- ECS Instance Life Cycle Management
- Backup and Restore
- Database Operation
- Resource Access Management
- Access Security
- ECS Metrics Collector for SAP NetWeaver monitoring and support
This part provides information about how to manage the running state of your ECS instance.
ECS Instance Automatic Recovery is a feature of Alibaba Cloud. It is designed to increase instance availability. If an ECS instance becomes impaired or terminated due to its underlying hardware problem or failure, an identical instance with the same instance ID, private IP address, Elastic IP address and all instance metadata, will be recovered on a different piece of hardware. Users will receive an email during the recovery procedure. Please check more details from here.
You can stop one or multiple SAP NetWeaver hosts at any time. Stopping an ECS instance means shutting down the instance, you can do this via ECS Console. See here for more details. Make sure that you should first stop SAP NetWeaver, before you stop the instance.
Note: The private IP assigned to the ECS instance is not released after you stop the instance, so when you start the instance again, it will start with the same private IP address, network, and storage configuration as before.
You can start or restart an ECS instance via ECS Console. Please check Start an instance and Restart an instance for more details. Please kindly make sure that, you stop the SAP instance before you shut down ECS instance.
This part introduces the features of Alibaba Cloud which can help you handle the scenarios that require saving the state of your system.
Alibaba Cloud Object Storage Service (OSS) is an easy-to-use service that enables you to store, backup and archive large amounts of data in the cloud. OSS acts as an encrypted central repository from where files can be securely accessed from around the globe.
OSS buckets can be used to store your disk snapshot, custom image and system copy.
You can create snapshots of a cloud disk attached to the ECS instance at any time to generate a point-in-time copy of the disk state. Snapshots are useful for the following use cases:
- Changing your Cloud Disk TypeE.g. you want to change the current Cloud Disk type from Ultra Cloud Disk to SSD Cloud Disk;
Moving SAP NetWeaver System from one Region (or Zone) to anotherYou can achieve this by:
- Creating a Custom Image including all snapshots of the disks attached to the ECS instance;
- Creating a new ECS instance in another Region or Zone with the Custom Image, in this way, you need to update the SAP license after you moved the NetWeaver.
Back up non-production system with high efficiency and low cost;You can achieve this by creating snapshots of all cloud disks attached to this ECS instance hosing the non-production system.
To obtain a consistent snapshot, you must either stop SAP NetWeaver or stop the database from writing to the file system.
To create a snapshot, you can follow the official guide Creating Snapshots from Alibaba Cloud website.
To clone your SAP NetWeaver system on Alibaba Cloud, please kindly follow the standard SAP export-import procedure:
- Use the Software Provisioning Manager (SWPM) to export the source system.
- Copy the data from the system and database export to your Alibaba Cloud OSS Bucket;
- Copy the exported data from OSS Bucket to your target ECS instance;
- Use SWPM to create a new, target system and to import the data that you exported from the source system.
To capture the state of the system disk attached to your ECS instance, you can create a custom image. An image is different from a backup. Image can be used to create new ECS instances, but backup cannot. Unless you use the backup of system disk to create a custom image, then use this custom image to create ECS instances.
You should have created one or more images at the end of the deployment steps. However, you might want to create new images after you make important changes to the system, such as installing an update of SAP NetWeaver binaries or upgrading the SAP NetWeaver version.
Please check the following documents to learn more about images
- Create a custom image by using an instance
- Create a custom image by using a snapshot
- Delete a custom image
In some cases, you may want to move your SAP NetWeaver system from one Region (or Zone) to another. You can achieve this by taking a custom image (including snapshot) of the whole ECS instance hosting the SAP NetWeaver system in the source Region (or Zone) and create a new ECS instance through the custom image.
You can create Custom Image from ECS Console as follows:
Fill in all the information, and take note of the highlight part (a snapshot of disk will be created as well) as follows:
When the Custom Image is created, you can find following on the ECS console:
Snapshot of all related disks:
After creating a Custom Image, you can easily create a copy of an SAP NetWeaver System from one ECS instance on another by launching a new ECS instance through the Custom Image as follows:
Please check the section “Create and configure an instance” in SAP NetWeaver Implementation Guide on Alibaba Cloud for more detailed steps
You can keep the same hostname in the new Region (or Zone), if it isn’t in use yet. However, please be kindly noticed that, after you moving the ECS instance from one zone to another, the ECS instance ID will be changed. This means the SAP hardware key is changed, and you have to import a new SAP license accordingly.
Cloud Disk Snapshot offers simple and low cost backup service, which can be leveraged to reach requirements of non-production system. It has a very flexible snapshot policy, for example, a user can take snapshots on the hour and for several times in a day, a user can choose any day as the recurring day for taking weekly snapshots, and a user can specify the snapshot retention period or choose to retain it permanently. Please be noticed that when the maximum number of automatic snapshots has been reached, the oldest automatic snapshot will be deleted. For more information about Cloud Disk Snapshot, please refer Alibaba Cloud website.
Snapshots can be used to manually restore a whole HANA ECS instance of non-production system.
For production system, you should leverage the database backup and recovery functions.
This part provides general information for managing SAP HANA on Alibaba Cloud.
