SAP on Azure General Update October 2023

  • Thread starter Thread starter Cameron_MSFT_SAP_PM
  • Start date Start date
C

Cameron_MSFT_SAP_PM

1. New M-series Mv3 and Mv2 8TB


The third major generation of Azure M-series is now in Public Preview. The public preview is free of charge and available in West Europe, North Europe, East US 2, and East US. The Msv3 and Mdsv3 Medium Memory (MM) are the first in a series of VMs that will comprise the Mv3 family of VMs. The Mv3 family will offer VMs to cater to all SAP Hana customers ranging from medium size Hana databases up to the largest customer installations.



Key features and requirements of the new Mv3 Medium Memory VMs:

  1. Powered by the 4th Generation Intel® Xeon® Scalable Processor and DDR5 DRAM technology, the Mv3 medium memory (MM) virtual machines can scale for workloads from 240GB to 3TB with faster performance and lower TCO.
  2. With Azure Boost, Mv3 MM provides a ~25% improvement in network throughput and up to 1.5X improvement in remote storage throughput over the previous M-series families.
  3. Azure Boost’s isolated architecture inherently improves security for Mv3 MM virtual machines by running storage and networking processes separately on the purpose-built hardware, instead of on the host server.
  4. Designed from the ground up for increased resilience against failures in memory, disks, and networking based on intelligence from past generations.
  5. Available in both disk and diskless offerings allowing customers the flexibility to choose the option that best meets their workload needs.
  6. Only Gen2 VMs are supported. Gen1 VMs are not supported
  7. The minimum required Operating System releases are SLES 15.4, RHEL 8.6 and Windows 2019
  8. Write Accelerator is supported on Mv3 VMs Azure Write Accelerator - Azure Virtual Machines | Microsoft Learn
  9. Mv3 natively supports NVMe Enable NVMe FAQ - Azure Virtual Machines | Microsoft Learn
  10. Azure VMs that support the minimum requirements for Hana (Standard_M48s_1_v3 or larger) are currently in validation for Hana Certification and will be available in the IaaS directory soon Certified and Supported SAP HANA® Hardware Directory



Overview of Msv3 and Mdsv3 Medium Memory Series - Azure Virtual Machines | Microsoft Learn

Announcing%20public%20preview%20of%20new%20Mv3%20Medium%20Memory%20Virtual%20Machines

Public preview: Azure Mv3 Medium Memory (MM) Virtual Machines | Azu...





Msv3 Medium Memory


Size

vCPU

Memory: GiB

Max data disks

Max uncached Premium SSD throughput: IOPS/MBps

Max uncached Ultra Disk and Premium SSD V2 disk throughput: IOPS/MBps

Max NICs

Max network bandwidth (Mbps)

Standard_M12s_v3

12

240

64

16,250/390

16,250/390

4

4,000

Standard_M24s_v3

24

480

64

32,500/780

32,500/780

8

8,000

Standard_M48s_1_v3

48

974

64

65,000/

1,560

65,000/

1,560

8

16,000

Standard_M96s_1_v3

96

974

64

65,000/

1,560

65,000/

1,560

8

16,000

Standard_M96s_2_v3

96

1,946

64

130,000/

3,120

130,000/

3,120

8

30,000

Standard_M176s_3_v3

176

2794

64

130,000/

4,000

130,000/

4,000

8

40,000



Mdsv3 Medium Memory


Size

vCPU

Memory: GiB

Temp storage (SSD) GiB

Max data disks

Max cached* and temp storage throughput: IOPS / MBps

Max uncached Premium SSD throughput: IOPS/MBps

Max uncached Ultra Disk and Premium SSD V2 disk throughput: IOPS/MBps

Max NICs

Max network bandwidth (Mbps)

Standard_M12ds_v3

12

240

400

64

10,000/100

16,250/390

16,250/390

4

4,000

Standard_M24ds_v3

24

480

400

64

20,000/200

32,500/780

32,500/780

8

8,000

Standard_M48ds_1_v3

48

974

400

64

40,000/400

65,000/

1,560

65,000/

1,560

8

16,000

Standard_M96ds_1_v3

96

974

400

64

40,000/400

65,000/

1,560

65,000/

1,560

8

16,000

Standard_M96ds_2_v3

96

1,946

400

64

160,000/1600

130,000/

3,120

130,000/

3,120

8

30,000

Standard_M176ds_3_v3

176

2794

400

64

160,000/1600

130,000/

4,000

130,000/

4,000

8

40,000



In addition a new 8TB VM is now certified M416s_8_v2. This is a 8TB VM certified for OLAP, OLTP and BusinessOne



