Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The following example focuses on the SAP BW/4HANA application tier. This application tier suits small-scale production environments of SAP BW/4HANA on Azure that require high availability (HA).
Architecture
Download a Visio file of this architecture.
Workflow
The following workflow corresponds to the previous diagram:
Data packets flow through the on-premises network gateway that passes through the Azure ExpressRoute carrier's premises.
The data packets enter the Microsoft Azure network from the ExpressRoute carrier's network onto the Azure hub virtual network.
If the data packets meet perimeter Azure Virtual Network security requirements, they connect to the spoke virtual network that contains the SAP application servers and database.
The encrypted data packets reach the SAP Web Dispatcher servers, where they're decrypted.
Application servers use the decrypted packets, perform the business logic, request data from the SAP HANA database, and generate annual transaction volume information.
The system returns the data retrieval and analysis results to the user along the same path as the original inquiry.
Components
Virtual Network securely connects Azure resources to each other and to an on-premises environment. In this architecture, multiple virtual networks are peered together.
The application tier uses Linux virtual machines (VMs) in the following SAP application components:
SAP BusinessObjects (BOBJ) server pool
SAP Web Dispatcher pool
Application servers pool
SAP Central Services cluster
Azure Load Balancer distributes network traffic across backend resources. In this architecture, an internal load balancer directs traffic to VMs in the application subnet. This example uses SAP Web Dispatcher and Azure Load Balancer for HA. Use these services to scale out for capacity extension, or choose Azure Application Gateway or a partner product. Select the option based on traffic type and required functionality, such as TLS termination and forwarding.
Network security groups (NSGs) filter and control network traffic in Azure virtual networks. In this architecture, NSGs attach to a subnet or to the NICs on a VM and restrict incoming, outgoing, and intrasubnet virtual network traffic.
Azure Bastion provides secure remote access to Azure VMs through the Azure portal. In this architecture, Azure Bastion provides secure access to Azure VMs without a jump box or a public IP address and reduces internet-facing exposure.
Azure managed disks provide persistent block storage for Azure VMs. In this architecture, Azure managed disks provide data persistence for VMs that run SAP workloads. Use Azure Premium SSDs or Azure Ultra Disk Storage.
Azure NetApp Files provides fully managed, high-performance file storage for cloud workloads. In this architecture, Azure NetApp Files supports shared storage for high-performance scenarios that host SAP HANA data and log files when you use a cluster. Azure NetApp Files is fully managed and scalable for demanding workloads. It provides bare-metal performance, submillisecond latency, and integrated data management for:
SAP HANA.
High-performance computing.
Line-of-business applications.
High-performance file sharing.
Virtual desktop infrastructure.
Power BI is a business analytics service that provides data analysis and visualization capabilities. In this architecture, Power BI accesses and visualizes SAP BW/4HANA data from your Windows desktop by using SAP BW Connector. Power BI Desktop imports data from SAP sources, such as SAP BW/4HANA, for analysis and visualization. Power BI provides a business context or a semantics layer over raw data, which complements the SAP BOBJ universe.
Azure Backup provides backup and recovery services for Azure workloads. In this architecture, Azure Backup serves as an SAP Backint-certified data protection solution for SAP HANA in single-instance and scale-up deployments and protects Azure VMs that have general workloads.
Azure Site Recovery orchestrates disaster recovery (DR) for workloads that run on Azure and on-premises. In this architecture, Azure Site Recovery forms part of an automated DR solution for multitier SAP NetWeaver application deployments. For more information about the capabilities and restrictions of this solution, see Support matrix for Azure VM DR between Azure regions.
Alternatives
This architecture includes multiple components that you can substitute with other Azure services or approaches, depending on your workload's functional and nonfunctional requirements. Consider the following alternatives and their trade-offs.
To help protect SAP global host files for SAP Central Services and the SAP transport directory, deploy Network File System (NFS) servers in a failover cluster configuration.
To protect global host files for Central Services, use SIOS clustering solutions instead of NFS or Azure NetApp Files.
Application Gateway is a web traffic load balancer. It provides TLS termination, a web application firewall (WAF), and other high-availability and scalability features. You can use it as a gateway for the SAP Fiori front end in some SAP production deployments.
