SAP on Azure Technical

Workshop

Presented by
Laurence Spolidoro
Srikrishnan (Krissh) Vibu

September 20 – 23, 2021

8:00 AM PST to 12:00 PM PST
Course Schedule
Topic Start End Duration
Day 1
Welcome 8:00 AM 8:15 AM 15
Introduction To Azure Foundations for SAP 8:15 AM 8:30 AM 15
Cloud Adoption Framework 8:30 AM 8:45 AM 15
Azure Connectivity 8:45 AM 9:15 AM 30
Azure Core Infrastructure for SAP certified compute 9:15 AM 10:00 AM 45
Break 10:00 AM 10:15 AM 15
Storage Accounts 10:15 AM 11:00 AM 45
Azure NetApp Files 11:00 AM 11:30 AM 30
Security Integration with SAP 11:30 AM 12:00 PM 30
Day 2
Review 8:00 AM 8:15 AM 15
Azure Network concepts and best practices 8:15 AM 9:15 AM 60
Load Balancer 9:15 AM 9:30 AM 15
SAP Sizing & Performance 9:30 AM 9:45 AM 15
Break 9:45 AM 10:00 AM 15
Key Design Aspects for SAP on Azure 10:00 AM 11:15 AM 75
Migration of SAP to Azure 11:15 AM 11:45 AM 30

2
Course Schedule
Topic Start End Duration

Day 3
Review 8:00 AM 8:15 AM 15
Resiliency 8:15 AM 8:45 AM 30
Scale Out on VM 8:45 AM 9:00 AM 15
HA/DR 9:00 AM 10:00 AM 60
Break 10:00 AM 10:15 AM 15
HLI 10:15 AM 11:15 AM 60
Data Tiering 11:15 AM 11:30 AM 15
Backup 11:30 AM 12:00 PM 30
Day 4
Review 8:00 AM 8:15 AM 15
Data Protection 8:15 AM 9:15 AM 60
SAP Automating Deployments 9:15 AM 9:45 AM 30
Break 9:45 AM 10:00 AM 15
Monitoring 10:00 AM 10:15 AM 15
SAP Cloud Platform on Azure 10:15 AM 10:45 AM 30
Case Study 10:45 AM 12:00 PM 75

3
Migrate | SAP on Azure https://aka.ms/MPN/Learn/SAPonAzure
Beginner Intermediate Advanced Expert / Ongoing

SAP on Azure SAP on Azure

Administering Microsoft Azure SAP certified offering for Azure
Architect Boot Camp Monthly Deep Dive
20 hours - Digital Event 2-3 hours - Digital Event
Available now Available now Available now Available every month
• Community Call
• Azure foundations for SAP
• Azure Core infrastructure for SAP • SAP on Azure Assessment
• Key design aspects for SAP on Guidance
Planning Azure for SAP Azure
workloads • Resiliency on Azure • Key selected topics:
• SAP deployments on Azure • Integration,
availability Zones • Azure Machine Learning,
Available now
• SAP automation deployments • Azure IoT Services
• SAP HANA Large instances • Advanced Networking,
• SAP data protection – backup
• Security/SSO
• Azure NetApp Files for enterprise
Legend Run Azure for SAP workloads • SAP deployment architecture
Community • SAP SCP on Azure
Workshop • Microsoft Power Platform for SAP
Virtual Training Series Available now • Azure Data & AI on Azure
Microsoft Learn

Certification
AZ-104 Azure Administrator AZ-120 Planning and Administering Microsoft Azure for SAP Workloads
reference

Shadowing an Azure administrator Deploy SAP on public or private SAP Systems administration, Participation on implementation
Job experience for 2-3 weeks cloud environments deployment and migration to projects
public cloud
Expected Outcomes from the Training

▪ Understanding of how to architect an SAP solution on Azure

▪ Ability to scope SAP requirements
▪ Ability to design a network topology for SAP on Azure
▪ Ability to leverage support groups across the platform needs
▪ Fundamental understanding Licensing requirements and ownership
▪ Ability to self educate via Microsoft resources (Blog, KB, announcements,
etc.)
▪ AZ-120 Certification Preparation
Introduction to Azure
Foundations for SAP

