mopdf.com

SAP Lens AWS Well-Architected FrameworkOperational excellenceWell-Architected design principlesThis section describes the design principles, best practices, and improvement suggestions that arerelevant when designing and operating your SAP workload.We recommend that you also read and apply the guidance found in each Well-Architected pillar,which includes foundational best practices for operational excellence, security, reliability, performanceefficiency, and cost optimization that are relevant to all workloads.Pillars Operational excellence (p. 6) Security (p. 28) Reliability (p. 48) Performance efficiency (p. 66) Cost optimization (p. 83)For a complete list of design principles, refer to Design principles arranged by pillar (p. 113).Operational excellenceThe Operational Excellence pillar focuses on the ability to develop and run workloads effectively, gaininsight into their operations, and to continually improve supporting processes to deliver business value.This section provides a set of design principles and recommendations specifically tailored to provideguidance for SAP workloads. The Operational Excellence pillar contains broader design principles andrecommendations which we highly recommend you read in conjunction with the SAP guidance thatfollows.1 - Design SAP workload to allow understanding andreaction to its stateHow do you design your SAP workload so that you can understand its state? Design your SAPworkload so that it provides the information necessary across all components for you to understandits internal and external state. Consider infrastructure, SAP technology/basis, front end, and networkcomponents. Design monitoring and logging approaches which capture metrics to allow real-timemonitoring and also historical logging to allow remediation and post-event analysis.IDPriorityBest Practice BP 1.1RequiredImplement prerequisites for monitoring SAP on AWS BP 1.2RequiredImplement infrastructure monitoring for SAP BP 1.3RequiredImplement individual application monitoring for SAP BP 1.4Highly RecommendedImplement workload configuration monitoring6

SAP Lens AWS Well-Architected Framework1 - Design SAP workload to allowunderstanding and reaction to its stateIDPriorityBest Practice BP 1.5Highly RecommendedImplement user activity monitoring BP 1.6Highly RecommendedImplement dependency monitoring BP 1.7RecommendedImplement single pane of glass health monitoring across yourSAP workloads BP 1.8RecommendedUse automated response and recovery techniques to react tomonitoring alertsFor more details, see the following links and information: AWS Documentation: AWS Data Provider for SAP AWS Service: Amazon CloudWatch SAP on AWS Blog: Serverless Monitoring for SAP SAP on AWS Blog: AWS DevOps for SAP - driving innovation and lowering costs AWS Marketplace: Products and Tools for SAP Monitoring SAP Note: 1656250 - SAP on AWS: Support Prerequisites [Requires SAP Portal Access] SAP Documentation: SAP Solution Manager 7.2 - Application OperationsBest Practice 1.1 – Implement prerequisites for monitoring SAPon AWSSAP certification requirements for SAP on AWS are outlined in SAP Note 1656250. This note includesinstructions for setting up the AWS Data Provider for SAP, enabling Amazon CloudWatch detailedmonitoring, and using SAP enhanced monitoring for SAP NetWeaver solutions. Enabling theseprerequisites helps ensure that your SAP workload state is able to be fully understood and investigatedby AWS and SAP. These prerequisites should feed into your overall SAP monitoring strategy.Suggestion 1.1.1 - Check SAP support prerequisitesCheck SAP Note 1656250 on the SAP support portal for the most up-to-date support requirements forSAP on AWS workloads. Follow the detailed instructions in this note. SAP Note: 1656250 - SAP on AWS: Support Prerequisites [Requires SAP Portal Access]Suggestion 1.1.2 - Install AWS Data Provider for SAP NetWeaver workloadsThe AWS Data Provider for SAP is a required installation on each of your EC2 instances supporting SAPNetWeaver workloads. The AWS Data Provider for SAP is an agent which collects performance-relatedmetrics from AWS services and provides them to the SAP internal application monitoring system. SAPtools, such as transaction code ST06n and Solution Manager monitoring that use external metrics usuallycollected from the SAPOSCOL service, require the AWS Data Provider for SAP to access AWS metrics.There are indirect costs associated with running the AWS Data Provider for SAP because of the detailedmonitoring and increased API calls required for SAP to receive monitoring data at specific intervals. SeeInstalling the AWS Data Provider for SAP for details. For this reason, you might consider only enablingthe AWS Data Provider for SAP in non-production landscapes when SAP support and analysis arerequired. AWS Documentation: AWS Data Provider for SAP7

