Scribd Logo
Upload

Welcome to Scribd!

  • SAP2Azure Sample Architecture Deployment 1677316649

    Uploaded by

    deepak23aug
    9 views11 pages
    The document provides a high level implementation plan for deploying SAP systems to Azure. It outlines the key steps as: 1. Designing the on-premises and Azure infrastructure with hub-spoke networks, subnets, and security requirements. 2. Implementing the infrastructure in Azure including virtual networks, network gateways, and security groups. 3. Deploying SAP VMs according to Azure best practices using availability sets and proximity placement groups. 4. Setting up backup, recovery, and monitoring strategies with Azure Site Recovery, Azure Monitor, and Azure Defender.

    Original Description:

    SAP 2 Azure

    Original Title

    SAP2Azure_Sample_Architecture_Deployment__1677316649

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides a high level implementation plan for deploying SAP systems to Azure. It outlines the key steps as: 1. Designing the on-premises and Azure infrastructure with hub-spoke networks, subnets, and security requirements. 2. Implementing the infrastructure in Azure including virtual networks, network gateways, and security groups. 3. Deploying SAP VMs according to Azure best practices using availability sets and proximity placement groups. 4. Setting up backup, recovery, and monitoring strategies with Azure Site Recovery, Azure Monitor, and Azure Defender.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views11 pages

    SAP2Azure Sample Architecture Deployment 1677316649

    Uploaded by

    deepak23aug
    The document provides a high level implementation plan for deploying SAP systems to Azure. It outlines the key steps as: 1. Designing the on-premises and Azure infrastructure with hub-spoke networks, subnets, and security requirements. 2. Implementing the infrastructure in Azure including virtual networks, network gateways, and security groups. 3. Deploying SAP VMs according to Azure best practices using availability sets and proximity placement groups. 4. Setting up backup, recovery, and monitoring strategies with Azure Site Recovery, Azure Monitor, and Azure Defender.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 11

    SAP2Azure High Level Implementation Plan

    Deploy SAP VM’s and BCDR


    Design Infrastructure Implement Infrastructure Maintain and Monitor
    Setup

    Design Primary Site Implement Primary Site Deployment of SAP VM’s As Set up Azure Monitor
    Hub and Spoke Creation per Azure Best Practices
    Design Secondary Site Recommendation Azure Defender, Azure
    Implement Secondary Site , Health Check etc
    Define security Creation of Spoke VNET and Implement ASR(Azure Site
    requirements connectivity Recovery) Application LB’s Scale out
    (App Servers)
    Define requirements for Implement Security (NW , Implement
    ADS , CDN , DNS etc Storage, VM’s) Backup/Recovery Azure Security (RBAC
    Strategies Level)
    Define On Prem Set Up Inbound /Outbound
    Connectivity Requirements rules for Web ,Application, DB SAP Solman Monitoring
    Layer (Optional)
    Define business continuity
    requirements HA / DR , Implement requirements for
    Backups ADS , CDN , DNS etc

    Define components for Implement On Prem


    Monitoring. Connectivity Requirements

    1
    SAP Netweaver Sample Architecture

    Network WebSubnet Steps to follow for achieving sample architecture


    Root Certificate
    Gateway 1. Create hub and spoke networks
    Av1 Av2 2. P2S Set up ,Create NW Gateway and it’s
    N/w gateway subnet
    P2S Manager
    PPG 3. Create Share services Subnet
    Webdisp1 Webdisp2 4. SAP Web Subnet, App Subnet, DB Subnet
    SharedSubnet Creation
    AppSubnet 5. Define Inbound /Outbound Rules(NSG)
    Jumpserver 6. SAP VM’s Deployment (AV Sets + PPG)
    Av1 Av2 7. VNET Peering (Spoke 1 to Spoke2)
    Client Certificate
    8. Azure Bastion Server
    Azure Bastion 9. DR -ASR Setup for SAP DB and App Layer
    PPG
    ASCS ,App
    App 10. Azure Monitoring
    11. Azure RBAC Security **
    DBSubnet 12. Azure Private DNS **
    Azure monitoring
    for SAP Av1 Av2

    PPG
    DB Repl
    DB DB

    Hub VNET –US East


    Spoke1 VNET-US east ASR
    Vnet Peering

    DR Spoke VNET –US West


    ** unavailable with free tier

    https://learn.microsoft.com/en-in/azure/architecture/guide/sap/sap-netweaver
    2
    Azure Resources in sample architecture (Free Tier Account)
    Type of Resource Resource Name in example Subnet Range(sample) Region
    Resource Group A rgsapprimaryuseast1 US East
    VNET A HUB_VNETA_USEAST1 10.3.0.0/16 US East