6
SAP & Microsoft Partnership:
the Next Chapter
“Building on our longtime partnership, Microsoft and SAP are harnessing each
other’s products to not only power our own organizations, but to empower our
enterprise customers to run their most mission-critical applications and workloads
with SAP S/4HANA on Azure.”
-Satya Nadella, CEO of Microsoft-

“We are taking our partnership to the next level…Together, we will help companies
win the customer-driven growth revolution...”
-Bill McDermott, CEO of SAP-

Trusted
▪ 20+ year alliance partnering together for the benefit of our mutual customers
▪ Microsoft runs SAP and S/4HANA
▪ SAP runs internal S/4HANA on Azure
Seamless
Co-located engineering resources & aligned sales and marketing teams provide a seamless customer experience
Optimized
Unique capabilities, roadmap, and experience to support SAP HANA & enterprise workloads from on-premises and Azure

7
Robust, Cost-effective Infrastructure for SAP NetWeaver

SAP Business Suite on any DB (Oracle, IBM DB2, SAP ASE, SQL Server), and all SAP NetWeaver
based applications are certified for production.

</>
Dev, test & Disaster Backup and Cost Production
training recovery as archiving effective
a service

40–75% Minutes 60% 40% 58

8
The
TheOpen
Open Cloud
Cloud

49
The Most Trusted and Compliant Cloud

Moderate
JAB P-ATO

10
Gain Unmatched Security

▪ $1.5B+ annual investments

▪ Over 3500 security experts
▪ Trillions of diverse signals

11
Subscription Concept

Organization
An organization represents a business entity that is using Microsoft Cloud offerings, typically
identified by a public Domain Name System DNS (domain name such as Kochasoft.com). The
organization is a container for subscriptions.
Subscription Options
A subscription is an agreement with Microsoft to use one or more Microsoft Cloud platforms or
services, for which charges accrue based on either:
▪ Charge per-user license fee: Microsoft's Software as a Service (SaaS)-based Cloud offerings
(Office 365, Intune/EMS, and Dynamics 365).
▪ Charge based on Cloud resource consumption: Microsoft's Platform as a Service (PaaS) and
Infrastructure as a Service (IaaS) Cloud offerings (Azure).

12
 Cloud Adoption
Framework(CAF) for SAP
Introduction to an SAP adoption scenario - Cloud Adoption Framework | Microsoft Docs
Introduction to an SAP adoption scenario - Cloud Adoption Framework | Microsoft Docs
Enterprise-scale construction sets provide specific architectural approach and reference implementation that
enables effective construction and operationalization of platform workload landing zones within the Cloud
Adoption Framework enterprise-scale landing zone

Architecture Implementation

Enterprise-scale support for SAP on Azure construction set - Cloud Adoption Framework | Microsoft Docs
Azure Connectivity
Connectivity Options and Hybrid Offerings

• Consumers
• Access over public IP
Internet connectivity • DNS resolution
• Connect from anywhere

• Developers
Secure point-to-site • POC Efforts
VPN connectivity • Small scale deployments
• Connect from anywhere

• SMB & Enterprises

Secure site-to-site • Connect to Azure compute
VPN connectivity

• SMB & Enterprises

ExpressRoute private • Mission critical workloads
connectivity • Backup/DR, media, HPC
• Connect to all Azure services
ExpressRoute Connectivity Models
 Amsterdam2

Silicon Valley2
London2
Marseille

Washington DC2

Dubai Taipei
Dubai2

ExpressRoute Kuala Lumpur

locations
Singapore2

Johannesburg
New
Cape Town Canberra
Perth Canberra2 Auckland
Coming soon
ExpressRoute
✓

Customer’s Primary Connection

Network
Partner Microsoft
Edge Edge
Secondary Connection

ExpressRoute Circuit

Microsoft Peering for Office 365, Dynamics 365, Azure

public services (public IPs)

Azure Private Peering for Virtual Networks

ExpressRoute Direct

Fastest private connectivity in public cloud –

100Gbps to Azure
▪

▪
▪
ExpressRoute and ExpressRoute Direct

ExpressRoute ExpressRoute Direct

• •

•
•

• Circuits from 1Gbps to 100Gbps

•
• Optimized for single tenant/Cloud
• Service providers/multiple business
units
ExpressRoute Connectivity
Example: 1 Gbps ExpressRoute circuit + 1 Gbps S2S tunnel on the backup path. In a failure
event you still have a performant network connection to your VNets albeit over the internet
Private and confidential material ©KochaSoft 2021
ExpressRoute Global Reach
• Both branch offices can have ER
connectivity to Azure in both East US and
West US.
• branch offices cannot exchange data
directly with each other.
ExpressRoute Global Reach,
• Link ER circuits to make a private
data network between your on-
premises networks. through
existing ER circuits and via
Microsoft's global network.

