EMC Enterprise Hybrid Cloud 2.5.1, Federation Software ... Software-Defined Data Center Edition Foundation for SAP Solution Guide ... SAP Blueprint interface in vCloud Automation Center

Solution Guide

EMC Enterprise Hybrid Cloud 2.5.1, Federation Software-Defined Data Center Edition Foundation for SAP Solution Guide

EMC Solutions

Abstract

This Solution Guide details how to deploy an SAP environment on an EMC® Enterprise Hybrid Cloud with VMware vCloud® Automation Center™ as its core. The solution addresses provisioning, key security, migration, and operational efficiency challenges specific to an SAP infrastructure.

April 2015

2

Copyright © 2015 EMC Corporation. All rights reserved. Published in the USA.

Published April 2015

EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.

THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.

EMC2, EMC, VMAX, VNX, XtremIO, VPLEX, ViPR, PowerPath, Data Domain, Avamar, and the EMC logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners.

For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com.

EMC Enterprise Hybrid Cloud 2.5.1, Federation Software-Defined Data Center Edition Foundation for SAP Solution Guide

Part Number H14046

http://www.emc.com/legal/emc-corporation-trademarks.htm

http://www.emc.com/legal/emc-corporation-trademarks.htm

Contents

3

Contents

Chapter 1 Executive Summary 8

Business case ............................................................................................................ 9

Solution overview ....................................................................................................... 9

Chapter 2 Introduction 11

Purpose .................................................................................................................... 12

Scope ....................................................................................................................... 12

Audience .................................................................................................................. 12

Terminology ............................................................................................................. 13

Chapter 3 Technology Overview 14

Overview .................................................................................................................. 15

Architecture .............................................................................................................. 15

Key components ....................................................................................................... 17

Overview ............................................................................................................. 17

Blue Medora vCenter Operations Management Pack for SAP CCMS ...................... 18

SAP Business Suite 7.0 ........................................................................................ 18

Technology resources ............................................................................................... 19

Chapter 4 Solution Architecture and Design 20

EMC Enterprise Hybrid Cloud solution delivery strategy ............................................ 21

Foundation infrastructure solution ........................................................................... 21

Automation and self-service provisioning ............................................................ 22

Multitenancy and secure separation .................................................................... 24

Security ............................................................................................................... 24

Networking .......................................................................................................... 25

Workload-optimized storage ................................................................................ 25

Elasticity and service assurance .......................................................................... 25

Operational monitoring and management ........................................................... 26

Metering and chargeback .................................................................................... 27

Modular add-on services .......................................................................................... 28

Application Services ............................................................................................ 28

Data protection: Backup ...................................................................................... 28

Data protection: Continuous availability .............................................................. 29

Contents

4

Data protection: Disaster recovery ....................................................................... 29

Platform as a service ............................................................................................ 29

Public cloud services ................................................................................................ 29

Why use a hybrid cloud for SAP? ............................................................................... 29

EMC Enterprise Hybrid Cloud solution for SAP .......................................................... 30

Chapter 5 Migration 32

Overview .................................................................................................................. 33

Scenarios and procedures ........................................................................................ 33

Scenario 1: Virtual machines under the vCenter Server instance used by EMC Enterprise Hybrid Cloud ................................................................................ 33

Scenario 2: Virtual machines in a non-EMC Enterprise Hybrid Cloud vCenter that will be connected as an endpoint .................................................................. 34

Validation use case .................................................................................................. 35

Step 1: Creating the blueprint .............................................................................. 35

Step 2: Importing existing virtual machines ......................................................... 36

Step 3: Verifying EMC Enterprise Hybrid Cloud compliance .................................. 37

Test results .......................................................................................................... 38

Chapter 6 Self-Service SAP Provisioning 39

Overview .................................................................................................................. 40

Automating a standard SAP installation ............................................................... 40

Automating a distributed installation ................................................................... 41

Elasticity: Automating an SAP AAS installation..................................................... 43

How autoprovisioning works .................................................................................... 43

Self-service provisioning .......................................................................................... 44

Verifying prerequisites ......................................................................................... 44

Creating an SAP-ready virtual machine template .................................................. 45

Setting up silent installation scripts ..................................................................... 46

Creating vCloud Automation Center Application blueprints .................................. 46

Deploying the automation workflow ..................................................................... 46


Test scenario ....................................................................................................... 47

Test objective ...................................................................................................... 48

Test procedure ..................................................................................................... 48

Test results .......................................................................................................... 48

Chapter 7 Networking and Security 49

Overview .................................................................................................................. 50

Contents

5

Multitenant security ................................................................................................. 50

Solution architecture ................................................................................................ 50

Logical network topology ..................................................................................... 51


Test scenario ....................................................................................................... 52

Test objectives..................................................................................................... 53

Test procedure ..................................................................................................... 53

Test results .......................................................................................................... 54

Chapter 8 Cloud Monitoring and Root Cause Analysis 56

Overview of EMC Enterprise Hybrid Cloud monitoring ............................................... 57

SAP monitoring ........................................................................................................ 57

ViPR SRM and vCenter Operations Manager-Blue Medora configuration ................... 58

Customized monitoring dashboard........................................................................... 58


Test scenario ....................................................................................................... 60

Test objective ...................................................................................................... 60

Test procedure and results .................................................................................. 60

Chapter 9 Conclusion 64

Conclusion ............................................................................................................... 65

Contents

6

Figures Figure 1. EMC Enterprise Hybrid Cloud solution architecture .............................. 16

Figure 2. EMC Enterprise Hybrid Cloud key components ..................................... 17

