SAP HANA on Azure (Large Instances) Security

 




SAP HANA on Azure (Large Instances) Security

Encryption of data on transit

Data transferred between HANA Large Instance and VMs is generally not encrypted but you can enable the application level encryption between the HANA DBMS and JDBC/ODBC- based applications.

Encryption of data at rest

You can enable this encryption easily whenever you want to deploy a HANA Large instance unit and you can also change the encrypted volumes after the deployment. However, the move from non-encrypted to encrypted volumes is transparent and doesn't require downtime. 

  • By default, the HANA Large Instances uses stirage encryption based on TDE (Transparent Data Encryption) for the data at rest.

  • Data in transit between HANA Large Instances and the VMs is not encrypted and you have to enable the application-specific encryption to encrypt the data transfer.

  • Isolation provides security between the tenants in the multi-tenant HANA Large Instance environment according to which tenants are isolated using their own VLAN.

  • Azure network security best practices offer helpful guidance.

  • Operating system hardening is recommended as with any other deployment.

  • Access to secure datacenters is limited to authorized personnel only for physical security and no customers can access the physical servers. 

SAP HANA on Azure (Large Instance) licensing

According to the licensing point of view, you should also account for the following:
  • Licenses for SUSE Linux Enterprise Server 12 for SAP Applications- The operating system that Microsoft delivers is neither registered with SUSE nor connected to a Subscription Management Tool instance. Hence, to remediate this you should deploy SUSE Linux Subscription Management Tool in an Azure VM which provides the capability for SAP HANA on Azure (Large Instances) to be registered and updated by SUSE respectively.

  • Licenses for Red Hat Enterprise Linux 6.7 or 7.x for SAP HANA- The operating system that's always delivered by Microsoft is neither registered nor connected to a  Red Hat Subscription Manager instance. To remediate this, you have to deploy the Red Hat Subscription Manager deployed in an Azure VM which also provides the capability for SAP HANA on Azure (Large Instances) to registered as well as updated by Red Hat respectively.

You should have a support contract with your Linux provider for SAP which isn't removed by the solution of HANA Large Instances or the fact that you run Linux in Azure. The service fee is not included in the solution offer of HANA Large Instance and you will have to fulfill the requirements of SAP regarding the support contracts with the Linux distributor. 





Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)