One of the constant challenges that SAP Basis and operating system (OS) administrators face is to keep the hosts that run SAP workloads up to date and compliant. The usual large size and complexity of the SAP landscapes, together with the critical importance of these workloads, make the process of planning and applying updates on their servers a long and difficult task.
It is not unusual to find SAP ecosystems that are really behind what SAP recommends, which can result in limited support or old OS versions reaching their end of support.
Red Hat Smart Management for SAP is about automating the whole update process SAP hosts according to policies that can be defined by the administrators, which can save time and frustration. This post will provide a suggested solution architecture for updating SAP hosts using Red Hat technologies.
How does Smart Management for SAP work?
Smart Management for SAP identifies potential issues derived from hosts not being compliant with recommendations or having different levels of packages, etc., from the rest of the servers in the landscape.
The basis of this solution is the Red Hat Enterprise Linux (RHEL) for SAP Solutions subscription, which provides access to most of its components and which all the hosts running SAP workloads need to be registered with. The other subscription needed is the Red Hat Ansible Automation Platform to complete the solution.
The RHEL for SAP Solutions subscription includes the SAP System Roles that incorporate the SAP’s recommendations to run SAP workloads (SAP HANA DB, or SAP applications based on SAP Netweaver like SAP S/4HANA). It also includes Smart Management and Red Hat Insights.
This solution can work regardless of the infrastructure and can be used for hosts running on physical datacenters or on cloud (public, private, or hybrid).
A suggested architecture consists of these components: the SAP hosts, the infrastructure management formed by Smart Management and Ansible Automation Platform and the Red Hat Software-as-a-Service (SaaS) containing Insights Services, Insights Platform and Enterprise Operating Automation.
It is worth noting that the infrastructure management piece can run on the same infrastructure (datacenter or cloud) where the SAP hosts are or on a different location, which gives greater flexibility.
This is the logical diagram of the architecture:
Fig. 1. Logical design
Let’s look into some more details about the different components involved in this solution.
Red Hat Smart Management, which includes Satellite and Cloud Connector, collects data about the configuration and status of the SAP hosts and sends it to Insights Platform (on Red Hat’s SaaS).
The customer can choose the contents of the data being sent so that no sensitive information is shared. Satellite manages the entire life cycle of the SAP servers, applying the packages, security fixes, etc., that they need to be compliant with SAP’s and Red Hat’s recommendations and consistent across the ecosystem.
Red Hat Insights
Red Hat’s Insights platform receives the SAP hosts’ anonymized information that Smart Management sends and passes it on to the Insights services the customer is subscribed to. This is the list of services currently offered by Insights:
The Advisor Insights service points out availability, performance and stability risks based on recommendations from Red Hat support experiences
The Vulnerability Insights service assesses, remediates and reports on RHEL Common Vulnerability and Exposures (CVEs)
The Compliance Insights services assesses and monitors regulatory compliance and is built on OpenSCAP, which is an open source implementation of the SCAP standard
The Drift Insights service enables to create baselines and compare system profiles to the baselines or to other systems to make sure all the hosts are consistent in their content and configuration
The Policies Insights service provides the capability to define policies and monitor the servers according to them to identify any misalignment
The Patch analyzes the SAP systems based on Red Hat product advisory applicability to help them stay up to date
And while not directly a part of Insights, RHEL customers also have convenient access to Subscription Watch to help them track progress of their Red Hat subscription usage efficiently and confidently
Among the Insights rules included in its db, there are many specific to SAP that have been created following the SAP recommendations for the different versions of SAP HANA and SAP Netweaver based applications (like SAP S/4HANA).
When SAP publishes new recommendations for new releases of the SAP HANA DB or the SAP applications, the Insights engineering team adds them to the Insights rule DB.
The anonymized data from the SAP hosts is compared against these rules. If any discrepancy is found (that would mean that an issue would potentially happen), the Insights Platform from the Enterprise Operating Automation component in the SaaS receives a remediation plan that will be sent back to Smart Management in order to correct the situation and proactively avoid the issue.
Fig. 2. Some of the SAP specific rules in the Insights DB
The aim of Ansible Automation Platform (the Automation orchestration component in the suggested architecture) is to manage the whole IT ecosystem and namely the SAP landscape as Infrastructure as Code.
Ansible Automation Platform is the single point of control of all the hosts where the baselines for their configuration are defined and stored for all the different tiers (hardware, network, operating system [OS], applications) and types of workloads.
In this solution, it is in charge of running the Ansible playbooks in the servers that will correct the situations that could lead to a failure or issue. For example, modifying a kernel memory parameter that can cause a bad performance of the SAP HANA DB or applying a certain level of an OS package that is needed for a particular version of SAP Netweaver.
Fig. 3. Smart Management and Insights overview
Implementation of the solution
There are some prerequisites:
All the servers hosting SAP workloads need to have the RHEL for SAP Solutions subscription and be subscribed to the channels it provides.
Insights client will be installed in all of them so that they can connect to Red Hat SaaS.
An installation of Smart Management is needed in the same location/infrastructure where the SAP ecosystem is or in a different one.
Ansible Automation Platform will also be deployed in the customer’s infrastructure (either in the same location/infrastructure where the SAP ecosystem is or in a different one).
This is a detailed diagram of a suggested implementation showing the different components and the flow of date across them.
Fig. 4. Solution implementation with data flow
These are the steps that take place:
All the hosts running SAP workloads are sending anonymized data about their status, configuration and level of components to Smart Management using the Insights client.
Smart Management forwards the server's data to the Insights Platform.
Insights Platform makes the data available to the different Insights services the customer is subscribed to.
This data is compared to the SAP specific rules in the Insights Platform DB and if any discrepancy is found the Enterprise Operating Automation sends a remediation plan back to Insights Platform.
When Smart Management is ready to download the remediation plan from Insights, the Insights Platform converts the plan into an Ansible Playbook.
Smart Management sends the remediation playbook to the Ansible Automation Platform.
Ansible Automation Platform runs the remediation playbook in the target SAP RHEL host to correct the situation and make sure the host is compliant with all the recommendations.
Smart Management for SAP brings great advantages when performing Day 2 operations in the SAP ecosystem in the form of a dramatic reduction in the time spent keeping them up to date (thus also protected against threats).
On the other hand, it helps with troubleshooting and fixing issues that could have been foreseen and prevented, the latter having a direct impact in the uptime of the servers, which is a critical factor for any company using SAP products.
This solution helps not only the SAP Basis, OS and infrastructure administrators teams, but also helps the SAP users that are a main part of the business ensure continuity of service and compliance.
To learn more, check out our "Overview of the Red Hat Enterprise Linux for SAP Solutions subscription."
About the author
Ricardo Garcia Cavero joined Red Hat in October 2019 as a Senior Architect focused on SAP. In this role, he developed solutions with Red Hat's portfolio to help customers in their SAP journey. Cavero now works for as a Principal Portfolio Architect for the Portfolio Architecture team.