C
Cameron_MSFT_SAP_PM
1. New M-series Mv3 and Mv2 8TB
The third major generation of Azure M-series is now in Public Preview. The public preview is free of charge and available in West Europe, North Europe, East US 2, and East US. The Msv3 and Mdsv3 Medium Memory (MM) are the first in a series of VMs that will comprise the Mv3 family of VMs. The Mv3 family will offer VMs to cater to all SAP Hana customers ranging from medium size Hana databases up to the largest customer installations.
Key features and requirements of the new Mv3 Medium Memory VMs:
Overview of Msv3 and Mdsv3 Medium Memory Series - Azure Virtual Machines | Microsoft Learn
Announcing%20public%20preview%20of%20new%20Mv3%20Medium%20Memory%20Virtual%20Machines
Public preview: Azure Mv3 Medium Memory (MM) Virtual Machines | Azu...
Msv3 Medium Memory
Mdsv3 Medium Memory
In addition a new 8TB VM is now certified M416s_8_v2. This is a 8TB VM certified for OLAP, OLTP and BusinessOne
2. Connecting SAP Applications to Azure AI
Microsoft and SAP have offered enhanced extension and integration between Microsoft technologies such as Teams and Power Platform. More information can be found here on the many integrations between Microsoft products and SAP Get started with SAP and Microsoft integration scenarios | Microsoft Learn
There is considerable interest in Azure OpenAI connectivity to SAP. Several scenarios are illustrated here Unbelievable Whiteboard Scenarios for SAP S/4HANA & Azure OpenAI (microsoft.com)
The SAP on Azure Youtube Channel contains many good sessions on Azure OpenAI for SAP
#162 - The one with Developing with the AI SDK for SAP (Gopal Nair) | SAP on Azure Video Podcast - YouTube
#161 - The one with even more Teams, SAP and AI (Chan Jin Park) | SAP on Azure Video Podcast - YouTube
#156 - The one with the AI SDK for ABAP (Gopal Nair) | SAP on Azure Video Podcast - YouTube
#157 - The one with SAP, Teams, Power and AI - Internship @ Microsoft (Noopur Vaishnav) | SAPonAzure - YouTube
#149 - The one with SAP, Azure Open AI and Power Virtual Agent (Michael Mergell) | SAP on Azure - YouTube – this video includes a demo of a Bot that can check the status of a batch job in SAP
3. Support for Latest Linux Releases – Use the Latest Supported Versions
The Certified and Supported SAP HANA Hardware Directory has been updated now that Suse 15.5 and RedHat 8.8 are fully supported on Azure.
Recommend: When deploying new systems or migrating existing systems to Azure, use the latest OS/DB releases. Use the SAP OS/DB Migration procedure to migrate from niche platforms with declining market share and little vendor investment to mainstream supportable platforms. The best run SAP customers invest in “Evergreening” OS, DB and SAP releases.
Do not: Do not adopt a “N-1 strategy”. It is recommended to update the OS/DB release when moving existing systems to Azure even if these systems will be “migrated to S4Hana within 12 months”. N-1 strategy may have been valid in the past before automated testing processes that are now used by mainstream platforms. S/4HANA implementations may take much longer than anticipated and obsolete OS/DB releases can cause expensive support issues. The SAP System Copy procedure can be used to update OS/DB.
SAP Release Information
SAP Product Availability Matrix SAP Support Launchpad: Sign In
Use the latest supported operating system for Hana 2235581 - SAP HANA: Supported Operating Systems - SAP ONE Support Launchpad
Operating System Release Information
Suse Linux Product Support Lifecycle | SUSE
Redhat Linux Red Hat Enterprise Linux Life Cycle - Red Hat Customer Portal 2397039 - FAQ: SAP on RHEL - SAP ONE Support Launchpad
Oracle Linux Oracle Linux - Oracle Linux
Windows Windows Server release information | Microsoft Learn and 3143497 - SAP Systems on Windows Server 2022
Database Release Information
SQL Server – use the latest available version and CU SQL Server Blog - Microsoft Community Hub
Oracle – use the latest DBMS version and SAP Bundle Patch (SBP)
Hana - 2378962 - SAP HANA 2.0 Revision and Maintenance Strategy and SAP HANA 2.0 revision strategyV36
SAP’s strategy for NetWeaver and related products is summarized here
SAP NetWeaver 7.5 Maintenance Strategy | ABAP Development | SAP Community
The Azure platform supports Guest OS patching.
Automatic VM Guest Patching for Azure VMs - Azure Virtual Machines | Microsoft Learn
Azure Automation Update Management overview | Microsoft Learn
In general, it is recommended to use the SAP System Copy procedure to move existing SAP systems to Azure. Large Databases should be moved to Azure using native DBMS tools (such as log shipping) rather than with VM clone tools such as Azure Migrate.
2235581 - SAP HANA: Supported Operating Systems
3108302 - SAP HANA DB: Recommended OS Settings for RHEL 9
2777782 - SAP HANA DB: Recommended OS Settings for RHEL 8
2292690 - SAP HANA DB: Recommended OS settings for RHEL 7 (New deployments not recommended)
2684254 - SAP HANA DB: Recommended OS settings for SLES 15 / SLES for SAP Applications 15
2205917 - SAP HANA DB: Recommended OS settings for SLES 12 / SLES for SAP Applications 12 (New deployments not recommended)
Information on supported Oracle Linux versions can be found here 1565179 - SAP software and Oracle Linux
Linux for NetWeaver support is documented 2369910 - SAP Software on Linux: General information
4. Use Automated Deployment Scripts for Building the SAP Landscape
All SAP projects of any size should use scripted deployment to ensure quality and consistency. Scripted deployment should be used for Development, QA and Production to ensure non-productive environments have identical configuration to Production.
