Professional Documents
Culture Documents
Design Primary Site Implement Primary Site Deployment of SAP VM’s As Set up Azure Monitor
Hub and Spoke Creation per Azure Best Practices
Design Secondary Site Recommendation Azure Defender, Azure
Implement Secondary Site , Health Check etc
Define security Creation of Spoke VNET and Implement ASR(Azure Site
requirements connectivity Recovery) Application LB’s Scale out
(App Servers)
Define requirements for Implement Security (NW , Implement
ADS , CDN , DNS etc Storage, VM’s) Backup/Recovery Azure Security (RBAC
Strategies Level)
Define On Prem Set Up Inbound /Outbound
Connectivity Requirements rules for Web ,Application, DB SAP Solman Monitoring
Layer (Optional)
Define business continuity
requirements HA / DR , Implement requirements for
Backups ADS , CDN , DNS etc
1
SAP Netweaver Sample Architecture
PPG
DB Repl
DB DB
https://learn.microsoft.com/en-in/azure/architecture/guide/sap/sap-netweaver
2
Azure Resources in sample architecture (Free Tier Account)
Type of Resource Resource Name in example Subnet Range(sample) Region
Resource Group A rgsapprimaryuseast1 US East
VNET A HUB_VNETA_USEAST1 10.3.0.0/16 US East
3
Create HUB and SPOKE VNETs
1
High Level steps to follow :-
1. Create Resource Group
2. Create Network Manager
3. Create Hub VNET , Add Subnets
4. Create Spoke VNET ,Add subnets
5. Create Network Group
6. Add Topology , Deploy Configuration
7. Create Security Configuration to deny
internet traffic (443/80)
8. Validate configuration 2
https://learn.microsoft.com/EN-US/azure/virtual-network-manager/create-virtual-network-manager-portal
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-peering-gateway-transit#same 4
P2S VPN
1
High Level steps to follow :-
1. Create Virtual Gateway
2. Perform P2S Configuration
3. Install Root and Client Certificates
4. Download VPN Client
5. Install VPN client on local Laptop
6. Create VM (Jump Server) in Hub VNET
and spoke VNET
7. Test Connectivity from local laptop to
jump server
2 3
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal
5
Create Proximity Placement group and Availability Set
1
High Level steps to follow :-
1. Create Proximity Placement Group
2. Create AV Sets for Web , App and DB
Layer
3. During VM Creation , Select right PPG and
AV Set as per architecture diagram
https://learn.microsoft.com/EN-US/azure/virtual-network-manager/create-virtual-network-manager-portal
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-peering-gateway-transit#same
6
Create Network Security Group
1
High Level steps to follow :-
1. Create NSG for Web ,
2. App and DB Layer
3. Define Inbound and outbound
rules as per SAP Architecture
4. Associate NSG with respective
Subnets
Best Practice
1. Internet should not be allowed in
DB Subnet and App Subnet
2. Block SSH / RDP from DB and App
Subnet 2 Routing Table*
3. Communication from Web Layer to
App Subnet is through port 443
4. Communication from App Subnet
to DB Port is through DB Port (
30015 or 1433 et)
Source Port Destination
5. In trial version , below inbound
rules are defined Any 443 Web Layer (Public IP)
https://learn.microsoft.com/en-us/azure/virtual-network/manage-network-security-group?tabs=network-security-group-portal
7
VM Deployment
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/quick-create-portal
8
Azure Bastion Server
https://learn.microsoft.com/en-us/azure/bastion/quickstart-host-portal
9
Disaster Recovery Set up using ASR
1
1. Create Recovery Vault in US West region
2. Enable Site Recovery by selecting target VM
3. Perform Recovery Drill by Run Test Failover
https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable-replication
https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-dr-drill
10
Azure Monitor for SAP
1
1. Select Azure monitor for SAP from azure
portal and create azure monitor
2. Define Provider name eg SAP NW, HANA ,
SQL etc
3. Implement Azure extension for SAP
2
3
https://learn.microsoft.com/en-us/azure/sap/monitor/about-azure-monitor-sap-solutions#ams-architecture
https://blogs.sap.com/2021/05/10/monitoring-of-sap-systems-using-azure-monitors-part-i/
11