Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
Applies to SUSE Linux Enterprise Point of Service 11 SP3 and SUSE Linux Enterprise Point of Service 12 Image Server

1 Product Overview

SUSE® Linux Enterprise Point of Service is a secure and reliable Linux platform optimized for enterprise retail organizations. Built on the solid foundation of SUSE® Linux Enterprise, it is the only enterprise-class Linux operating system tailored specifically for retail Point of Service terminals, kiosks, self-service systems, and reverse-vending systems.

This section provides an architectural overview of the SUSE Linux Enterprise Point of Service product, along with an overview of server types, images, and the deployment process.

1.1 Architecture

The SUSE Linux Enterprise Point of Service architecture consists of one centralized Administration Server, one or more Branch Servers, and Point of Service terminals. These can be standard PCs running retail check-out applications or specialized point-of-sale machines such as cash registers and customer kiosks (see Figure 1.1, “SUSE Linux Enterprise Point of Service System Architecture”). Find a list of system requirements for the individual components in Section 1.2, “System Requirements” and an overview of the different server types and their functions in Section 1.3, “Server Types”.

SUSE Linux Enterprise Point of Service System Architecture
Figure 1.1: SUSE Linux Enterprise Point of Service System Architecture

All system information (system structure, image information, the configuration and deployment method for each Branch Server and Point of Service terminal, etc.) is stored in an LDAP database on the Administration Server and may be replicated on Branch Servers. The Administration Server usually also holds the master repository for the images required to boot and configure Point of Service terminals and provides the utilities required to build those images.

Note
Note: Creating a Dedicated Image Building Server

However, if you have a large system and want to offload the image building function from the Administration Server, you can also set up a dedicated Image Building Server. For more information, see Chapter 4, Setting Up the Administration Server and Chapter 3, Setting Up an Image Building Server.

Triggered by the possyncimages command (see Section B.3.9, “possyncimages”, each Branch Server downloads the system information and images required for its local Point of Service terminals from the Administration Server. The Point of Service terminals, in turn, download their respective images from the Branch Server when they boot.

Warning
Warning: Protecting the Branch Servers

Because Branch Servers contain sensitive information, they must be secured against unauthorized access. Close all unused ports and allow only the root user access to the server console. Refer to Section 10.5, “Securing Your Setup” for more details on how to protect your SUSE Linux Enterprise Point of Service setup.

SUSE Linux Enterprise Point of Service is broadly scalable. A small shop with five Point of Service terminals can be managed as well as a large chain with a thousand branches. For organizations with several Branch Servers, the link between the Branch and Administration Server is maintained over WAN. During execution of administrative tasks, such as the installation of new Point of Service terminals in a branch, steps must be taken to ensure that the WAN link to the Administration Server is available.

The SUSE Linux Enterprise Point of Service architecture is highly centralized. However, administrative tasks can also be performed on subunits for role-based administration. The Branch Server provides all the services necessary for the operation and management of the Point of Service terminals and the LDAP database can be replicated on the Branch Server. Consequently, the Branch Server and Point of Service terminals can function independently of the Administration Server if the server fails or the connection is down.

1.2 System Requirements

This section provides a list of minimal hardware requirements for SUSE Linux Enterprise Point of Service.

1.2.1 Administration Server

The following list identifies the system requirements for an Administration Server:

  • One server with an x86 or x86-64 processor.

  • A minimum of 4 GB hard disk space; recommended 15 GB.

    The required space depends on the size of your images.

  • A minimum of 512 MB RAM; recommended 512 MB - 3 GB (at least 512 MB per CPU).

  • One network card.

1.2.2 Image Building Server

The following list identifies the system requirements for a dedicated Image Building Server:

  • One server with an x86 or x86-64 processor.

  • A minimum of 4 GB hard disk space; recommended 25 GB.

    The required space depends on the size of your images.

  • A minimum of 512 MB RAM; recommended 512 MB - 3 GB (at least 512 MB per CPU).

  • One network card.

1.2.3 Branch Server

The following list identifies the system requirements for a Branch Server:

  • One server with an x86 or x86-64 processor.

  • A minimum of 4 GB hard disk space; recommended 10 GB.

    The required space depends on the size of the images you distribute to your Point of Service terminals.

  • A minimum of 512 MB RAM; recommended 512 MB - 3 GB (at least 512 MB per CPU).

  • At least two network cards per server:

    • one network card for the Administration Server's public network,

    • one network card for the Branch Server's private network.

1.2.4 Administration/Branch Server Combination

The following list identifies the system requirements for an Administration/Branch Server combination (Combo Server):

  • One server with an x86 or x86-64 processor.

  • A minimum of 4 GB hard disk space; recommended 25 GB.

    The required space depends on the size of your images.

  • A minimum of 512 MB RAM; recommended 512 MB - 3 GB (at least 512 MB per CPU).