SAP Lens AWS Well-Architected Framework1 - Design SAP workload to allowunderstanding and reaction to its stateSuggestion 1.1.3 - Create a monitoring strategy for your SAP workloadsDecide how you will observe the current and historical health of your SAP application from both aninside-out and outside-in perspective. Consider all components which work together to provide theend-user experience. Consider how you will capture metrics from underlying AWS compute, storage,and network services in addition to internal SAP application metrics and external user performance andreliability monitoring. Evaluate different tools for each component and decide how you can bring thesetogether in a single place (for example, log aggregation) to perform root cause analysis when needed.Determine how you will use this information to design alert thresholds and remediation actions to betaken when thresholds are breached.Understand the capabilities of SAP Solution Manager monitoring, third-party monitoring tools, andCloudWatch dashboards that can ingest custom SAP monitoring metrics as a starting point for yourdesign. AWS Documentation: SAP NetWeaver on AWS: Monitoring Guide SAP on AWS Blog: Serverless Monitoring for SAP NetWeaver SAP on AWS Blog: Serverless Monitoring for SAP HANA AWS Service Video: Gaining Better Observability of Your VMs with Amazon CloudWatch AWS Marketplace: Products and Tools for SAP Monitoring SAP Documentation: SAP Solution Manager 7.2 - Application Operations SAP Documentation: SAP NetWeaver Alert MonitorBest Practice 1.2 – Implement infrastructure monitoring for SAPSet up your infrastructure monitoring to provide information about supporting services that are usedto keep your SAP application running and supporting your users. Some examples include CPU andmemory utilization, storage and filesystem usage, and performance (IOPS and throughput), and networkthroughput. Include any dependent foundational services used by SAP, such as on-premises ActiveDirectory services, DNS, and third-party tools, such as high availability (HA) and backup software.Evaluate AWS tools and SAP-specific tools from the AWS Marketplace that can help correlate andvisualize this information, such as DataDog, Splunk, DynaTrace, and Avantra. Use this information toidentify trends and determine when a corrective action is required.Suggestion 1.2.1 - Implement CloudWatch metrics and alarms for services supporting SAPImplement Amazon CloudWatch detailed monitoring metrics and thresholds with alarms for all of yourSAP systems. These metrics and alarms should include monitoring for common problems which canaffect SAP system availability and performance. Common infrastructure monitoring areas focus onAmazon Elastic Compute Cloud (EC2) instances, Amazon Elastic Block Storage (Amazon EBS) volumes,and Elastic Load Balancing (ELB).Common monitoring items include the following: Amazon EC2 high CPU utilization Amazon EC2 high memory utilization Amazon EBS storage paging Amazon EBS storage throughput Amazon EBS storage IOPS Amazon EBS storage space free and volumes full % Amazon EC2 network saturation ELB/ALB health and target group health8