Figure 3. EMC Enterprise Hybrid Cloud features and functionality ...................... 22

Figure 4. Self-service provisioning through the vCloud Automation Center portal23

Figure 5. EMC ViPR Analytics with VMware vCenter Operations Manager ............ 26

Figure 6. IT Business Management Suite overview dashboard for hybrid cloud .. 28

Figure 7. Creating a blueprint for importing existing virtual machines ................ 36

Figure 8. Importing existing virtual machines ..................................................... 36

Figure 9. Assigning a business group to the imported virtual machines ............. 37

Figure 10. Applying a blueprint to the imported virtual machines ......................... 37

Figure 11. Managing virtual machines using the Actions menu ............................ 37

Figure 12. Detailed information on the virtual machines ...................................... 38

Figure 13. Process flow of a standard SAP installation ......................................... 41

Figure 14. Distributed SAP installation workflow .................................................. 42

Figure 15. User workflow for self-provisioning an SAP system using vCloud Automation Center .............................................................................. 43

Figure 16. SAP Blueprint interface in vCloud Automation Center Application services ............................................................................................... 47

Figure 17. Install new SAP system ........................................................................ 48

Figure 18. Result of SAP provisioning ................................................................... 48

Figure 19. Security logical infrastructure .............................................................. 52

Figure 21. Firewall rules ....................................................................................... 54

Figure 22. Firewall rules from PIP to EP1 ............................................................... 54

Figure 23. Test results for firewall rules ................................................................ 55

Figure 24. vCenter Operations Manager performance dashboard for SAP tenant administrator ...................................................................................... 59

Figure 25. Tenant A’s SAP system DX1 and EP1 performance dashboard ............. 61

Figure 26. End-to-end view from the virtual machine to storage ........................... 61

Figure 27. Performance dashboard on EMC ViPR SRM .......................................... 62

Tables Table 1. Terminology ........................................................................................ 13

Table 2. Solution resources .............................................................................. 19

Table 3. Virtual machine specification and installation media .......................... 45

Table 4. Detailed information on tested SAP systems ....................................... 53

Table 5. Use case test result ............................................................................. 55

Contents

7

Table 6. Virtual machine-to-array performance analysis in EMC ViPR SRM ......... 63

Chapter 1: Executive Summary

8

Chapter 1 Executive Summary

This chapter presents the following topics:

Business case ............................................................................................................ 9

Solution overview ...................................................................................................... 9


9

Business case

From the perspective of both SAP and its customers, the key focus today is on simplifying the deployment and operation of SAP systems. This simplification has become increasingly important as SAP system landscapes have grown over the last decade to include ever more components, interconnected and interdependent, making the setup, operation and, most of all, the evolution of these systems a massive effort.

This scenario clashes with today’s business environment which, being increasingly global and “real time” through web connections for information, people, and goods, forces companies to be more agile than ever to survive.

In terms of IT, these challenges translate into additional demands on CIOs and IT organizations:

To respond faster to new business initiatives and change requests

To provide a simpler, cost-effective, just-in-time, self-service experience to internal IT customers

To be a technology broker for their organizations, facilitating technology adoption as a business innovation driver for their business units, both in relation to internal IT resources as well as public cloud capabilities

The increased business pace of change and the need to simplify SAP landscapes, together with the increased maturity of cloud offerings and the still existing demands for data control and confidentiality, makes the hybrid cloud-computing environment an option that many organizations really need.

EMC® Enterprise Hybrid Cloud for SAP transforms hybrid cloud challenges into advantages. The solution includes SAP-specific functionalities that are designed to improve efficiency and reduce total cost of ownership (TCO) by balancing the cost of the resources with the criticality of the SAP system.

Solution overview

This EMC Enterprise Hybrid Cloud solution integrates the best of EMC and VMware products and services, and empowers IT organizations to accelerate implementation and adoption of hybrid cloud infrastructure for SAP system landscapes, while still enabling customer choice for the compute and networking infrastructure within the data center. The solution caters to customers who want to preserve their investment and make better use of their existing infrastructure, as well as to those who want to build out new infrastructures dedicated to a hybrid cloud.

This solution takes into consideration the unique requirements of deployment, operations, and evolution of SAP system landscapes. It takes advantage of the strong integration between EMC technologies and the VMware® vCloud Suite® to deliver a hybrid cloud foundation that is simple to deploy and operate. The solution, developed by EMC and VMware product and services teams, includes EMC scalable


10

storage arrays, integrated EMC and VMware monitoring, and data protection suites to provide the foundation for enabling cloud services within the customer environment.

Chapter 2: Introduction

11

Chapter 2 Introduction


Purpose.................................................................................................................... 12

Scope ....................................................................................................................... 12

Audience .................................................................................................................. 12

Terminology ............................................................................................................. 13


12

Purpose

This Solution Guide, which describes the foundation solution for EMC Enterprise Hybrid Cloud for SAP, is the first of a series of guides that describe in detail the design and specific configurations needed for an SAP environment to maximize the capabilities of the EMC Enterprise Hybrid Cloud.

This solution is a direct application of the EMC Enterprise Hybrid Cloud to an SAP environment. This document serves as an enablement reference for SAP customers who plan to deploy their SAP environment on EMC Enterprise Hybrid Cloud.

Scope

This Solution Guide focuses on the SAP-related architecture, design, and implementation best practices for deploying an SAP environment on an existing, fully functional EMC Enterprise Hybrid Cloud solution. Why use a hybrid cloud for SAP? summarizes the SAP use cases.

While this document includes some content from the EMC Enterprise Hybrid Cloud Solution Guide, it does not include detailed information about products and functionalities specific to EMC Enterprise Hybrid Cloud.