2. Connecting SAP Applications to Azure AI


Microsoft and SAP have offered enhanced extension and integration between Microsoft technologies such as Teams and Power Platform. More information can be found here on the many integrations between Microsoft products and SAP Get started with SAP and Microsoft integration scenarios | Microsoft Learn

There is considerable interest in Azure OpenAI connectivity to SAP. Several scenarios are illustrated here Unbelievable Whiteboard Scenarios for SAP S/4HANA & Azure OpenAI (microsoft.com)



The SAP on Azure Youtube Channel contains many good sessions on Azure OpenAI for SAP

#162 - The one with Developing with the AI SDK for SAP (Gopal Nair) | SAP on Azure Video Podcast - YouTube

#161 - The one with even more Teams, SAP and AI (Chan Jin Park) | SAP on Azure Video Podcast - YouTube

#156 - The one with the AI SDK for ABAP (Gopal Nair) | SAP on Azure Video Podcast - YouTube

#157 - The one with SAP, Teams, Power and AI - Internship @ Microsoft (Noopur Vaishnav) | SAPonAzure - YouTube

#149 - The one with SAP, Azure Open AI and Power Virtual Agent (Michael Mergell) | SAP on Azure - YouTube – this video includes a demo of a Bot that can check the status of a batch job in SAP



3. Support for Latest Linux Releases – Use the Latest Supported Versions


The Certified and Supported SAP HANA Hardware Directory has been updated now that Suse 15.5 and RedHat 8.8 are fully supported on Azure.



Recommend: When deploying new systems or migrating existing systems to Azure, use the latest OS/DB releases. Use the SAP OS/DB Migration procedure to migrate from niche platforms with declining market share and little vendor investment to mainstream supportable platforms. The best run SAP customers invest in “Evergreening” OS, DB and SAP releases.



Do not: Do not adopt a “N-1 strategy”. It is recommended to update the OS/DB release when moving existing systems to Azure even if these systems will be “migrated to S4Hana within 12 months”. N-1 strategy may have been valid in the past before automated testing processes that are now used by mainstream platforms. S/4HANA implementations may take much longer than anticipated and obsolete OS/DB releases can cause expensive support issues. The SAP System Copy procedure can be used to update OS/DB.



SAP Release Information

SAP Product Availability Matrix SAP Support Launchpad: Sign In

Use the latest supported operating system for Hana 2235581 - SAP HANA: Supported Operating Systems - SAP ONE Support Launchpad



Operating System Release Information

Suse Linux Product Support Lifecycle | SUSE

Redhat Linux Red Hat Enterprise Linux Life Cycle - Red Hat Customer Portal 2397039 - FAQ: SAP on RHEL - SAP ONE Support Launchpad

Oracle Linux Oracle Linux - Oracle Linux

Windows Windows Server release information | Microsoft Learn and 3143497 - SAP Systems on Windows Server 2022



Database Release Information

SQL Server – use the latest available version and CU SQL Server Blog - Microsoft Community Hub

Oracle – use the latest DBMS version and SAP Bundle Patch (SBP)

Hana - 2378962 - SAP HANA 2.0 Revision and Maintenance Strategy and SAP HANA 2.0 revision strategyV36



SAP’s strategy for NetWeaver and related products is summarized here

SAP NetWeaver 7.5 Maintenance Strategy | ABAP Development | SAP Community



The Azure platform supports Guest OS patching.

Automatic VM Guest Patching for Azure VMs - Azure Virtual Machines | Microsoft Learn

Azure Automation Update Management overview | Microsoft Learn



In general, it is recommended to use the SAP System Copy procedure to move existing SAP systems to Azure. Large Databases should be moved to Azure using native DBMS tools (such as log shipping) rather than with VM clone tools such as Azure Migrate.