SAP Lens AWS Well-Architected Framework1 - Design SAP workload to allowunderstanding and reaction to its stateBase your alarm thresholds on healthy patterns of historical production usage of your system.Continually review and tweak your alarm thresholds to prevent problems.Review the following resources to get started: SAP on AWS Blog: Serverless Monitoring for SAP NetWeaver SAP on AWS Blog: Serverless Monitoring for SAP HANA AWS Documentation: Create a CloudWatch Custom Metric AWS Documentation: Create a CloudWatch Dashboard AWS Documentation: Using CloudWatch AlarmsSuggestion 1.2.2 - Implement AWS service quota monitoring for SAP servicesImplement a monitoring tool or process to keep track of your AWS service quotas for required SAPresources in your landscape. Consider that SAP landscapes can often use a mix of Amazon EC2 instancetypes and that some types have a different On-Demand service quota . For example, the x1* and u* EC2instance types have a different service quota that is separate from the combined quota for c5 , m5 , andr5 instance types. When planning new or scaling existing workloads, ensure that your service quotas willsupport this and engage AWS Support where a quota increase is required. AWS Documentation: Service Quotas - AWS General Reference AWS Documentation: On-Demand Instances - Amazon Elastic Compute Cloud Service Quotas AWS Documentation: Requesting a quota increase - Service QuotasBest Practice 1.3 – Implement individual application monitoringfor SAPSet up your application and database monitoring to provide information about its internal state, status,and achievement of business outcomes. Some examples include transaction response time, availablework processes, queue depth, error and dump messages, stalled batch jobs, and transaction throughput.Use this information to determine when a corrective action is required.Suggestion 1.3.1 - Implement monitoring for databases supporting SAP applicationsContinually monitor your SAP databases and establish alerts for common problems that can affect SAPsystem availability and performance. Common monitoring items include the following: Free space in data area Free space in logging area Excessive locking activity Cache utilization ratesAverage query response timeRequired security patches and hot fixesTop table sizes and growthBase alerting thresholds on healthy patterns of historical productive usage of your system. Continuallyreview and adjust your alarm thresholds to prevent problems and to react to workload changes orgrowth.For details on how to enable monitoring for your specific database, see your database software providerinstallation and operational guides.Suggestion 1.3.2 - Use SAP transactions and tools to understand the SAP application9

SAP Lens AWS Well-Architected Framework1 - Design SAP workload to allowunderstanding and reaction to its stateConfigure your SAP applications to provide information about their internal state, status, and theachievement of business outcomes. Use this information to determine when a response is required.Common monitoring items include the following: Availability of application (ASCS, PAS, AAS) and database services Number of active and concurrent users Availability of work processes for users Response time of user transactions Response time of batch and non-interactive transactions Error messages and dumps Failed jobs Full and slow queuesSet up the SAP EarlyWatch Alert reporting system in SAP Solution Manager to create regular reports onthe status of your SAP systems. Regularly review and remediate issues found in these reports to preventproblems and avoid interruptions to workload service. SAP Note: 2729186 - General Process of EWA Generation [Requires SAP Portal Access] SAP Documentation: SAP Solution Manager 7.2 - Application Operations SAP Lens [Performance efficiency]: Best Practice 16.1 – Have data to evaluate performance (p. 79)Suggestion 1.3.3 - Implement monitoring for your data recovery and protection mechanismsImplement monitoring for mechanisms that safeguard your SAP data in the case of a failure or disaster.Common monitoring items include: Alerts for regular database backups, for example, to Amazon S3 with the AWS Backint Agent Alerts for database replication, for example, HANA system replication failure or delays acrossAvailability Zones Alerts for file storage backups, for example, an EBS snapshot, an Amazon EFS backup, or an AmazonFSx backup Alerts for recovery mechanisms which provide data resilience across Regions, for example, Amazon S3buckets with cross-Region replication, Amazon S3 sync or CloudEndure Disaster Recovery Alerts for any recovery mechanisms which provide data resilience across accounts, for example,Amazon S3 buckets with same-Region replication to a WORM S3 bucket or logging accountSee the following links for further information: AWS Blog: Monitor, Evaluate, and Demonstrate Backup Compliance with AWS Backup Audit Manager SAP Documentation: SAP HANA System Replication Verification and MonitoringSuggestion 1.3.4 - Expose SAP monitoring data outside of SAP tools for independent observabilitySAP monitoring tools are limited to application and operating system level monitoring and do notcover the wide range of supporting services that give an end-to-end view of SAP service availability andhealth. Configure your SAP applications to provide metrics to a more holistic, external monitoring andvisualization tool of your choice.Use the metrics collected in the previous best practices and externalize these results such that youhave an independent tool which can monitor, alert, and report on trends. An independent tool allowsobservability, root cause analysis, historical and trend reporting without being linked to the SAP system’savailability (that is, when SAP is in a disaster or fault mode).10