Private and confidential material ©KochaSoft 2021

 Azure Core
Infrastructure for SAP
Certified Compute
Engine
Azure Has a Unique Offering
A combination of VMs and purpose-built large instances provides the largest scale and
widest range for SAP HANA of any hyperscale cloud

Large instances
for SAP HANA

Virtual machines
released and
certified today
 SAP on Azure - Large Variety on Compute Instances

HIGHEST VALUE LARGEST SCALE-UP

vCPUs 2 – 64 2 – 64 32 – 416 96 - 768

RAM (GiB) 8 - 256 16 - 432 192 – 11,673 GiB 768 – 24,576

GiB
Max SAPS 69,680 70,050 488,230 786,100
SAP HANA | Performance and Scalability

M-series SAP HANA Large Instances

E-series VMs
VMs for most for extreme scale &
implementations performance

Up to 20 TB scale-up
Up to 432 GB RAM 192 GB to 12 TB scale-up Up to 24 TB scale-up (TDIv5)
Up to 32 TB scale-out Up to 60 TB scale-out
Up to 120 TB scale-out (TDIv5)

Mission Critical Designed to Scale, Integrated Support, Co-Design and Develop

© Microsoft Corporation
 Choose Azure VM types to meet sizing requirements Max Disk Compute Supported
VM # of v- Max IOPS Max Network
VM Type VM Size Temp SSD SAPS Bandwidth (No OS) hourly on HANA Remark SAP certification
Series disks (cached) Bandwidth
(cached) demand, USE2 scenarios
D2s_v3 2 vCPU, 8 GiB 16 GiB 2,178 4 4,000 32 MB/sec 1 Gbps $ 0.110
D4s_v3 4 vCPU, 16 GiB 32 GiB 4,355 8 8,000 64 MB/sec 2 Gbps $ 0.220
D8s_v3 8 vCPU, 32 GiB 64 GiB 8,710 16 16,000 128 MB/sec 4 Gbps $ 0.440 Xeon E5-2673 v4
Certified
DS v3 D16s_v3 16 vCPU, 64 GiB 128 GiB 17,420 32 32,000 256 MB/sec 8 Gbps $ 0.880 (Broadwell)
(Any DB, App)
D32s_v3 32 vCPU, 128 GiB 256 GiB 34,840 32 64,000 512 MB/sec 16 Gbps $ 1.760 3.5Ghz TB
D48s_v3 48 vCPU, 192 GiB 384 GiB 52,224 32 96,000 768 MB/sec 24 Gbps
D64s_v3 64 vCPU, 256 GiB 512 GiB 69,680 32 128,000 1024 MB/sec 30 Gbps $ 3.520
D2as_v4 2 vCPU, 8 GiB 16 GiB 3,022 4 4,000 32 MB/sec 1 Gbps
D4as_v4 4 vCPU, 16 GiB 32 GiB 6,044 8 8,000 64 MB/sec 2 Gbps 2.35Ghz AMD
D8as_v4 8 vCPU, 32 GiB 64 GiB 12,088 16 16,000 128 MB/sec 4 Gbps EPYCTM 7452
Certified
DAS v4 D16as_v4 16 vCPU, 64 GiB 128 GiB 24,175 32 32,000 255 MB/sec 8 Gbps processor - boosted
(Any DB, App)
D32as_v4 32 vCPU, 128 GiB 256 GiB 48,350 32 64,000 510 MB/sec 16 Gbps max frequency of
D48as_v4 48 vCPU, 192 GiB 384 GiB 72,525 32 3.35GHz
D64as_v4 64 vCPU, 256 GiB 512 GiB 96,700 32
E2s_v3 2 vCPU, 16 GiB 32 GiB 2,178 4 4,000 32 MB/sec 1 Gbps $ 0.146 Xeon E5-2673 v4
Certified
