← Back to Dashboard

Design 41: SAP on Azure

Summary

This design implements SAP HANA on Azure.

Topology: SAP is a massive workload deployed in a dedicated Spoke VNet. It peers to the Hub for admin access and ExpressRoute connectivity.

1. Key Design Decisions (ADR)

ADR-01: Storage

  • Decision: Azure NetApp Files (ANF).
  • Rationale: Required for high-performance HANA database writes (sub-millisecond latency).

ADR-02: Availability

  • Decision: Availability Sets (N+1).
  • Rationale: SAP Application servers need to be close to the DB (Proximity Placement Groups).

2. High-Level Design (HLD)

+--------------+           +--------------------------+           +--------------+
|  SAP User    |           |        HUB VNet          |           |  SPOKE VNet  |
|  (GUI)       |           |      (ExpressRoute)      |           |  (SAP Prod)  |
+------+-------+           +------------+-------------+           +------+-------+
       |                                |                                |
       v                                | (Peering)                      |
+------+-------+                        v                                v
|  VPN / ER    |           +------------+-------------+           +------+-------+
|  Gateway     |---------->| Azure Firewall           |<--------->|  SAP App     |
+--------------+           |                          |           |  Servers     |
                           +--------------------------+           +------+-------+
                                                                         |
                                                                         v
                                                                  +--------------+
                                                                  |  HANA DB     |
                                                                  |  (M-Series)  |
                                                                  +--------------+

3. Low-Level Design (LLD)

                               PRIMARY REGION (East US)
+-----------------------------------------------------------------------+
| HUB VNet: vnet-hub (10.0.0.0/16)                                      |
|   +-----------------------+                                           |
|   | ExpressRoute Gateway  |                                           |
|   +-----------|-----------+                                           |
|               |                                                       |
|               v (Peering)                                             |
+---------------|-------------------------------------------------------+
                |
+---------------|-------------------------------------------------------+
| SPOKE VNet: vnet-sap-prod (10.1.0.0/16)                               |
|   +-----------------------+       +-----------------------+           |
|   | Subnet: App           |       | Subnet: DB            |           |
|   | [SAP App Server 1]    |------>| [HANA Primary]        |           |
|   | [SAP App Server 2]    |       | (Write)               |           |
|   +-----------------------+       +-----------|-----------+           |
+-----------------------------------------------|-----------------------+
                                                |
                                                v
                                    +-----------------------+
                                    | Azure NetApp Files    |
                                    | (NFS v4.1)            |
                                    +-----------------------+

                                      |
                                      | (HANA System Replication)
                                      v

                               SECONDARY REGION (West US)
+-----------------------------------------------------------------------+
| DR SPOKE VNet                                                         |
|   +-----------------------+                                           |
|   | HANA Secondary        |                                           |
|   | (Async Replica)       |                                           |
|   +-----------------------+                                           |
+-----------------------------------------------------------------------+

4. Component Rationale

  • M-Series VMs: Certified for SAP HANA (up to 12TB RAM).
  • Proximity Placement Group (PPG): Ensures App and DB VMs are physically close to reduce latency.

5. Strategy: High Availability (HA)

  • HANA: HSR (HANA System Replication) Synchronous mode with auto-failover (Pacemaker).

6. Strategy: Disaster Recovery (DR)

  • Implementation: HSR Asynchronous.
  • Process: Replicate data to West US. In disaster, promote West US DB to Primary.

7. Strategy: Backup

  • Tool: Azure Backup for SAP HANA.
  • Method: Backs up directly from HANA memory to Vault (no disk IO impact).

8. Strategy: Security

  • NSG: Strict rules. Only port 3200 (Dispatcher) allowed from Hub.
  • Encryption: HANA Volume Encryption.

9. Well-Architected Framework Analysis

  • Reliability: High.
  • Security: High.
  • Cost Optimization: Low. Very expensive. M-Series = $5k+/month. Reserved Instances are mandatory.
  • Operational Excellence: High.
  • Performance Efficiency: Excellent.

10. Detailed Traffic Flow

1. User: Opens SAP GUI.

2. Route: Traffic goes via ExpressRoute to Hub.

3. Peering: Hub routes to Spoke App Server.

4. Process: App Server processes logic.

5. Query: App Server queries HANA DB (sub-ms latency).

6. Result: Returned to User.

11. Runbook: Deployment Guide (Azure Portal)

11. Runbook: Deployment Guide (Azure Portal)

Phase 1: Create Spoke VNet

1. Search: "Virtual networks" -> + Create.

2. Resource Group: rg-sap-prod.

3. Name: vnet-sap-prod.

4. Region: East US.

5. Subnets:

* snet-app: 10.1.1.0/24.

* snet-db: 10.1.2.0/24.

* snet-anf: 10.1.3.0/24 (Delegated to Microsoft.NetApp/volumes).

6. Create.

7. Peer to vnet-hub.

Phase 2: Configure Storage (Azure NetApp Files)

1. Search: "Azure NetApp Files" -> + Create.

2. Name: anf-sap-prod.

3. Region: East US.

4. Create.

5. Go to Account -> Capacity pools -> + Add pool.

* Name: pool-premium.

* Service level: Premium (Required for HANA).

* Size: 4 TiB (Minimum).

* Create.

6. Go to Volumes -> + Add volume.

* Name: hana-data.

* Quota: 1024 GiB.

* Virtual network: vnet-sap-prod.

* Subnet: snet-anf.

* Protocol: NFS (v4.1).

* Create.

* *Note the Mount Path (e.g., 10.1.3.4:/hana-data).*

Phase 3: Deploy HANA VM

1. Search: "Virtual machines" -> + Create.

2. Resource Group: rg-sap-prod.

3. Image: SLES 15 SP3 for SAP Applications.

4. Size: Standard_E16ds_v4 (Memory Optimized) or M-Series for Production.

5. Networking:

* VNet: vnet-sap-prod.

* Subnet: snet-db.

* Public IP: None.

6. Advanced:

* Proximity placement group: Create new ppg-sap-prod.

7. Create.

Phase 4: Mount Storage & Install SAP

1. Login to VM (via Bastion/Hub).

2. Install NFS Client: sudo zypper install nfs-client.

3. Mount:

* mkdir /hana/data

* mount -t nfs -o rw,hard,rsize=65536,wsize=65536,vers=4.1,tcp 10.1.3.4:/hana-data /hana/data

4. Install SAP: Run SWPM (Software Provisioning Manager) pointing to /hana/data.

* *Note: Full SAP installation is outside the scope of this infrastructure runbook.*