HPE OS Security Update Service for SAP HANA

HPE Lifecycle Services

Service overview

Keeping your HPE Solutions for SAP HANA® Operating System (OS) hardened and up to date with general and security patches is critical. But maintaining the HPE Solutions for SAP HANA infrastructure, specifically the server OS, can be daunting. The HPE OS Security Update Service for SAP HANA is a one-time technical service that provides a remote implementation of available OS general and pretested security patches and includes OS hardening based on HPE best practices. HPE best practices are based on several industry standards including the Center for Internet Security (CIS) Level 1, DISA STIG, and Payment Card Industry (PCI) data security standards.


OSs covered by this service include SLES for SAP® or RHEL for SAP Solutions. OS eligibility does vary by solution configuration, see the “Service eligibility” section for specific coverage. Specialized technical resources from Hewlett Packard Enterprise will perform the identified in-scope OS security updates remotely, working with your organization to determine the appropriate schedule and implementation with the goal of reducing disruption to your IT environment, as more fully described in the following section.

  • Service benefits

    • Reduce the risk of unplanned disruption to your IT environment
    • Improve the possibility to optimize system performance
    • Enable your IT resources to stay focused on their core tasks and priorities

  • Service feature highlights

    • Service planning and preparation for implementation
    • Implementation of pretested OS general/security patches and HPE identified OS hardening

  • Specifications

    Table 1. Service features

Feature

Delivery specifications

Service planning and preparation for implementation

The HPE service specialist will:

  • Verify that all service prerequisites have been met, including active support coverage on the HPE Solutions for SAP HANA.
  • Create an implementation plan for the HPE Solutions for SAP HANA for which this service is purchased. This plan is based on the service features, including any service limitations described in this data sheet. This plan will include Customer responsibilities and dependencies required for the performance of these services.
  • Document HPE’s recommendations regarding the order in which the updates will be performed, including any steps that Customer must perform before the HPE service specialist can update the HPE Solutions for SAP HANA.
  • Develop the schedule for the implementation process, including whether it will occur during normal business hours or after hours and when systems will be taken offline. Any work outside of HPE business hours is subject to additional charges as specified in the "Service limitations” section.
  • Review Customer responsibilities during the updates, for example, whether it is necessary to shut down applications or disconnect the target products from the network, who will be handling these responsibilities for the Customer, any dependencies for getting the updates completed, Customer’s appropriate contacts, and an escalation path when the updates are being implemented.
  • Discuss the update process, schedule, and implementation plan.

Implementation of pretested OS general/security patches and HPE identified OS hardening
  • HPE will evaluate available OS general and security patches that are applicable to HPE Solutions for SAP HANA.
  • HPE will create an OS Security patch bundle for implementation. OS Security patch bundles are pretested for interoperability for HPE Solutions for SAP HANA products that are eligible for these services.
  • HPE will install pretested OS general and security patch bundles and harden the OS using best practices per the implementation plan.
  • Upon completion of the updates, the HPE service specialist will turn the system over to the Customer.

  • Coverage

    This service is available on regular HPE workdays (excluding weekend days and HPE holidays) during country-specific HPE standard business hours. After-hours delivery is available upon request.


    When this service is delivered as part of the HPE Lifecycle Services Suite for SAP HANA, after-hours charges are not applicable.

  • Customer responsibilities

    The Customer will:

    • Assign a designated person to participate in the service planning meeting and follow-on service activity.
    • Perform all identified Customer responsibilities in a timely manner.
    • Ensure that a designated person is assigned and who, on behalf of the Customer, will grant all approvals, provide information, and confirm that the hardware, firmware, and software needed to deliver this service are available. They will also make sure that software products are properly licensed and otherwise be available to assist HPE in facilitating the delivery of this service. For non-HPE branded software, Customer must have in place the necessary agreements with HPE and/or the third-party vendor to receive upgrades and/or patches for the software.
    • The designated person will be:
      • Responsible for all the Customer aspects of the assigned work efforts
      • Authorized to make all decisions relative to the project, including identification and assignment of Customer resources
      • Available and able to interface with the HPE assigned resources on day-to-day issues throughout the project
      • Authorized to sign status reports and approve project changes
      • Able to coordinate all work efforts and meeting schedules
    • Provide suitable virtual private network (VPN) or other suitable connectivity as required for the delivery of remotely delivered services.
    • Provide HPE with the necessary access to Customer building facilities and computer room facilities, as well as access credentials for logging into all servers, databases, and services for the service planning, as applicable.
    • Provide a suitable work area for delivery of the service, including access to an outside telephone line, power, and any network connections as required.
    • At the discretion of HPE, install remote connectivity tools and proprietary software service tools.
    • Allow HPE full and unrestricted network access to all locations where the service is to be performed on-site.
    • Ensure that all service prerequisites have been met.
    • Advise HPE of any special security, health, and safety matters applicable to the Customer site where the service is to be provided.
    • Provide HPE, on request, any information that HPE may reasonably request about the execution of the service.
    • Coordinate all required internal / third-party participation and cooperation.
    • Assign or make available experienced subject matter and technical experts, upon request or as needed.
    • Purchase or provide all hardware, software, licenses, staff, current maintenance contracts, and environments necessary for HPE to deliver the service.
    • Ensure that all information provided by the Customer is complete, accurate, and up to date.
    • Perform other reasonable activities to help HPE identify, implement, or resolve problems, as requested by HPE.
    • Ensure system availability at a mutually agreed-upon time. If system availability delays exceed 120 minutes from the agreed-upon time, service delivery may be canceled and rescheduled by HPE.
    • Provide contact information, including email address details, for delivery of service materials.
    • Be responsible for all SAP HANA database activities as requested by HPE including startup and shutdown, backup and restore operations, fail-over and fail-back testing, replication validation, and SAP HANA database operational testing of applications.
    • Be responsible for the reinstallation of third-party software removed during the delivery of this service