For all EMC Enterprise Hybrid Cloud topics beyond the scope of this document, refer to EMC Enterprise Hybrid Cloud 2.5.1, Federation Software-Defined Data Center Edition: Foundation Infrastructure Solution Guide.

Audience

This document is intended for technical architects and cloud solution engineers who are considering adopting a private cloud or hybrid cloud model for their data center infrastructure and business processes. Readers are expected to have basic competency in the implementation and operation of EMC, VMware, and SAP products and environments.

Readers must have a clear understanding of the current implementations and operational processes within their own environments. When implementing a hybrid-cloud computing environment, the target audience must have a reasonable understanding of cloud computing and be fully aware of what their end users expect. These considerations include security, monitoring, resource management, multitenancy, and service metering.


13

Terminology

Table 1 defines the terms used in this document.

Table 1. Terminology

Term Definition

BAPI Business Application Programming Interface. A precisely defined interface that provides access to processes and data in SAP business application systems such as R/3.

DEV SAP development system. An SAP system built for SAP programmers and consultants to develop programs and configurations.

Off premises The application or service is running on resources (hardware, software, locations) that are owned by a third party and are not under the full control of the enterprise in question.

On premises The application or service is running on resources (hardware, software, locations) that are owned by and in the full control of the enterprise in question.

PRD SAP production system. The system used by end users in live deployments.

QAS SAP Quality Assurance system. A replica of the PRD system, QAS serves as the test environment for configurations and programs designed in DEV.

Chapter 3: Technology Overview

14

Chapter 3 Technology Overview


Overview .................................................................................................................. 15

Architecture ............................................................................................................. 15

Key components ...................................................................................................... 17

Technology resources .............................................................................................. 19


15

Overview

This solution takes advantage of the strong integration between EMC technologies and the VMware vCloud Suite. The solution, developed by EMC and VMware product and services teams, includes EMC scalable storage arrays, integrated EMC and VMware monitoring, and data protection suites to provide the foundation for enabling cloud services within the customer environment.

Architecture

This section describes the environment and supporting infrastructure for this EMC Enterprise Hybrid Cloud for SAP solution. Figure 1 shows the overall architecture of the solution.


16

Figure 1. EMC Enterprise Hybrid Cloud solution architecture

The cloud management platform supports the entire management infrastructure for this solution. The infrastructure is divided into pods, which consist of one or more ESXi clusters. The EMC Enterprise Hybrid Cloud solution includes several pods, which perform solution-specific functions and provide high availability and load balancing.

The VMware vSphere® ESXi™ clusters configured in High Availability mode provide virtual machine protection. Increased levels of fault tolerance are provided through application and operating system cluster services, such as Windows Failover Clustering, PostgreSQL clustering, load-balancer clustering, or farms of machines that work together natively, to provide a resilient architecture.


17

For detailed discussion of the architecture, and specific information on its hardware components, refer to the EMC Enterprise Hybrid Cloud 2.5.1, Federation Software-Defined Data Center Edition: Foundation Infrastructure Solution Guide.

Key components

Figure 2 shows the key components of the EMC Enterprise Hybrid Cloud solution, including the VMware vCloud Suite Enterprise components. VMware vCloud Suite combines multiple components into a single product to address the complete set of cloud infrastructure capabilities. When used together, the vCloud Suite components provide virtualization, software-defined data center services, policy-based provisioning, disaster recovery, application management, and operations management.

EMC VPLEX, VMAX, EMC VNX and EMC XtremIO

VMware vSphereEMC VSI

EMC PowerPath/VE

VMware vCenter Server

VAAI

VASA

VMware vCenter Operations Manager

VMware vCloud Automation Center

VMware vCenter Orchestrator

EMC ViPR

VMware vCloud Networking and SecurityVMware NSX for vSphere

VMware IT Business Management SuiteEMC Storage

AnalyticsVMware vCenter

Log Insight

SecurityManagement

CentralizedAuthentication

PublicKey

Infrastructure

EMC ViPR Analytics

EMC ViPR Storage

Resource Management

Data Protection

Backup

Continuous Availability

Disaster Recovery

Application Services

SAP Applications

Figure 2. EMC Enterprise Hybrid Cloud key components

This EMC Enterprise Hybrid Cloud for SAP solution includes the following key technology components:

VMware vCloud® Automation Center™

VMware vCloud Application Director™

VMware vCenter™ Operations Manager™

VMware vCenter Orchestrator™

VMware NSX™

VMware IT Business Management Suite™

EMC VNX® storage

Overview


18

EMC VMAX® storage

EMC ViPR® storage resource management (SRM)

EMC ViPR Controller

EMC PowerPath®/VE

For detailed information on the solution components, refer to the EMC Enterprise Hybrid Cloud 2.5.1, Federation Software-Defined Data Center Edition: Foundation Infrastructure Solution Guide for detailed information on the components of the modular add-on solutions (such as Data Protection), refer to the relevant solution guides.

The Blue Medora vCenter Operations Management Pack for SAP CCMS1 is an embedded adapter that uses SAP BAPI calls to collect metrics from an SAP server. The management pack enhances vCenter Operations Manager by adding the following capabilities:

Out-of-the-box dashboards

Workload details view

Proactive smart alerts

Automated correlation of changed events

Heat map views

Capacity and trending analysis

vCenter Operations Manager provides a comprehensive monitoring solution for SAP in a virtualized environment, while the management pack makes the data more consumable, especially in complex SAP cloud environments.

