2022

MINI TANZANIA SAP ON AWS

Infrastructure DOCUMENTATIOn
Timothy Munyao

| Nairobi

1
Document Version 1.1

Infrastructure Components

 A virtual private cloud (VPC) - two subnets - one public and the other private.
 A network address translation (NAT) instance deployed into the public subnet and configured
with an Elastic IP address for outbound internet connectivity and inbound Secure Shell (SSH)
access.
 A Microsoft Windows Server instance deployed in the public subnet for downloading SAP HANA
media and for providing a remote desktop connection to the SAP Business One client instance.
 A SUSE Linux Enterprise Server (SLES) instance deployed in the private subnet for SAP Business
One, version for SAP HANA.
 A Microsoft Windows Server instance deployed in the private subnet for the SAP Business One
client.
 An IAM instance role created with fine-grained permissions for access to AWS services
necessary for the deployment process.
 A SAP HANA system installed with Amazon EBS based on General Purpose (SSD) volumes
configured to meet performance requirements for SAP HANA.
 SAP Business One, version for SAP HANA, server components installed on the SAP HANA
database instance.
 SAP Business One, version for SAP HANA, client components installed on the Microsoft
Windows Server instance.
 Security groups for each instance or function, to restrict access to only necessary protocols and
ports.
 Amazon CloudWatch – enabled
 AWS Data Provider for SAP – Installed on each EC2 Instance to collect the required performance
and configuration data from a variety of sources including Amazon EC2 API, EC2 Instance
Metadata, Amazon CloudWatch and shares it with SAP applications for monitoring and
improvement of performance of business transactions

SAP Components

 SAP HANA database (Linux) – HANA Master Instance

o SAP HANA database server
o SAP HANA database client (64-bit and 32-bit)
o SAP HANA Application Function Library (AFL)
 SAP Business One application (Linux)
o SAP Business One Server Tools
o SAP Business One Server
 Analytical features
 Service layer components

2
  Tomcat web server
 Demo database
 Help
 SAP Business One client (Windows) – MINITZ RDS
o SAP HANA Database client (64-bit)
o SAP Business One client, version for SAP HANA

Deployment Summary

SAP for MINI BAKERIES Tanzania follows the Single-AZ, Single-Node Architecture deployment option. We
provisioned a single EC2 instance with Amazon EBS storage and SLES operating system to host the SAP
HANA platform. For secure access, the SAP HANA server is placed in the private subnet, which is not
directly accessible from the internet. We also installed SAP HANA Studio manually in RDS Windows
Server instance that is provisioned in the public subnet. For SSH access to the SAP HANA server, we use
an SSH client on RDS Windows Server instance. A third Windows Server 2019 instance is setup on the
public subnet to serve as a Domain Controller. The RDS instance is domain-joined.

A NAT Gateway is attached to the Private Subnet to allow the HANA master instance to connect to the
internet for OS level updates.

Step 1. Prepare an AWS account

 Sign into the AWS account

 Choose eu-west-1 as the AWS Region to deploy the stack on AWS.
 Created a key pair in the region for launching the EC2 instances – minitz.pem & MINITZ-AWS-
DS-KP.pem.

Step 2. Set up the network infrastructure

 Created 1 private subnet and 1 public subnet under the default VPC
 Launched a Windows Server Instance in the public subnet to serve as the Remote Desktop
Service Instance
 Launched a Windows Server 2019 instance in the public subnet and promoted it to a Domain
Controller-created user Acetek1 in the domain with Administrator rights.

Step 3. Download and stage the SAP Business One media – by Acetek Softwares Ltd

 Download the SAP Business One media from the SAP website
 Extract the media files and place them in the required folder structure inside the s3 bucket
 Create a snapshot of the media volume.

Step 4. Stage the Installation media in an s3 bucket

 Created s3 bucket

3
  Uploaded the SAP installation media into the s3 bucket

Step 4. Install SAP Business One, version for SAP HANA

 Launch the AWS CloudFormation template to install and configure SAP Business One, version for
SAP HANA, server, and client components.

Step 5. Post-installation tasks

 Connect to the SAP Business One client instance.

 Connect to the SAP HANA database instance.
 Back up the HANA database.
 Install additional SAP Business One client components.

Compute Services

RDS Instance

 Windows Server 2019

 v5.xlarge, 64 GiB of Memory, 8 vCPUs, EBS-Only, 64-bit platform

HANA Instance

 Operating System – AMI – Licensed from AWS Marketplace

 SLES SP2v15 for SAP

 v5.xlarge, 64 GiB of Memory, 8 vCPUs, EBS-Only, 64-bit platform

Domain Controller

 Windows Server 2019

 t2.micro, 2 GiB of Memory, 1 vCPUs, EBS only, 64-bit platform

4
Infrastructure - HLD Diagram

System Infrastructure Process flow description on Users:

NAME OF MINI BAKERIES SYSTEM INFRASTRUCTURE SAP-AWS ARCHITECTURE

SYSTEM:
DOCUMENT System Infrastructure Process flow
DESCRIPTION:
PROCESS  Davies Albert and Timothy Munyao
OWNER:  Domicile in:
Sector/Ministry Department Section Unit
Company Administration and All Departments AWS-SAP System System
Management Infrastructure Cloud
Management
PROCESS Key Issues/Concerns Solution
IMPROVEMENT  Operational
(NON-POLICY efficiency with a. Cloud, the scalable, flexible and yet robust
CHANGE): reduced IT hosting platform allows you to use your ERP

