Fully automated SAP life cycle in regulated and restricted environments

In this blog post, I look at the life cycle of SAP infrastructure and an upcoming call to action regarding SAP modernization. IT departments must adhere to policies in regulated and restricted environments, such as traceability through data traffic logging with access to provisioned services or data access.

Here, I describe an architecture that introduces a fully automated SAP environment modernization across the entire life cycle—including Day 2 operations—that can help reduce infrastructure and labor costs.

Why is this necessary?

SAP customers need to migrate to the new suite SAP S/4HANA by 2027. This is a very complex process during which custom code must be reviewed and—if still useful—taken out of the SAP backend so that future upgrade processes are simplified and accelerated. Customers must also consider (and comply with) the requirements of regulated and restricted environments. This migration is a very large project, and many customers see it as a good opportunity to replatform their current architecture, such as changing hardware components because they are incompatible or much more expensive than before.

The solution presented here completely automates the deployment of SAP HANA DB and SAP application components based on IBM PowerVC, Red Hat Enterprise Linux (RHEL) and Pacemaker (an open source cluster resource manager that ships with Linux)

The solution architecture presented below—scaled SAP in regulated and restricted environments—is based on decades of experience with state-of-the-art technology and can be reproduced by Red Hat and IBM customers.

Figure 1. Overall structure of the solution

This architecture visualizes a generic infrastructure design as a solution pattern with following technologies:

• IBM Power
• IBM PowerVC Virtualization
• Red Hat Enterprise Linux for SAP Solutions 
• Red Hat Satellite
• Red Hat Ansible Automation Platform
• Red Hat Insights 
• SAP S4/HANA
• other SAP NetWeaver based Applications
• SAP HANA
• AnyDB (e.g. Oracle DB, IBM DB2, SAP ASE)

I would like to describe three technologies in particular in a little more detail:

IBM Power Server in combination with IBM PowerVC is known for its scalability and performance with the most demanding workloads, its superior virtualization and management features for flexibility, its security with better isolation and an integrated stack, and its leading availability.

Red Hat Enterprise Linux for SAP Solution includes:

• 4 year extended update support (E4S)
• System roles for SAP (for automation)
• In-place upgrade and live kernel patching (for near zero downtime)
• SAP-specific runtime libraries to empower the performance of HANA (to effectively utilize infrastructure and meet business needs)
• Strong alliance partnership

Red Hat Ansible Automation Platform  is used for the automated life cycle of solutions for all components, which leads to increased efficiency and stability in production. It is the framework used in this solution to run the remediation Ansible playbooks in the hosts that will correct the situations that could lead to a failure or issue. For example, modifying a kernel memory parameter that can cause a bad performance of the SAP HANA DB or applying a certain level of an OS package that is needed for a particular version of SAP NetWeaver. Automation is essential to enable standardized approaches (such as platform-as-code and reproducible architectures), to improve SLAs, and shorter time to market through accelerated workflows.

Ansible Collections for IBM Power extend the benefits of Ansible automation to Power enterprise customers. Certified Collections are also available for AIX, IBM i, VIOS, HMC and Linux for Power. The Power pipeline includes additional collections to automate PowerHA, SAP HANA (on AIX and IBM i) and Oracle operations.

Figure 2. Schematic diagram of the architecture

All components work smoothly in a disconnected or air-gapped environment and can be operated according to the highest safety standards.

One of the important parts is the infrastructure management part, where Ansible Automation Platform, Satellite, PowerVC as Virtualization Management and the local repository are located. 

The requirements of enterprise customers show that a high level of automation with standardized approaches, such as "platform as code", is necessary to ensure availability with the highest possible SLAs. Especially in critical infrastructures, SLAs must be guaranteed and auditable. The solution covered in this portfolio architecture can perform many Day 1 and Day 2 tasks to help achieve goals related to reliability and consistency.

If we look at the deployment process workflow, you can see the full power of automation with Ansible, especially with the Ansible Automation Platform product.

Deployment process breakdown

Figure 3. SAP S/4 HANA deployment process breakdown

Here's an outline of the overall process encompassed by this portfolio architecture.

Day 0 (design)

• Planning of rack assignment
• Planning IP addresses (data and administration network)
• Planning network assignments

Day 1 (deploy)

• Red Hat Enterprise Linux for Power and PowerVC will be deployed and configured fully automated with Satellite and Ansible Automation Platform via "infrastructure as code"
• RHEL virtual machines and SAP HANA / S/4 will be deployed and configured fully automated with Satellite and Ansible Automation Platform via "infrastructure as code"
• Activate SAP HANA system replication (or equivalent high-availability feature of other databases (DBs))
• High-availability Red Hat Enterprise Linux Pacemaker cluster build on both application and DB tiers
• Migrate SAP workloads from SUSE Linux Enterprise Server to RHEL
• … more points > Scaled SAP in Regulated and Restricted Environments

You can find more information about deploying on IBM PowerVC with Ansible, the community.sap_install collection, and how to use this from AWX or Red Hat Ansible Controller here:

• SAP Linuxlab demo
• Automating PowerVC using Ansible

Day 2 (maintain hardware and software stack)

• Copy SAP instance system
• Spin up/delete new application servers on demand (e.g. for service provider)
• Refresh instance
• Make kernel parameter changes
• Upgrade SAP kernel
• DB operations
• Resource addition (CPU, memory, disk)
• Manage Cluster
• Backup/restore DB
• Proactive issue resolution for SAP servers
• and more: Scaled SAP in Regulated and Restricted Environments

You can learn more here: RHEL for SAP Ansible collection.

Also, this Red Hat Portfolio Architecture showcases successful customer deployments of our open source software, as well as providing architecture best practices, tools and links to other associated resources

Conclusion

Here I have presented a portfolio architecture based on 50 years of IBM product experience. In 2023, SAP announced RHELas a strategic platform for RISE. In addition, customers have access to certified Ansible Collections and Modules for automation and standardization, as well as a diverse middleware ecosystem.

At Red Hat we focus on three pillars for SAP:

Simplify SAP: Through management and automation tools, help customers easily and seamlessly manage Red Hat platforms and automate across hybrid environments.

Run SAP: By providing a hybrid cloud infrastructure, help customers secure, scale and manage foundations for traditional and cloud workloads across all environments.

Extend SAP: With a cloud-native development platform, customers can develop, deploy and manage any application on any environment while providing the tools developers need to innovate.

Red Hat, the world’s leading provider of enterprise open source software solutions, helps to implement solution stacks from middleware to infrastructure by providing a variety of services, consulting and training.

Let Red Hat and IBM help you on a journey to modernize your SAP environment.

If you are interested in learning more about solutions built with these and other Red Hat products, please visit the Portfolio Architecture website.