SAP Technical Architecture

Introduction to Installation & Administration HANA - SPS6

December 2013
Agenda

Objectives & Reminder

Topics
Installation
Administration / Operations
HA & DRP
Security
FAQ & focus
Appendix - Resources

Copyright 2012 Accenture All rights reserved. 2

Objectives & Reminders
Objectives

This presentation is a feedback on the key messages and useful information

delivered from SAP training HA200 SPS6

It aims at sharing knowledge gained from SAP training session and

trainer/trainees experiences.

Targeted audience:
Technical Architect
BASIS/Netweaver consultant

What it is/does not:

An architecture description of SAP HANA solution
Does not replace SAP official documentation
Does not aim to replace actual training session @ SAP

Copyright 2012 Accenture All rights reserved. 4

Reminder on HANA technology
Combination of both advances in HW and SW

Hardware Software
Multi-Core Architecture
+
(8 x 10core CPU per blade)
Parallel scaling across Row and Compression
Column Store
blades

64bit address space

4/6TB in current servers No Aggregate
Partitioning Tables
A (End 2013 12TB and 2014
24TB)
Dramatic decline in + + +
price/performance
On-the-fly
extensibility
Copyright 2012 Accenture All rights reserved. 5
 Reminder on HANA technology
HANA Ecosystem : BW on HANA , Business Suite on HANA, HANA as SideCar

SAP Hana
SAP Hana ui for SAP Business Apps
SAP NW 7.3
Information Suite
BW
Access
Platform/Runtime e
SAP business Primary persistence
Object BI Suite
SAP HANA
Side-by-Side
Host Agent/ R runtime : for direct
SAP HANA Database SAP Hana LM integration with R-
SMD Agent
runtime libraries

SAP Service SAP HANA

SAP Support SAP Solution
Market Place Studio
(OSS) Manager
(SMP)

Direct Extractor SAP Landscape

SAP Data Services
Connection DXC Transformation
(ETL)
(BI CONT) (SLT)

Eg: non SAP

Eg: SAP ERP Eg: SAP ERP
ERP
Copyright 2012 Accenture All rights reserved. 6
Reminder on HANA technology - Logical Architecture

SAP HANA APPLIANCE

SAP HANA DATABASE Node 2 Node n

Name Server Name Server Name Server
Master index Server Index Server Index Server Processes
Statictics Server
Xs Server Component

SAP HANA Studio repository

SAP Host agent SAP Host agent SAP Host agent

SAP HANA LifeCycle Manager

Single Host configuration

Multi-node cluster configuration

Process Description
Name server Maintains Landscape Information
Index server Holds data and execute all operations
Statistics server Collects performance Data about Hana , Pro-active alerting
XS server XS Service - application server
SAP hana studio repository Repository for HANA content
SAP Host Agent Enables remote start/stop and integration so solution manager
SAP Hana Lifecycle Manager Manage SW updates for HANA
Copyright 2012 Accenture All rights reserved. 7
Installation
Overview of the standalone SAP HANA Installation
SAP HANA Installation process: Appliance is installed and OS-configured by a HW manufacturer
certified by SAP (IBM, HP, etc.).
Activities include:
HW installation,
OS installation (SLES) and Network configuration,
HANA Installation starting from SP6 customer can install HANA itself (by a certified administrator - who has assisted
SAP HANA200 Training and pass related certification)

Tools provided:
Installation with the SAP HANA Unified Installer (based on configuration file)
Script provided by SAP to validate the installation
Some manufactures provide scripts to gather all logs / files required for OSS ticket (for example: IBM)

Components installed:
SAP HANA Platform Edition (HANA DB, client, studio, host agent, etc)
Extra functionalities can been provided by AFL, LC Live Cache APPS, etc.
Installation of additional software is not supported by SAP (unless certified): for example: backup agent, kerberos
module, etc.
Post installations:
SAP Remote support connection
Install /Check License (License is based on the Memory peak usage - for production environment)

Copyright 2012 Accenture All rights reserved. 9

Preparation of Standalone SAP HANA Installation

Requirements:
About 90% of physical memory dedicated to HANA
File systems (shared, local)
HANA logfiles needs high performance disk (as opposite to datalogs)
All required disks are provided by certified HW.

