Professional Documents
Culture Documents
This lab demonstrates how GCP Network Shared-VPC can be set up to access an SAP HANA database between two projects without an external IP
address.
Lab Outline:
Use these credentials for all username and password prompts, except your Remote Desktop login.
Additional Resources:
If you need additional help beyond this document, we would suggest the following resources:
IMPORTANT
We use <##> in almost every case in this document to represent your participant number.
Also, you will always be using your student user ID, i.e. participant<#>, unless otherwise specified in an exercise. Please also use the same password in
all cases. Both the user ID and password are case sensitive.
You can reach the lab by following the link: https://console.cloud.google.com (https://console.cloud.google.com/).
1. Log into the GCP portal on https://console.cloud.google.com (https://console.cloud.google.com/) and enter your participant ID plus the @kochasoft.net
domain (e.g. participant00@kochasoft.net (https://console.cloud.google.com/))
ksft-lms.kochasoft.net/Views/Lab/LabView?Id=2377 1/22
9/19/2019 KochasoftLMS
Note: This screen will only show up the first time Google Cloud Platform is accessed using your userid.
3. You will need to select a project, but first you must select and organization. Click Select a project, and then click on the New Project.
4. From the project page creation, name your projects participant#-1 and participant#-2, where # is your participant ID. Choose Kochasoft Billing for the
Billing Account and then choose Participants-Infra for the Location.
ksft-lms.kochasoft.net/Views/Lab/LabView?Id=2377 2/22
9/19/2019 KochasoftLMS
5. Once your two projects are created, select the project list and click on ALL, under Participants-Infra folder you should see your two projects created
1. Go to the Google Cloud Platform Home Menu and select Networking 🡪 VPC networks.
ksft-lms.kochasoft.net/Views/Lab/LabView?Id=2377 3/22
9/19/2019 KochasoftLMS
3. Name your custom network participant#-vpc, where # is your participant user ID.
4. In the subnet section keep the option custom and provide the new subnet name such as cust-sub, select the region east-us1 and provide the ip
address range such as 192.168.#.0/24, where # is your participant user ID. Set the Private Google access to On and Flow logs to Off and click Done
and Create
ksft-lms.kochasoft.net/Views/Lab/LabView?Id=2377 4/22
9/19/2019 KochasoftLMS
6. Because you have created a custom VPC, the firewall rules need to be configured manually since it doesnt come by default. Click on your created VPC
and select Firewall rules → Add firewall rules
7. You will create one rule for now which will allow you access the future RDP server for public IP. Name the rule allow-RDP and use the following
parameters
a) Logs: off
b) Networks: participant#-VPC
c) Priority: 1000
ksft-lms.kochasoft.net/Views/Lab/LabView?Id=2377 5/22
9/19/2019 KochasoftLMS
d) Direction of traffic: Ingress
k) IP Ranges: 0.0.0.0/0
8. In order to attach project 2, its Compute Engine API needs to initialized. This can be done by going to project 2 and going into VPC networks. If it is the
first time it will appear as the below screenshot. Once this is done continue to the next step.
ksft-lms.kochasoft.net/Views/Lab/LabView?Id=2377 6/22
9/19/2019 KochasoftLMS
12. As part of the hosted project (project 1 in your case), select in Sharing mode the Individual subnet and select the cust-sub subnet and continue
13. On the Attach service projects, filter on your second project ID and click save
ksft-lms.kochasoft.net/Views/Lab/LabView?Id=2377 7/22
9/19/2019 KochasoftLMS
14. When the VPC is shared on the Shared subnet & permission tab you should see the subnet that is currently shared and on the Attached projects
tab the project 2 attached to it
15. On the Google Cloud Portal, Navigate to Participants-Infra folder select your project 1
ksft-lms.kochasoft.net/Views/Lab/LabView?Id=2377 8/22
9/19/2019 KochasoftLMS
17. On the Marketplace page select SAP HANA, express edition (server + application)
Note : if the application doesnt show up on the first screen you can filter by entering the name (SAP) in the Search for solution bar
18. Review the terms & conditions and click Launch on Compute Engine
ksft-lms.kochasoft.net/Views/Lab/LabView?Id=2377 9/22
9/19/2019 KochasoftLMS
Zone : us-east1-b
Network : participant#-vpc
Expand more
External IP : none
Accept the GCP and SAP terms with the information Agreement sharing and click Deploy
20. During the deployment, you can review the current process of the resource
ksft-lms.kochasoft.net/Views/Lab/LabView?Id=2377 10/22
9/19/2019 KochasoftLMS
21. Upon completion of the deployment, go under VPC network, select your VPC created earlier, click on firewall and check the new rule added
22. To complete the setup of the new SAP HAE, from the right side panel click on SSH to open the prompt ssh windows
23. Once opened, run the command to proceed with the post work
Copy
sudo su - hxeadm
Set the admin password such as GCPlab2019, specify No for proxy server and Yes for XSA configuration
ksft-lms.kochasoft.net/Views/Lab/LabView?Id=2377 11/22
9/19/2019 KochasoftLMS
24. Once the post configuration is completed, run the command as hxeadm to list the url of the XSA application and make sure they are started
Copy
xs apps
25. On the project 2, open the Cloud Console Shell and copy the following command to create the server:
ksft-lms.kochasoft.net/Views/Lab/LabView?Id=2377 12/22
9/19/2019 KochasoftLMS