Recommend: Use ACSS or SDAF
SDAF supports almost all OS/DB combinations and High Availability configurations Supportability matrix for SAP Deployment Automation Framework | Microsoft Learn
Microsoft pre-delivers automation via ACSS and SDAF. SDAF is based on Terraform and Ansible. SDAF is highly customizable. ACSS is built on ARM templates and is a quick and simple for customers without deep Terraform and Ansible skills.
ACSS Azure Center for SAP solutions (preview) | Microsoft Learn
SDAF About SAP on Azure Deployment Automation Framework - Azure Virtual Machines | Microsoft Learn
ARM template documentation | Microsoft Learn
Do not: “Hand built” SAP landscapes will have many misconfigurations and are very difficult to troubleshoot. Hand building Development and QA and then using scripting for Production defeats the purpose of a non-production testing. All SAP systems small, medium and large should be built using repeatable scripting tools
5. Run SAP Azure Quality Check Tool
Use the automated quality check tool to validate configuration after installation. Rerun the Quality Check tool if warnings are received and repeat until all warnings are either resolved or explainable.
SAP-on-Azure-Scripts-and-Utilities/Readme.md at main · Azure/SAP-on-Azure-Scripts-and-Utilities · GitHub
Recommend: Run Quality Check Tool on Development, QA and Production. Repeat until the Quality Check Tool does not report warnings. The Azure Quality Check Tool should be run from time to time and after any change such as SAP patches, OS/DB patches or Azure infrastructure changes such as resizing a VM, adding storage or network/firewall changes.
Do not: Validating hand-built SAP systems manually is impractical, highly prone to human error and is unlikely to detect errors.
6. Updated Guidance for Oracle on 4K Native Storage
The SAP on Oracle on Azure DBMS guide has been updated to reflect the release of Premium SSDv2. Note that Oracle 11g, 12.x and 18g are all out of support. Oracle 19c is the only supported release.
There are two recommended storage deployment patterns for SAP on Oracle on Azure:
Customers currently running Oracle databases on EXT4 or XFS file systems with LVM are encouraged to move to ASM. There are considerable performance, administration and reliability advantages to running on ASM compared to LVM. ASM reduces complexity, improves supportability and makes administration tasks simpler. This documentation contains links for Oracle DBAs to learn how to install and manage ASM.
Azure provides multiple storage solutions. The table below details the support status
Notes:
Oracle Linux: File System's Buffer Cache versus Direct I/O (Doc ID 462072.1)
Supporting 4K Sector Disks (Doc ID 1133713.1)
Using 4k Redo Logs on Flash, 4k-Disk and SSD-based Storage (Doc ID 1681266.1)
Things To Consider For Setting filesystemio_options And disk_asynch_io (Doc ID 1987437.1)
In all cases it is recommended to use Oracle ASM on Linux with ASMLib. Performance, administration, support and configuration is optimized with deployment pattern. Oracle ASM and Oracle dNFS will in general set the correct parameters or bypass parameters (such as FILESYSTEMIO_OPTIONS) and therefore deliver better performance and reliability.
During the installation of a SAP system with SWPM or when moving from 512e storage to 4K Native storage an error message such as the one below may be observed with Azure Premium v2 or UltraDisk. This error is most common on Windows systems and on very old Oracle releases. Azure Premium v2 and UltraDisk uses 4K Native format by default. Azure Premium Storage v1 uses 512.
To resolve this issue edit the disk properties and change from 4096 (4K Native) to 512.
ORA-00603: ORACLE server session terminated by fatal error
ORA-01092: ORACLE instance terminated. Disconnection forced
ORA-01501: CREATE DATABASE failed
ORA-00301: error in adding log file '/oracle/XXX/origlogA/log_<sid>m1.dbf' - file
cannot be created
ORA-27044: unable to write the header block of file
Linux-x86_64 Error: 22: Invalid argument
The Oracle Metalink Article discusses this error further
Dbca Fails With ORA-1994 ORA-1078 And OSD-4001 In 4K Sector Size Disk On Windows (Doc ID 2312484.1)
In the Azure Portal under the Storage Blade click on the Edit pencil icon to change the Logical Sector size from 4096 to 512 on Windows platforms as 4K Native Log formats are not supported on Windows. On Linux platforms recreate the log files as per the procedure in the MOS articles above.
7. How to Verify RSS is Working Correctly
Receive Side Scaling is a technology that distributes network CPU processing across multiple CPUs. Prior to the development of RSS significant portions of network processing would occur on CPU 0 or 1. RSS has existed in various forms since Windows 2012 and is generally enabled by default on Azure VMs.
If high CPU utilization, particularly high system/kernel time is observed on CPU 0 or 1 then there may be a RSS misconfiguration.
On Windows OS more information can be found here Introduction to Receive Side Scaling (RSS) - Windows drivers | Microsoft Learn. RSS will likely not function correctly if the output of the command “Get-NetAdapterRss” IndirectionTable is null or blank.
