SUSE Rancher Prime on Lenovo ThinkSystem V4 Servers

Containers have revolutionized software deployment by providing a lightweight, portable, and consistent environment for running applications. Kubernetes has emerged as the de facto standard for container orchestration. Rancher is a complete Kubernetes management platform that simplifies operations across multi-cluster and hybrid cloud environments.

SUSE Rancher Prime is the enterprise-grade product, offering support, security hardening, and long-term maintenance. It’s ideal for production environments requiring SLAs and certified compliance.

SUSE Rancher Prime with SLES on bare-metal provides an open, on-premises Kubernetes platform that maximizes performance, security, and control. It enables SUSE Rancher Prime to centrally manage bare-metal Kubernetes clusters and the applications running on them, helping modernize infrastructure without introducing proprietary complexity or overhead.

Rancher Prime and SUSE Virtualization on bare-metal maximize performance with direct hardware access, support diverse workloads across environments, provide centralized management at scale, and ensure enterprise-grade security and stability without vendor lock-in.

Figure 1. SUSE Rancher Prime Architecture on bare-metal

SUSE Rancher Prime offers a complete solution for running and managing Kubernetes, a platform designed to run containerized applications. It includes tools for deploying, monitoring, and securing your apps, and simplifies the management of multiple Kubernetes clusters across various environments, whether on-premises, in the cloud, or edge integration.

SUSE Rancher Prime is compatible with leading Linux distributions such as SUSE Linux Enterprise Server, Red Hat Enterprise Linux, and more, giving your team the flexibility to choose the operating system that fits best. It also supports container runtimes like containerd, ensuring future-ready performance and adaptability. With built-in policies and integrations for common identity providers, you can easily manage access and keep your clusters secure.

Core Features

• Core Stack:
  • Kubernetes
  • Accelerate Innovation
  • Unified Security and Control
• Operating System Support:
  • SUSE Linux Enterprise Server (SLES)
  • Red Hat Enterprise Linux (RHEL)
• Container Runtime Support:
  • containerd

Optional Features

• Multi-Cluster Management: SUSE Rancher Prime enables unified control over many Kubernetes clusters, regardless of where they're deployed, on-premise, edge, or public cloud. Ideal for organizations with separate test, and production environments, or distributed teams.
• Public Cloud Integration: Connect and manage clusters in the cloud, alongside Kubernetes cluster on your on-premise Lenovo servers. SUSE Rancher Prime supports hybrid and multi-cloud deployments. Simplifies migration, scaling, or bursting workloads to the cloud.
• Edge Integration: Deploy lightweight Kubernetes clusters at remote sites or edge locations. Lightweight K3s distribution is perfect for resource-constrained edge devices.

Choosing the appropriate hardware is essential for optimizing Kubernetes performance on bare-metal. Lenovo offers powerful ThinkSystem rack servers and flexible ThinkEdge edge devices, with support for a range of platforms and CPU options. Final hardware decisions should be guided by workload requirements, budget, and power efficiency.

Networking for Kubernetes deployments can be optimized with onboard 1, 10 or 25 GbE NICs, providing reliable high-speed connectivity for most environments. For more demanding workloads, optional SmartNICs are available to offload CNI, improving efficiency and performance. The infrastructure is also compatible with TOR switches (optional integration), offering flexible and scalable connectivity options to meet diverse infrastructure requirements.

Storage options for Kubernetes deployments range from local to enterprise-grade solutions. Local NVMe or SATA SSDs can be configured for redundancy and are optimized for use with SUSE Storage to deliver high-performance, resilient storage within the cluster. For external storage, enterprises can integrate Lenovo DM/DG series systems, supporting multiple storage protocols, along with dynamic volume provisioning for flexibility and scalability. Additionally, Lenovo DSS-G provides a reliable, file-based storage option for environments that require large-scale, high-capacity storage solutions.

When running Kubernetes on bare-metal, storage integration is a key factor for performance, scalability, and resilience. SUSE Rancher Prime streamlines this by supporting both local and external storage solutions.

It enables lightweight, highly available block storage with SUSE Storage, integrates smoothly with enterprise storage systems like NetApp ONTAP through Trident, and works with cloud-based block storage for hybrid scenarios. This flexibility allows organizations to adapt storage to their specific workload and infrastructure needs, while maintaining consistent, centralized management across the Kubernetes environment.

• Local Storage: SUSE Storage is an efficient, dependable, and easy-to-use distributed block storage solution built specifically for Kubernetes environments. It is based on Longhorn, an open-source, cloud-native distributed block storage solution that integrates seamlessly with SUSE Rancher for simple installation and management. It is ideal for creating local SSD storage pools on Lenovo servers, especially in bare-metal or edge environments without external SAN/NAS systems. It delivers built-in snapshots, backups, and high-availability volumes, eliminating the need for external storage tools.
• External Storage: External storage through NetApp Trident integrates with ONTAP, enabling dynamic provisioning of persistent volumes. It delivers high-performance, centralized storage with enterprise-grade features such as deduplication, snapshots, and disaster recovery.
• Cloud/Hybrid Option: For cloud or hybrid deployments, SUSE Rancher Prime supports cloud block storage enabling Kubernetes clusters to run on cloud computing platforms. This provides scalable storage without the need to manage physical hardware.

