AWS Architecture Design for SAP – Assignment

BRIEF

For this assignment, you will play the role of an Amazon Solutions Architect who is working with a Small
and Medium Enterprise [Company X] on a SAP opportunity. Company X has been running SAP in their
own Data Center. Their current landscape consists of 4 Environments DEV, QAS, PROD and DR. They run
ERP on ECC 6, with 4 TB of data in their database, which is an Oracle database. The current architecture
is 3 Tier with the application server and Database on different hosts. They have around 150 users spread
across their Main office (Head Quarters) and remote offices who login to SAP to carry out their daily
business functions. They are now nearing a hardware refresh cycle and also their SAP consultants have
recommended that they upgrade to SAP S/4HANA in order to leverage the newer product features being
released. With this background, they are now considering moving their entire SAP infrastructure to AWS
to leverage the on-demand, Pay as you go nature of AWS, embark on a migration to HANA and prepare
themselves for scaling their setup to meet rapid growth. You are invited to propose a high level
architecture and approach for this migration. The below factors need to be considered in the design.

 An AWS based Architecture for running their various landscapes on AWS entirely.
 A high level architecture for secure Network access from central office and branches.
 An approach to size the infrastructure [Compute and Storage] and choose recommended Server
and storage options.
 An approach to optimize costs by running infrastructure only as needed. [The DEV and QAS
environments are used sporadically]
 A migration approach from their current version of Application and Database to S/4HANA.
 Security of data at rest and in transit
 A Backup & recovery strategy for their servers on the cloud.
 High Availability and Disaster Recovery architecture and planning
 Ability to easily manage and replicate multiple environments.
 Effective use of AWS services to simplify the management of the SAP landscape
 Design considerations to allow outside parties to provide managed services for AWS, and SAP

OBJECTIVE

Recommend a secure, scalable, elastic, highly available, fault tolerant and recoverable architecture that
allows Company X to derive the maximum benefits of AWS. The architecture should specifically address
the requirements/concerns as described above.

DELIVERABLES

 A Solution Document in PDF format, no greater than three to four pages in length that clearly &
succinctly present a solution addressing the startups requirement
 Solution document must have the proposed architecture diagram & explanation how the
solution will flow
 Clearly state all assumptions made during the design, and explicitly state the proposed AWS
services in use, and their value propositions.
 An AWS based Architecture for running their various landscapes on AWS entirely.

 A high level architecture for secure Network access from central office and branches.
A) A landing zone has been created into the cloud with Hub and spoke topology
B) On premise systems are connected to the cloud network via dedicated express route setup.
This will be a point to point , encrypted, private connection chosen for data security in
transit / rest, lower latency
C) Landing zone / Hub network is peered with all other virtual networks containing SAP
systems
a. Vnets are further divided into following subnets, NSG rules are implemented to
further tighten the access to the application / secure data
i. Subnet-application is created to include all web dispatchers, application
servers, central services cluster
ii. Subnet-DB is created to include all the databases
b. A similar vnet is created for DR region and peered with primary vnet to allow HANA
replication and application server sync
D) Express route connection is also established to the DR vnets

 An approach to size the infrastructure [Compute and Storage] and choose recommended
Server and storage options.

Application server
o Firstly, we need to review the EWA report of the customer to understand the current
set up and trend of CPU, Memory, DB growth, concurrent users, Interfaces to various
systems, ALE activity, existing issues et cetera.
 o As per the given business case, the user count is 150. Hence, assuming system
usage(various aspects mentioned in previous point) is moderate, provision a hardware
with 4 CPU and 32 GB memory for application server.
o Also, recommend managed disks with premium storage like SSD for leveraging
moderate Iops
o If possible, provision VMs in colocation with the storage tier for better performance
o For non-prod (DEV, QAS), 2 CPU , 16 GB memory with standard HDD is sufficeint

Database server
o As per the business case, The data base server needs 128 CPU with 2TB of RAM to run
HANA instance after migration
o Disks would be managed and premium storage. Also, recommended to have striping
while creating logical volumes.
o Enable write accelerator for log segments
o For non-prod (DEV, QAS), 64 CPU , 1TB memory with standard HDD is sufficient

 An approach to optimize costs by running infrastructure only as needed. [The DEV and QAS
environments are used sporadically]
o For production instances, three year reservation is recommendation to optimize the
cost by 70%.
o Reservation is also recommended for DR instances in a paired region. However, we
don’t need identical capacity as production, as this environment is only active for
replication purpose.
o Pay as you go model can be used for the DEV, QAS instances with run book automation
for scheduled start and stop of application and VM
 A migration approach from their current version of Application and Database to S/4HANA.
o Assuming that the customer is already at EHP8, S/4 Conversion is recommended via
SUM DMO with system move to take care of the application server migration as well
o If the source system ECC application is at an unsupported version, we could still use
DMO method. This will simplify the multiple steps into one cutover
o Check the Unicode requirement, OS compatibility, Hardware compatibility (big endian,
little endian) prior to the migration
 Security of data at rest and in transit
o A dedicated express route is set up between on premise and cloud. Data will be
encrypted during the transit
o Storage encryption needs to be enabled, if it is not available by default
o NSG / ASG to be configured to allow communication between DB and application server
only from on-premise to cloud and vice versa
o HANA level encryption to be enabled for log and data volumes

 A Backup & recovery strategy for their servers on the cloud.

o Third party solutions like HPDPM, Commvault are recommended over the native cloud
backup solutions as these are more flexible and cost effective
 o Daily differential backup for application servers’ data disks and weekly full backup.
Monthly OS backup for OS disk
o Data disks backup is not required for DB server as we are taking the DB backup. Weekly
full backup for HANA DB, daily differential backup is recommended
o Backup servers should be located in the same vnet to reduce backup duration and avoid
data transfer charges across the network
o Retention period of 14 days for the production and 7 days for non-prod is
recommended
 High Availability and Disaster Recovery architecture and planning

Hardware optimized solution for high availability of SAP application

o ASCS and AAS will be hosted in one server. While ERS / AAS will be hosted another
server in the failover architecture. These can be clustered via windows clustering or
Linux clustering. These two machines needs to be distributed across data centers by
configuring availability zone for achieving 99.99% SLA from the cloud provider

Disaster recovery solution for SAP application

o Similar architecture to the primary region is proposed with VM level replication for app
servers in a paired region (for e.g. site recovery is configured between regions EAST US
and Central US)

High availability solution for Database

o Scale out HANA instance need to be configured with a stand-by node

Disaster recover solution for HANA DB

o HANA system replication is configured from primary region to DR region
 Ability to easily manage and replicate multiple environments.
o Develop scripts and templates to deploy infrastructure as a code
o Build a golden OS disk image with all the necessary HANA, OS parameters, Pre / Post
activities which can be re-used for multiple deployments
o Also, generate templates for one click, un-attended installations of HANA, SAP
application
 Effective use of AWS services to simplify the management of the SAP landscape
o Configuring notifications for receiving recommendations from the cloud provider. For
e.g. under-utilized hardware report, maintenance from the cloud provider, maintenance
schedule
o Execute scripts periodically, to identify the orphaned resource which are potential
candidates for clean up
o Configuring SSO(SAML for HTTP(S)) to SAP applications using native solutions from the
cloud provider
 Design considerations to allow outside parties to provide managed services for AWS, and SAP
o Role based access control to be set up for cloud access
o Governance to be setup for deployment of any resource in cloud
o Policies to be configured to bring in standardization like naming convention, tags