SAP ERP 6.0, powered by the SAP NetWeaver technology platform, is a fully integrated enterprise resource planning (ERP) application that fulfills the core business needs of midsize and large enterprises across all industries and market sectors. SAP ERP 6.0 delivers a comprehensive set of integrated, cross-functional business processes and can serve as a solid business-process platform that supports continued growth, innovation, and operational excellence.

1 The SAP adapter delivered with this solution is third-party software available from Blue Medora, and is available to customers through EMC Select.

Blue Medora vCenter Operations Management Pack for SAP CCMS

SAP Business Suite 7.0


19

Technology resources

Table 2 details the hardware and software resources used in the solution.

Table 2. Solution resources

Software Version Purpose

EMC Enterprise Hybrid Cloud: Federation Software-Defined Data Center Edition (OE)

2.5.1 Foundation

Blue Medora vCenter Operations Management Pack for SAP CCMS

5.8.1 SAP adapter for vCenter Operations Manager

SAP ERP 6.0 EhP 7 SAP application software

For a complete, up-to-date list of all software requirements for EMC Enterprise Hybrid Cloud, refer to the following resources:

EMC Enterprise Hybrid Cloud 2.5.1, Federation Software-Defined Data Center Edition: Foundation Infrastructure Solution Guide

Latest EMC Simple Support Matrix for EMC Enterprise Hybrid Cloud 2.5.1 at elabnavigator.emc.com (requires login)

https://elabnavigator.emc.com/

Chapter 4: Solution Architecture and Design

20

Chapter 4 Solution Architecture and Design


EMC Enterprise Hybrid Cloud solution delivery strategy .......................................... 21

Foundation infrastructure solution ........................................................................... 21

Modular add-on services .......................................................................................... 28

Public cloud services................................................................................................ 29

Why use a hybrid cloud for SAP? .............................................................................. 29

EMC Enterprise Hybrid Cloud solution for SAP ......................................................... 30


21

EMC Enterprise Hybrid Cloud solution delivery strategy

The EMC Enterprise Hybrid Cloud is an engineered solution that offers a simplified approach to IT functionality for IT organizations, developers, end users, and line-of-business owners. In addition to delivering baseline infrastructure as a service (IaaS), built on the software-defined data center architecture, the EMC Enterprise Hybrid Cloud also delivers feature-rich capabilities to expand from IaaS to business enabling IT as a service (ITaaS).

The full EMC Enterprise Hybrid Cloud solution has the following elements:

Foundation infrastructure—The essential component of the solution

Modular add-ons—Enabling features that are optional but highly recommended

Foundation infrastructure solution

This section describes the following features and functionality of the foundation infrastructure:

Automation and self-service provisioning

Multitenancy and secure separation

Security

Networking

Workload-optimized storage

Elasticity and service assurance

Operational monitoring and management

Metering and chargeback

Figure 3 depicts the foundation infrastructure features and functionality.


22

Figure 3. EMC Enterprise Hybrid Cloud features and functionality

The EMC Enterprise Hybrid Cloud solution provides self-service provisioning of automated cloud services to end users and infrastructure administrators. The EMC Enterprise Hybrid Cloud uses VMware vCloud Automation Center, integrated with EMC ViPR Controller and VMware NSX, to provide the compute, storage, network, and security virtualization services for the software-defined data center. These services enable rapid deployment of business-relevant cloud services across your hybrid cloud and physical infrastructure.

Cloud users can request and manage applications and compute resources within established operational policies. This can reduce IT service delivery times from days or weeks to minutes. Self-service provisioning features include the following:

Self-service portal: Provides a cross-cloud storefront that delivers a catalog of custom-defined services for provisioning applications based on business and IT policies

Role-based entitlements: Ensure that the self-service portal presents only the virtual machine, application, or service blueprints appropriate to a user’s role within the business

Resource reservations: Enable resources to be allocated to a specific group and ensures that access is limited to that group

Automation and self-service provisioning


23

Service levels: Define the amount and type of resources a specific service can receive either during the initial provisioning or as part of any configuration changes

Build specifications: Contain the automation policies that specify the process for building or reconfiguring compute resources

In this solution, vCloud Automation Center provides lines of business with the ability to rapidly deploy cloud applications and services to meet the demands of the business. vCloud Automation Center provides the ability to divide a shared infrastructure into logical partitions that can be assigned to different business units. Using role-based entitlements, business users can manage resources from their own self-service catalog of custom-defined services and blueprints. Each user’s catalog presents the virtual machines, applications, and service blueprints they are entitled to, based on their assigned role within the business.

Service blueprints enable cloud infrastructure administrators to deploy new EMC services supported by ViPR Controller for automated storage services and by EMC Avamar®

and EMC Data Domain® for backup and restore services.

Virtual machine and application blueprints can be single machine or multimachine, covering both bare-metal server and virtual machine deployments. Multitier enterprise applications requiring multiple components (application, database, and web) and service levels can be deployed easily from predefined blueprints.

Figure 4 shows the EMC Enterprise Hybrid Cloud self-service portal in vCloud Automation Center.

Figure 4. Self-service provisioning through the vCloud Automation Center portal

Data protection policies can be applied to virtual machine resources at provisioning time, which later enables users to request on-demand backups and restores of their


24

virtual machines, and generate backup reports from the vCloud Automation Center self-service portal.

Multitenancy access requirements in a cloud environment range from shared, open resource access to completely isolated resources. The EMC Enterprise Hybrid Cloud solution provides the ability to enforce physical and virtual separation for multitenancy, offering different levels of security to meet business requirements. This separation can encompass network, compute, and storage resources, to ensure appropriate security and performance for each tenant.