SAP Lens AWS Well-Architected Framework1 - Design SAP workload to allowunderstanding and reaction to its state SAP on AWS Blog: Serverless Monitoring for SAP NetWeaver SAP on AWS Blog: Serverless Monitoring for SAP HANA AWS Documentation: Create a CloudWatch Custom Metric AWS Marketplace: Products and Tools for SAP MonitoringBest Practice 1.4 – Implement workload configurationmonitoringDesign and configure your workload to provide information about its current configuration and changesto this configuration. Some examples are new or removed EC2 instances, scaling events, code change,patch levels, security group configuration, and resource deletion. Use this information to determinewhen a response is required and to decide whether a change was expected or permitted. Monitor thecost implications of configuration changes and adjust or analyze budgets if required.Suggestion 1.4.1 - Implement workload configuration monitoringSet up and configure AWS CloudTrail to monitor high priority and critical events, particularly in your SAPproduction accounts. Example events include new Amazon EC2 instances, Amazon EC2 decommissioningor changes, security group changes, and AWS KMS and IAM security change events. Use these events toconfigure CloudWatch Log Alarms (if required) and take action in the event of an unexpected change. AWS Documentation: What Is AWS CloudTrail? AWS Service: AWS CloudTrail AWS Documentation: Monitoring CloudTrail Log Files with Amazon CloudWatch Logs AWS Documentation: AWS CloudTrail Security Best PracticesSuggestion 1.4.2 - Implement workload configuration enforcement and remediationSet up and configure AWS Config to track, evaluate, and enforce configuration policy of your AWSresources supporting your SAP production applications. Common examples include enforcing read-onlyprotection on S3 buckets containing SAP backups, mandatory Amazon EC2 EBS encryption, blockingcommon network ports, and checking that all resources have required tags. Use AWS Config ManagedRules to improve the security and change control posture of your AWS environment supporting SAP. UseAWS tags to enforce configuration rules and apply automated remediation where possible. AWS Service: AWS Config AWS Documentation: Getting started with AWS Config AWS Documentation: Using AWS Config Rules SAP on AWS Blog: Audit your SAP systems with AWS Config – Part I SAP on AWS Blog: Audit your SAP systems with AWS Config – Part II SAP on AWS Blog: Tagging Recommendations for SAP on AWSSuggestion 1.4.3 - Implement workload cost monitoringSet up and configure AWS Budgets with custom budgets that alert you when you exceed (or areforecasted to exceed) your billing thresholds. Align budgets with your projected SAP environment spendand monitor for any anomalies to prevent cost overruns. Monitor your use and coverage of ReservedInstances and Savings Plans by using budget reports. Use AWS tags to assist in understanding costallocation and usage across your SAP workload. AWS Blog: Getting Started with AWS Budgets AWS Blog: AWS Budgets Reports11

SAP Lens AWS Well-Architected Framework1 - Design SAP workload to allowunderstanding and reaction to its state AWS Documentation: AWS Cost Explorer AWS Documentation: AWS Cost Anomaly Detection SAP on AWS Blog: Tagging Recommendations for SAP on AWSBest Practice 1.5 – Implement user activity monitoringConfigure your SAP applications to provide information about user activity, for example, response time,number of act

SAP Note: 1656250 - SAP on AWS: Support Prerequisites [Requires SAP Portal Access] SAP Documentation: SAP Solution Manager 7.2 - Application Operations Best Practice 1.1 – Implement prerequisites for monitoring SAP on AWS SAP certification requirements for SAP on AWS are outlined