2235581 - SAP HANA: Supported Operating Systems

3108302 - SAP HANA DB: Recommended OS Settings for RHEL 9

2777782 - SAP HANA DB: Recommended OS Settings for RHEL 8

2292690 - SAP HANA DB: Recommended OS settings for RHEL 7 (New deployments not recommended)

2684254 - SAP HANA DB: Recommended OS settings for SLES 15 / SLES for SAP Applications 15

2205917 - SAP HANA DB: Recommended OS settings for SLES 12 / SLES for SAP Applications 12 (New deployments not recommended)



Information on supported Oracle Linux versions can be found here 1565179 - SAP software and Oracle Linux

Linux for NetWeaver support is documented 2369910 - SAP Software on Linux: General information



4. Use Automated Deployment Scripts for Building the SAP Landscape


All SAP projects of any size should use scripted deployment to ensure quality and consistency. Scripted deployment should be used for Development, QA and Production to ensure non-productive environments have identical configuration to Production.



Recommend: Use ACSS or SDAF

SDAF supports almost all OS/DB combinations and High Availability configurations Supportability matrix for SAP Deployment Automation Framework | Microsoft Learn



Microsoft pre-delivers automation via ACSS and SDAF. SDAF is based on Terraform and Ansible. SDAF is highly customizable. ACSS is built on ARM templates and is a quick and simple for customers without deep Terraform and Ansible skills.

ACSS Azure Center for SAP solutions (preview) | Microsoft Learn

SDAF About SAP on Azure Deployment Automation Framework - Azure Virtual Machines | Microsoft Learn

ARM template documentation | Microsoft Learn



Do not: “Hand built” SAP landscapes will have many misconfigurations and are very difficult to troubleshoot. Hand building Development and QA and then using scripting for Production defeats the purpose of a non-production testing. All SAP systems small, medium and large should be built using repeatable scripting tools



5. Run SAP Azure Quality Check Tool


Use the automated quality check tool to validate configuration after installation. Rerun the Quality Check tool if warnings are received and repeat until all warnings are either resolved or explainable.



SAP-on-Azure-Scripts-and-Utilities/Readme.md at main · Azure/SAP-on-Azure-Scripts-and-Utilities · GitHub



Recommend: Run Quality Check Tool on Development, QA and Production. Repeat until the Quality Check Tool does not report warnings. The Azure Quality Check Tool should be run from time to time and after any change such as SAP patches, OS/DB patches or Azure infrastructure changes such as resizing a VM, adding storage or network/firewall changes.



Do not: Validating hand-built SAP systems manually is impractical, highly prone to human error and is unlikely to detect errors.



6. Updated Guidance for Oracle on 4K Native Storage


The SAP on Oracle on Azure DBMS guide has been updated to reflect the release of Premium SSDv2. Note that Oracle 11g, 12.x and 18g are all out of support. Oracle 19c is the only supported release.



There are two recommended storage deployment patterns for SAP on Oracle on Azure:

  1. Oracle Automatic Storage Management (ASM)
  2. Azure NetApp Files (ANF) with Oracle dNFS (Direct NFS)



Customers currently running Oracle databases on EXT4 or XFS file systems with LVM are encouraged to move to ASM. There are considerable performance, administration and reliability advantages to running on ASM compared to LVM. ASM reduces complexity, improves supportability and makes administration tasks simpler. This documentation contains links for Oracle DBAs to learn how to install and manage ASM.



Azure provides multiple storage solutions. The table below details the support status




Storage Type

Oracle Support

Sector Size

Oracle Linux 8.x or Higher

Windows 2019 or Higher











Block Storage Types









Premium SSD

Supported

512e

ASM Recommended. LVM Supported

No Support for ASM on Windows.

Premium SSD v2

Supported

4K Native

ASM Recommended. LVM Supported

No Support for ASM on Windows. Change Log File disks from 4K Native to 512e

Standard SSD

Not Supported

-





Standard HDD

Not Supported

-





Ultra Disk

Supported

4K Native

ASM Recommended. LVM Supported

No Support for ASM on Windows. Change Log File disks from 4K Native to 512e











Network Storage Types









Azure NetApp Service (ANF)

Supported

-

Oracle dNFS Required

Not Supported

Azure Files NFS

Not Supported

-

-

-

Azure Files SMB

Not Supported

-

-

-













Notes:

  1. No support for DIRECTIO with 4K Native sector size. Do not set FILESYSTEMIO_OPTIONS for LVM configurations
  2. Oracle 19c and higher fully supports 4K Native sector size with both ASM and LVM
  3. Oracle 19c and higher on Linux – when moving from 512e storage to 4K Native storage Log sector sizes must be changed
  4. To migrate from 512/512e sector size to 4K Native Review (Doc ID 1133713.1) – see section “Offline Migration to 4Kb Sector Disks”
  5. No support for ASM on Windows platforms
  6. No support for 4K Native sector size for Log volume on Windows platforms. SSDv2 and Ultra Disk must be changed to 512e via the “Edit Disk” pencil icon in the Azure Portal (see the screenshot later in this blog)
  7. 4K Native sector size is supported on Data volume for Windows platforms only
  8. It is recommended to review these MOS articles:

Oracle Linux: File System's Buffer Cache versus Direct I/O (Doc ID 462072.1)

Supporting 4K Sector Disks (Doc ID 1133713.1)

Using 4k Redo Logs on Flash, 4k-Disk and SSD-based Storage (Doc ID 1681266.1)

Things To Consider For Setting filesystemio_options And disk_asynch_io (Doc ID 1987437.1)



In all cases it is recommended to use Oracle ASM on Linux with ASMLib. Performance, administration, support and configuration is optimized with deployment pattern. Oracle ASM and Oracle dNFS will in general set the correct parameters or bypass parameters (such as FILESYSTEMIO_OPTIONS) and therefore deliver better performance and reliability.



During the installation of a SAP system with SWPM or when moving from 512e storage to 4K Native storage an error message such as the one below may be observed with Azure Premium v2 or UltraDisk. This error is most common on Windows systems and on very old Oracle releases. Azure Premium v2 and UltraDisk uses 4K Native format by default. Azure Premium Storage v1 uses 512.

To resolve this issue edit the disk properties and change from 4096 (4K Native) to 512.



ORA-00603: ORACLE server session terminated by fatal error

ORA-01092: ORACLE instance terminated. Disconnection forced

ORA-01501: CREATE DATABASE failed

ORA-00301: error in adding log file '/oracle/XXX/origlogA/log_<sid>m1.dbf' - file

cannot be created

ORA-27044: unable to write the header block of file

Linux-x86_64 Error: 22: Invalid argument

The Oracle Metalink Article discusses this error further

Dbca Fails With ORA-1994 ORA-1078 And OSD-4001 In 4K Sector Size Disk On Windows (Doc ID 2312484.1)



In the Azure Portal under the Storage Blade click on the Edit pencil icon to change the Logical Sector size from 4096 to 512 on Windows platforms as 4K Native Log formats are not supported on Windows. On Linux platforms recreate the log files as per the procedure in the MOS articles above.

large?v=v2&px=999.png



7. How to Verify RSS is Working Correctly


Receive Side Scaling is a technology that distributes network CPU processing across multiple CPUs. Prior to the development of RSS significant portions of network processing would occur on CPU 0 or 1. RSS has existed in various forms since Windows 2012 and is generally enabled by default on Azure VMs.



If high CPU utilization, particularly high system/kernel time is observed on CPU 0 or 1 then there may be a RSS misconfiguration.



On Windows OS more information can be found here Introduction to Receive Side Scaling (RSS) - Windows drivers | Microsoft Learn. RSS will likely not function correctly if the output of the command “Get-NetAdapterRss” IndirectionTable is null or blank.

Get-NetAdapterRss

large?v=v2&px=999.png

Solution: if this pattern is seen on Azure VMs open a support case with Microsoft if the command “Set-Netoffloadglobalsetting -ReceiveSideScaling enable” does not resolve this situation.



Linux OS releases also implement RSS. More information on RSS on Linux can be found here

Scaling in the Linux Networking Stack — The Linux Kernel documentation



8. New Guidance for Defender for Endpoint (MDE) for SAP Systems


Two new blogs have been released documenting recommendations for running Microsoft Defender for Endpoint (MDE) in combination with SAP applications.