Get-NetAdapterRss
Solution: if this pattern is seen on Azure VMs open a support case with Microsoft if the command “Set-Netoffloadglobalsetting -ReceiveSideScaling enable” does not resolve this situation.
Linux OS releases also implement RSS. More information on RSS on Linux can be found here
Scaling in the Linux Networking Stack — The Linux Kernel documentation
8. New Guidance for Defender for Endpoint (MDE) for SAP Systems
Two new blogs have been released documenting recommendations for running Microsoft Defender for Endpoint (MDE) in combination with SAP applications.
In addition to these blogs a new SAP Note has been released containing information about the support status of AV and EDR solutions. 3356389 - Antivirus or other security software affecting SAP operations
Recent blogs on Microsoft Defender for Endpoint and SAP Applications:
Microsoft Defender Endpoint (MDE) for SAP Applications on Windows Server
SAP Applications and Microsoft Defender for Linux
Recommend: A comprehensive security solution should be implemented during a new SAP deployment or on-premises to Azure migration project. MDE is one component of an overall security solution. It is generally acknowledged that operating VMs running either Windows or Linux must have an advanced security solution installed to mitigate advanced threats, such as “Fileless” threats.
Do not: “Go live and retrofit a security solution to the SAP landscape afterwards”
Review these links and procedures:
Azure Landing Zone for SAP SAP on Azure landing zone accelerator - Cloud Adoption Framework | Microsoft Learn
Implement Azure Resource Lock with either Read Only or Do Not Delete Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Learn
MDE for Windows and Linux SAP Applications and Microsoft Defender for Linux - Microsoft Community Hub and Microsoft Defender Endpoint (MDE) for SAP Applications on Windows Server
Defender for Cloud What is Microsoft Defender for Cloud? - Microsoft Defender for Cloud | Microsoft Learn
Defender for Storage Blob Storage Scanning Malware scanning in Microsoft Defender for Storage - Microsoft Defender for Cloud
Identity Management Azure identity & access security best practices | Microsoft Learn & Azure security features that help with identity management | Microsoft Learn
Focus on Single Sign-on, Multi-Factor Authentication, Azure Role Based Access Control (RBAC) and Privileged Identity Management.
Ransomware Protection in Azure Ransomware protection in Azure | Microsoft Learn
Network Security for Azure Network security concepts and requirements in Azure | Microsoft Learn
Azure Encryption and Key Management Data security and encryption best practices - Microsoft Azure | Microsoft Learn (Note: Azure Disk Encryption – ADE is not longer recommended)
SIEM SOAR Solution: Sentinel for Azure has a plug in for SAP Deploy Microsoft Sentinel Solution for SAP in Microsoft Sentinel | Microsoft Learn
The Azure Cloud Adoption Framework for SAP has guidance for SQL Server, Security Operations and Sentinel
Overview of Security Azure security fundamentals documentation | Microsoft Learn
Customers that have Splunk can connect SAP to Splunk with PowerConnect - Splunk-ify Your SAP Solutions
9. Azure Backup Enhancements for SAP Customers
Azure Backup is in use by many customers and provides a first party low cost Enterprise Backup Solution.
Since Azure Backup first launched multiple new capabilities have been added:
Further information can be found in the Support Matrix:
Azure Backup support matrix - Azure Backup | Microsoft Learn
SAP HANA Backup support matrix - Azure Backup | Microsoft Learn
Azure Backup support matrix for SQL Server Backup in Azure VMs - Azure Backup | Microsoft Learn
HSR support Back up SAP HANA System Replication databases on Azure VMs - Azure Backup | Microsoft Learn
Recommended videos for Azure Backup
(644) Azure Backup for SAP HANA Databases on Azure VM
(684) Azure Backup for SQL Server Databases on Azure VM
10. Proximity Placement Group (PPG) Latency Tiers
The SAP on Azure documentation details the current recommendations and guidance around Proximity Placement Groups. Configuration options for optimal network latency with SAP applications | Microsoft Learn
As of October 2023 a new ultra low option is available in preview.
Latency tiers:
PPG is a feature that should only be used in specific circumstances for SAP applications and other after steps documented in the following SAP Note have been followed: 2931465 - When to use Proximity Placement Groups on Azure to Reduce Network Latency – 3 Tier NetWeaver or S/4HANA architecture - SAP for Me
11. Azure Site Recovery (ASR) Support for Shared Disks (Windows)
The SAP ASCS on Windows can use either a Cluster Shared Disk or a UNC path.
Cluster Shared Disk - Cluster SAP ASCS/SCS instance on WSFC using shared disk in Azure | Microsoft Learn
UNC Path to a SMB server - Install HA SAP NetWeaver with Azure Files SMB | Microsoft Learn
Azure Site Recovery will support Azure Shared Disks in DR scenarios. Customers can register for the Private Preview
Private Preview – DR for Shared Disks – Azure Site Recovery | Azure updates | Microsoft Azure
The full Azure Site Recovery Support Matrix can be found here Support matrix for Azure VM disaster recovery with Azure Site Recovery - Azure Site Recovery | Microsoft Learn
It is recommended to review the documentation and restrictions on Azure Shared Disks Share an Azure managed disk across VMs - Azure Virtual Machines | Microsoft Learn
Azure Site Recovery does not yet support Trusted Lauch. This is in progress for Windows and Linux. Check the link below for updates
Trusted launch for Azure VMs - Azure Virtual Machines | Microsoft Learn
Trusted Launch ensures that boot loaders and device drivers have not been compromised with root kits or similar.