E4s_v3 4 vCPU, 32 GiB 64 GiB 4,355 8 8,000 64 MB/sec 2 Gbps $ 0.293 (Broadwell)
(Any DB, App)
E8s_v3 8 vCPU, 64 GiB 128 GiB 8,710 16 16,000 128 MB/sec 4 Gbps $ 0.585 3.5Ghz TB
E16s_v3 16 vCPU, 128 GiB 256 GiB 17,420 32 32,000 256 MB/sec 8 Gbps $ 1.170
ES v3
E20s_v3 20 vCPU, 160 GiB 320 GiB 21,775 32 40,000 320 MB/sec 10 Gbps Xeon E5-2673 v4 HANA certification in
E32s_v3 32 vCPU, 256 GiB 512 GiB 34,840 32 64,000 512 MB/sec 16 Gbps $ 2.341 (Broadwell) roadmap
E48s_v3 48 vCPU, 384 GiB 768 GiB 52,512 32 96,000 768 MB/sec 24 Gbps 3.5Ghz TB App, Any DB certified
E64s_v3 64 vCPU, 432 GiB 864 GiB 70,050 32 128,000 1024 MB/sec 30 Gbps $ 4.412 OLTP/OLAP
E2as_v4 2 vCPU, 16 GiB 32 GiB 3,022 4 4,000 32 MB/sec 1 Gbps
E4as_v4 4 vCPU, 32 GiB 64 GiB 6,044 8 8,000 64 MB/sec 2 Gbps 2.35Ghz AMD
E8as_v4 8 vCPU, 64 GiB 128 GiB 12,088 16 16,000 128 MB/sec 4 Gbps
EPYCTM 7452
E16as_v4 16 vCPU, 128 GiB 256 GiB 24,175 32 32,000 255 MB/sec 8 Gbps Certified
EAS v4 processor - boosted
E20as_v4 20 vCPU, 160 GiB 320 GiB 30,219 32 40,000 320 MB/sec 10 Gpbs (Any DB, App)
max frequency of
E32as_v4 32 vCPU, 256 GiB 512 GiB 48,350 32 64,000 510 MB/sec 16 Gbps
E48as_v4 48 vCPU, 384 GiB 768 GiB 72,525 32 3.35GHz
E64as_v4 64 vCPU, 512 GiB 1024 GiB 96,700 32
M32ts 32 vCPU, 192 GiB 1,000 GiB 33,670 16 40,000 400 MB/sec 8 Gbps $ 2.707 OLTP
M32ls 32 vCPU, 256 GiB 1,000 GiB 33,300 16 40,000 400 MB/sec 8 Gbps $ 2.873 OLTP
M64ls 64 vCPU, 512 GiB 2,000 GiB 66,600 32 80,000 800 MB/sec 16 Gbps $ 5.415 OLTP Intel®
HANA,
M M64s 64 vCPU, 1,024 GiB 2,000 GiB 67,315 32 80,000 800 MB/sec 16 Gbps $ 6.669 OLTP/OLAP Xeon®
App, Any DB certified
M64ms 64 vCPU, 1,792 GiB 2,000 GiB 68,930 32 80,000 800 MB/sec 16 Gbps $ 10.337 OLTP E7-8890 v3 (Haswell)
M128s 128 vCPU, 2,048 GiB 4,000 GiB 134,630 64 160,000 1,600 MB/sec 30 Gbps $ 13.338 OLTP/OLAP
M128ms 128 vCPU, 3,800 GiB 4,000 GiB 134,630 64 160,000 1,600 MB/sec 30 Gbps $ 26.688 OLTP
M208s v2 208 vCPU, 2,850 GiB 7,040 GiB 259,950 64 80,000 1.000 MB/sec 16 Gbps $ 22.31 OLTP/OLAP
Intel® Xeon®
M208ms v2 208 vCPU, 5,700 GiB 7,040 GiB 259,950 64 80,000 1,000 MB/sec 16 Gbps $ 44.62 OLTP/OLAP HANA,
M v2 Platinum 8180M
M416s v2 416 vCPU, 5,700 GiB 8,192 GiB 488,230 64 250,000 2,000 MB/sec 32 Gbps $ 49.58 OLTP/OLAP App, Any DB certified
2.5GHz (Skylake)
M416ms v2 416 vCPU, 11,400 GiB 8,192 GiB 488,230 64 250,000 2,000 MB/sec 32 Gbps $ 99.15 OLTP/OLAP
For the complete list, see SAP note 1928533
Azure VMs for SAP HANA
Mv1 Virtual Machines