Scenario details
SAP BW/4HANA is an enterprise data warehouse solution that's designed for the cloud and optimized for SAP HANA. This architecture focuses on the SAP BW/4HANA application tier, and suits high-availability, small-scale production environments.
This example workload uses a similar deployment approach to SAP NetWeaver (Windows) for AnyDB on VMs and SAP S/4HANA for Linux VMs on Azure. The application layer deploys by using scalable VMs.
The simplified network layout demonstrates best-practice architectural principles for a hub-spoke topology-based Azure enterprise deployment.
Note
For more information about deployment considerations for SAP workloads on Azure, see the SAP on Azure planning and deployment checklist.
For more information about the data persistence layer, see Run SAP HANA on Linux VMs.
Potential use cases
This scenario is relevant to the following use cases:
Deployment of an SAP application layer that's separate from the DBMS layer
DR scenarios
SAP application tier deployments
Recommendations
You can apply the following recommendations to most scenarios. Many recommendations for SAP S/4HANA on Azure also apply to SAP BW/4HANA deployments. Follow these recommendations unless you have a specific requirement that overrides them.
VMs
For more information about SAP support for Azure VM types and throughput metrics, see SAP applications on Azure: Supported products and Azure VM types.
Important
To access SAP notes, open or sign in to your SAP Service Marketplace account.
For more information about VM certification for SAP HANA scale-out deployments, see the SAP HANA hardware directory.
Application servers pool
In an application servers pool, you can adjust the number of VMs based on your requirements. Azure is certified to run SAP BW/4HANA on Red Hat Enterprise Linux and SUSE Linux Enterprise.
Use SMLG to manage and load-balance logon groups for Advanced Business Application Programming application servers. Use SM61 to manage batch server groups. Use RZ12 to manage Remote Function Calls (RFC) groups.
SMLG transactions use the Central Services message server's load-balancing capability to distribute incoming sessions and workload to the SAP application servers pool for SAP GUIs and RFC traffic.
SAP Central Services cluster
This example shows a highly available cluster that uses Azure NetApp Files as a shared file-storage solution. High availability for the Central Services cluster requires shared storage. Azure NetApp Files provides a simple, highly available option that doesn't need Linux cluster infrastructure. Alternatively, set up a highly available NFS service.
The application server VMs support multiple IP addresses per NIC. This feature uses virtual host names for installations. Virtual host names decouple SAP services from the physical host names and simplify migration between physical hosts.
Application servers connect to Central Services on Azure by using Central Services or Enqueue Replication Server (ERS) virtual host names. Assign these host names to the load balancer's cluster front-end IP address configuration. Load balancers support multiple front-end IP addresses so that you can bind Central Services and ERS virtual IP addresses to one load balancer.
Multi-SID installation
Azure supports HA for multisystem ID (multi-SID) installations in Linux and Windows clusters that host Central Services (ASCS/SCS). For more information about Pacemaker cluster deployments, see the Azure multi-SID documentation for:
Proximity placement groups
To reduce network latency between VMs, this example architecture uses a proximity placement group. This group applies a location constraint to VM deployments and minimizes the physical distance between them.
Azure Virtual Machine Scale Sets
To provide maximum spread across available fault-domains, place VMs in availability zones or regions by using Azure Virtual Machine Scale Sets.
Database
SAP BW/4HANA is designed for the SAP HANA database platform. Azure provides the following scalability and deployment options:
To achieve HA in a scale-up SAP HANA deployment, the database tier uses multiple Linux VMs in a cluster.
Some VMs support a scale-out deployment of SAP HANA.
The SAP HANA hardware directory provides a list of VM SKUs that support online analytical processing and online transaction processing workloads for scale-up and scale-out configurations.
Storage
This example uses Premium SSDs for nonshared application server storage. This example uses Azure NetApp Files for cluster shared storage.
Premium SSD v2 is designed for performance-critical workloads like SAP. For more information about this solution's benefits and limitations, see Deploy a Premium SSD v2.
Ultra Disk Storage reduces disk latency for performance-critical applications like SAP database servers. To compare block storage options in Azure, see Azure managed disk types.
Standard managed disks aren't supported.
Use Azure cool and archive access tiers as a backup data store. These tiers offer cost-effective storage for archived and infrequently accessed data.