5
 administration. workloads as well as SaaS applications
effectively. Going by the increasing number of
 Cost reduction customers moving to Cloud, it is certain that
with on-demand Cloud is not vaporware, it is here to stay and
bursting to only to grow bigger and safer by the day. It
public clouds. would also necessitate organizations to chart
out a Smart Cloud strategy.
 Efficient b. The underlying compute and storage resources
integrations with scale automatically to match application
extended demand so that the cloud user does not have to
ecosystems. allocate resources manually. They use a load
balancer which distributes network or
application traffic across a cluster of servers.
Load balancing improves responsiveness and
increases availability of applications.
PROCESS The System architecture follows the Single-AZ, Single-Node Architecture deployment option.
IMPROVEMENT We provisioned a single EC2 instance with Amazon EBS storage and SLES operating system to
(POLICY host the SAP HANA platform.
CHANGE):
PROCESS ACT:
POLICY/ACT: ** For secure access, the SAP HANA server is placed in the private subnet, which is not directly
accessible from the internet. We also installed SAP HANA Studio manually in RDS Windows
Server instance that is provisioned in the public subnet. For SSH access to the SAP HANA server,
we use an SSH client on RDS Windows Server instance. **
POLICY:
NONE
CREATED BY: Davies Albert DATE CREATED: 30/09/2022
LAST UPDATED
Davies Albert DATE CHANGED: 30/09/2022
BY:

1. Computing services
DOCUMENT
1.0 DOCUMENT CHANGES: update of components used.
VERSION:

DESCRIPTION: This scenario uses a single Availability Zone for the deployment. The single-node option

provisions a single EC2 instance for SAP HANA in the private subnet of the Availability Zone. The
multi-node option provisions up to five EC2 instances for SAP HANA in the private subnet. You
can choose from two additional deployment options:
a. Deploying SAP HANA into a new VPC (end-to-end deployment) builds the VPC, subnets,
NAT gateway, security groups, bastion host, and optional Windows Server and SAP
HANA server(s) with Amazon EBS.
b. Deploying SAP HANA into an existing VPC provisions SAP HANA servers in your existing
infrastructure.

6
 PROCESS The purpose of this process is to help you deploy fully functional SAP HANA Systems on the Aws
PURPOSE: Cloud, following best practices from AWS and SAP. The deployment ensures that Amazon EC2,
Amazon EBS and the operating system- SUSE Linux Enterprise Server (SLES) or Red Enterprise
Linux (RHEL) are optimally configured to achieve the best performance for your SAP HANA
System.

PROCESS
SCOPE: The AWS Cloud provides a suite of infrastructure services that enable you to deploy SAP HANA
in a highly available, fault-tolerant, and affordable way. By deploying this Quick Start on the
AWS Cloud, you can take advantage of the functionality of SAP HANA along with the flexibility
and security of AWS.

This Quick Start helps you deploy fully functional SAP HANA systems on the AWS Cloud,
following best practices from AWS and SAP. The deployment ensures that Amazon EC2, Amazon
EBS, and the operating system—SUSE Linux Enterprise Server (SLES) or Red Hat Enterprise Linux
(RHEL)—are optimally configured to achieve the best performance for your SAP HANA system.

PROCESS Process Flow:

BOUNDARIES:  SAP users access the system

A. Sub-process
The user is required to enter their AWS account. Upon submission, SAP grants access to a
private Amazon Machine Image (AMI), which is used during the deployment process. After
selecting the number of HANA nodes desired the user’s browser is redirected to an AWS
CloudFormation template depending on the number of nodes selected. At this point a custom
CloudFormation template can be substituted instead in order to "customize" the deployment.
EXCEPTIONS TO NONE
NORMAL
PROCESS FLOW:
CONTROL
POINTS AND N/A
MEASURES:

7
VPC Internet Gateway

8
DHCP Option Set

Subnets

Public Subnet

9
Public Subnet Network ACLs

Public Subnet NAT Gateway

Private Subnet

10
Private Subnet NAT Gateway

Private Subnet Network ACLs

AWS Elastic Compute Services

11
Elastic Compute Services

LaunchWizard-test-HANAStack-9BD7E2BCUUB : SAP HANA Master

Instance Details

Instance Networking Configuration

Instance Network ACLs

12
Instance Route Table

Instance Security Configuration

13
Instance Storage Configuration

Instance Subnet

14
Instance Monitoring

MINITZ-Domain-Controller

15
Instance Details Summary

Domain Controller Security Configuration

Domain Controller Networking

16
Domain Controller Storage

Domain Controller Monitoring

17
Domain Controller Subnet

Domain Controller Route Table

Domain Controller Network ACL

18
MINITZ RDS Instance

Instance Details Summary

MINITZ RDS Security Configuration

19
20
MINITZ RDS Network Configuration

MINITZ Route Table

MINITZ RDS Network ACL

21
MINITZ RDS Subnet

MINITZ RDS Storage

MINITZ RDS Monitoring

22
23