Note: Make sure to change the project according to your ID
Copy
If the command is executed correctly the following output should appear with your participant internal IP and external ip
26. The server up and running, access find the external IP address by accessing the GCP console. Find your VM external IP address by selecting the
Compute Engine menu and selecting the External IP address for the client
27. Open an RDP connection on your local machine log into the RDP client using the external IP address with the following credentials:
Username:
Copy
kochadmin
Password:
Copy
<KVLGx{KQ*\{_E%
28. Once you are logged into the RDP client you will see a number of installed applications
ksft-lms.kochasoft.net/Views/Lab/LabView?Id=2377 13/22
9/19/2019 KochasoftLMS
29. In the previous step as part of the post installation you ran the command xs apps as hxeadm to list all the application url available, for the purpose of
the lab exercise you will focus on two application webide and xsa-cocpkit
30. From GCP portal, on your project 1 locate the saphae VM created under Compute Engine → VM Instances and note the internal ip
31. Now from your remote desktop, edit your local host file under C:\Windows\System32\drivers\etc\hosts by adding a line such as:
32. Once saved, open the Chrome browser and enter the application url for the xsa-cockpit or webide
ksft-lms.kochasoft.net/Views/Lab/LabView?Id=2377 14/22
9/19/2019 KochasoftLMS
33. Provide the xsa_dev use name and password your defined during the post work activities
ksft-lms.kochasoft.net/Views/Lab/LabView?Id=2377 15/22
9/19/2019 KochasoftLMS
You have completed the deployment of your SAP HAE with XSA and accessed it by using remote desktop in a different project over a shared-VPC. In the
upcoming section of the lab, you will now configure a Kubernetes cluster (K8S) in your project 1 and configure a web application which will be accessible
externally from the remote desktop.
35. Start to clone the repository from GitHub to download the source code of the application by running the command
Copy
36. Run the list command to make sure the kochasoft folder is there
Copy
ls -ltr
37. Set your project ID environment variable which will be used to tag the container
Copy
38. Finally, from the kochasoft folder, build the container image of the application. This command instructs Docker to build the image using the Dockerfile
in the current directory. First, you will you need to switch to the Kochasoft directory by using the command: cd kochasoft/. Next, you will need to run the
following command:
Copy
ksft-lms.kochasoft.net/Views/Lab/LabView?Id=2377 16/22
9/19/2019 KochasoftLMS
39. Once completed, run the docker command to very the build
Copy
docker images
40. At this point of the lab, your application is ready to be uploaded in container image to a registry so that GKE can download and run it. You will first
need to configure Docker command line-tool to authenticate and then upload the image
Copy
41. Before to run the command to upload the image into docker, make sure to enable the container registry from your project, on the Google cloud Portal,
Tools → Container Registry, select Enable Container Registry API
ksft-lms.kochasoft.net/Views/Lab/LabView?Id=2377 17/22
9/19/2019 KochasoftLMS
Copy
42. When the push is completed, you should be able to see the hello-app image in the container registry.
43. To make sure that your application and container is working, you will run the container locally, run the command from cloud shell
Copy
44. The container will run the application on port 8080, on your cloud shell tool bar. Click on Preview on port 8080
45. If the process is good, you should have the following output
46. From the Google Cloud Portal on project 1, go under Compute → Kubernetes Engine → Clusters
ksft-lms.kochasoft.net/Views/Lab/LabView?Id=2377 18/22
9/19/2019 KochasoftLMS
Name : lab-cluster Location type : Zonal Zone : us-east1-b Master version : (default) Number of nodes : 2 Machine type : 2 vcpus Expand Availability,
networking, security, and additional features Network: your custom VPC (participant#-VPC)
50. With your K8S cluster now up and running, you can deploy your add your Docker container to it, click on Connect from your cluster and Run in Cloud
Shell
ksft-lms.kochasoft.net/Views/Lab/LabView?Id=2377 19/22
9/19/2019 KochasoftLMS
51. Once the Cloud Shell is open with the command pre-entered, hit enter
52. Run the following command to deploy your application, listening on port 8080, name your application lab-web-app. Please update the participant0-1
with your first project ID.
Copy
53. You will finally expose your application to others externally from the cluster ip on port 80, to do so, navigate to Kubernetes Engine → Workload and
click on your application
ksft-lms.kochasoft.net/Views/Lab/LabView?Id=2377 20/22
9/19/2019 KochasoftLMS
55. Keep all the default for the port mapping, under Target port define 8080, service type select Load Balancer and click Expose
56. The activation and the deployment of the load balancer will take a minute
57. When the service is ready, the new endpoint to access the application from outside will become available under Kubernetes engine → Services
ingres locate the endpoint of the service and click on the arrow square
58. A new web page with the application should open from public IP
Table of Contents
ksft-lms.kochasoft.net/Views/Lab/LabView?Id=2377 21/22
9/19/2019 KochasoftLMS
Mission Statement
Overview
ksft-lms.kochasoft.net/Views/Lab/LabView?Id=2377 22/22