In addition to these blogs a new SAP Note has been released containing information about the support status of AV and EDR solutions. 3356389 - Antivirus or other security software affecting SAP operations



Recent blogs on Microsoft Defender for Endpoint and SAP Applications:

Microsoft Defender Endpoint (MDE) for SAP Applications on Windows Server

SAP Applications and Microsoft Defender for Linux




The guidance for SAP applications on Linux will be updated to incorporate new recommendations:

  1. Switch the sensor from Audit.D to eBPF. Use eBPF-based sensor for Microsoft Defender for Endpoint on Linux | Microsoft Learn
  2. Customers running Pacemaker Clustering should implement the following exclusions:

"mdatp exclusion folder add --path /usr/lib/pacemaker/" (for RedHat /var/lib/pacemaker/)

"mdatp exclusion process add --name pacemakerd"

"mdatp exclusion process add --name crm_*"



Recommend: A comprehensive security solution should be implemented during a new SAP deployment or on-premises to Azure migration project. MDE is one component of an overall security solution. It is generally acknowledged that operating VMs running either Windows or Linux must have an advanced security solution installed to mitigate advanced threats, such as “Fileless” threats.



Do not: “Go live and retrofit a security solution to the SAP landscape afterwards”



Review these links and procedures:

Azure Landing Zone for SAP SAP on Azure landing zone accelerator - Cloud Adoption Framework | Microsoft Learn

Implement Azure Resource Lock with either Read Only or Do Not Delete Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Learn

MDE for Windows and Linux SAP Applications and Microsoft Defender for Linux - Microsoft Community Hub and Microsoft Defender Endpoint (MDE) for SAP Applications on Windows Server

Defender for Cloud What is Microsoft Defender for Cloud? - Microsoft Defender for Cloud | Microsoft Learn

Defender for Storage Blob Storage Scanning Malware scanning in Microsoft Defender for Storage - Microsoft Defender for Cloud

Identity Management Azure identity & access security best practices | Microsoft Learn & Azure security features that help with identity management | Microsoft Learn

Focus on Single Sign-on, Multi-Factor Authentication, Azure Role Based Access Control (RBAC) and Privileged Identity Management.

Ransomware Protection in Azure Ransomware protection in Azure | Microsoft Learn

Network Security for Azure Network security concepts and requirements in Azure | Microsoft Learn

Azure Encryption and Key Management Data security and encryption best practices - Microsoft Azure | Microsoft Learn (Note: Azure Disk Encryption – ADE is not longer recommended)

SIEM SOAR Solution: Sentinel for Azure has a plug in for SAP Deploy Microsoft Sentinel Solution for SAP in Microsoft Sentinel | Microsoft Learn



The Azure Cloud Adoption Framework for SAP has guidance for SQL Server, Security Operations and Sentinel

Overview of Security Azure security fundamentals documentation | Microsoft Learn




Note: in some cases the Azure Security default security policy may trigger a scan using the Freeware Clam AV solution. It is recommended to disable Clam AV scan after a VM has been protected with MDE:

sudo azsecd config -s clamav -d "Disabled"

sudo service azsecd restart

sudo azsecd status



Customers that have Splunk can connect SAP to Splunk with PowerConnect - Splunk-ify Your SAP Solutions



9. Azure Backup Enhancements for SAP Customers


Azure Backup is in use by many customers and provides a first party low cost Enterprise Backup Solution.

Since Azure Backup first launched multiple new capabilities have been added:



  1. SQL Server Streaming Backup/Restore
  2. SQL Server Storage Level Snapshot Backup/Restore (In Preview October 2023)
  3. SAP Hana Streaming Backup/Restore
  4. SAP Hana Storage Level Snapshot Backup/Restore (In Preview, GA very soon)
  5. Cross Region and Cross Subscription Restore is supported for SQL Server and Hana for Streaming Backups. Snapshot Cross Region and Cross Subscription will be supported later
  6. Hana System Replication (HSR) and SQL Server AlwaysOn scenarios are both supported \
  7. Native DBMS Backup Compression is supported for both Hana and SQL Server

Further information can be found in the Support Matrix:

Azure Backup support matrix - Azure Backup | Microsoft Learn

SAP HANA Backup support matrix - Azure Backup | Microsoft Learn

Azure Backup support matrix for SQL Server Backup in Azure VMs - Azure Backup | Microsoft Learn



HSR support Back up SAP HANA System Replication databases on Azure VMs - Azure Backup | Microsoft Learn



Recommended videos for Azure Backup

(644) Azure Backup for SAP HANA Databases on Azure VM

(684) Azure Backup for SQL Server Databases on Azure VM



10. Proximity Placement Group (PPG) Latency Tiers


The SAP on Azure documentation details the current recommendations and guidance around Proximity Placement Groups. Configuration options for optimal network latency with SAP applications | Microsoft Learn



As of October 2023 a new ultra low option is available in preview.