  • One network card.

1.3 Server Types

SUSE Linux Enterprise Point of Service is based on SUSE Linux Enterprise and installed as an add-on product. After installation and setup, your SUSE Linux Enterprise Point of Service system includes one centralized Administration Server, one or more Branch Servers, and Point of Service terminals. This section focuses on the server types used in SUSE Linux Enterprise Point of Service and gives an overview of the tasks they run and the services they provide.

1.3.1 Administration Server

The Administration Server is the central administration point for SUSE® Linux Enterprise Point of Service. It is usually located in the main office and is used to manage the Point of Service infrastructure and to host the LDAP database storing the configuration of the Point of Service clients.

The Administration Server provides the following functions:

For information on installing and configuring the Administration Server, see Chapter 4, Setting Up the Administration Server. Find out more about the Administration Server structure and functions in the following sections.

1.3.1.1 Services

The Administration Server provides two important services in your SUSE Linux Enterprise Point of Service system:

  • LDAP is the protocol for accessing the SUSE Linux Enterprise Point of Service directory, which stores all system information.

  • rsync is a remote data synchronization service that is used to transfer images from the Administration Server to the Branch Servers.

For the Administration Server to privide services, its firewall needs to allow traffic on the ldap or ldaps ports (389 TCP/UDP and 636 TCP/UDP, respectively) and the rsync port (TCP/UDP 873). For more information, refer to Section 4.2, “Initializing the LDAP Directory with posInitAdminserver.

1.3.2 Branch Server

The Branch Server provides the network boot and system management infrastructure for the Point of Service terminals. It can also serve as a generic system platform for in-store applications such as database systems and back-ends for Point of Service applications.

The Branch Server provides the following functions:

  • DNS services for the local network.

  • DHCP to control the network boot process. Instead of setting up the DHCP service on the Branch Server, an external DHCP server can be used. For more information, refer to the list of attributes for scLocation elements in Section 11.5.10, “scLocation”.

  • Multicast boot infrastructure for Point of Service terminals.

  • Transfer of system images from the Administration Server to the Point of Service terminals.

    The Branch Server uses a software distribution mechanism based on rsync to pull new system images from the Administration Server. It then uses TFTP to push system images and configuration files to the Point of Service terminals. Alternativelly, FTP can be used.

  • Management of diskless and disk-based Point of Service terminals. Configuration data is taken from the LDAP directory on the Administration Server.

  • System redundancy and failover. A pair of Branch Servers can be configured as a two-node high availability cluster with replicated data.

  • NTP, SNMP, logging of syslog output from terminals and other services are not configured using the SUSE Linux Enterprise Point of Service tools, but can be configured using the standard SUSE Linux Enterprise Server tools.

For information on installing and configuring the Branch Server, see Chapter 5, Setting Up a Branch Server. Find out more about the Branch Server structure and functions in the following sections.

1.3.2.1 LDAP Branch Server Object

Each Branch Server has a corresponding Branch Server object (scBranchServer) in the LDAP directory. This object stores configuration information that is specific to each Branch Server.

For more information on the scBranchServer object, see Chapter 11, The LDAP Directory on SUSE Linux Enterprise Point of Service.

1.3.2.2 LDAP Access

To complete its initial configuration and perform basic functions (such as registering Point of Service terminals and downloading system images and configuration files), the Branch Server must have administrator level access to the LDAP directory. This admin account and password are created by the posInitAdminserver command during the initial configuration of the Administration Server. When created, this account is not accessible in the LDAP tree.

LDAP communications can be secured with SSL. When you run the posInitAdminserver command, you can enable or disable SSL communication. Note that the firewall running on the Administration Server must allow traffic on the ldap and ldaps ports, 389 TCP/UDP and 636 TCP/UDP, respectively. For more information, refer to Section 4.2, “Initializing the LDAP Directory with posInitAdminserver.

The Branch Server mantains a local copy of the branch subtree from the Administration Server LDAP database.

1.3.2.3 Administrative Tasks

Other than emergency handling, no system administration is necessary on the Branch Server. All administrative tasks are controlled from the central Administration Server or are regularly executed by daemons running on the Branch Server. For emergencies and debugging, all administrative functions can be triggered locally or via SSH login by calling commands with few or no parameters.

If you need to update the Point of Service images stored on the Branch Server, you can run possyncimages to manually trigger the rsync update process and download new image files from the Administration Server. For more information, see Section B.3.9, “possyncimages”.

If you need to update the Point of Service hardware configuration information stored on the Branch Server, run pos dump-all. It regenerates the hardware configuration and config.MAC files for all Point of Service terminals found in LDAP. For more information on the pos command, see Section B.3.12, “pos”. Alternatively, you can trigger terminal updates from the Administration Server by setting scConfigUpdate under the respective scWorkstation object to TRUE (see Section 11.5.17, “scWorkstation”).