For complete information about running SAP HANA on Alibaba Cloud, please kindly check the SAP HANA on Alibaba Cloud Operations Guide. That guide provides you with detailed information covering administration, backup and recovery, security, networking, and other topics.
Controlling access to computing resources on Alibaba Cloud is a critical part of securing and operating your SAP system deployment. Although SAP provides its own user-management system, Alibaba Cloud Resource Access Management (RAM) service provides unified access control over computing resources on Alibaba Cloud.
From time to time, you may need to add or remove team members or change their access permission level at different phases of an SAP project. You can manage access control by defining who has which access to resources. For example, you can control who can perform Alibaba Cloud Console operations on your SAP instances such as creating and modifying ECS instances, VPC settings etc.
For more details about RAM, please see here.
The RAM (Resource Access Management) role of an ECS instance, hereinafter referred to as instance RAM role, grants permissions to the ECS instance by assuming an authorized role.
By associating a RAM role to the ECS instance, you can access other cloud services by the temporary STS (Security Token Service) credential from the applications within your ECS instance. This feature guarantees the security of your AccessKey and supports delicacy permission control and management in virtue of the RAM. For more details, please kindly check here.
Alibaba Cloud offers SSH key pair logon, which only applies to Linux instances. If you are running Linux, it is recommended that you choose this authentication method to protect your ECS instance’s security.
An SSH key pair is a pair of keys generated through an encryption algorithm: one key is intentionally available, known as the public key, and the other key is kept confidential, known as the private key.
If you have placed the public key in a Linux instance, you can use the private key to log on to the instance using SSH commands or related tools from a local computer or another instance, without the need to enter a password. For more details about SSH Keys, please kindly check here.
The SAP application in a cloud environment runs on a guest operating system (Guest OS) installed inside the virtual environment. SAP Host Agent collects all information required for SAP monitoring and provides it to the SAP NetWeaver local monitoring and Solution Manager to analyze and display. Customer or SAP Technical Support can access the SAP tool through SAP transaction code ST06.
In addition to that, Alibaba Cloud and SAP have worked together to create a monitoring agent – ECS Metrics Collector, for SAP NetWeaver running on Alibaba Cloud. ECS Metrics Collector is responsible for gathering information about configuration and resource (CPU \ Memory \ Disk \ Network) utilization from the underlying Alibaba Cloud infrastructure and virtualization platform, and feeding them to SAP Host Agent.
Note: You must deploy ECS Metrics Collector on your SAP ECS instance so that you can get support from SAP and enable SAP to meet its service-level agreements (SLAs).
Metrics Collector is a local agent that collects metrics, events, and metadata of the hosting ECS instance in Alibaba Cloud, and this monitoring agent runs as a Linux process. Each ECS instance in your SAP NetWeaver deployment must have an ECS Metrics Collector agent.
The collected data mainly comes from the metadata server and open API of ECS. SAP Host Agent polls this monitoring agent for its cached data over HTTP service. It aggregates the metrics, reports them, and stores them in the SAP NetWeaver database. And finally, SAP’s transaction ST06 or the SAPOSCOL command line interface displays the aggregated metrics.
You can directly view the data from OS level by running some specific commands as follows:
When you install the monitoring agent, the start-up script completes the following tasks:
- Install ECS Metrics Collector
- Add monitoring task (monitoring ecs-metrics-collector) to cron.d task list
- Start ecs-metrics-collector process
ECS Metrics Collector must be installed manually by users though Cloud Tool (Aliyun Assistant) of Alibaba Cloud during SAP NetWeaver deployment. For detailed steps, please refer to SAP NetWeaver Implementation Guide on Alibaba Cloud
ECS Metrics Collector will be automatically started right after the installation. The setting of automatic upgrade will be configured by the installation job. With this setting, ECS Metrics Collector will automatically upgrade to the latest version as long as there is one.
Meanwhile, there are crontab tasks defined for monitoring the status of ECS Metrics Collector. It will be restarted right away in case it crashed.
On Linux, you can check the status of the ECS Metrics Collector on operating system level.
You can use the following commands:
systemctl status ecs_metrics_collector
In some special case, you may need to manually restart ECS Metrics Collector.
You can use the following commands:
systemctl stop ecs_metrics_collector
systemctl start ecs_metrics_collector
There could be situations where the ECS Metrics Collector doesn’t work properly as expected. Following aspects should be checked during troubleshooting:
Check if RAM Service Role is created and assigned with correct Policy
RAM Service Role (or RAM Role for an ECS instance) is created;
RAM Role is assigned with correct policy: AliyunECSReadOnlyAccess
Check if RAM Service Role (RAM Role for an ECS instance) is attached to the ECS instance:
When the ECS instance is already created, you can verify if the RAM service role is attached correct with following command:
If the RAM service role is not attached, please execute to the following steps:
Open the ECS Console, go to the tab “Instances” and find your ECS instance
Select “Attach/Detach RAM Role” in the drop-down list of “More” actions
Select the RAM service role you created at the beginning.
Click “OK” to attach the role.
Check if the instance has access to public network. There are two options recommended to allow ECS instance to access public network
- NAT Gateway
- create a NAT Gateway
- create a SNAT item for network range where the ECS instance locates.
- Elastic Public IP
- bind an Elastic IP to the ECS instance
- NAT Gateway
Check logs of Metrics collector; you can access the metrics collector logs from following location: