2. Aliter Consulting was engaged by a large business process outsourcer in 2018 to
provide technical SAP consultancy as part of a migration from on-premise to the
cloud.
As part of this engagement, a solution was required for the backup of database
systems related to the SAP landscape, hosted within the Microsoft Azure cloud.
The design captured within this presentation shows the basics of how we were
able to conceptualise and deliver a custom SAP backup solution that fitted the
needs of our client.
Custom Backup in Azure
3. Automation Core
• Technology improvements mean computing tasks previously requiring interaction with people, can be fully automated.
• Automation brings repeatability, reduced error rates, easy scalability of service provision.
Platform Agnostic
• Future interoperability and open standards will mean businesses can swap easily between cloud providers.
• It is key that solutions are designed to operate in such a platform agnostic manner outside the bounds of normal
technical architecture design (i.e. no fixed O/S choices or fixed DB platforms).
Established Technological Principals
• Solutions today, should be built using already established technological principals.
• Using bleeding edge rarely produces the perceived benefits in places such as core business systems, without significant
buy-in from business leaders.
• Pre-empting standards not already widely adopted, could produce a “Beta-Max” scenario.
Future Assurance
• Technology solutions should deliver for a minimum timeframe within the context of the lifecycle of the related business
system.
• Example: Re-writing scripts during any platform migration should not just use the coolest scripting language, they should
use a commonly known language widely used and understood.
Aliter Consulting Drivers
4. Availability
• The RTO/RPO for the SAP systems dictated multiple physical locations for the storage of database backups.
Decreasing storage cost trend (long term)
• (This is a perception and not necessarily fact).
Platform flexibility (future cost reduction possibilities)
• Additional systems requiring backups, can be added with minimal cost.
• Storage can be easily re-purposed (i.e. generic storage not forever dedicated to storage of backups).
In-house skill sets required
• Existing technical skills to be used.
• No single purpose teams (backup administrators).
Maintenance of backup product
• Security patching should be simple.
• No on-premise requirements.
Almost unlimited DB backup growth potential
• In-tandem with business system growth.
Business Drivers
5. COTS backup product support for HANA & ASE databases
• There are few products on the market that support both SAP HANA and SAP ASE.
• Majority of these products don’t (yet) support cloud as a storage destination and instead require a more
traditional storage layer.
Other databases automatically supported (including non-SAP)
• Most COTS products need additional modules or even licenses for each DB vendor support.
Performance of backup tool (historical precedent)
• Previous use of a particular backup product has left bad feelings for COTS product performance.
Infrastructure requirements of backup product
• Each of the components can be executed independently from each other (e.g. manual DB backup), in
case of complex DR.
HA/DR capability (out-of-the-box)
• Out-of-the-box, the backup tool should provide HA/DR capability.
Technology Drivers
6. Availability
Decreasing storage cost trend (long term)
Platform flexibility (future cost reduction possibilities)
In-house skill sets required
&
Maintenance of backup product
Almost unlimited DB backup growth potential
Azure has 99.99% availability for read
operations (with RA-GRS).
Azure introduced additional storage options,
reducing cost (e.g. SSD standard storage).
Additional Azure Storage Accounts can be
added at any time (or removed).
Once Azure infrastructure is set up,
administrative effort is low.
No limit (within reason) on the number of
Azure Subscriptions.
Business Drivers – Met with Azure
7. COTS backup product support for HANA & ASE databases
&
Other databases automatically supported (including non-SAP)
Performance of backup tool (historical precedent)
Infrastructure requirements of backup product
&
HA/DR capability (out of the box)
Azure Storage is generic
20K IOPS limit per Storage Account, but 100’s
of Storage Accounts possible.
Azure fabric provides storage connectivity.
HA/DR is possible with RA-GRS.
Technology Drivers – Met with Azure
8. Multi-service technical layers
• Each component serves more than one purpose in the landscape.
Azure Storage Service as backbone
• The Storage Service is the heavy lifting machinery, geo-replicating the backups and providing
the sole backup storage silos.