Networking
To provide logical isolation and security boundaries for an SAP landscape, deploy a hub-spoke topology. For more information about networking, see the SAP S/4HANA reference architecture.
The hub virtual network provides a central point of connectivity to an on-premises network. Spoke virtual networks peer with the hub and isolate workloads. Traffic flows between the on-premises datacenter and the hub by using a gateway connection.
You can include one or more ExpressRoute circuits that connect on-premises networks to Azure. You can reduce network bandwidth demand and overhead by using a VPN.
Considerations
These considerations implement the pillars of the Azure Well-Architected Framework, which is a set of guiding tenets that you can use to improve the quality of a workload. For more information, see Well-Architected Framework.
Reliability
Reliability helps ensure that your application can meet the commitments that you make to your customers. For more information, see Design review checklist for Reliability.
Availability
Highly available infrastructure relies on resource redundancy. Design a system that meets a resiliency target based on the application's intended service level. Align the architecture with the resiliency target and the intended service level. To select an appropriate solution, see the service level agreements for online services.
To maximize application availability, deploy redundant resources in an availability set or across availability zones. For more information, see the SAP S/4HANA reference architecture.
Load Balancer
Load Balancer is a layer 4 network transmission service. In cluster configurations, Load Balancer directs traffic to the primary service instance or to a healthy node during a fault. Use Load Balancer for SAP scenarios because it offers security and blocks outgoing traffic from the back-end pool, unless you turn on outbound connectivity to public endpoints. For outbound connectivity, you can use Azure NAT Gateway. Load Balancer is zone-aware when you deploy SAP workloads in Azure availability zones.
Web Dispatcher
SAP Web Dispatcher serves as an HTTP(S) load balancer for SAP traffic across SAP application servers. To achieve HA for Web Dispatcher, Load Balancer implements either a failover cluster or a parallel Web Dispatcher. For more information, see SAP Web Dispatcher.
Web Dispatcher offers extra-layer services, known as layer 7 services, for TLS termination and other offloading functions.
You don't need another load balancer for SAP GUI traffic from clients that connect to an SAP server by using DIAG protocol or RFC. Central Services balances the load by using logon groups in the SAP application server.
To address security concerns in internet-facing communications, use a stand-alone solution in a perimeter network.
You can install SAP Web Dispatcher in the ASCS instance. If you choose this option, SAP installs Integrated Web Dispatcher within the ASCS instance, so you don't need a separate Web Dispatcher instance or dedicated resources. Size the instance to account for the extra workload on ASCS.
Central Services
To protect ASCS HA on Azure Linux VMs, use a high-availability extension (HAE) for Linux. HAEs deliver Linux clustering software and OS-specific integration components for implementation.
To avoid a cluster split-brain problem, set up cluster node fencing by using an Internet Small Computer Systems Interface fencing block device. Alternatively, use an Azure fence agent.
Other application servers in the application servers tier
To achieve HA for SAP primary application servers and other application servers, load-balance traffic in the application servers pool.
Backup
Use Backup to protect VM contents for SAP ASCS and application servers. Backup provides independent, isolated backups that help guard against accidental data loss. Backups are stored in a Recovery Services vault that manages recovery points. Backup offers quick configuration and scaling, optimized backups, and data restoration.
Database-tier backup varies depending on whether SAP HANA is deployed on VMs.
DR
Azure supports multiple DR solutions depending on your requirements. SAP application servers don't store business data, so you can create them in a secondary region before you shut them down. Schedule or manually replicate SAP application server software updates and configuration changes to the DR environment. You can also deploy a VM in the DR region to run Central Services, which doesn't store business data.
Security
Security provides assurances against deliberate attacks and the misuse of your valuable data and systems. For more information, see Design review checklist for Security.
SAP uses User Management Engine to control role-based access and authorization within SAP applications and databases. For more information, see the Security guide SAP BW/4HANA.
The SAP S/4HANA reference architecture includes other SAP BW/4HANA infrastructure security considerations.
Cost Optimization
Cost Optimization focuses on ways to reduce unnecessary expenses and improve operational efficiencies. For more information, see Design review checklist for Cost Optimization.