For more information on the pos command, see Section B.3.12, “pos”.

1.3.2.4 Services

In SUSE Linux Enterprise Point of Service, Branch Servers provide the services listed in Table 1.1, “Branch Server Services”.

Table 1.1: Branch Server Services

Service

Description

DNS

Every Branch Server runs a DNS master for that branch. The posldap2dns command generates the zone files for the BIND name server from the data in the LDAP directory and then reloads the zone files on each Branch Server.

DHCP

A DHCP server can be installed on the Branch Server. The posldap2dhcp command generates the dhcpd.conf file from branch data in the LDAP directory.

TFTP

The TFTP service on the Branch Server is structured with boot, image, Point of Service, and upload directories. There is a PXE default configuration with which all the Point of Service terminals first load the same initial initrd and the same kernel. For more information, see Section 1.3.2.6, “TFTP Server Directory Structure”.

If there is an error with a TFTP action, the service waits 60 seconds, then restarts.

FTP

Alternativelly FTP can be used instead of TFTP. FTP shares same directory structure with TFTP except PXE part. It is recommended on wireless networks not supporting high speed multicast. FTP overcomes the file size limit of TFTP, which enables it to deploy much bigger images.

1.3.2.5 High Availability Configuration

For high availability, Branch Servers can be configured in two-node pairs. The primary node runs all of the scripts and services required to download Branch Server configuration information, synchronize time, and download system images from the Administration Server. The secondary node stays synchronized with the primary, ready to take over and run the scripts and services if the primary fails.

For information on installing a high availability environment, refer to Section 7.2, “SUSE Linux Enterprise Point of Service High-Availability Installation Workflow”.

1.3.2.6 TFTP Server Directory Structure

SUSE Linux Enterprise Point of Service uses /srv/tftpboot as the tftp_root path for the TFTP server on the Branch Server. For more information about the file structure, refer to Section A.2, “Branch Server Directory Structure”.

Note
Note: Deletion of Point of Service Control File

The Point of Service control file hwtype.00:02:55:E8:FA:C9 is deleted (after being moved to /tftpboot/upload/backup) and backed up after successful registration in LDAP. For more information, see Section 6.3.3, “The hwtype.MAC.HASH File”.

1.3.3 Special Server Types

Apart from the default implementation shown in Figure 1.1, “SUSE Linux Enterprise Point of Service System Architecture”, SUSE Linux Enterprise Point of Service allows for a variety of different setups to match your individual requirements. You can create special types of servers, like a dedicated Image Building Server taking load from the Administration Server, or implement POSBranch Servers instead of fully-fledged Branch Servers as described in the following sections.

1.3.3.1 Image Building Server

If your system needs to manage a large number of Point of Service images, you can outsource the image building task to a dedicated Image Building Server. This reduces the processor and memory load required to generate images from the Administration Server. It also protects the Administration Server and LDAP directory from any possible corruption or user errors that might occur while building Point of Service images.

For information on installing and configuring the Image Building Server, see Chapter 3, Setting Up an Image Building Server.

1.3.3.2 POSBranch Server

For small stores, where the Branch Server only runs the Point of Service infrastructure, the Branch Server can be deployed as a control terminal running on Point of Service hardware. This POSBranch Server configuration is designed for systems that do not run Point of Service applications. However, if the terminal has sufficient memory and disk space, it can run some applications, if required.

Note
Note: Access Rights

This implementation of the POSBranch Server allows the Point of Service applications to run under a non-root account.

1.4 Images

SUSE Linux Enterprise Point of Service is designed to automate the rollout of Point of Service terminals as much as possible. To assist this automation, the product makes extensive use of image building technology. For each type of terminal, whether it is a non-graphical system or a graphical environment, you can create customized images to be downloaded automatically from the Branch Server when the terminal boots.

1.4.1 KIWI and Image Creator

To create the images for the Point of Service terminals, SUSE Linux Enterprise Point of Service includes both a command line tool (KIWI) and a graphical front-end for KIWI: Image Creator. Install the image building tools by selecting the SUSE Linux Enterprise Point of Service Image Server and the SUSE Linux Enterprise Point of Service Images software patterns in YaST.

When you build images for the Point of Service terminals, all the information required to run a Point of Service terminal—the Linux operating system, drivers, configuration settings, application files, and so forth—can be compiled into a single image file. This file can then be electronically distributed to Point of Service terminals over the network. Additionally, you can generate an ISO version of the image file that can be burned to a CD or copied to a USB flash drive for manual distribution.

For detailed information on KIWI and Image Creator, refer to Section 9.2, “Building Images with KIWI” and Section 8.1, “Building Images with the Image Creator Tool”.

1.5 SUSE Linux Enterprise Point of Service Deployment

SUSE Linux Enterprise Point of Service requires the following components for a functional system:

  • Administration Server,

  • Image Building Server,

  • Branch Servers,

  • Point of Service terminals.

