SAP on Azure: The Big Picture - Notes

The 90-minute Pluralsight course SAP on Azure: The Big Picture provides a "just enough" backgrounder on SAP & options for hosting SAP workloads on major cloud providers, mainly Azure.

My paraphrased notes - 

Four common options with major cloud providers:

  • HEC or HANA Enterprise Cloud is a bundled managed service from SAP covering SAP application management, infrastructure services & security services
  • AWS is the first public cloud provider in the market to offer SAP in cloud
  • Google Cloud
  • Azure 

AWS, Azure & Google Cloud can run the following SAP products:
1. SAP S/4 HANA – SAP HANA
2. SAP BW / SAP Hybris
3. SAP Business Suite / SAP Business One
4. SAP NetWeaver

In addition to the above products, Azure can also run SAP HANA Enterprise Cloud, so you can get that SAP contract and still run your SAP instance on Azure. 

SAP solutions on Azure can run on a variety of database such as: HANA, Oracle, SQL Server, or PaaS databases like Azure SQL, & CosmosDB
Modules in SAP solutions can be categorized into Functional & Technical Modules

ABAP or Advanced Business Application Programming is an event-driven programming language used for SAP development which runs in the SAP ABAP runtime environment.

NetWeaver is a software stack and a full runtime environment to run your SAP products on.

SAP technical components include the presentation layer, the application layer, and the database layer

Best practices -

Governance
1. A dedicated subscription for SAP systems and related resources
3. Create the subscription for SAP in an Azure region that will have all of the planned services available
4. For SAP DR use the same subscription
5. Use Azure locks to lock critical SAP resources
6. Recommend using Tag SAP resources 
7. Create a Resource Group per SAP SID 
8. Recommend using Azure Policy to enforce security & compliance for infrastructure
9. Follow the least privilege access model with RBAC 

Networking 
1. Hub and Spoke Topology
2. Deploy SAP as Spoke
3. Separate landscapes (dev, prod, etc.) using VNETs (instead of Subscriptions)
4. Use VNet Peering when VM's in separate landscapes need to talk across VNets
5. Avoid using PIPs if possible
6. Deploy ExpressRoute for cloud & on-premises connectivity
7. Use a Next Generation Firewall (NGFW) to secure north/south & east/west traffic 
8. Use NSGs to secure traffic between subnets

Compute
1. Ensure proper sizing was done with SAP Sizer & SAPS before deploying VMs
2. Be sure to use certified VMs for production (SAP Note 1928533)
3. Windows and Linux are both supported on Azure (SLES, REHL, Win Server)
4. Follow SAP Notes for specific OS parameters/configuration
5. Utilize Azure native tooling for patching, inventory & change tracking
6. Use managed disks with SAP VMs
7. Enable encrypt OS & Data disks (BitLocker for Windows & DM-Crypt for Linux)
8. Use Accelerated networking on SAP VM NICs
9. Deploy all SAP VMs in Availability Sets for HA

Storage
1. Use premium Managed disks for supported SAP Systems (Note 1928533)
2. Select premium Managed disks based on IOPS & disk throughput requirements 
3. Ensure Storage Service Encryption (SSE) is enabled for Managed Disks & snapshots 
4. Use Write Accelerator for database Logs when using M series VMs (eg: /hana/log )
5. Mount Azure storage disk by using UUID (universally unique identifier)
6. Use Windows storage spaces or LINUX-LVM to stripe disks & aggregate IOPS, throughput & storage capacity
7. For Windows Shared Storage use Azure Files & Scale-Out File Server (SOFS for HA) 
8. For Linux / HANA Shared Storage use Azure NetApp files (ANF) or NFS Cluster

Backup
1. Use "Azure Backup" to protect SAP VMs
2. Use "Azure Backup" to protect SQL databases
3. Use "Azure Backup for SAP HANA" to protect HANA databases

Monitoring
1. For infrastructure monitoring use "Azure Monitor for SAP Solutions"
2. Use ABAP SDK for Azure to get near real time telemetry from SAP
3. For HANA DB or SQL telemetry use "Azure Monitor for SAP Solutions" 
4. For Pacemaker cluster telemetry use "Azure Monitor for SAP Solutions" 
5. To monitor multiple SAP HANA instances or multiple Pacemaker clusters use "Azure Monitor for SAP Solutions"
6. For real-time monitoring of SAP apps and DBs, use SAP Solution Manager

Disaster recovery
1. For SAP DR use the same subscription 
2. Ensure that primary and DR regions are Region Pairs 
3. Utilize Traffic Manager or Azure Front Door for automatic failover of any public internet traffic
4. Highly recommended to deploy dual Express Routes across primary and DR region for cloud to on-premises failover 
5. Utilize Azure Site Recovery for disaster recovery of SAP Systems
6. For HANA database disaster recovery utilize HANA System Replication (HSR)
7. For SQL database disaster recovery utilize SQL Always On
8. For Oracle database disaster recovery utilize Oracle Data Guard
9. For NFS disaster recovery utilize Rsync, File Replication, or Cloud Sync

Capacity sizing for Azure is based on SAPS or SAP Application Performance Standard, a hardware-independent unit of measurement that describes the performance of a system configuration in the SAP environment. It is derived from the Sales and Distribution SD-Benchmarks, where 100 SAPS is defined as 2,000 fully business processed order line items per hour.

Quick Sizer is a free web-based tool built by SAP in partnership with platform partners such as Azure to help with sizing your SAP instance.

For greenfield deployments, Terraform (to set up the infrastructure as code) & Ansible (configuration as code tool) can be used.
Related:

Comments

Post a Comment