Business service reliability, performance, and operability determine how you construct an IT solution. Use these metrics to scale a solution up or down in the following component categories:
Compute. Analyze compute resource consumption in business-critical periods and adjust VM size to align with demand. To further reduce compute overhead, turn off unnecessary application servers during low-usage periods, such as overnight.
Storage. Configure backup retention policies to remove or archive older backup images to lower-cost storage tiers, such as cool storage.
Networking. SAP BW/4HANA systems typically interact with other SAP systems. Plan how data moves between systems and design the virtual network to optimize data transmission cost. For more information about cost optimization and virtual network design, see Architecture best practices for Virtual Network.
Business continuity and DR. To reduce recovery costs, use Site Recovery to replicate VM disks in a recovery region or zone without a standby VM.
Operational Excellence
Operational Excellence covers the operations processes that deploy an application and keep it running in production. For more information, see Design review checklist for Operational Excellence.
Monitoring
To maximize the availability and performance of applications and services, use Azure Monitor. Azure Monitor includes Azure Monitor Logs and Application Insights to collect and analyze telemetry. It can help you maximize the performance and availability of your cloud and on-premises resources and applications. You can use Azure Monitor to monitor infrastructure and application anomalies, send alerts to admins, and automate reactions to predefined conditions.
To learn how Azure Monitor for SAP can help you manage the availability and performance of SAP services, see Azure Monitor for SAP solutions. Azure Monitor for SAP provides initial metrics and telemetry for monitoring. Metric definitions are stored as SQL queries in JSON, and you can modify them to meet your requirements.
Performance Efficiency
Performance Efficiency refers to your workload's ability to scale to meet user demands efficiently. For more information, see Design review checklist for Performance Efficiency.
SAP BW/4HANA completes real-time data warehousing tasks. SAP application servers maintain continuous communication with database servers, which minimizes latency between the application VMs and the database, and improves application performance. Use disk caching and server placement to further reduce latency.
For performance-critical applications that run on a database platform, including SAP HANA, use Ultra Disk Storage. Review current Ultra Disk Storage capabilities to confirm that they meet your requirements, especially when you use resiliency features such as availability sets, availability zones, or cross-region replication. Alternatively, you can use Premium SSDs and turn on Write Accelerator for the log volume. Write Accelerator improves write latency and it's compatible with M-series VMs.
To reduce the physical distance between application and database tiers, use a proximity placement group. Scripts and utilities are available on GitHub.
To optimize interserver communication, use Accelerated Networking on supported VMs, including D/DSv2, D/DSv3, E/ESv3, F/FS, FSv2, and Ms/Mms. In all SAP implementations, Accelerated Networking is required, especially when you use Azure NetApp Files.
To achieve high I/O per second and disk-bandwidth throughput, follow performance optimization guidance for Azure storage layout. For example, combine multiple disks into a striped disk volume to improve I/O performance. To accelerate data retrieval, turn on the read cache for infrequently changed data.
Scalability
This example architecture describes a small, scalable, production-level deployment. Azure offers a range of VM sizes for scaling up and scaling out at the SAP application layer. You can scale up or down within the same cloud deployment.
Deploy this scenario
Use the open-source SAP deployment automation framework on Azure to deploy, install, and maintain SAP environments. Use the tool to deploy SAP HANA and SAP NetWeaver with AnyDB landscapes on SAP-supported operating systems in any Azure region. The framework automates infrastructure deployment by using Terraform and configures operating systems and SAP applications by using Ansible. This approach helps you configure and manage SAP environments consistently at scale.
Contributors
Microsoft maintains this article. The following contributors wrote this article.
Principal author:
- Ben Trinh | Principal Architect
To see nonpublic LinkedIn profiles, sign in to LinkedIn.
Next steps
- About SAP HANA database backup in Azure VMs
- Azure managed disks
- High availability for SAP NetWeaver on Azure VMs
- Installation of SAP HANA on Azure VMs
- VMs in Azure
- Load Balancer documentation
- NSGs
- Set up DR for a multitier SAP NetWeaver app deployment
- Use Azure to host and run SAP workload scenarios
- Use SAP Business Warehouse connector in Power BI Desktop
- What is Azure Bastion?
- What is Load Balancer?
- What is Virtual Network?
- What is Power BI?