Mv2 Virtual Machines

© Microsoft Corporation
Let’s Take
A 15
Minute
Break
Azure Storage Accounts
Azure Storage Introduction

▪ Massively scalable object store for data objects, filesystems,

messaging
▪ Built in redundancy – designed for 99.999% availability
▪ Use RAID for increased throughput, not for redundancy
▪ Ability to replicate between data centers and geographical
regions
▪ Native storage encryption
▪ Managed/Unmanaged Storage
▪ Standard/Premium Disks

41
Azure Storage

Disk Storage Object Storage File storage

Premium Azure Blobs Azure Files
Standard Ultra Secure, centralized Azure NetApp Files
storage target for
Reliable, persistent, high backup/disaster Lift and shift of legacy
performing storage for recovery applications that require
Virtual Machines file shares to the Cloud

Data Transport Hybrid Storage

Azure Import/Export Azure StorSimple
Azure DataBox Azure File Sync
Move or migrate data Avere
into Azure

42
Premium Storage for SAP HANA & SAP-related DBMS systems like DB2/Oracle






Premium
Storage Disk P4 P6 P10 P15 P20 P30 P40 P50 P60 P70 P80
Type

1024 GiB 2048 GiB 4096 GiB 8192 GiB 16384 GiB 32767 GiB
Disk size 32 GiB 64 GiB 128 GiB 256 GiB 512 GiB
(1 TiB) (2 TiB) (4 TiB) (8 TiB) (16 TiB) (32 TiB)

IOPS per disk 120 240 500 1100 2,300 5,000 7,500 7,500 12,500 15,000 20,000

Throughput
25 MB/s 50 MB/s 100 MB/s 125 MB/s 150 MB/s 200 MB/s 250 MB/s 250 MB/s 480 MB/s 750 MB/s 750 MB/s
per disk
Ultra Disk for SAP HANA & SAP-related DBMS systems like DB2/Oracle

Low Latency Capacity High throughput High IOPS

< 1 ms 4GiB up to 64 TiB up to 2000 MB/s up to 160000

Sub-millisecond per disk per disk IOPS per disk

Independent pricing for capacity, IOPS, and MBps.

Disk Size (GiB) 4 8 16 32 64 128 256 512 1024 - 65,536

IOPS per disk 100-1,200 100-2,400 100-4,800 100-9,600 100-19,200 100-38,400 100-76,800 100-153,600 100-160,000
Throughput
300 MB/s 600 MB/s 1,200 MB/s 2,000 MB/s 2,000 MB/s 2,000 MB/s 2,000 MB/s 2,000 MB/s 2,000 MB/s
per disk
 Enable Write
Accelerator
Max. VM I/O
VM SKU RAM /hana/data /hana/log /hana/shared /root /usr/sap /hana/backup
Throughput

M32ts

M32ls

M64ls

M64s

M64ms

M128s

M128ms

SAP HANA Azure virtual machine storage configurations - Azure Virtual Machines | Microsoft Docs
Encryption at Rest

48
Azure NetApp Files
Azure NetApp files
Fully Managed NFS/SMB* File Service
• Native Azure integration (Portal/REST/CLI, Billing, Monitoring, Security)
• Sold and supported by Microsoft

The Power of Data ONTAP

• World’s #1 Storage OS, 300K customers over 25 years
• Complete protocol support
• HA, Data Protection, Data Management (Snapshots, Clones), Performance

Hybrid
• Data migration and replication capabilities

Secure
• Data at Rest Encryption, RBAC Azure NetApp Files

50
Azure NetApp Files (ANF) | Overview
Supported

Simplified Storage Highly Performant SAP AnyDB

SAP Application Server SAP HANA
Management (Oracle 19c)
• Enterprise grade
• Native Azure
performance Compute layer
experience for easy Azure IaaS VMs
• On-demand scalability
deployment & scale

/sapmnt binaries /hana/shared

Enterprise Data Hybrid
Management /usr/sap/trans data data
• Cloud Sync integration
• Space / Time efficient /usr/sap/SID log log
for hybrid cloud
snapshot and cloning
deployments Storage layer
• AzAcSnap Tool Azure NetApp Files

http://aka.ms/ANF-solutions#sap-on-azure-solutions Performance Requirement Low Medium Med-High High