Configurations possible:
Stand alone architecture
One appliance single node
One appliance multiple nodes (DEV and TST instances on the same box) Only one
customer in France (no worldwide credentials known)
Installation of additional nodes simplified with HLM (HANA Lifecycle Manager)

Scale out architecture:

Multiple nodes (appliances) but shared storage
Key functions spread over the nodes with appropriate roles (Master, Slave, Worker, Standby)
Name server
Index server
Copyright 2012 Accenture All rights reserved. 10
Sizing

SAP HANA Sizing is mainly described in OSS notes for each usage:
Dedicated OSS notes for each case:
General sizing - 1514966
BW on HANA - 1736976
Business Suite on HANA - 1872170
SAP QuickSizer
Main point of concern is the definition of RAM (CPU is implicitly defined by HW)

Type Method / Criteria

RAM V * 2 / 7 * c.
V = Volume of data footprint
c = compression factor in source DB
/ 7 compression factor to HANA
* 2 include static and dynamic data

CPU 300 SAPS / active user (or 0.2 core / active user)

Disque 4 * RAM for data persistence

1 * RAM for log backup

Copyright 2012 Accenture All rights reserved. 11

Administration & Operations
Focus HANA STUDIO (1/3)

Administration and Development client of HANA, based on Eclipse (Java IDE), inherits
its ergonomic and common features.
Example of activities
Manage licence (install, update, check)
Start/Stop HANA (single, multi nodes)
Configuration (update configuration *.ini files update on files is not recommended)
Recurring administration/monitoring tasks (check status, alerts, logs, performance, etc.)

Some activities can also be performed by DBA Cockpit transaction of any SAP instance
with a DB connection to HANA box
Known issue: warning of service start sapstarsrv (IBM provided appliance)

Requirements Value Description

Memory/RAM 2 GB /per user Administration / basic usage

4 GB /per user Developer usage

Network 3<SYS_NB>13 Network port

3<SYS_NB>13

Copyright 2012 Accenture All rights reserved. 13

Focus HANA STUDIO (2/3)
Transport Management using CTS+
No mount /usr/sap/trans on Hana using SAP Solution Manager File System and Hana Studio
Central Note 1003674
SAP Solution Manager - TMS System-Landscape
Configuration
CTS+
Attach/upload File 3
Deploy
to CTS+ Transport Organizer WebUi TR
WS

2
4 Start import in TMS to process
SAP HANA STUDIO the file
Promotion of Data Model 5 Start import via SAP Hana
studio
HANA
TD1 TT1
1
Hana soucre Hana target
Collect data

Export/Import (tables) with SAP HANA via SAP Hana Studio

Exporting in CSV format not compressed < 10 exporting in Binary format
Row-store tables can be exported only in CSV format

Copyright 2012 Accenture All rights reserved. 14

Focus HANA STUDIO (3/3)

HANA Lifecycle Manager (HLM) is integrated in HANA Studio, and

available with SP06, is a merged component from:
SAP HANA On-Site configuration tool
SUM (Software Update Manager) for HANA
Allow direct connection to SAP (to its saprouter)
Or downloading patches from another server and transferred to HANA
Supports the following features:
Integration and configuration with SLT
Update / Administrate HANA system
Update HANA Studio and HANA client (must be with same revision)
Manage additional SAP HANA components (AFL, LiveCache, Smart Data
access)
Manage Application Content

Copyright 2012 Accenture All rights reserved. 15

Monitoring (1/3)

Trace is not activated by default (except Exception)

Keeping only last 7 days of unabridged files
Otherwise only 10.000 lines are maintained
If activated, requires implementation of a purge policy
One file per service (name server, index server, etc.)
Each Index server has a specific dump file (execution context: threads,
stacks)

Type Default status Comments

DB Trace ERROR Level Required DB role: TRACE ADMIN

SQL Trace Inactive Required DB role: TRACE ADMIN

Performance Trace Inactive Required DB role: TRACE ADMIN

Kernel Profiler Inactive Required DB role: TRACE ADMIN,

SAP_INTERNAL_HANA_SUPPORT

Expensive stat. trace Inactive Required DB role: TRACE ADMIN

Copyright 2012 Accenture All rights reserved. 16

Monitoring (2/3)

Query Analysis :
Analyzing SQL Execution with the Plan Visualizer (graphical view)

Analyzing SQL execution with SQL Plan Cache : Total_Execution_Time

(filtering column in Performance Tab)

Copyright 2012 Accenture All rights reserved. 17

Monitoring (3/3)