  • Service limitations

    • HPE delivers the service remotely at a mutually scheduled time window convenient to Customer’s organization between Monday 8:00 a.m. and Friday 5:00 p.m. local time, excluding HPE holidays. Local time is defined as the location time of the physical location of the system.
    • The HPE Lifecycle Service listed above is not available for delivery during the HPE shutdown — the last two weeks of December.
    • All HPE activities including documents and reviews are delivered in English.
    • These services do not include any actions associated with findings from Customer’s security scanning tools and/or security software.
    • Activities such as, but not limited to, the following are excluded from this service:
      • Operational testing of applications and/or the SAP HANA database
      • Installation or configuration of any hardware or software products except as described earlier
      • Loading, management, migration, or manipulation of Customer’s production data

  • Service eligibility

    Customers are eligible for the delivery of this service if they meet the following prerequisites:

    • The HPE OS Security Patch Update Service for SAP HANA is available on eligible HPE predefined configurations with a valid support contract as referenced in the HPE COE Service for SAP HANA — Support Services or the HPE Complete Care Service COE Service for SAP HANA — HPE Contractual Support Services data sheets.
    • Only the SLES for SAP or RHEL for SAP Solutions OSs are eligible for this service.
    • For all software, including non-HPE branded software SLES for SAP or RHEL for SAP Solutions OSs, Customer must have:
      • Rightfully acquired the license or subscription as well as the updates to be implemented and be properly licensed to use software that includes the provision for the OS and the updates
      • Retain and provide to HPE upon request, evidence that the license or subscription was purchased
      • Have a valid HPE support contract and provide a valid service agreement ID (SAID) for the HPE Solutions for SAP HANA that will receive this service
    • HPE Solutions for SAP HANA that have been modified and/or customized into unsupportable configurations are not eligible for this service.
    • Customer must be running or allow HPE to run the appropriate HPE tools to enable the updates.
    • This service is not available on virtualized HPE for SAP HANA environments.

  • General provisions / other exclusions

    HPE’s hardening as part of the HPE OS Security Update Service for SAP HANA is based on industry best practices at the time of the service. HPE does not warrant that the server will be free from security incidents and encourages Customers to continually evolve security best practices to accommodate changing technology. HPE will not be liable for any security incident that may occur or for any Customer modifications to the hardening feature of this service.

    • Any documentation provided as part of the service will be provided electronically in Microsoft Office and/or Adobe Acrobat formats.
    • HPE resource time is dependent upon the Customer’s compliance with required prerequisites and participation.
    • HPE reserves the right to charge, on a time-and-materials basis, for any additional work that may result from work required to address service prerequisites or other requirements that are not met by the Customer.
    • HPE’s ability to deliver the services is dependent upon Customer’s full and timely cooperation with HPE, as well as the accuracy and completeness of information and data the Customer provides to HPE.
    • To the extent HPE process personal data on the Customer’s behalf in the course of providing services, the HPE Data Privacy and Security Agreement Schedule — HPE Support and Professional Services found at hpe.com/us/en/legal/customer-privacy.html shall apply.
    • Customer acknowledges and agrees that HPE may use resources outside the country of purchase for delivery of these services.
    • Activities such as, but not limited to, the following are excluded from this service:
      • Service deployment on hardware not covered by an HPE warranty or service maintenance contract
      • Service deployment on hardware covered by a third-party maintenance contract
      • Services that, in the opinion of HPE, are required due to unauthorized attempts by third-party personnel to install, repair, maintain, or modify hardware, firmware, or software
      • Service required due to causes external to the HPE maintained hardware or software
    • Service deliverables are accepted upon service delivery.

Learn more at

HPE.com/services/lifecycleservices

© Copyright 2023 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.

This data sheet is governed by the Hewlett Packard Enterprise current standard sales terms, which include the supplemental data sheet, or, if applicable, the Customer’s purchase agreement with Hewlett Packard Enterprise.


Microsoft is either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries. SAP and SAP HANA are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All third-party marks are property of their respective owners.

a50003245enw, Rev. 2

Recommended for you