ZFS? =0= ZFS is a combined file system and logical volume manager designed by Sun Microsystems and now owned by Oracle Corporation. It was designed and implemented by a team at Sun Microsystems led by Jeff Bonwick and Matthew Ahrens. Matt is the founding member of OpenZFS. =0= Its development started in 2001 and it was officially announced in 2004. In 2005 it was integrated into the main trunk of Solaris and released as part of OpenSolaris. =0= It was described by one analyst as "the only proven Open Source data-validating enterprise file system". This file =3= = BDNOG11 | Cox's Bazar | Day # 3 | ZFS Basics & Various ZFS RAID Lebels. = system also termed as the “world’s safest file system” by some analyst. =0= ZFS is scalable, and includes extensive protection against data corruption, support for high storage capacities, efficient data compression and deduplication. =0= ZFS is available for Solaris (and its variants), BSD (and its variants) & Linux (Canonical’s Ubuntu Integrated as native kernel module from version 16.04x) =0= OpenZFS was announced in September 2013 as the truly open source successor to the ZFS project.
    [Show full text]
  • Lessons Learned from Using Samba in IBM Spectrum Scale
    Lessons learned from using Samba in IBM Spectrum Scale Christof Schmitt [email protected] [email protected] IBM / Samba Team sambaXP 2020 Christof Schmitt (IBM / Samba Team) Using Samba in IBM Spectrum Scale sambaXP 2020 1 / 33 Table of Contents 1 Integrating Samba in IBM Spectrum Scale product 2 Examples of issues faced 3 Lessons learned Christof Schmitt (IBM / Samba Team) Using Samba in IBM Spectrum Scale sambaXP 2020 2 / 33 Abstract IBM Spectrum Scale is a software defined storage offering of a clustered file system bundled together with other services. Samba is included as part of the product to provide a clustered SMB file server and integration into Active Directory. This talk discusses from a development point of view the integration of Samba into a storage product and what the development team has learned over the years. Topics will include the requirement for automated testing on multiple levels and the collaboration with the upstream Samba project. Examples will be used to illustrate problems encountered over time and how they have been solved. Further topics will be challenges that have been solved and gaps that have been seen with the usage of Samba. Christof Schmitt (IBM / Samba Team) Using Samba in IBM Spectrum Scale sambaXP 2020 3 / 33 About me Senior Software Engineer at IBM Currently working on Samba integration in IBM Spectrum Scale Customer support Samba team member Previous roles: Samba integration and support in other products. Linux device driver maintenance. Christof Schmitt (IBM / Samba Team) Using Samba in IBM Spectrum Scale sambaXP 2020 4 / 33 Table of Contents 1 Integrating Samba in IBM Spectrum Scale product 2 Examples of issues faced 3 Lessons learned Christof Schmitt (IBM / Samba Team) Using Samba in IBM Spectrum Scale sambaXP 2020 5 / 33 Context: IBM Spectrum Scale Clustered file system as software defined storage (former name GPFS).
    [Show full text]
  • Implementing High Availability and Disaster Recovery Solutions with SAP HANA on IBM Power Systems
    Front cover Implementing High Availability and Disaster Recovery Solutions with SAP HANA on IBM Power Systems Dino Quintero Luis Bolinches Rodrigo Ceron Ferreira de Castro Fabio Martins John Wright Redpaper International Technical Support Organization Implementing High Availability and Disaster Recovery Solutions with SAP HANA on IBM Power Systems October 2017 REDP-5443-00 Note: Before using this information and the product it supports, read the information in “Notices” on page vii. First Edition (October 2017) This edition applies to: SAP HANA V2.0 SPS01 revision 10 (2.00.010.00.1491294693) SUSE Linux Enterprise Server for SAP Applications V12 SP2 IBM Virtual I/O Server (VIOS): V2.2.4.23 IBM Hardware Management Console (HMC): V8.8.6.0 SP1 + MH01703 IBM Spectrum Scale V4.2.3.1 © Copyright International Business Machines Corporation 2017. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . vii Trademarks . viii Preface . ix Authors. ix Now you can become a published author, too! . xi Comments welcome. xi Stay connected to IBM Redbooks . xi Chapter 1. Introduction. 1 1.1 About this publication . 2 1.2 The SAP HANA platform. 2 1.3 High availability for HANA . 3 1.3.1 Disaster recovery: SAP HANA Systems Replication . 5 1.3.2 High availability: SAP HANA Host Auto-Failover . 6 1.3.3 High availability: SAP HANA Systems Replication with SUSE Linux High Availability Extension . 8 Chapter 2. Planning your installation . 11 2.1 SAP requirements for HANA on Power Systems implementations.
    [Show full text]