ASR now supports ZRS Generally available: Azure Site Recovery support for ZRS Managed Disks | Azure updates | Microsoft Azure
Useful Links
Set up SAP NetWeaver disaster recovery with Azure Site Recovery - Azure Site Recovery | Microsoft Learn
Disaster Recovery overview and infrastructure guidelines for SAP workload | Microsoft Learn
Disaster Recovery recommendation for SAP workload | Microsoft Learn
#150 - The one with Azure DDoS Protection for SAP workloads (Evren Buyruk & Amir Dahan) | SAPonAzure - YouTube
SAP Notes
1928533 - SAP Applications on Microsoft Azure: Supported Products and Azure VM types - SAP ONE Support Launchpad
2015553 - SAP on Microsoft Azure: Support prerequisites - SAP ONE Support Launchpad
2039619 - SAP Applications on Microsoft Azure using the Oracle Database: Supported Products and Versions - SAP ONE Support Launchpad
Continue reading...
The third major generation of Azure M-series is now in Public Preview. The public preview is free of charge and available in West Europe, North Europe, East US 2, and East US. The Msv3 and Mdsv3 Medium Memory (MM) are the first in a series of VMs that will comprise the Mv3 family of VMs. The Mv3 family will offer VMs to cater to all SAP Hana customers ranging from medium size Hana databases up to the largest customer installations.
Key features and requirements of the new Mv3 Medium Memory VMs:
- Powered by the 4th Generation Intel® Xeon® Scalable Processor and DDR5 DRAM technology, the Mv3 medium memory (MM) virtual machines can scale for workloads from 240GB to 3TB with faster performance and lower TCO.
- With Azure Boost, Mv3 MM provides a ~25% improvement in network throughput and up to 1.5X improvement in remote storage throughput over the previous M-series families.
- Azure Boost’s isolated architecture inherently improves security for Mv3 MM virtual machines by running storage and networking processes separately on the purpose-built hardware, instead of on the host server.
- Designed from the ground up for increased resilience against failures in memory, disks, and networking based on intelligence from past generations.
- Available in both disk and diskless offerings allowing customers the flexibility to choose the option that best meets their workload needs.
- Only Gen2 VMs are supported. Gen1 VMs are not supported
- The minimum required Operating System releases are SLES 15.4, RHEL 8.6 and Windows 2019
- Write Accelerator is supported on Mv3 VMs Azure Write Accelerator - Azure Virtual Machines | Microsoft Learn
- Mv3 natively supports NVMe Enable NVMe FAQ - Azure Virtual Machines | Microsoft Learn
- Azure VMs that support the minimum requirements for Hana (Standard_M48s_1_v3 or larger) are currently in validation for Hana Certification and will be available in the IaaS directory soon Certified and Supported SAP HANA® Hardware Directory
Overview of Msv3 and Mdsv3 Medium Memory Series - Azure Virtual Machines | Microsoft Learn
Announcing%20public%20preview%20of%20new%20Mv3%20Medium%20Memory%20Virtual%20Machines
Public preview: Azure Mv3 Medium Memory (MM) Virtual Machines | Azu...
Msv3 Medium Memory
Size | vCPU | Memory: GiB | Max data disks | Max uncached Premium SSD throughput: IOPS/MBps | Max uncached Ultra Disk and Premium SSD V2 disk throughput: IOPS/MBps | Max NICs | Max network bandwidth (Mbps) |
Standard_M12s_v3 | 12 | 240 | 64 | 16,250/390 | 16,250/390 | 4 | 4,000 |
Standard_M24s_v3 | 24 | 480 | 64 | 32,500/780 | 32,500/780 | 8 | 8,000 |
Standard_M48s_1_v3 | 48 | 974 | 64 | 65,000/ 1,560 | 65,000/ 1,560 | 8 | 16,000 |
Standard_M96s_1_v3 | 96 | 974 | 64 | 65,000/ 1,560 | 65,000/ 1,560 | 8 | 16,000 |
Standard_M96s_2_v3 | 96 | 1,946 | 64 | 130,000/ 3,120 | 130,000/ 3,120 | 8 | 30,000 |
Standard_M176s_3_v3 | 176 | 2794 | 64 | 130,000/ 4,000 | 130,000/ 4,000 | 8 | 40,000 |
Mdsv3 Medium Memory
Size | vCPU | Memory: GiB | Temp storage (SSD) GiB | Max data disks | Max cached* and temp storage throughput: IOPS / MBps | Max uncached Premium SSD throughput: IOPS/MBps | Max uncached Ultra Disk and Premium SSD V2 disk throughput: IOPS/MBps | Max NICs | Max network bandwidth (Mbps) |
Standard_M12ds_v3 | 12 | 240 | 400 | 64 | 10,000/100 | 16,250/390 | 16,250/390 | 4 | 4,000 |
Standard_M24ds_v3 | 24 | 480 | 400 | 64 | 20,000/200 | 32,500/780 | 32,500/780 | 8 | 8,000 |
Standard_M48ds_1_v3 | 48 | 974 | 400 | 64 | 40,000/400 | 65,000/ 1,560 | 65,000/ 1,560 | 8 | 16,000 |
Standard_M96ds_1_v3 | 96 | 974 | 400 | 64 | 40,000/400 | 65,000/ 1,560 | 65,000/ 1,560 | 8 | 16,000 |
Standard_M96ds_2_v3 | 96 | 1,946 | 400 | 64 | 160,000/1600 | 130,000/ 3,120 | 130,000/ 3,120 | 8 | 30,000 |
Standard_M176ds_3_v3 | 176 | 2794 | 400 | 64 | 160,000/1600 | 130,000/ 4,000 | 130,000/ 4,000 | 8 | 40,000 |