Existing Enterprise Scheduler (SAP BPA)
• The customer had an existing use of SAP Business Process Automation (BPA) which has an
excellent scheduling capability which far outweighs any scheduler built into a COTS backup
product.
Existing SAP HostAgent as interconnect
• Every SAP system in the landscape has a SAP HostAgent installed (one per virtual machine).
• Non-SAP virtual machines can also have a HostAgent installed (especially if non-SAP system is
administered via SAP LaMa). Example: OpenText servers.
Architecture Overview
9. Azure Subscription(s)
Enterprise
Scheduler
Target DB Server
DB
Storage
Account
Storage
Account
Storage
Account
Storage
Account
/localdisk
Agent
Xfer
Tool
Trace
.ini
.cfg
.log
Target DB
Server
Target DB
Server
Target DB
Server
Agent
Architecture Overview
10. Microsoft
Azure (IaaS)
Transfer Tool
(e.g. blobxfer)
Microsoft Azure Storage Account(s)
Database files
traces / logs / config
(source of backups)
Local
Server
Disk
Local Orchestration Agent
Enterprise Scheduler
Microsoft
SAP
SAP/non-SAP
Third Party /
OpenSourceMicrosoft
Storage
Explorer
Capability Overview
11. Azure Subscription(s)
SAP Business Process Automation 9.0
Target DB Server
HostAgent
Custom Process
Definition
Backup Job
Definition
Job
Chain
HTTPS (SOAP)
DB Persistence
Target
DB
Custom
Operation
Script
Callback
Handler
START
FINISH
/backups
Trace
.ini
.cfg
.log
Web Service
SAP Architecture Detail
12. • SAP BPA scheduled job chains call custom BPA Process Definition.
• The custom Process Definition makes a SOAP call over HTTPS to target HostAgent.
• The SOAP call targets a specific HostAgent custom operation.
• Custom HostAgent operation initiates a custom script.
• Custom script completes and executes a HTTPS call-back to SAP BPA, passing the
execution outcome into the initiating job.
• A custom BPA trigger detects completion of the job and attaches additional log files
to the job (visible in BPA).
• The BPA job status is validated via a custom BPA status handler, firing any required
event traps (alerting etc).
SAP BPA Technical Process Flow
13. Primary Region
Azure Subscription(s)
SAP BPA
Virtual
Machine
PRD Target
DB Server
Virtual
Machine
/backups
Secondary
Region (DR)
Azure
Subscription(s)
Azure RA-GRS Storage Accounts
PRD Pre-PRD TST DEV
Reserved
Instance(s)
ASR
Targets
Xfer Tool
End Point End Point End Point End Point
Pre-PRD
Target DB
Server
Virtual
Machine/backups
Xfer Tool
HTTPS
TST Target
DB Server
Virtual
Machine
/backups
Xfer Tool
DEV Target
DB Server
Virtual
Machine
/backups
Xfer Tool
PRD Pre-PRD TST DEV
PRD Pre-PRD TST DEV PRD-DR
Windows Jump
Box
with Storage
Explorer
Microsoft Architecture Detail
14. Azure Subscription(s)
SAP Business Process Automation 9.0
Target DB Server
HostAgent
Custom Process
Definition
Xfer Job
Definition
Job
Chain
HTTPS
(SOAP)
DB Persistence
Custom
Operation
Script
Callback
Handler
START
FINISH
/backups
Web
Service
Xfer
Tool
PRD
End Point
SAP & Microsoft Integration Flow
15. • Within an Azure region, DB backup jobs are controlled by SAP BPA which
executes custom HostAgent operations to initiate custom scripts to execute
the transfer tool (xfer tool) locally on the target DB servers.
• The xfer tool uploads, via HTTPS, any backup files to a single Azure Storage
Account with multi-threading and then adds metadata to the files.
• On custom script completion, it executes a HTTPS call-back to SAP BPA, passing
the execution outcome.
Microsoft Technical Process Flow
16. • x1 SAP HostAgent installed on every database server (including non-SAP).
• HostAgent to be setup for auto-update (automation core).
