Azure for SAP Workloads Reference Architecture

By Ashwin Venugopal -

 



SAP NetWeaver with AnyDB on Azure VMs

This reference architecture consists of a set of proven practices for running SAP NetWeaver in a Windows environment on Azure with high availability and is always deployed with specific VM sizes that can changed to accommodate your organization's needs accordingly.

High level architecture




Architectural components

The architecture exhibits the following infrastructure and key software components:
  • Virtual network- The Azure Virtual network can securely connect all the Azure resources to each other as well as an on-premises environment via virtual gateway provisioned as a part of ExpressRoute or Site-to-Site connection. An ideal VDC design allows the virtual gateway to reside in the virtual network that also serves as the hub of a hub-spoke hierarchy containing multiple, peered virtual networks. The spokes represents the individual virtual networks hosting the SAP applications and database tiers.

  • Subnets- Every virtual network is divided into separate subnets hosting application (SAP NetWeaver) as well as database tiers with the additional subnets hosting infrastructure services such as Active Directory domain controllers and serving the role of the network perimeter while all these generally resides in the hub virtual network.

  • Virtual Machines- Azure VMs hosts the application and database tiers components grouped as SAP NetWeaver which runs SAP Central Services as well as SAP application servers; and AnyDB which runs as the source database like the Microsoft SQL Server, Oracle, or IBM DB2.

  • Jumpbox- It is also known as the Bastion Host which can easily run the hardened operating system instance that administrators can use to connect to the other VMs and also Windows or Linux. You can readily use a Windows jumpbox tools like HANA Cockpit or HANA Studio. 

  • Active Directory Domain Controllers- They can offer authentication as well as authorization services for Windows and Linux operating systems.

  • Load Balancers- They can be used to distribute traffic to Azure VMs in the application and database tiers. 

  • Availability Sets- Azure VMs serving the same role can be grouped into distinct availability sets with at least two VMs per availability set in the highly available configurations. On the contrary, the individual VMs serving the same role can also be deployed into the distinct availability zones, in multi-zone deployments.

  • Network Interface Cards (NICs)- They can attach VMs to a virtual network.

  • Network Security Groups (NSGs)- They restricts incoming, outgoing, and intra-subnet traffic in a virtual network.

  • Virtual Gateway- It can allow you to extend your on-premises network to the Azure virtual network and it is generally recommended to use ExpressRoute service for cross-premises connectivity of SAP deployments in Azure, but alternately, a Site-to-Site VPN or Virtual WAN can also do the job.

  • Disks- Azure VM disks offers persistent storage for SAP workloads. 

  • Azure Storage- It can provide a wide range of storage services and can also be used b Cloud Witness to implement quorum for Windows Server Failover Clustering.

  • SAP Web Dispatcher Pool- Its component can be used as a load balancer for SAP traffic among the SAP application servers and to achieve its high availability, Azure load balancer can also be used to implement the parallel Web Dispatcher setup. Web Dispatcher uses a round-robin configuration for HTTP(S) traffic distribution among all the available load dispatchers in the load balanced backend pool. 

  • SAP Central Services Cluster- It can be a potential Single Point of Failure (SPOF) whenever it is deployed to a single VM and if you want to implement a high availability solution, you can easily deploy multiple Central Services instances while configuring them as the members of a failover cluster with a shared disk or a file share providing highly available storage accessible by all the cluster nodes. 

Comments

Post a Comment

Popular posts from this blog

Query, Visualize, & Monitor Data in Azure Sentinel

By Ashwin Venugopal -
Image
  Azure Sentinel Workbooks Several ready for use templates are provided by the Azure Sentinel that can be used to create your own workbook and then modify them as needed for Contoso. Most of the data connectors it uses to ingest data come with their own workbooks, but better insight can be obtained by simply looking into the data that is being ingested by using tables and visualizations, including bar and pie charts. You can also make your own workbook easily by using this data from the beginning instead of using the predefined templates. Workbook Page You can easily access the workbook page from the Azure Sentinel from the navigation pane which consists of the: Workbook header- You can add a new workbook and review the saved workbooks as well as templates that are available on the workbook page. Templates section- You can access existing workbook templates on the Templates tab. You can save some of the workbooks for quick access and they will appear on the My Workbooks tab.  From the
Read more

Planning for Implementing SAP Solutions on Azure (Part 2 of 5)

By Ashwin Venugopal -
Image
  To read part 1 please click  here To read part 3 please click  here To read part 4 please click  here To read part 5 please click  here Load Balancing The load balancer uses probe ports to determine as well as route the traffic to an active DBMS node, but of there's any failover then the most common SAP application architecture can automatically reconnect against the private virtual IP address without the need for the SAP application to reconfigure it, while the load balancer redirect the traffic against the private virtual IP address without any need for the SAP application to reconfigure. The loaf balancer also offers an option of DirectServerReturn which if configured, can help in directing the traffic from the DBMS VM to the SAP application layer directly to the application layer without routing through the load balancer. But, if it isn't configured, then the return traffic to the SAP application layer is routed through the load balancer. You can also use Azure Load Balan
Read more

Work with String Data Using KQL Statements

By Ashwin Venugopal -
Image
  Extract Data from Unstructured String Fields Unstructured string fields often contains the Security log data and requires parsing to extract data. There are multiple ways of pulling information from string fields in KQL and the two primary operators used are extract and parse.  Extract It gets a match for a regular expression from a text string. You can convert the extracted substring to the indicated type.  Arguments regex- A regular expression. captureGroup- A positive int constant indicating the capture group to extract. 0 stands for the entire match, 1 for the value matched by the first '('parenthesis')' in the regular expression, 2 or more for subsequent parenthesis.  text- A string to search. typeLiteral- An optional type literal. If provided, the extracted substring is converted to this type.  Returns If regex finds a match in text- the substring matched against the indicated capture group captureGroup, optionally converted to typeLiteral. If there's no mat
Read more