In addition a new 8TB VM is now certified M416s_8_v2. This is a 8TB VM certified for OLAP, OLTP and BusinessOne
2. Connecting SAP Applications to Azure AI
Microsoft and SAP have offered enhanced extension and integration between Microsoft technologies such as Teams and Power Platform. More information can be found here on the many integrations between Microsoft products and SAP Get started with SAP and Microsoft integration scenarios | Microsoft Learn
There is considerable interest in Azure OpenAI connectivity to SAP. Several scenarios are illustrated here Unbelievable Whiteboard Scenarios for SAP S/4HANA & Azure OpenAI (microsoft.com)
The SAP on Azure Youtube Channel contains many good sessions on Azure OpenAI for SAP
#162 - The one with Developing with the AI SDK for SAP (Gopal Nair) | SAP on Azure Video Podcast - YouTube
#161 - The one with even more Teams, SAP and AI (Chan Jin Park) | SAP on Azure Video Podcast - YouTube
#156 - The one with the AI SDK for ABAP (Gopal Nair) | SAP on Azure Video Podcast - YouTube
#157 - The one with SAP, Teams, Power and AI - Internship @ Microsoft (Noopur Vaishnav) | SAPonAzure - YouTube
#149 - The one with SAP, Azure Open AI and Power Virtual Agent (Michael Mergell) | SAP on Azure - YouTube – this video includes a demo of a Bot that can check the status of a batch job in SAP
3. Support for Latest Linux Releases – Use the Latest Supported Versions
The Certified and Supported SAP HANA Hardware Directory has been updated now that Suse 15.5 and RedHat 8.8 are fully supported on Azure.
Recommend: When deploying new systems or migrating existing systems to Azure, use the latest OS/DB releases. Use the SAP OS/DB Migration procedure to migrate from niche platforms with declining market share and little vendor investment to mainstream supportable platforms. The best run SAP customers invest in “Evergreening” OS, DB and SAP releases.
Do not: Do not adopt a “N-1 strategy”. It is recommended to update the OS/DB release when moving existing systems to Azure even if these systems will be “migrated to S4Hana within 12 months”. N-1 strategy may have been valid in the past before automated testing processes that are now used by mainstream platforms. S/4HANA implementations may take much longer than anticipated and obsolete OS/DB releases can cause expensive support issues. The SAP System Copy procedure can be used to update OS/DB.
SAP Release Information
SAP Product Availability Matrix SAP Support Launchpad: Sign In
Use the latest supported operating system for Hana 2235581 - SAP HANA: Supported Operating Systems - SAP ONE Support Launchpad
Operating System Release Information
Suse Linux Product Support Lifecycle | SUSE
Redhat Linux Red Hat Enterprise Linux Life Cycle - Red Hat Customer Portal 2397039 - FAQ: SAP on RHEL - SAP ONE Support Launchpad
Oracle Linux Oracle Linux - Oracle Linux
Windows Windows Server release information | Microsoft Learn and 3143497 - SAP Systems on Windows Server 2022
Database Release Information
SQL Server – use the latest available version and CU SQL Server Blog - Microsoft Community Hub
Oracle – use the latest DBMS version and SAP Bundle Patch (SBP)
Hana - 2378962 - SAP HANA 2.0 Revision and Maintenance Strategy and SAP HANA 2.0 revision strategyV36
SAP’s strategy for NetWeaver and related products is summarized here
SAP NetWeaver 7.5 Maintenance Strategy | ABAP Development | SAP Community
The Azure platform supports Guest OS patching.
Automatic VM Guest Patching for Azure VMs - Azure Virtual Machines | Microsoft Learn
Azure Automation Update Management overview | Microsoft Learn
In general, it is recommended to use the SAP System Copy procedure to move existing SAP systems to Azure. Large Databases should be moved to Azure using native DBMS tools (such as log shipping) rather than with VM clone tools such as Azure Migrate.
2235581 - SAP HANA: Supported Operating Systems
3108302 - SAP HANA DB: Recommended OS Settings for RHEL 9
2777782 - SAP HANA DB: Recommended OS Settings for RHEL 8
2292690 - SAP HANA DB: Recommended OS settings for RHEL 7 (New deployments not recommended)
2684254 - SAP HANA DB: Recommended OS settings for SLES 15 / SLES for SAP Applications 15
2205917 - SAP HANA DB: Recommended OS settings for SLES 12 / SLES for SAP Applications 12 (New deployments not recommended)
Information on supported Oracle Linux versions can be found here 1565179 - SAP software and Oracle Linux
Linux for NetWeaver support is documented 2369910 - SAP Software on Linux: General information
4. Use Automated Deployment Scripts for Building the SAP Landscape
All SAP projects of any size should use scripted deployment to ensure quality and consistency. Scripted deployment should be used for Development, QA and Production to ensure non-productive environments have identical configuration to Production.