The solution supports secure multitenancy through vCloud Automation Center role-based access control (RBAC), which enables vCloud Automation Center roles to be mapped to Active Directory groups. vCloud Automation Center uses existing authentication and business groupings. User access to the self-service portal is governed by the user’s business role.

Physical segmentation of resources can be achieved in vCloud Automation Center to isolate tenant resources or to isolate and contain compute resources for licensing purposes. For example, Oracle licensing costs can be managed by limiting the amount of CPU resources assigned to a particular resource group.

Virtualized compute resources within the software-defined data center are objects inherited from the vSphere endpoint, most commonly representing VMware vSphere ESXi hosts, host clusters, or resource pools. Compute resources can be configured at the vSphere layer to ensure physical and logical separation of resources between functional areas such as Production and Testing/Development (Test/Dev).

For more details, refer to Multitenant security and the EMC Enterprise Hybrid Cloud 2.5, Federation Software-Defined Data Center: Security Management Solution Guide.

The EMC Enterprise Hybrid Cloud solution enables customers to enhance security by establishing a hardened security baseline across the hardware and software stacks supporting their EMC Enterprise Hybrid Cloud infrastructure. The solution helps to reduce concerns around the complexities of the underlying infrastructure by demonstrating how to tightly integrate an as-a-service solution stack with public key infrastructure (PKI) and a common authentication directory to provide centralized administration and tighter control over security.

The solution addresses the challenges of securing authentication and configuration management to comply with industry and regulatory standards through the following features:

Secured infrastructure with PKI support for authenticity, non-repudiation, and encryption

Authentication sources converged into a single directory to enable a centralized point of administration and policy enforcement

Configuration management tools that generate infrastructure reports for audit and compliance purposes

Multitenancy and secure separation

Security


25

The EMC Enterprise Hybrid Cloud can employ NSX for vSphere to offer significant advancements over the VMware vCloud Networking and Security™ (vCNS) feature set. Enhanced networking and security features in NSX include the following:

NSX logical routing and firewalls: Provide line-rate performance distributed across many hosts instead of being limited to a single virtual machine or physical host.

Distributed logical routers: Contain east-west traffic within the hypervisor when the source and target virtual machines reside on the same host.

Logical load balancer: Enables load sharing across a pool of virtual machines with configurable health check monitoring and application-specific rules for service high availability, URL rewriting, and advanced Secure Sockets Layer (SSL) handling. A distributed firewall enables consistent data-center-wide security policies.

Security policies: Can be applied directly to security groups, enabling greater flexibility in enforcing security policies.

The EMC Enterprise Hybrid Cloud solution enables customers to take advantage of the proven benefits of EMC storage in an EMC Enterprise Hybrid Cloud environment. Using EMC ViPR Controller storage services and EMC XtremIO™, VNX, and VMAX capabilities, the solution provides policy-based, software-defined storage management of EMC block and file storage.

With a scalable storage architecture that uses the latest flash and tiering technologies, XtremIO, VNX, and VMAX storage arrays enable customers to satisfy any workload requirements with maximum efficiency and performance, in the most cost-effective way. With ViPR Controller, the storage configuration is abstracted and presented as a single storage control point, enabling cloud administrators to access all heterogeneous storage resources within a data center as if they were a single large array.

Storage administrators maintain control of storage resources and policies while enabling the cloud administrator to automatically provision storage resources into the cloud infrastructure.

The solution uses a combination of tools to provide the environmental visibility and alerts required to proactively ensure service levels in virtual and cloud environments. Using vCloud Automation Center and tools provided by EMC, administrators and end users can dynamically add resources as needed, based on their performance requirements.

Infrastructure administrators manage storage, compute, and network resources within resource pools, while end users manage those resources at a virtual machine level to achieve the service levels required by their application workloads.

Networking

Workload-optimized storage

Elasticity and service assurance


26

Cloud users can select from a range of service levels for compute, storage, and data protection for their applications to achieve the most efficient use of the resources within their software-defined data center environment.

The solution features automated monitoring and management capabilities that provide IT administrators with a comprehensive view of the cloud environment to enable smart decision-making for resource provisioning and allocation. These automated capabilities are based on a combination of EMC ViPR Storage Resource Management (ViPR SRM), VMware vCenter Log Insight™, and VMware vCenter Operations Manager, and use EMC plug-ins for ViPR Controller, VNX, VMAX, and XtremIO to provide extensive additional storage detail.

VMware vCenter Operations provides pre-built and configurable dashboards for real-time performance, capacity, and configuration management. Performance data is interpreted and assigned a health risk value and efficiency metrics that enable IT administrators to easily identify evolving performance problems. Integrating vCenter Operations Manager with EMC ViPR Analytics enables full end-to-end visibility of the infrastructure, from virtual machine to LUN and every point in between.

The ViPR Analytics and EMC Storage Analytics (ESA) packs are presented through the vCenter Operations Manager custom interface. This enables administrators to quickly identify the health of ViPR Controller virtual arrays and physical VMAX, VNX, and EMC VPLEX® arrays using customized EMC dashboards for vCenter Operations Manager, such as the EMC ViPR dashboard shown in Figure 5.

Figure 5. EMC ViPR Analytics with VMware vCenter Operations Manager

Operational monitoring and management


27

Capacity analytics in vCenter Operations Manager identify over-provisioned resources so they can be right-sized for the most efficient use of virtualized resources. What-if scenarios eliminate the need for separate performance and capacity modeling.