Latency tiers:

  1. Standard: Availability optimized. Choose this type if you would like to continue leveraging low-latency colocation of PPG resources, along with better allocation success rate during resource creation. Note that this is the proposed default PPG type for all existing and new PPGs. This will also be the "Recommended" PPG type for all new PPG users. Colocation for Standard PPGs will not happen at a Data Center level but is taken care to provide much better latency than zonal latency.
  2. Ultra: Latency optimized. Ultra PPG would provide the ultra-low latency colocation with the strict Data Center level colocation of PPG resources. Note that this may cause lower allocation success rate during creating/re-deploying resources. Hence Ultra PPG is recommended only to be used when your application latencies are not meeting by using Standard PPG.



PPG is a feature that should only be used in specific circumstances for SAP applications and other after steps documented in the following SAP Note have been followed: 2931465 - When to use Proximity Placement Groups on Azure to Reduce Network Latency – 3 Tier NetWeaver or S/4HANA architecture - SAP for Me



11. Azure Site Recovery (ASR) Support for Shared Disks (Windows)


The SAP ASCS on Windows can use either a Cluster Shared Disk or a UNC path.

Cluster Shared Disk - Cluster SAP ASCS/SCS instance on WSFC using shared disk in Azure | Microsoft Learn

UNC Path to a SMB server - Install HA SAP NetWeaver with Azure Files SMB | Microsoft Learn



Azure Site Recovery will support Azure Shared Disks in DR scenarios. Customers can register for the Private Preview

Private Preview – DR for Shared Disks – Azure Site Recovery | Azure updates | Microsoft Azure

The full Azure Site Recovery Support Matrix can be found here Support matrix for Azure VM disaster recovery with Azure Site Recovery - Azure Site Recovery | Microsoft Learn

It is recommended to review the documentation and restrictions on Azure Shared Disks Share an Azure managed disk across VMs - Azure Virtual Machines | Microsoft Learn





  1. Private Preview will support protection of Windows Server Failover Clusters. Some applications that use this architecture are SQL FCI, SAP ASCS, Scale-out File Servers, etc.
  2. OS Support: Windows Server 2016 and above.
  3. Nodes: Up to 4 nodes per cluster.
  4. Any number of Shared Disks can be attached to the cluster.
  5. Failover operation supports the failover of entire cluster at once. We also support failover of clusters where one or more nodes are unavailable or undergoing maintenance.
  6. The scope is limited to forward direction protection. Once a failover is performed, customer will have to re-enable replication for reverse direction protection.



Azure Site Recovery does not yet support Trusted Lauch. This is in progress for Windows and Linux. Check the link below for updates

Trusted launch for Azure VMs - Azure Virtual Machines | Microsoft Learn

Trusted Launch ensures that boot loaders and device drivers have not been compromised with root kits or similar.



ASR now supports ZRS Generally available: Azure Site Recovery support for ZRS Managed Disks | Azure updates | Microsoft Azure





Useful Links

Set up SAP NetWeaver disaster recovery with Azure Site Recovery - Azure Site Recovery | Microsoft Learn

Disaster Recovery overview and infrastructure guidelines for SAP workload | Microsoft Learn

Disaster Recovery recommendation for SAP workload | Microsoft Learn

#150 - The one with Azure DDoS Protection for SAP workloads (Evren Buyruk & Amir Dahan) | SAPonAzure - YouTube



SAP Notes

1928533 - SAP Applications on Microsoft Azure: Supported Products and Azure VM types - SAP ONE Support Launchpad

2015553 - SAP on Microsoft Azure: Support prerequisites - SAP ONE Support Launchpad

2039619 - SAP Applications on Microsoft Azure using the Oracle Database: Supported Products and Versions - SAP ONE Support Launchpad

Continue reading...
 
Back
Top