Recommend: Use ACSS or SDAF
SDAF supports almost all OS/DB combinations and High Availability configurations Supportability matrix for SAP Deployment Automation Framework | Microsoft Learn
Microsoft pre-delivers automation via ACSS and SDAF. SDAF is based on Terraform and Ansible. SDAF is highly customizable. ACSS is built on ARM templates and is a quick and simple for customers without deep Terraform and Ansible skills.
ACSS Azure Center for SAP solutions (preview) | Microsoft Learn
SDAF About SAP on Azure Deployment Automation Framework - Azure Virtual Machines | Microsoft Learn
ARM template documentation | Microsoft Learn
Do not: “Hand built” SAP landscapes will have many misconfigurations and are very difficult to troubleshoot. Hand building Development and QA and then using scripting for Production defeats the purpose of a non-production testing. All SAP systems small, medium and large should be built using repeatable scripting tools
5. Run SAP Azure Quality Check Tool
Use the automated quality check tool to validate configuration after installation. Rerun the Quality Check tool if warnings are received and repeat until all warnings are either resolved or explainable.
SAP-on-Azure-Scripts-and-Utilities/Readme.md at main · Azure/SAP-on-Azure-Scripts-and-Utilities · GitHub
Recommend: Run Quality Check Tool on Development, QA and Production. Repeat until the Quality Check Tool does not report warnings. The Azure Quality Check Tool should be run from time to time and after any change such as SAP patches, OS/DB patches or Azure infrastructure changes such as resizing a VM, adding storage or network/firewall changes.
Do not: Validating hand-built SAP systems manually is impractical, highly prone to human error and is unlikely to detect errors.
6. Updated Guidance for Oracle on 4K Native Storage
The SAP on Oracle on Azure DBMS guide has been updated to reflect the release of Premium SSDv2. Note that Oracle 11g, 12.x and 18g are all out of support. Oracle 19c is the only supported release.
There are two recommended storage deployment patterns for SAP on Oracle on Azure:
- Oracle Automatic Storage Management (ASM)
- Azure NetApp Files (ANF) with Oracle dNFS (Direct NFS)
Customers currently running Oracle databases on EXT4 or XFS file systems with LVM are encouraged to move to ASM. There are considerable performance, administration and reliability advantages to running on ASM compared to LVM. ASM reduces complexity, improves supportability and makes administration tasks simpler. This documentation contains links for Oracle DBAs to learn how to install and manage ASM.
Azure provides multiple storage solutions. The table below details the support status
Storage Type | Oracle Support | Sector Size | Oracle Linux 8.x or Higher | Windows 2019 or Higher |
| | | | |
Block Storage Types | | | | |
Premium SSD | Supported | 512e | ASM Recommended. LVM Supported | No Support for ASM on Windows. |
Premium SSD v2 | Supported | 4K Native | ASM Recommended. LVM Supported | No Support for ASM on Windows. Change Log File disks from 4K Native to 512e |
Standard SSD | Not Supported | - | | |
Standard HDD | Not Supported | - | | |
Ultra Disk | Supported | 4K Native | ASM Recommended. LVM Supported | No Support for ASM on Windows. Change Log File disks from 4K Native to 512e |
| | | | |
Network Storage Types | | | | |
Azure NetApp Service (ANF) | Supported | - | Oracle dNFS Required | Not Supported |
Azure Files NFS | Not Supported | - | - | - |
Azure Files SMB | Not Supported | - | - | - |
| | | | |
Notes:
- No support for DIRECTIO with 4K Native sector size. Do not set FILESYSTEMIO_OPTIONS for LVM configurations
- Oracle 19c and higher fully supports 4K Native sector size with both ASM and LVM
- Oracle 19c and higher on Linux – when moving from 512e storage to 4K Native storage Log sector sizes must be changed
- To migrate from 512/512e sector size to 4K Native Review (Doc ID 1133713.1) – see section “Offline Migration to 4Kb Sector Disks”
- No support for ASM on Windows platforms
- No support for 4K Native sector size for Log volume on Windows platforms. SSDv2 and Ultra Disk must be changed to 512e via the “Edit Disk” pencil icon in the Azure Portal (see the screenshot later in this blog)
- 4K Native sector size is supported on Data volume for Windows platforms only
- It is recommended to review these MOS articles:
Oracle Linux: File System's Buffer Cache versus Direct I/O (Doc ID 462072.1)
Supporting 4K Sector Disks (Doc ID 1133713.1)
Using 4k Redo Logs on Flash, 4k-Disk and SSD-based Storage (Doc ID 1681266.1)
Things To Consider For Setting filesystemio_options And disk_asynch_io (Doc ID 1987437.1)
In all cases it is recommended to use Oracle ASM on Linux with ASMLib. Performance, administration, support and configuration is optimized with deployment pattern. Oracle ASM and Oracle dNFS will in general set the correct parameters or bypass parameters (such as FILESYSTEMIO_OPTIONS) and therefore deliver better performance and reliability.
