WIXLIB

SAP HANA on AWSOperations Overview GuideDecember 2017

2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.NoticesThis document is provided for informational purposes only. It represents AWS’scurrent product offerings and practices as of the date of issue of this document,which are subject to change without notice. Customers are responsible formaking their own independent assessment of the information in this documentand any use of AWS’s products or services, each of which is provided “as is”without warranty of any kind, whether express or implied. This document doesnot create any warranties, representations, contractual commitments,conditions or assurances from AWS, its affiliates, suppliers or licensors. Theresponsibilities and liabilities of AWS to its customers are controlled by AWSagreements, and this document is not part of, nor does it modify, any agreementbetween AWS and its customers.

ContentsIntroduction1Administration1Starting and Stopping EC2 Instances Running SAP HANA Hosts2Tagging SAP Resources on 7Creating an Image of an SAP HANA System8AWS Services and Components for Backup Solutions9Backup Destination11AWS Command Line Interface12Backup Example13Scheduling and Executing Backups Remotely14Restoring SAP HANA Backups and Snapshots19Networking21EBS-Optimized Instances22Elastic Network Interfaces (ENIs)22Security Groups23Network Configuration for SAP HANA System Replication (HSR)24Configuration Steps for Logical Network Separation25SAP Support Access26Support Channel Setup with SAProuter on AWS26Support Channel Setup with SAProuter On-Premises28SecurityOS Hardening2929

Disabling HANA Services29API Call Logging29Notifications on Access30High Availability and Disaster Recovery30Conclusion30Contributors30Appendix A – Configuring Linux to Recognize Ethernet Devices for MultipleENIs31Notes33

AbstractAmazon Web Services (AWS) offers you the ability to run your SAP HANAsystems of various sizes and operating systems. Running SAP systems on AWSis very similar to running SAP systems in your data center. To a SAP Basis orNetWeaver administrator, there are minimal differences between the twoenvironments. There are a number of AWS Cloud considerations relating tosecurity, storage, compute configurations, management, and monitoring thatwill help you get the most out of your SAP HANA implementation on AWS. Thiswhitepaper provides the best practices for deployment, operations, andmanagement of SAP HANA systems on AWS. The target audience for thiswhitepaper is SAP Basis and NetWeaver administrators who have experiencerunning SAP HANA systems in an on-premises environment and want to runtheir SAP HANA systems on AWS.

Amazon Web Services – SAP HANA on AWS Operations Overview GuideIntroductionThis guide provides best practices for operating SAP HANA systems that havebeen deployed on Amazon Web Services (AWS) either using the SAP HANAQuick Start reference deployment process 1 or manually following theinstructions in Setting up AWS Resources and the SLES Operating System forSAP HANA Installation. 2 This guide is not intended to replace any of thestandard SAP documentation. See the following SAP guides and notes:o SAP Library (help.sap.com) - SAP HANA Administration Guide 3o SAP installation guides 4 (These require SAP Support Portal access.)o SAP notes 5 (These require SAP Support Portal access.)This guide assumes that you have a basic knowledge of AWS. If you are new toAWS, read the following guides before continuing with this guide:o Getting Started with AWS 6o What is Amazon EC2? 7In addition, the following SAP on AWS guides can be found here: 8o SAP on AWS Implementation and Operations Guide provides bestpractices for achieving optimal performance, availability, andreliability, and lower total cost of ownership (TCO) while running SAPsolutions on AWS. 9o SAP on AWS High Availability Guide explains how to configure SAPsystems on Amazon Elastic Compute Cloud (Amazon EC2) to protectyour application from various single points of failure. 10o SAP on AWS Backup and Recovery Guide explains how to back upSAP systems running on AWS, in contrast to backing up SAP systemson traditional infrastructure. 11AdministrationThis section provides guidance on common administrative tasks required tooperate an SAP HANA system, including information about starting, stopping,and cloning systems.Page 1

Amazon Web Services – SAP HANA on AWS Operations Overview GuideStarting and Stopping EC2 Instances Running SAPHANA HostsAt any time, you can stop one or multiple SAP HANA hosts. Before stopping theEC2 instance of an SAP HANA host, first stop SAP HANA on that instance.When you resume the instance, it will automatically start with the same IPaddress, network, and storage configuration as before. You also have the optionof using the EC2 Scheduler to schedule starts and stops of your EC2 instances. 12The EC2 Scheduler relies on the native shutdown and start-up mechanisms ofthe operating system. These native mechanisms will invoke the orderlyshutdown and startup of your SAP HANA instance. Here is an architecturaldiagram of how the EC2 Scheduler works:Figure 1: EC2 SchedulerTagging SAP Resources on AWSTagging your SAP resources on AWS can significantly simplify identification,security, manageability, and billing of those resources. You can tag yourresources using the AWS Management Console or by using the create-tagsfunctionality of the AWS Command Line Interface (AWS CLI). This table listssome example tag names and tag values:Page 2Tag NameTag ValueNameSAP server’s virtual (host) name