Solution Manager
Advice : SAP Solution Manager 7.1 with SP05 : Queues in SLT can be monitored, alerts are
generated for Mainly Database Availability, Host Usage (CPU/Monitoring)
Requirements for HANA integration :
SAP Hostagent 7.20 SP 84 ( Note 1625203) + Solman 7.1 SP03
SAP diagnostics Agent has to be installed in SAP HANA box

Remote Support OSS

Remote configuration via SAProuter to SAP Hana Studio- Note 1592925
User Support with role public and monitoring, hdbcons command tool trace processes
activities (problem analysis for support)

Early Watch Alert (EWA) :

How to set up SAP system to make Hana Checks in EWA : SAP Note 1543278
Requirements :
Back-End system : ST-PI 2008_1_7xx SP06 and SAP Note 1741541
SAP Solution Manager : ST-SER 701_2010_1 SPS16 and automated service content update activated ( SAP note 114775)

Copyright 2012 Accenture All rights reserved. 18

User & roles management (1/3)

HANA users are managed by HANA STUDIO

from UI
by command line: hdbsql or other client

Operations available:
Create users
Lock / unlock users
Activate / deactivate users
Reset password
Check user privileges
Assign roles / privileges

Copyright 2012 Accenture All rights reserved. 19

User & roles management (2/3)

Privilege management in HANA is very similar to database privileges

mechanism:
User
Each user will have its own schema
Role owns

Privilege Object
5 types of privileges exist:
Type Description Purpose

Object Authorize access to data and operations on database objects Administrative tasks

System Authorize execution of administrative actions for the entire Restrict access/modifications to users
HANA DB

Application Authorize access to the HANA XS application functions Restrict access/use of application
functions of XS engine to users

Analytic Authorize read access to analytic views at runtime and Restrict access/modifications to users
provide row-level access control based on the dimensions of in the context of the view or table
the relevant view (criteria for filtering)

Package Authorize access in the repository (modelling environment) at Restrict access/use of packages to
design time users
Copyright 2012 Accenture All rights reserved. 20
User & roles management (3/3)

A good practice is to implement security rules, basically:

Restraints access to data from ERP (or other source) tables
Restraints database actions for skilled persons (DBA)
because HANA, as a DB, can be directly accessed from many front end tools (using JDBC
protocol for example)

Miscellaneous remarks:
Privileges management works on grant philosophy. It is not possible to explicitly deny
privilege management
Password policy is based on certain rules (pwd length, complexity, blacklist terms,)
Predefined and templates roles and privileges are provided in as part of the installation.
Integration with NetWeaver Identity Management is possible since IDM 7.2 SP3 with IDM
connector: the scope of features are:
Creating/deleting users
Assigning roles
Setting passwords
IDM does not manage SAP HANA roles & privileges

Copyright 2012 Accenture All rights reserved. 21

Backup / Restore (1/4)

Overview mechanism
Log writing and savepoints protect Data (Memory)
from power failures or system crash. SQL data, undo log information, modeling data,

Backups are required to protect

from data loss or data corruption. Information about Regular automatic
Backups are only online and full. data changes savepoints

Backups on part of a schema is not Persistant storage

possible
Log Volume Data volume
System is operational during backup
(negligeable performance impact)

Restore constraints:
A backup can be restored to a
External backups
system with the same number of Backup with 3rd party applications
nodes as the source system implementing BackInt for SAP HANA API
Backup with DBA Cookpit from NW
system if HANA connector is configured.
Copyright 2012 Accenture All rights reserved. 22
Backup / Restore Data backup (2/4)

Each HANA server/services requires its

data to be backups in 1 or more files Data (Memory)
File can be splitted if exceeding a certain limit
(due to FS/OS limitation for ex) Name server Index server Statistics server
Backup files are stored in an unique
directory configured in global.ini file
Backup directory should never be in the
same FS as data Persistant storage (shared file directory)
Backup using backint integration use its
own destination directory (usually: <PREFIX>_databackup_0_1
/usr/sap/<SID>/SYS/global/hdb/backint) <PREFIX>_databackup_1_1

Volume ID is automatically added to

<PREFIX>_databackup_2_1
backup files
_databackup_<#process>_<#node>
<PREFIX>_databackup_3_1
The SQL view provides an estimated size
of data backups: Data volume
M_CONVERTER_STATISTICS