During the installation of a SAP system with SWPM or when moving from 512e storage to 4K Native storage an error message such as the one below may be observed with Azure Premium v2 or UltraDisk. This error is most common on Windows systems and on very old Oracle releases. Azure Premium v2 and UltraDisk uses 4K Native format by default. Azure Premium Storage v1 uses 512.
To resolve this issue edit the disk properties and change from 4096 (4K Native) to 512.
ORA-00603: ORACLE server session terminated by fatal error
ORA-01092: ORACLE instance terminated. Disconnection forced
ORA-01501: CREATE DATABASE failed
ORA-00301: error in adding log file '/oracle/XXX/origlogA/log_<sid>m1.dbf' - file
cannot be created
ORA-27044: unable to write the header block of file
Linux-x86_64 Error: 22: Invalid argument
The Oracle Metalink Article discusses this error further
Dbca Fails With ORA-1994 ORA-1078 And OSD-4001 In 4K Sector Size Disk On Windows (Doc ID 2312484.1)
In the Azure Portal under the Storage Blade click on the Edit pencil icon to change the Logical Sector size from 4096 to 512 on Windows platforms as 4K Native Log formats are not supported on Windows. On Linux platforms recreate the log files as per the procedure in the MOS articles above.
7. How to Verify RSS is Working Correctly
Receive Side Scaling is a technology that distributes network CPU processing across multiple CPUs. Prior to the development of RSS significant portions of network processing would occur on CPU 0 or 1. RSS has existed in various forms since Windows 2012 and is generally enabled by default on Azure VMs.
If high CPU utilization, particularly high system/kernel time is observed on CPU 0 or 1 then there may be a RSS misconfiguration.
On Windows OS more information can be found here Introduction to Receive Side Scaling (RSS) - Windows drivers | Microsoft Learn. RSS will likely not function correctly if the output of the command “Get-NetAdapterRss” IndirectionTable is null or blank.
Get-NetAdapterRss
Solution: if this pattern is seen on Azure VMs open a support case with Microsoft if the command “Set-Netoffloadglobalsetting -ReceiveSideScaling enable” does not resolve this situation.
Linux OS releases also implement RSS. More information on RSS on Linux can be found here
Scaling in the Linux Networking Stack — The Linux Kernel documentation
8. New Guidance for Defender for Endpoint (MDE) for SAP Systems
Two new blogs have been released documenting recommendations for running Microsoft Defender for Endpoint (MDE) in combination with SAP applications.
In addition to these blogs a new SAP Note has been released containing information about the support status of AV and EDR solutions. 3356389 - Antivirus or other security software affecting SAP operations
Recent blogs on Microsoft Defender for Endpoint and SAP Applications:
Microsoft Defender Endpoint (MDE) for SAP Applications on Windows Server
SAP Applications and Microsoft Defender for Linux
The guidance for SAP applications on Linux will be updated to incorporate new recommendations:
"mdatp exclusion folder add --path /usr/lib/pacemaker/" (for RedHat /var/lib/pacemaker/) "mdatp exclusion process add --name pacemakerd" "mdatp exclusion process add --name crm_*" |
Recommend: A comprehensive security solution should be implemented during a new SAP deployment or on-premises to Azure migration project. MDE is one component of an overall security solution. It is generally acknowledged that operating VMs running either Windows or Linux must have an advanced security solution installed to mitigate advanced threats, such as “Fileless” threats.
Do not: “Go live and retrofit a security solution to the SAP landscape afterwards”
Review these links and procedures:
Azure Landing Zone for SAP SAP on Azure landing zone accelerator - Cloud Adoption Framework | Microsoft Learn
Implement Azure Resource Lock with either Read Only or Do Not Delete Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Learn
MDE for Windows and Linux SAP Applications and Microsoft Defender for Linux - Microsoft Community Hub and Microsoft Defender Endpoint (MDE) for SAP Applications on Windows Server
Defender for Cloud What is Microsoft Defender for Cloud? - Microsoft Defender for Cloud | Microsoft Learn
Defender for Storage Blob Storage Scanning Malware scanning in Microsoft Defender for Storage - Microsoft Defender for Cloud
Identity Management Azure identity & access security best practices | Microsoft Learn & Azure security features that help with identity management | Microsoft Learn
Focus on Single Sign-on, Multi-Factor Authentication, Azure Role Based Access Control (RBAC) and Privileged Identity Management.
Ransomware Protection in Azure Ransomware protection in Azure | Microsoft Learn
Network Security for Azure Network security concepts and requirements in Azure | Microsoft Learn
Azure Encryption and Key Management Data security and encryption best practices - Microsoft Azure | Microsoft Learn (Note: Azure Disk Encryption – ADE is not longer recommended)
SIEM SOAR Solution: Sentinel for Azure has a plug in for SAP Deploy Microsoft Sentinel Solution for SAP in Microsoft Sentinel | Microsoft Learn
The Azure Cloud Adoption Framework for SAP has guidance for SQL Server, Security Operations and Sentinel
Overview of Security Azure security fundamentals documentation | Microsoft Learn
Note: in some cases the Azure Security default security policy may trigger a scan using the Freeware Clam AV solution. It is recommended to disable Clam AV scan after a VM has been protected with MDE: sudo azsecd config -s clamav -d "Disabled" sudo service azsecd restart sudo azsecd status |
Customers that have Splunk can connect SAP to Splunk with PowerConnect - Splunk-ify Your SAP Solutions
9. Azure Backup Enhancements for SAP Customers
Azure Backup is in use by many customers and provides a first party low cost Enterprise Backup Solution.