Networking is a key component of Kubernetes, particularly on bare-metal, where performance, security, and flexibility are crucial. SUSE Rancher Prime supports several CNI plugins. This allows organizations to build a networking stack that matches their workload requirements and compliance standards.

• Recommended CNI Plugin: Calico provides advanced, widely adopted networking for Kubernetes, offering built-in network policies and security controls. It enables fine-grained network security, full control over traffic policies, and is well-suited for regulated or security-sensitive environments.
• Infra Dependencies: Effective Kubernetes networking requires consistent settings for improved performance and efficiency.

Security is essential for Kubernetes, especially on bare-metal, where visibility and control are critical. SUSE Rancher Prime provides comprehensive security features across the cluster lifecycle, including identity and access management with RBAC and external authentication, pod-level security, runtime protection, and image scanning. It enables organizations to secure sensitive workloads, meet compliance requirements, and implement DevSecOps practices within a policy-enforced, fully auditable environment.

• Identity & Access Management: SUSE Rancher Prime provides centralized identity control, ensuring least-privilege access across multi-team and multi-cluster environments.
• Pod Security Admission (PSA) enforcement: PSA enforces Kubernetes Pod Security Standards with namespace-level policies, privileged, baseline, or restricted, preventing risky pod configurations such as privileged containers or host network access.
• Secrets Management: Sensitive data like passwords, API keys, and tokens are securely stored using Kubernetes Secrets or external managers such as HashiCorp Vault or cloud key vaults, keeping secrets safe from exposure.
• Container Image Security: SUSE Rancher Prime provides the SUSE Private Registry, offering a secure, enterprise-grade solution for storing and managing container images. It supports trusted registries, vulnerability scanning, and access controls to ensure that only verified, compliant images are deployed across clusters.
• Network Security: Network policies (via Calico), TLS ingress, and firewalls control pod communication and external access, safeguarding the cluster’s internal and external connectivity.

SUSE Security provides Runtime Protection among other features. It protects running workloads with real-time monitoring, vulnerability scanning, threat detection, and container firewalling, ensuring sensitive workloads remain secure in production.

Kickstart your Kubernetes strategy with a powerful yet minimal production-ready cluster, perfect for small-scale environments or proof-of-concept initiatives. This configuration combines enterprise-grade hardware with trusted open-source technologies to deliver a seamless, scalable foundation for containerized workloads.

Key Highlights:

• Optimized Control Plane: Three Lenovo ThinkSystem SR630 V4 or SR650 V4 servers (1U/2U) ensure high availability and robust orchestration.
• Flexible Worker Nodes: Start with two and scale as needed. Adapt to your workload demands with ease.
• High-Performance Storage: SUSE Storage leverages local SSDs to deliver fast, reliable data access.
• Secure, Scalable Networking: Calico provides advanced networking and policy enforcement for secure container communication.

Whether you're validating a new architecture or laying the groundwork for future expansion, this solution offers a fast, efficient path to Kubernetes success on your terms.

Figure 2. Minimal Production Cluster

Key operational considerations for managing Kubernetes clusters with SUSE Rancher Prime on bare-metal include seamless cluster scaling, automated workload rescheduling in case of node failures, and robust data protection through integrated backup and disaster recovery options. Monitoring is supported by SUSE Rancher’s built-in Prometheus and Grafana stack, complemented by hardware insights via Lenovo XClarity Controller.

• Scaling Cluster:
  • Rancher UI/CLI/API allows easy addition of new nodes
  • Worker node failure: Automated workload rescheduling
• Backup and Disaster Recovery:
  • SUSE Rancher Prime supports etcd snapshots (scheduled or manual)
  • SUSE Storage: Integrated backup capabilities for reliable data protection
  • External Storage: Snapshot and volume replication features
• Monitoring:
  • Built-in Prometheus/Grafana stack via SUSE Rancher
  • Optional integration with Lenovo XClarity One for hardware monitoring and firmware updates

Additionally, optional technologies such as SmartNICs and DPUs are designed to enhance performance and efficiency in demanding edge or AI/ML environments. These components can offload networking, storage, and security functions, making them ideal for high-performance scenarios where speed and resource optimization are critical.

Rancher Suite extends Rancher Prime by bundling additional SUSE solutions into a single subscription. It includes products such as SUSE Harvester (HCI), SUSE Security (container security), SUSE Storage (storage), and SUSE Elemental (edge management), offering unified management, security, and scalability across hybrid and edge environments.