Copyright 2012 Accenture All rights reserved. 23

Backup / Restore Log backup (3/4)
2 modes of log backup
Overwrite: no log backup performed Memory Log
buffer
Log
buffer
Normal: log backup activated usually for Prod
environment
Log Log
buffer buffer
Log writing mechanism:
Log is written into log buffer in memory Log
buffer
If log buffer is FULL or COMMIT entry is performed,
the log buffer is written to the log segment.
Persistant storage (shared file directory)
For each log segment, there is a log segment file

Log backup (normal mode) Log Log

Segment Segment
Keeps logs until backup
Automatic log backup available (time based or when
log segment is full)

Remark: Log
Segment
Log
Segment
Volume for Log volume = volume of HANA main
memory
Log
Log segment files are stored in an unique directory Segment
configured in global.ini file Log volume

Copyright 2012 Accenture All rights reserved. 24

Backup / Restore Additional information (4/4)

Configuration files should also be backup:

No synchronisation with the backups
No reference to hosting servers: hostnames, IP, SID

Additional applications (from AFL or other libraries) require extra

backups (file system)

All backups operations are recorded in the backup catalogue (file

backup.log file)
It provides information on execution and history: start time, duration, files, etc.

SAP provides script in note 1651055 to perform backup of data, log and
configuration files

Copyright 2012 Accenture All rights reserved. 25

HA & DRP
High Availability

HANA HA relies on HW (depends on HW manufacturer), OS (SLES)

redundancy, and failover/replication functionalities.

2 options can be considered to ensure HA:

Auto fail over: scale out architecture with a stand by node
Host auto-failover and service auto restart using host watchdog (few minutes for the operation)

Instance replication
Storage replication: continuous (mirroring) between primary and backup storage over network,
synchronous or asynchronous
System replication: continuous update of the secondary system by primary system

Copyright 2012 Accenture All rights reserved. 27

High Availability Scale out

Scale out of SAP HANA is in distributed architecture:

In a single appliance
An upgrade of RAM can allow the setup of a secondary node (it is not scale up as there is a 2 nd node)
Over multiple appliances
Table and schema distribution needs to be configured using database partitioning.
Single table can be distributed, if splitted with table partitioning)
Shared FS over appliances (/hanamnt/<SID>/)
Configuration of name & index server roles over all the hosts (appliances)

Each node has its own name and index server (as well as its own data and log backup
files)
Statistics server is only on active server

Remark:
Management of additional host can be performed in SAP HANA lifecycle manager (in
the STUDIO)

Copyright 2012 Accenture All rights reserved. 28

High Availability Scale out

Scale out for HA implies the creation of a standby host which is started as soon
as an active node fails.
Failure scenarios:
Blade failure: standby host (hosted on a distinct blade) takes over the function
Name server failure: another of the remaining name servers become the master name server
Index server failure (see picture below):
Master name server detects the failure and executes the failover (new server reads indexes from the shared
storage)
Data located in memory that is not saved in disk
Server 2 can be manually added back into the cluster through commits or save points cyclic is lost.

Server 1 - active Server 2 active failed Server 3 stand by

X
Index Server Index Server

Master name Server Name Server Name Server

Shared storage
The name server reads indexes from the shared
storage and the existing connections from Server 2

Copyright 2012 Accenture All rights reserved. 29

Disaster Recovery Plan (1/4)

As usual, 2 levels of disaster recovery are available

Storage replication: replication of persisted data. HANA HW partners offer storage
replication solution
In some case (distance between primary and backup site < 100km), synchronous storage replication is
possible HANA transaction only completes when changes are remotely replicated
Offer better solution than standard backup / restore: less risk in data loss, shorter recovery time.
Refer to OSS note #1755396

System replication: each primary system has a exact copy as standby system
(shadow instance).
Option1: Data and logs are continuously transferred to the secondary site with preloaded data (fast
switch over)
Option2: Data is only initially transferred, then continuous log transfer & log replay on secondary site
(even faster switch over - < 5 min).
The secondary site has preloaded data with lasted commits
Both options imply manual switchover (decision should be based on monitoring tools (refer HANA Administration
Guide)

Remark: usually licence cost is for secondary site.

