Suse Manager applies SCAP to Linux compliance

Newly released Suse Manager implements a version of OpenSCAP to streamline reporting operations

Organizations using the Security Content Automation Protocol (SCAP) to manage their Suse and Red Hat Linux servers can streamline their reporting operations, thanks to an update of the Suse Manager that now generates metrics and reports in the SCAP format.

The newly released Suse Manager also includes complete support for IPv6. Suse is announcing the release of this software during its SuseCon conference, being held this week in Orlando, Florida.

[ Also on InfoWorld: 5 key new improvements in OpenSuse Linux 12.2. | Prove your expertise with the free OS in InfoWorld's Linux admin IQ test round 1 and round 2. | Track the latest trends in open source with InfoWorld's Open Sources blog and Technology: Open Source newsletter. ]

"We are trying to be very conservative but at the same time innovative. We are not trying to reinvent systems management software," said Joachim Werner, Suse senior product manager, about the new release.

Developed by the National Institute of Standards and Technology (NIST), SCAP is a framework for reporting software vulnerabilities and configuration settings in a standardized format. A range of industries, such as government agencies and automobile manufacturers, use SCAP (pronounced "S-Cap) for systems monitoring.

By supporting SCAP, the new Suse Manager could help streamline the process of reporting how secure computers are across an organization. Suse Manager is Suse's in-house systems management software for the patching, provisioning and configuration of multiple Suse servers. The software can also work with servers running Red Hat Enterprise Linux (RHEL) as well.

Suse Manager is based on the open source system management software Spacewalk, maintained by Red Hat. Both Spacewalk and Suse Manager use OpenSCAP, an open source library and set of tools for implementing SCAP. Run as a virtual appliance, Suse Manager comes with additional installation help, as well as support from Suse.

With the SCAP support, an organization can produce reports detailing how many servers across an organization have been patched with a critical security update. It can also produce metrics on how many servers meet the organization's standardized configuration settings. "Profiles you run can check if your password settings are OK. and if the right updates are installed," Werner said.

Suse Manager, the first update in over a year, comes with a number of other new features as well. With this version, organizations can now use the open source Postgres as the software's database, rather than the more costly Oracle 10g or 11g. "It is now a fully open source stack," Werner said, adding that this may make the Suse Manager more appealing to small organizations with a limited budget.

Other new features include full support for IPv6 as well as the ability to notify administrators when a server, or multiple servers, need to be rebooted after a patch is installed.

Linux vendors seeking larger enterprise deployments have been taking more effort of late to upgrade their system management tools. Last week, Canonical released a significantly updated version of its own Ubuntu system management software, Landscape.

Such tools "are especially important for our customers," said Sabine Soellheim, Suse solution marketing manager. "Linux has a very specific management space," she said. Traditional system management software, such as Hewlett-Packard's OpenView, aren't specifically designed to handle Linux in as much detail, and are more expensive as well than dedicated Linux tools, Soellheim said.

The price for Suse Manager starts at $10,000.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's email address is

Copyright © 2012 IDG Communications, Inc.