Since Azure Backup first launched multiple new capabilities have been added:
- SQL Server Streaming Backup/Restore
- SQL Server Storage Level Snapshot Backup/Restore (In Preview October 2023)
- SAP Hana Streaming Backup/Restore
- SAP Hana Storage Level Snapshot Backup/Restore (In Preview, GA very soon)
- Cross Region and Cross Subscription Restore is supported for SQL Server and Hana for Streaming Backups. Snapshot Cross Region and Cross Subscription will be supported later
- Hana System Replication (HSR) and SQL Server AlwaysOn scenarios are both supported \
- Native DBMS Backup Compression is supported for both Hana and SQL Server
Further information can be found in the Support Matrix:
Azure Backup support matrix - Azure Backup | Microsoft Learn
SAP HANA Backup support matrix - Azure Backup | Microsoft Learn
Azure Backup support matrix for SQL Server Backup in Azure VMs - Azure Backup | Microsoft Learn
HSR support Back up SAP HANA System Replication databases on Azure VMs - Azure Backup | Microsoft Learn
Recommended videos for Azure Backup
(644) Azure Backup for SAP HANA Databases on Azure VM
(684) Azure Backup for SQL Server Databases on Azure VM
10. Proximity Placement Group (PPG) Latency Tiers
The SAP on Azure documentation details the current recommendations and guidance around Proximity Placement Groups. Configuration options for optimal network latency with SAP applications | Microsoft Learn
As of October 2023 a new ultra low option is available in preview.
Latency tiers:
- Standard: Availability optimized. Choose this type if you would like to continue leveraging low-latency colocation of PPG resources, along with better allocation success rate during resource creation. Note that this is the proposed default PPG type for all existing and new PPGs. This will also be the "Recommended" PPG type for all new PPG users. Colocation for Standard PPGs will not happen at a Data Center level but is taken care to provide much better latency than zonal latency.
- Ultra: Latency optimized. Ultra PPG would provide the ultra-low latency colocation with the strict Data Center level colocation of PPG resources. Note that this may cause lower allocation success rate during creating/re-deploying resources. Hence Ultra PPG is recommended only to be used when your application latencies are not meeting by using Standard PPG.
PPG is a feature that should only be used in specific circumstances for SAP applications and other after steps documented in the following SAP Note have been followed: 2931465 - When to use Proximity Placement Groups on Azure to Reduce Network Latency – 3 Tier NetWeaver or S/4HANA architecture - SAP for Me
11. Azure Site Recovery (ASR) Support for Shared Disks (Windows)
The SAP ASCS on Windows can use either a Cluster Shared Disk or a UNC path.
Cluster Shared Disk - Cluster SAP ASCS/SCS instance on WSFC using shared disk in Azure | Microsoft Learn
UNC Path to a SMB server - Install HA SAP NetWeaver with Azure Files SMB | Microsoft Learn
Azure Site Recovery will support Azure Shared Disks in DR scenarios. Customers can register for the Private Preview
Private Preview – DR for Shared Disks – Azure Site Recovery | Azure updates | Microsoft Azure
The full Azure Site Recovery Support Matrix can be found here Support matrix for Azure VM disaster recovery with Azure Site Recovery - Azure Site Recovery | Microsoft Learn
It is recommended to review the documentation and restrictions on Azure Shared Disks Share an Azure managed disk across VMs - Azure Virtual Machines | Microsoft Learn
- Private Preview will support protection of Windows Server Failover Clusters. Some applications that use this architecture are SQL FCI, SAP ASCS, Scale-out File Servers, etc.
- OS Support: Windows Server 2016 and above.
- Nodes: Up to 4 nodes per cluster.
- Any number of Shared Disks can be attached to the cluster.
- Failover operation supports the failover of entire cluster at once. We also support failover of clusters where one or more nodes are unavailable or undergoing maintenance.
- The scope is limited to forward direction protection. Once a failover is performed, customer will have to re-enable replication for reverse direction protection.
Azure Site Recovery does not yet support Trusted Lauch. This is in progress for Windows and Linux. Check the link below for updates
Trusted launch for Azure VMs - Azure Virtual Machines | Microsoft Learn
Trusted Launch ensures that boot loaders and device drivers have not been compromised with root kits or similar.
ASR now supports ZRS Generally available: Azure Site Recovery support for ZRS Managed Disks | Azure updates | Microsoft Azure
Useful Links
Set up SAP NetWeaver disaster recovery with Azure Site Recovery - Azure Site Recovery | Microsoft Learn
Disaster Recovery overview and infrastructure guidelines for SAP workload | Microsoft Learn
Disaster Recovery recommendation for SAP workload | Microsoft Learn
#150 - The one with Azure DDoS Protection for SAP workloads (Evren Buyruk & Amir Dahan) | SAPonAzure - YouTube
SAP Notes
1928533 - SAP Applications on Microsoft Azure: Supported Products and Azure VM types - SAP ONE Support Launchpad
2015553 - SAP on Microsoft Azure: Support prerequisites - SAP ONE Support Launchpad
2039619 - SAP Applications on Microsoft Azure using the Oracle Database: Supported Products and Versions - SAP ONE Support Launchpad
Continue reading...