SAP S4 HANA on Azure VMs

By Ashwin Venugopal -

 



High Level Architecture

The following reference architecture shows a set of proven practices for running S/4 HANA in a high availability environment that supports disaster recovery on Azure.




Architectural Components

This reference architecture provides details about an enterprise-grade, production-level system and this configuration can also be reduced to a single virtual machine to suit your business, but the following components are needed:
  • Virtual Network-  The Azure virtual network service can connect all the Azure resources with each other securely while also allowing you to connect to an on-premises environment via virtual gateway provisioned as a part of ExpressRoute or Site-to-Site connection. This virtual gateway resides in the virtual network that serves as the hub of a hub-spoke hierarchy consisting of multiple, peered virtual networks while the spokes represent the individual virtual networks hosting the SAP applications and database tiers.

  • Subnets- All the virtual network is divided into separate subnets hosting application and database tiers with some additional subnets hosting infrastructure services and serving the role of the network perimeter even if they commonly reside in the hub virtual network.

  • Virtual Machines- virtual machines used for running Linux for the application tier as well as database tier can be grouped as:
  1. Application tier- which includes Fiori Front-end Server pool, SAP Web dispatcher pool, application server pool, and SAP Central Services cluster. A highly available Network File System (NFS) service is required for the high availability of Central Services on Azure Linux virtual machines. 
  2. NFS Cluster- It extensively uses an NFS server running on a Linux cluster to store data shared between SAP systems which can also be shared across multiple SAP systems. The High Availability Extension for the selected Linux distribution is used for the high availability of NFS service.
  3. SAP HANA- The database tier can use two or more Linux VMs in a cluster to achieve high availability. While HANA System Replication (HSR) is widely used to replicate contents between primary and secondary HANA systems, the Linux clustering is used to detect system failures and facilitate automatic failover. To ensure if the failed system is completely isolated or shut down in order to avoid the cluster split-brain condition, you can use a storage-based or cloud-based fencing mechanism.
  4. Jumpbox- It is also known as Bastion Host which can easily run a hardened operating system instance that the administrators can use to connect to the other virtual machines while also running Windows or Linux. You can use a Windows jumpbox to run tools like HANA cockpit or HANA studio.   

  • Load balancers- Both the built-in SAP load balancer instances are used to distribute traffic to VMs in the application and database tiers.

  • Availability sets- VMs for all the pools and clusters can be grouped into separate availability sets, from which at least two VMs are provisioned per role which the VMs eligible for a higher Service Level Agreement (SLA).

  • NICs- Network Interface Cards (NICs) can easily attach VMs to a virtual network.

  • Network Security Groups (NSGs)- They can restrict incoming, outgoing, and intra-subnet traffic in a virtual network.

  • Virtual gateway- It allows you to extend your on-premises network to the Azure Virtual network. It is recommended to use the ExpressRoute service for the cross premises connectivity of SAP deployments in Azure, but a Site-to-Site VPN or Virtual WAN can serve as alternatives.

  • Disks- Azure VM disks can provide persistent storage for SAP workloads.

  • SAP Web Dispatcher pool- It can be used as a load balancer for SAP traffic among all the SAP application servers and the parallel Web Dispatcher setup can be implemented to achieve high availability for the Web Dispatcher component. It also uses a round-robin configuration for HTTP(S) traffic distribution among the available Web Dispatchers in the load balanced backend pool.

  • Fiori Front-end server- It uses a NetWeaver Gateway which can be loaded on the Fiori server for small deployments but for large deployments a separate server for the NetWeaver Gateway may be deployed in front of the Fiori Front-end server pool.

  • SAP Central Services cluster- This is a potential Single Point of Failure (SPOF) when deployed to a single VM and if you want to implement a high availability solution, you can readily deploy multiple Central Services instances and configure them as members of a failover cluster with a shared disk or a file share providing highly available storage accessible by all cluster nodes.

  • Database servers- It can easily use two or more Linux VMs in a cluster to achieve high availability. You can also use HANA System Replication (HSR) to replicate contents between the primary as well as secondary HANA systems and Linux clustering to detect system failures  as well as facilitate automatic failover. 

  • Application server pool- You can simply deploy the Primary Application Server with one or more Additional Application servers to achieve high availability of application servers. The SMLG transaction which is used to manage logon groups for ABAP application servers, uses the load balancing function within the message server of the Central Services to distribute workload among SAP application servers pool for SAPGUIs and RFC traffic.   












Comments

Post a Comment

Popular posts from this blog

Query, Visualize, & Monitor Data in Azure Sentinel

By Ashwin Venugopal -
Image
  Azure Sentinel Workbooks Several ready for use templates are provided by the Azure Sentinel that can be used to create your own workbook and then modify them as needed for Contoso. Most of the data connectors it uses to ingest data come with their own workbooks, but better insight can be obtained by simply looking into the data that is being ingested by using tables and visualizations, including bar and pie charts. You can also make your own workbook easily by using this data from the beginning instead of using the predefined templates. Workbook Page You can easily access the workbook page from the Azure Sentinel from the navigation pane which consists of the: Workbook header- You can add a new workbook and review the saved workbooks as well as templates that are available on the workbook page. Templates section- You can access existing workbook templates on the Templates tab. You can save some of the workbooks for quick access and they will appear on the My Workbooks tab.  From the
Read more

Planning for Implementing SAP Solutions on Azure (Part 2 of 5)

By Ashwin Venugopal -
Image
  To read part 1 please click  here To read part 3 please click  here To read part 4 please click  here To read part 5 please click  here Load Balancing The load balancer uses probe ports to determine as well as route the traffic to an active DBMS node, but of there's any failover then the most common SAP application architecture can automatically reconnect against the private virtual IP address without the need for the SAP application to reconfigure it, while the load balancer redirect the traffic against the private virtual IP address without any need for the SAP application to reconfigure. The loaf balancer also offers an option of DirectServerReturn which if configured, can help in directing the traffic from the DBMS VM to the SAP application layer directly to the application layer without routing through the load balancer. But, if it isn't configured, then the return traffic to the SAP application layer is routed through the load balancer. You can also use Azure Load Balan
Read more

Work with String Data Using KQL Statements

By Ashwin Venugopal -
Image
  Extract Data from Unstructured String Fields Unstructured string fields often contains the Security log data and requires parsing to extract data. There are multiple ways of pulling information from string fields in KQL and the two primary operators used are extract and parse.  Extract It gets a match for a regular expression from a text string. You can convert the extracted substring to the indicated type.  Arguments regex- A regular expression. captureGroup- A positive int constant indicating the capture group to extract. 0 stands for the entire match, 1 for the value matched by the first '('parenthesis')' in the regular expression, 2 or more for subsequent parenthesis.  text- A string to search. typeLiteral- An optional type literal. If provided, the extracted substring is converted to this type.  Returns If regex finds a match in text- the substring matched against the indicated capture group captureGroup, optionally converted to typeLiteral. If there's no mat
Read more