EMC ViPR SRM offers comprehensive monitoring and reporting for the EMC Enterprise Hybrid Cloud solution. This helps IT visualize, analyze, and optimize their software-defined storage infrastructure. Cloud administrators can use ViPR SRM to understand and manage the impact that storage has on their applications and view the topologies of their hybrid cloud from application to storage. Capacity and consumption of EMC ViPR software-defined storage and SLA issues can be identified through real-time dashboards or reports in order to meet the needs of the wide range of hybrid cloud consumers.

In addition, VMware vCenter Log Insight provides the ability to centralize and aggregate system and application logs. Each system in the hybrid cloud solution can be configured to forward logs to the Log Insight system for event analytics and reporting. When configured with vCenter Log Insight, EMC content packs for Avamar, VNX, and VMAX provide customizable dashboards and user-defined fields specifically for those EMC products, which enables administrators to conduct problem analysis and analytics on the storage array and backup infrastructure.

The solution uses VMware IT Business Management Suite™ (ITBM) to provide cloud administrators with metering and cost information across all business groups in the enterprise. ITBM reports the virtual machine and blueprint costs based on business units and application groups across the hybrid cloud environment.

VMware ITBM Standard Edition uses its own reference database, which has been preloaded with industry-standard and vendor-specific cost data, to compute the cost of virtual CPU (vCPU), RAM, and storage. These prices, which default to cost of CPU, RAM, and storage, are automatically consumed by vCloud Automation Center, where the cloud administrator can change them as appropriate. This eliminates the need to manually configure cost profiles in vCloud Automation Center and assign them to compute resources.

ITBM is integrated into the vCloud Automation Center portal for the cloud administrator and presents a dashboard overview of the hybrid cloud infrastructure, as shown in Figure 6.

Metering and chargeback


28

Figure 6. IT Business Management Suite overview dashboard for hybrid cloud

ITBM is also integrated with VMware vCenter and can import existing resource hierarchies, folder structures, and vCenter tags to associate hybrid cloud resource usage with business units, departments, and projects.

Modular add-on services

The EMC Enterprise Hybrid Cloud solution provides modular add-on components for the services listed below, as explained in the following sections:


Data protection: Backup

Data protection: Continuous availability

Data protection: Disaster recovery

Platform as a service

This add-on solution uses VMware vCloud Automation Center Application Services to optimize application deployment and release management through logical application blueprints in vCloud Automation Center. Users can quickly and easily deploy blueprints for applications and databases such as Microsoft Exchange, Microsoft SQL Server, Microsoft SharePoint, Oracle, and SAP.

Avamar and EMC Data Domain systems provide a backup infrastructure that offers features such as deduplication, compression, and VMware integration. By using VMware vCenter Orchestrator workflows customized by EMC, administrators can


Data protection: Backup


29

quickly and easily set up multitier data protection policies and enable users to select an appropriate policy when they provision their virtual machines.

A combination of EMC VPLEX virtual storage and VMware vSphere High Availability (vSphere HA) provides the ability to federate information across multiple data centers over synchronous distances. With virtual storage and virtual servers working together over distance, the infrastructure can transparently provide load balancing, real-time remote data access, and improved application protection.

This add-on solution enables cloud administrators to select disaster recovery (DR) protection for their applications and virtual machines when they provision their hybrid cloud environment. ViPR Controller automatically places these systems on storage that is protected remotely by EMC RecoverPoint® technology. VMware vCenter Site Recovery Manager automates the recovery of all virtual storage and virtual machines.

The EMC Enterprise Hybrid Cloud solution provides an elastic and scalable IaaS foundation for platform-as-a-service (PaaS) and software-as-a-service (SaaS) services. Pivotal CF provides a highly available platform that enables application owners to easily deliver and manage applications over the application lifecycle. The EMC Enterprise Hybrid Cloud service offerings enable PaaS administrators to easily provision compute and storage resources on demand to support scalability and growth in their Pivotal CF enterprise PaaS environments.

Public cloud services

The EMC Enterprise Hybrid Cloud solution enables IT organizations to broker public cloud services. The public cloud solution has been validated with VMware vCloud

Air™ as a public cloud option that administrators and users can access directly from the solution's self-service portal. End users can provision virtual machines while IT administrators can use VMware vCloud Connector® to perform virtual machine migration (offline) to vCloud Air from the on-premises component of their hybrid cloud.

Why use a hybrid cloud for SAP?

Regardless of deployment, all cloud solutions should improve operational efficiency, scale resources up and down as needed, and reduce the TCO over time. Why would a company that already uses either a private or public cloud need to use the other?

To answer this, you must compare and understand the key strengths of both types of cloud from an architecture perspective.

Public clouds are large implementations. The cost of maintaining systems at this level can be very expensive and difficult to maintain. Because of the economies of scale, however, as more companies share the overhead expenditures, the cost of

Data protection: Continuous availability

Data protection: Disaster recovery

Platform as a service


30

leased resources becomes cheaper for each tenant. In addition, your company does not have to assign resources to maintain the cloud. Using a public cloud reduces the TCO, but you will have limited control over your systems.

Private clouds reside within your own company. Internal IT maintains these systems, which enables you to have full ownership of your critical data and complete control of every part of the infrastructure. You can customize and protect your cloud environment precisely for your business needs. You can deploy the latest technologies that are not offered in other cloud environments, and respond to incidents more quickly.

A hybrid cloud enables you to balance the TCO against the criticality of the systems, so that you can keep critical SAP and non-SAP systems in your on-premises EMC Enterprise Hybrid Cloud solution, while maintaining the rest in a cheaper, remote cloud.