Copyright 2012 Accenture All rights reserved. 30

Disaster Recovery Plan (2/4)

Storage replication
Available for scale
out architecture Clients Applications
SAP supported
mirroring solutions
Data center 1 Data center 2
for storage may vary
upon vendor: OS: DNS, hostnames,
For example, IBM uses
GPFS instead of disk
arrays (even a single Primary - active Secondary
IBM HANA instance standby
uses one GPFS node) Index Server Index Server
OSS Note 1755396 for Master name Server Master name Server
details

OS: disk mount

Data Logs Mirroring Data Logs

VOLUME VOLUME VOLUME VOLUME

Copyright 2012 Accenture All rights reserved. 31

Disaster Recovery Plan (3/4)

System replication
Clients Applications

Data center 1 Data center 2

OS: DNS, hostnames,

Primary - active Secondary active

Index Server Index Server

Master name Server Master name Server

OS: disk mount

Data Logs Data Logs

VOLUME VOLUME VOLUME VOLUME

Copyright 2012 Accenture All rights reserved. 32

Disaster Recovery Plan (4/4)

More scenarios taking advantages of secondary site:

Setup DEV or QA instance until fail over is executed. It requires:
Additional and specific disk for the DEV/QA instances
Configuration of take over to stop DEV/QA instances, mount mirrored primary disk.

Near Zero Downtime Upgrade is possible for HANA with the system replication since
secondary system can have higher software version than the primary one.

Copyright 2012 Accenture All rights reserved. 33

Security
Encryption

AES-256-CBC encryption algorithm

Network encryption:
Network traffic encrypted using SSL (v3) both: between SAP Hana databases
and clients, between hosts in distributed SAP Hana system
Data encryption:
Encryption is activated only for data volume. LOG Volume is not encrypted (if
needed, SAP recommends encryption at the file system level)
Performance impact accessing Data volume encrypted on disk
Database Backup is not encrypted. Third-party solutions with Backint is
required if DB encryption is a requirement.
Remark:
Origin of this feature: demand for Brazilian Bank
No encryption possible in a Replication scenario
Performance Impact

Copyright 2012 Accenture All rights reserved. 35

Auditing

Audit Trail are stored via syslog (secure OS linux syslog)

Audit can be configured in SAP Hana studio or using SQL statements

Audit can be enabled and disabled for the entire database only
Audit Policies define which actions in the database are logged
Events can be audited Details
Change to user authorization Create/drop user, grant/revoke role
Authentication of users Connection attempts of users to database
Change to system configuration Change to ini.file, Install license key
Change to auditing configuration Tables, Views, procedures with actions like
select, update, execute..

Copyright 2012 Accenture All rights reserved. 36

Q&A, Focus
What can we install on HANA box?

General rule:
No installation must be performed outside HW manufacturer installation, SAP SP & patchs.

Backup of HANA data via the BackInt API with 3rd party applications:
2 backups applications certified so far (updated list of OSS note: #)

White list of applications or usages tolerated on HANA:

#OSS: 1849151: Compatible Java based applications on NetWeaver 7.4
#OSS: 1661202: Support of applications on HANA

Solution Manager, starting from V7.1

Specific EWA for HANA

Nagios (for ex.) with JDBC connection (installation of HANA Client on Nagios server)

Copyright 2012 Accenture All rights reserved. 38

Memory management in HANA

Preloading of table in memory

By default, only system tables are preloaded into memory. Other tables are
only loaded on demand.
Preloading table (or particular column) is possible with sql command alter..

Commit mechanism in HANA

Results from SQL queries are available as soon as the commit is triggered. It
does not wait for the commit to be completed, ie instructions copied into the
log segment.

Performance Impact after a Downtime because of memory preloading.

Preloading Duration = 20-25 min : Hana 512GB Memory. (Cisco Inputs)

Copyright 2012 Accenture All rights reserved. 39

Appendix
SAP Resources
Online documentation Local documentation:
http://help.sap.com/hana SAP HANA Studio Help
Master Guide
Installatioin Guides
Technical Operations Manual
Administration Guide
Security Guide

OSS notes
OSS# Description
1755396 Solutions for SAP HANA System replication

1849151 List of SAP JAVA applications compatible with HANA1.0

1661202 Support for multiple applications on SAP HANA

1651055 Backup script to perform backup of data, log and configuration files

Useful tables

Table/View Schema Comments

M_CS_TABLES SYS Memory consumption
M_CONVERTER_STATISTICS SYS Estimated size of backups

Copyright 2012 Accenture All rights reserved. 41