• SSL with x.509 client certs for secure communication between scheduler and
HostAgent.
• x2 SAP Business Process Automation (BPA) 9.0+ (x1 Prod, x1 Non-Prod).
SAP Technology Requirements
17. • x2 Microsoft Azure Subscriptions (1x Prod, 1x DR) depends on number of IaaS
servers (CPUs).
• xn Microsoft Azure Storage Accounts (driven by number of IOPs and number of
simultaneous backup transfers; there are 4 accounts for DEV systems.
• xn Azure Premium Storage local disk assigned to each server (size dependent
on backup source) for local backup area; Allows the Microsoft/SAP
recommended disk cache settings to be applied in Azure.
• xn Microsoft Windows based VDIs for Microsoft Storage Explorer.
(Storage Explorer provides user friendly Storage Account navigation and
administrative capabilities.)
Microsoft Technology Requirements
18. Azure Subscription(s)
Target DB Server
Script
/backups
Xfer
Tool
PRD
End Point
Windows Jump
Box with Storage
Explorer
Manual Backup Set
file selection
File1
File2
File3
File list
Target
DB
Trace
.ini
.cfg
.log
Restore Operation Process Flow
MANUAL
19. • Operator manually obtains restore file list.
• Operator feeds custom restore script with file list.
• Custom restore script instigates xfer tool to pull files from Azure Storage
Account.
• Operator instigates DB restore & recovery.
• Operator restores trace files, config files and other files.
Restore Operation Process Flow
MANUAL
20. Azure Subscription(s)
Target DB Server
Script
/backups
Xfer
Tool
PRD
End Point
BackupSet1
BackupSet2
BackupSet3
Custom Backup logs
Target
DB
Trace
.ini
.cfg
.log
Restore Operation Process Flow
AUTOMATED
21. • Operator initiates custom restore script.
• Operator selects required backup set (based on date/time stamp).
• Custom restore script instigates xfer tool to pull down the required files from
Azure Storage Account.
• Operator instigates DB restore & recovery.
• Operator restores trace files, config files and other files.
Restore Operation Process Flow
AUTOMATED
22. Azure Subscription(s)
Target DB Server
/backups
Xfer
Tool
PRD
End Point
Target
DB
Trace
.ini
.cfg
.log
Restore Operation Process Flow
ALTERNATIVE
23. • Operator restore of files using xfer tool to pull down required files from Azure
Storage Account.
• Operator instigates DB restore & recovery.
• Operator restores trace files, config files and other files.
Restore Operation Process Flow
ALTERNATIVE
24. Primary Region
Azure Subscription(s)
PRD Target
DB Server
Virtual
Machine
/backups
Secondary Region (DR)
Azure Subscription(s)
PRD
Xfer Tool
End Point
PRD
PRD
Azure RA-GRS
PRD PRD-DR
Target DB
Server
/backups
Xfer
Tool
End Point
Target
DB
End Point
Restore Operation DR Flow
DR SCENARIO
25. • Primary Region failure.
• Secondary Region becomes primary.
• Infrastructure restored.
• Access granted to RA-GRS Storage Accounts (read-only).
• If necessary, files restored from Storage Account.
• New backups persisted to additional DR subscription Storage Accounts.
Restore Operation DR Flow
DR SCENARIO
26. Microsoft Docs:
• Reference architecture: https://docs.microsoft.com/en-us/azure/architecture/reference-
architectures/sap/sap-netweaver
• Azure Storage Services: https://docs.microsoft.com/en-us/azure/storage/common/storage-
introduction
• Azure RA-GRS: https://docs.microsoft.com/en-us/azure/storage/common/storage-
redundancy-grs
• Azure Regions: https://azure.microsoft.com/en-gb/global-infrastructure/regions/
• Storage Exlorer: https://azure.microsoft.com/en-us/features/storage-explorer/
SAP Docs:
• SAP HostAgent: https://wiki.scn.sap.com/wiki/display/ATopics/SAP+Host+Agent
• SAP BPA: https://www.sap.com/uk/community/topic/bpa-by-redwood.html
References