A private-to-public integration is a popular hybrid deployment for a variety of reasons:

Lower TCO: An organization can save money by keeping all its critical production (PRD) SAP systems in a private cloud while deploying all development (DEV) and quality assurance (QAS) systems on a typically cheaper public cloud. Due to the economies of scale, the TCO in deploying and maintaining a DEV or QAS system in a public cloud is invariably lower than deploying them in a private cloud.

Resource expansion: A hybrid cloud removes the hardware limits of a private cloud by extending several of its workload and functionalities to a public cloud's much larger resource pool.

Testing cloud options: An organization that has yet to build its own cloud can opt to try it on a public cloud until they are comfortable enough to invest, build, and manage their own private cloud.

A public-private cloud architecture ensures that the company maintains absolute control over all privately-owned resources dedicated to the most business-critical systems, while deploying the less critical systems on more cost-effective alternatives.

EMC Enterprise Hybrid Cloud solution for SAP

EMC Enterprise Hybrid Cloud 2.5.1 is an application-flexible architecture. EMC enables you to customize this solution based on your application landscape, requiring minimal SAP-specific configuration to host SAP environments.

This document focuses on the SAP-specific details of the foundation infrastructure that are not found in the EMC Enterprise Hybrid Cloud 2.5.1, Federation Software-Defined Data Center Edition: Foundation Infrastructure Solution Guide:

Migration of SAP systems into the EMC Enterprise Hybrid Cloud

Self-service SAP provisioning

Networking and security for SAP landscapes


31

SAP cloud monitoring and root-cause analysis

The other functionalities and services introduced in this chapter are present and, for the most part, common across other enterprise applications, but will not be discussed further in this document.

For detailed information on these functionalities and services, refer to the EMC Enterprise Hybrid Cloud 2.5.1, Federation Software-Defined Data Center Edition: Foundation Infrastructure Solution Guide. For detailed information on the modular add-on solutions, refer to the individual Solution Guides for those solutions.

Chapter 5: Migration

32

Chapter 5 Migration


Overview .................................................................................................................. 33

Scenarios and procedures ........................................................................................ 33



33

Overview

For organizations that intend to migrate to the EMC Enterprise Hybrid Cloud platform, a simple migration is not enough—the virtual machines must be standardized on migration. EMC Enterprise Hybrid Cloud standard virtual machines are provisioned with monitoring and chargeback mechanisms to enable central management. EMC Enterprise Hybrid Cloud can automate this standardization procedure, bringing the virtual machines under the full control of the cloud.

This chapter outlines the steps for importing virtual machines into an EMC Enterprise Hybrid Cloud.

Scenarios and procedures

Full migration and standardization of virtual machines that were not provisioned by EMC Enterprise Hybrid Cloud require EMC Enterprise Hybrid Cloud-based customization of the virtual machine and storage migration to EMC Enterprise Hybrid Cloud ViPR. A virtual machine that is managed by EMC Enterprise Hybrid Cloud has the following characteristics:

Virtual machine lease and expiration policies

ITBM chargeback compliance

EMC Enterprise Hybrid Cloud monitoring compliance

Data stores completely managed by ViPR Controller in EMC Enterprise Hybrid Cloud

Because of the variety of cloud provider environments, the preconfigurations before migrating virtual machines must be performed on a case-by-case basis. This solution is one example. EMC recommends employing EMC professional services to complete these tasks.

Virtual machines that are not managed by EMC Enterprise Hybrid Cloud fall into one of the following scenarios:

Scenario 1: Virtual machines that are under the same vCenter Server instance used by the EMC Enterprise Hybrid Cloud solution

Scenario 2: Virtual machines that are under a different vCenter Server instance than the EMC Enterprise Hybrid Cloud solution—this instance will be connected as an endpoint

In this scenario, consider an existing virtual data center managed by vCenter Server. You can reuse this vCenter Server to implement a hybrid cloud environment. All new virtual machines created after implementation of the hybrid cloud are automatically registered in the new cloud, but all virtual machines present before the cloud implementation must first be migrated to the new environment.

Scenario 1: Virtual machines under the vCenter Server instance used by EMC Enterprise Hybrid Cloud


34

Solution (online migration):

1. In vCenter Server, perform a vSphere Storage vMotion migration to the EMC Enterprise Hybrid Cloud ViPR storage under the planned business group.

2. Use Infrastructure Organizer to import the virtual machines to the planned business group.

3. Migrate the network to the planned VXLAN port group during a maintenance window.

In this scenario, consider a customer with two different environments: one is an existing virtual data center, and the other is an environment where they have implemented the EMC Enterprise Hybrid cloud. Each environment has its own vCenter Server instance. The customer wishes to join the two vCenter Server environments together.

Solution (offline migration)

The first possible solution is to migrate the virtual machines at the storage level and then switch from one vCenter Server instance to the other, as follows:

1. Offline export the virtual machines to the vCenter Server instance managed by the EMC Enterprise Hybrid Cloud. Select the appropriate ViPR storage under the planned business group. Reconfigure the network to a VXLAN port group.

2. Use Infrastructure Organizer to import the virtual machines to the designated business group.

3. After all virtual machines are exported, disconnect the ESXi hosts from the original vCenter Server instance and connect them to the vCenter Server instance managed by EMC Enterprise Hybrid Cloud.

4. Perform EMC Enterprise Hybrid Cloud customizations for the ESXi hosts according to the EMC Enterprise Hybrid Cloud build guide.

Alternate solution (online migration)

Another solution is to connect the non-cloud environment as an endpoint to the hybrid cloud, and do the following:

1. Create a new endpoint in vCloud Automation Center that connects to the vCenter Server instance that is not managed by EMC Enterprise Hybrid Cloud.