The way in which these components are deployed depends on your system requirements. For example, systems that maintain hundreds of system images might require a dedicated Image Building Server, whereas smaller systems can have the image building utilities installed on the Administration Server. Some customers might install the Administration and Branch Servers on a single box, while others deploy the Branch Server on a Point of Service terminal.

The flexibility of the architecture provides broad scalability. In large environments components can be distributed to improve system performance, while in smaller environments components can be consolidated to maximize the use of system resources.

1.5.1 Design Guidelines for Large Environments

Every retail environment is different in terms of network speed, server hardware, Point of Service terminal hardware, size of images, frequency of updates, etc. This section presents some design guidelines for large environments.

The recommended maximum number of Point of Service terminals being serviced by a single Branch Server is 100. You can adjust this number up or down depending on how frequently the Point of Service terminals are reimaged and whether you can control when the terminals come online.

Note
Note: Time for Booting

For every 100 terminals coming online at the same time, it can take up to 10 minutes for the terminals to download larger graphical images. If the terminals are simply booting from an existing image, it can take 2-3 minutes per 100 terminals.

1.5.2 Installation and Setup

The following summary outlines the general steps required to deploy a SUSE Linux Enterprise Point of Service system. It also identifies the configuration options for each system component and notes where you can go to find detailed instructions.

  1. Install the Administration Server using one of the following configurations:

  2. Create the LDAP directory on your Administration Server. For detailed instructions, see Section 4.2, “Initializing the LDAP Directory with posInitAdminserver.

  3. Create the Point of Service images required to deploy your Point of Service terminals.

  4. Copy the image files you have created to the appropriate directories on the Administration Server so they will be ready for the Branch Servers to download.

    Important
    Important: Location of the System Images

    System images must be located in /srv/SLEPOS/image/ and boot images must be located in /srv/SLEPOS/boot/ on the Administration Server before rsync can transmit the images to the Branch Server.

  5. Create the required LDAP objects for each Branch Server and its Point of Service terminals in the LDAP tree. For detailed instructions, see Section 4.6.1, “Creating Branch Server Objects in LDAP”.

  6. Install the Branch Servers using one of the following configurations:

    Note
    Note: Configuring Admin/Branch Server Combinations

    If you install an Admin/Branch Server combination, this step is already completed.

    • Install a standard Branch Server. For detailed instructions, see Chapter 5, Setting Up a Branch Server.

    • Install a high availability Branch Server cluster of two nodes in an active/passive setup. For general information on how to set up a high availability environment, refer to the High Availability Guide, available from http://www.suse.com/documentation/sles11/.

    • For stores where the Branch Server is only running the Point of Service infrastructure (for example the Branch Server is running no additional applications), the Branch Server can be installed as a control terminal running on Point of Service hardware.

  7. After a Branch Server is installed, you must complete the following steps to initialize the Branch Server before attempting to boot its Point of Service terminals:

    1. Run the posInitBranchserver command to initialize and configure the Branch Server.

    2. Run possyncimages command to download the Point of Service images from the Administration Server to the /srv/tftpboot directories on the Branch Server. For detailed instructions, see Section 5.3, “Distributing Images to the Branch Server”.

    3. Start the core script (posleases2ldap) as a daemon process on the Branch Server. This script controls all other scripts. For more information, see Section 5.4, “Starting the posleases2ldap Core Script”.

    4. If there is a separate Administration Server, start the posASWatch command. It checks the availability of the Administration Server, the LDAP synchronization and replication, and the posleases2ldap core service. For more information, see Section 5.4, “Starting the posleases2ldap Core Script”.

  8. Deploy the Point of Service terminals, following the general instructions in Chapter 6, Booting Point of Service Terminals.

    Depending on your network configuration and terminal hardware, you must prepare the Point of Service terminals to boot using one of the following procedures:

    • If the Point of Service terminals have access to the network, the terminals can boot using PXE and download their image files from the Branch Server. This method is typically used for workstations that are not equipped with a hard disk. For more information on this process, see Section 6.4.1, “Network PXE Boot”.

    • If the Point of Service terminals do not have access to the network, create an isoboot or an oemboot image and deploy the image at the terminal. This method can be used for workstations that either are or are not equipped with a hard disk, and have a CD drive or a USB port. For information on the isoboot process, see Section 6.4.4, “Booting from CD (isoboot)”

    • If a Point of Service terminal cannot boot from the network or from a CD, it attempts to boot from the hard disk. For more information, see Section 6.4, “Booting the Point of Service Terminal”.

  9. Test your SUSE Linux Enterprise Point of Service installation to ensure that it is functioning correctly. For detailed instructions, see Section 7.1, “Monitoring the Terminal Boot-Up”.

Print this page