Amazon Web Services – SAP HANA on AWS Operations Overview GuideTag NameTag ValueEnvironmentSAP server’s landscape role, such as:SBX, DEV, QAT, STG, PRD, etc.ApplicationSAP solution or product, such as:ECC, CRM, BW, PI, SCM, SRM, EP, etc.OwnerSAP point of contactService LevelKnown uptime and downtime scheduleAfter you have tagged your resources, you can then apply specific securityrestrictions to them, for example, access control, based on the tag values. Hereis an example of such a policy from our AWS blog: 13{"Version" : "2012-10-17","Statement" : [{"Sid" : "LaunchEC2Instances","Effect" : "Allow","Action" : ["ec2:Describe*","ec2:RunInstances"],"Resource" : ["*"]},{"Sid" : "AllowActionsIfYouAreTheOwner","Effect" : "Allow","Action" : " : {"StringEquals" : {"ec2:ResourceTag/PrincipalId" :" {aws:userid}"}},Page 3

Amazon Web Services – SAP HANA on AWS Operations Overview Guide"Resource""*"]: [}]}The AWS Identity and Access Management (IAM) policy only allows specificpermissions based on the tag value. In this scenario, the current user ID mustmatch the tag value in order to be granted permissions. For more informationon tagging, refer to our AWS documentation and our AWS blog. 14, 15MonitoringThere are various AWS, SAP, and third-party solutions that you can leverage formonitoring your SAP workloads. Here are some of the core AWS monitoringservices: Amazon CloudWatch – CloudWatch is a monitoring service for AWSresources. 16 It’s critical for SAP workloads where it’s used to collectresource utilization logs and create alarms to automatically react tochanges in AWS resources. AWS CloudTrail – CloudTrail keeps track of all API calls made withinyour AWS account. It captures key metrics about the API calls and canbe useful for automating trail creation for your SAP resources.Configuring CloudWatch detailed monitoring for SAP resources is mandatoryfor getting AWS and SAP support. You can use native AWS monitoring servicesin a complementary fashion with the SAP Solution Manager. Third-partymonitoring tools can be found on AWS Marketplace. 17AutomationAWS offers multiple options for programmatically scripting your resources tooperate or scale them in a predictable and repeatable manner. You can leverageAWS CloudFormation to automate and operate SAP systems on AWS. Here aresome examples for automating your SAP environment on AWS:Page 4

Amazon Web Services – SAP HANA on AWS Operations Overview GuideAreaActivitiesAWS ServicesInfrastructureDeploymentProvision new SAP environmentSAP system cloningAWS CloudFormation 18AWS CLI 19CapacityManagementAutomate scale-up/scale-out of SAPapplication serversAWS Lambda 20AWS CloudFormationOperationsSAP backup automation (see the BackupExample)Amazon CloudWatchAmazon EC2 SystemsManagerPerforming monitoring and visualizationPatchingThere are two ways for you to patch your SAP HANA database with alternativesfor minimizing cost and/or downtime. With AWS, you can provision additionalservers as needed to minimize downtime for patching in a cost-effectivemanner. You can also minimize risks by creating on-demand copies of yourexisting production SAP HANA databases for life-like production readinesstesting.This table summarizes the tradeoffs of the two patching methods:PatchingMethodBenefitsTechnologies AvailablePatch anexisting server[x] Patch existing OS and DBNative OS patching tools[x] Longest downtime to existing server and DBPatch Manager 21[ ] No costs for additional on-demand instancesNative SAP HANA patchingtools 22[ ] Lowest levels of relative complexity and setuptasks involvedProvision andpatch a newserver[ ] Leverage latest AMIs (only DB patch needed)Amazon Machine Image (AMI) 23[ ] Shortest downtime to existing server and DBAWS CLI 24[ ] Can patch and test OS and DB separately andtogetherAWS CloudFormation 25[x] More costs for additional on-demand instancesSAP HANA System Cloning 27[x] More complexity and setup tasks involvedSAP HANA backups 28SAP HANA System Replication 26SAP Notes:1984882 29 - Using HANASystem Replication for HardwareExchange with minimum/zerodowntimePage 5