    VNET B SPOKE_VNETA_USEAST1 10.4.0.0/16 US East

    VNET C SPOKE_VNETA_USWEST1 10.5.0.0/16 US West


    Network Gateway hub_virtual_nw_gateway US East

    Network Manager MySAPNM US East

    Shared Layer Subnet Deault US East


    Network Gateway Subnet NWGateway 10.3.0.0/24
    10.3.1.0/24

    Web Layer Subnet Default 10.4.0.0/24 US East


    App Layer App Layer 10.4.1.0/24
    DB Layer DB Layer 10.4.2.0/24
    Proximity Placement Group SAPApp_ProximityGroup US East
    Availability Set SAP_app_AVSet
    SAP_app_DBSet

    Recovery Vault ASRWebdisp US West 3

    Azure Bastion HUB_VNETA_USEAST1-Bastion 10.3.2.0/26 US East

    3
    Create HUB and SPOKE VNETs
    1
    High Level steps to follow :-
    1. Create Resource Group
    2. Create Network Manager
    3. Create Hub VNET , Add Subnets
    4. Create Spoke VNET ,Add subnets
    5. Create Network Group
    6. Add Topology , Deploy Configuration
    7. Create Security Configuration to deny
    internet traffic (443/80)
    8. Validate configuration 2

    https://learn.microsoft.com/EN-US/azure/virtual-network-manager/create-virtual-network-manager-portal

    https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-peering-gateway-transit#same 4
    P2S VPN
    1
    High Level steps to follow :-
    1. Create Virtual Gateway
    2. Perform P2S Configuration
    3. Install Root and Client Certificates
    4. Download VPN Client
    5. Install VPN client on local Laptop
    6. Create VM (Jump Server) in Hub VNET
    and spoke VNET
    7. Test Connectivity from local laptop to
    jump server

    2 3

    Credit :- https://www.youtube.com/watch?v=Z_YjuTt6CXw –by Cloud TechWorld 

    https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal

    5
    Create Proximity Placement group and Availability Set
    1
    High Level steps to follow :-
    1. Create Proximity Placement Group
    2. Create AV Sets for Web , App and DB
    Layer
    3. During VM Creation , Select right PPG and
    AV Set as per architecture diagram

    https://learn.microsoft.com/EN-US/azure/virtual-network-manager/create-virtual-network-manager-portal

    https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-peering-gateway-transit#same
    6
    Create Network Security Group
    1
    High Level steps to follow :-
    1. Create NSG for Web ,
    2. App and DB Layer
    3. Define Inbound and outbound
    rules as per SAP Architecture
    4. Associate NSG with respective
    Subnets

    Best Practice
    1. Internet should not be allowed in
    DB Subnet and App Subnet
    2. Block SSH / RDP from DB and App
    Subnet 2 Routing Table*
    3. Communication from Web Layer to
    App Subnet is through port 443
    4. Communication from App Subnet
    to DB Port is through DB Port (
    30015 or 1433 et)
    Source Port Destination
    5. In trial version , below inbound
    rules are defined Any 443 Web Layer (Public IP)

    WebDisp 443 App Layer

    App Layer 1433 DB Layer(SQL DB)*

    App Layer SAP Ports Web Layer

    *only for reference, please define


    ACL’s as per custom requirement
    Change port as per installed DB

    https://learn.microsoft.com/en-us/azure/virtual-network/manage-network-security-group?tabs=network-security-group-portal

    7
    VM Deployment

    1. Create VM in Hub VNET (Jump Server) 1


    2. Create VM in Spoke VNET ( Webdisp1,app1
    ,DB1) ,select PPG and AV Set as defined in
    architecture design

    https://learn.microsoft.com/en-us/azure/virtual-machines/windows/quick-create-portal

    8
    Azure Bastion Server

    1. Deploy Bastion in hub VNET 1


    2. Connect VM’s hosted in SPOKE via bastion
    Server

    https://learn.microsoft.com/en-us/azure/bastion/quickstart-host-portal

    9
    Disaster Recovery Set up using ASR
    1
    1. Create Recovery Vault in US West region
    2. Enable Site Recovery by selecting target VM
    3. Perform Recovery Drill by Run Test Failover

    https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-enable-replication
    https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-dr-drill
    10
    Azure Monitor for SAP
    1
    1. Select Azure monitor for SAP from azure
    portal and create azure monitor
    2. Define Provider name eg SAP NW, HANA ,
    SQL etc
    3. Implement Azure extension for SAP

    2
    3

    https://learn.microsoft.com/en-us/azure/sap/monitor/about-azure-monitor-sap-solutions#ams-architecture
    https://blogs.sap.com/2021/05/10/monitoring-of-sap-systems-using-azure-monitors-part-i/
    11

    You might also like