SAP HANA Database | Azure NetApp Files

Region 1 Region 2

DB Server VM DB Server VM DB Server VM DB Server VM DB Server VM DB Server VM

Master Slave Standby Master Slave Standby
DBMS ASYN (HSR)

ANF-to-ANF
replication

© Microsoft Corporation
 Region 1 Region 2

PAS AAS AAS

APP Tier

SAP ASCS SAP ERS SAP ASCS/PAS

SAP System Central APP Tier

Services Cluster

Cloud Sync /

ANF-to-ANF
replication

SAP Shared Files SAP Shared Files

DB Server VM DB Server VM DB Server VM

Primary (active) Standby (active) DR/QA (dual purpose)
DBMS ASYN

DBMS SYNC ANF-to-ANF

replication

Database Tier Database Tier

Cluster
 6Tib 6Tib 6Tib 6Tib 6Tib 6Tib 6Tib 6Tib

3Tib

Snapshot & “Thick”

Revert cloning
in seconds in seconds
Security Integration
with SAP
Identity and Access Management (IAM)

• IAM enables access-based identity authentication and authorization

controls in cloud services to protect data and resources and to decide
which requests should be permitted.
• Identity and access management (IAM) is a security boundary in the public
cloud.
• Azure facilitates authentication and authorization scenarios using the
following services:
• Active Directory Domain Services (AD DS)
• Azure Active Directory (Azure AD)
Active Directory Domain Services (AD DS)

• Active Directory is a hierarchical

structure that stores information
about objects on the network and
makes this information easy for
administrators and users to find
and use.
• Security is integrated with Active
Directory through logon
authentication and access control
to objects in the directory
Azure Active Directory (Azure AD)

• Azure Active Directory (AAD) is Microsoft’s cloud-based identity and access

management service, which helps your employees sign in and access:
• External resources, such as Microsoft 365, the Azure portal, and thousands of other SaaS
applications.
• Internal resources, such as apps on your corporate network and intranet, along with any
cloud apps developed by your own organization.

• Benefits Of Azure Active Directory

• Azure AD is highly available and spread across 32 datacenters in different geographies.
• Using Azure AD access to applications on cloud or on-premise can be simplified.
• Single Sign-On to access thousands of SaaS applications & On-premise applications.
• Multi-Factor Authentication, Conditional Access, Privileged Identity Management, and
Dynamic Group.
Azure AD Connect

• Integrating your on-premises directories with Azure AD makes your users more productive by
providing a common identity for accessing both cloud and on-premises resources. Users and
organizations can take advantage of:
• Users can use a single identity to access on-premises applications and cloud services such as
Microsoft 365.
• Single tool to provide an easy deployment experience for synchronization and sign-in.
• Provides the newest capabilities for your scenarios. Azure AD Connect replaces older versions
of identity integration tools such as DirSync and Azure AD Sync.
• The Azure Active Directory Connect synchronization services (Azure AD Connect sync) is a
main component of Azure AD Connect. It takes care of all the operations that are related to
synchronize identity data between your on-premises environment and Azure AD.
Secure Enterprise Single Sign On including Partners On-premises & Cloud
(IaaS & SaaS), SAP & Non-SAP

On-premises HANA Enterprise Cloud SAP Cloud Platform S/4HANA Cloud

Azure AD Connect

Active Directory Azure Active Directory B2B

Employees (Intranet) Employees (Mobile) Partners

11
Azure Bastion Host
Protecting your DDOS Protection
application
Adaptive tuning based
on platform insights Any injected workload in
and application traffic the VNet is automatically
patterns protected

From the
Internet Attacker Azure Backbone VNet

Within the
VNet

Within Azure Advanced protection for

your virtual networks
Automatic mitigation for
60+ network layer attacks
Protecting your Web Application Firewall
application

Protect your app against

App
prevalent X- Site Scripting
From the Gateway
and SQL Injection attacks
Internet
Blocks threats based on
Top 10 OWASP signatures

Integrated with Azure

Within the WAF Security Center
VNet
Real-time logging with
Azure Monitor

Platform managed,
Within Azure scalable and highly
L7 LB available