SLES 16: SUSE's Flagship Linux with AI and Post-Quantum Crypto

A new flagship operating system from SUSE: SLES 16 comes with several changes. During installation, Agama replaces the familiar YAST. While the general process doesn't change, the installation can now be followed via a web browser. For automation, configurations in JSON format are now used, which can even be applied via an API. Once SLES 16 is running, it can also be managed via a browser, for which SUSE relies on the well-known Cockpit project. This also includes self-developed modules, one of which is for the BTRFS file system. For general automation, SLES 16 includes Ansible.

Service packs no longer exist; they are now called “Minor Releases.” The versioning scheme is now also 16.X. SUSE currently plans seven such minor releases: from 16.0 to 16.6. Users can receive support for each for up to five years. This means SLES 16 can be operated worry-free for approximately 16 years in total. However, the year 2038 problem also falls within this period. SUSE has addressed this and replaced the 32-bit data type time_t in core components.

Secure in the Future Too

In the area of future security, there are further innovations in SLES 16. The keyword is :post quantum cryptography. The current assumption is that the known asymmetric encryption methods will no longer be secure enough by the year 2029. By 2034, they are expected to be completely breakable by quantum computers. However, the US National Institute of Standards and Technology (NIST) has already released initial encryption standards that address this issue. SLES already integrates these into the following applications: OpenSSL, Libgcrypt, Mozilla NSS, and Golang.

The alignment with the general Linux world is even greater in SLES 16. Instead of iptables, nftables are now in vogue. The Xen hypervisor is no longer included -- KVM is the standard. Wayland replaces X.org as the default. However, SLES 16 still supports X11 applications. SELinux is now the technology for MAC (Mandatory Access Control). The journey with AppArmor is coming to an end.

Although Redis has returned to open-source meanwhile, SLES 16 now comes with Valkey. Those operating a DHCP server can now use the ISC successor KEA, which also comes from the Internet Systems Consortium. This had announced in 2022 that 4.4.3-P1 and 4.1-ESV-R16-P2 were the last versions of the ISC DHCP server. KEA is the designated successor. Speaking of updates: SLES 16 comes with Kernel 6.12, glibc 2.40, systemd 257, and has OpenSSH in version 9.9—thus, regular maintenance.

The last important change comes from the area of configuration file management. SLES 16 adopts an idea from systemd creator Lennart Poettering called hermetic USR or UsrEtc. Here, all important operating system files are to be located in the /usr directory and should essentially be immutable. The latter means that this directory is mounted as read-only -- write access is not necessary. This is intended to be the basis for a bootable system. With the information and tools in /usr, Linux may generate missing entries in /etc or other system partitions at startup. But the approach goes further: simply copying /usr to a new machine should create a bootable Linux. Such approaches have been known for a long time from the area of minimal cloud operating systems, for example, from CoreOS.

Ready for AI Agents

Of course, SLES also needs to include a bit of artificial intelligence. In 2025, the buzzword is MCP (Model Context Protocol). SUSE has equipped its flagship product with a corresponding server function. However, this is currently only available as a technical preview. Nevertheless, it is the foundation for the next steps: the integration of agent-based AI into the operating system.

The first look at SLES 16 leaves a very good impression. The standardization of software greatly simplifies the switch from other Linux distributions. SUSE itself also benefits from synergy effects in development and operation. With the presented changes, SLES is well-positioned for its 16-year journey. This includes the year 2038 problem as well as the challenge of encryption in the age of quantum computers.

Further information on SLES 16 can be found at SUSE.

(dahe)