2. Reconfigure that vCenter Server instance to make it compliant with EMC Enterprise Hybrid Cloud, according to the EMC Enterprise Hybrid Cloud Build Guide.

3. Use Infrastructure Organizer to import the virtual machines to the designated business group.

4. Migrate the network to the planned VXLAN port group during the maintenance window.

Scenario 2: Virtual machines in a non-EMC Enterprise Hybrid Cloud vCenter that will be connected as an endpoint


35

Validation use case

This section describes how to configure the workflow in EMC Enterprise Hybrid Cloud.

We focused on Scenario 1. Migrate the storage to the ViPR Controller in EMC Enterprise Hybrid Cloud using vSphere Storage vMotion, and follow these steps to import the virtual machines to the correct business group, using Infrastructure Organizer:

1. Create a blueprint to automate the import of virtual machines.

2. Import the existing virtual machines.

3. Verify that the imported virtual machines can be managed by EMC Enterprise Hybrid Cloud management applications such as chargeback and monitoring agents.

We created a new blueprint from the vCloud Automation Center console to import virtual machines. The blueprint defines how long the virtual machines will be leased or archived, whether you want the virtual machines to be reconfigured, and what the blueprint will cost. In this case, we set the following values, as shown in Figure 7:

Lease (days): 30

Archive (days): 2

Allow reconfigure: Yes

Note: The value for daily cost specified in the machine blueprint is added to the total cost of the virtual machine. This value can represent a markup for using the virtual machine and for the resources consumed by the virtual machine.

Step 1: Creating the blueprint


36

Figure 7. Creating a blueprint for importing existing virtual machines

After creating the endpoint and fabric group, and organizing the compute resources for the existing virtual SAP systems, you can import the existing virtual machines to an EMC Enterprise Hybrid Cloud platform through the Infrastructure Organizer Wizard in vCloud Automation Center. In this case, we had two unmanaged existing virtual machines to be imported, as shown in Figure 8.

Figure 8. Importing existing virtual machines

We assigned the two virtual machines to the Finance Business Group, as shown in Figure 9.

Step 2: Importing existing virtual machines


37

Figure 9. Assigning a business group to the imported virtual machines

We then selected the blueprint for the virtual machines, as shown in Figure 10.

Figure 10. Applying a blueprint to the imported virtual machines

After importing the virtual machines under the Finance business group, we used the Actions menu to manage them, as shown in Figure 11.

Figure 11. Managing virtual machines using the Actions menu

We selected Actions > View Details to get the detailed machine configuration, as shown in Figure 12.

Step 3: Verifying EMC Enterprise Hybrid Cloud compliance


38

Figure 12. Detailed information on the virtual machines

As defined in the blueprint, the virtual machine lease period is 30 days. When the lease expires, the virtual machines are destroyed after two days (archive days). You can change the lease period, receive expiration reminders, and expire them immediately through the Actions menu.

You can import the existing virtual machines to an EMC Enterprise Hybrid Cloud platform. Through the Infrastructure Organizer Wizard in vCloud Automation Center, you can register the existing VMware virtual SAP systems, enable cloud, and import into the EMC Enterprise Hybrid Cloud platform. Virtual machines can be migrated, standardized, and managed through the EMC Enterprise Hybrid Cloud platform.

Test results

Chapter 6: Self-Service SAP Provisioning

39

Chapter 6 Self-Service SAP Provisioning


Overview .................................................................................................................. 40

How autoprovisioning works .................................................................................... 43

Self-service provisioning ......................................................................................... 44



40

Overview

EMC Enterprise Hybrid Cloud, through vCloud Automation Center, offers many templates and tools to automate tasks within the cloud environment. This chapter explores two powerful applications of its automation features:

Self-service SAP provisioning, which enables a fully automated installation of an SAP central system

Elasticity, which enables autoprovisioning of new AAS instances and integration of those instances into an existing SAP system

Regardless of what you want to automate, the core procedure is the same.

EMC Enterprise Hybrid Cloud uses vCloud Automation Center Application Services scripts to orchestrate processes across several virtual machines. vCloud Automation Center Application Services can run these scripts from both the VMware environment and the guest operating system (OS) level. You can predefine values that can be passed on later as environment variables, and write flexible and portable scripts, with as many variables as you need.

EMC Managed Services can customize the scripts for your needs, or you can make your own scripts based on SAP note 950619.

vCloud Automation Center Application services can also import catalogs from another cloud (VMware vCloud Director®, for example) and map these catalogs to the Application Services service catalog, to trigger remote cloud operations from the same EMC Enterprise Hybrid Cloud interface.

The SAP Software Provisioning Manager (SWPM) uses the same SAPINST executable to run an unattended installation. However, to run this successfully, you must manually preconfigure each virtual machine on which SAP is to be installed, as follows:

1. Properly configure the file systems, including RAID.

2. Set hostnames and create SID-specific mount points.

3. Install the OS.

4. Set the environment variables.

5. Install Java, SAP locales, and SAP cryptographic libraries.

6. Install the database instance.

vCloud Automation Center Application services fills this preconfiguration gap by allowing the use of custom scripts. By using a combination of out-of-the-box workflows, prebuilt templates, and user scripts, vCloud Automation Center fully automates and coordinates the tasks that SAPINST is not able to do, such as:

Provisioning storage and virtual machines from a virtual machine template preconfigured for SAP

Automating a standard SAP installation


41

Allowing you to customize the hostname, SID, and so on directly before the SAP provisioning process

Installing the database instance accordingly

Performing an unattended SAP installation using pre-defined, customizable SAPINST parameters

Figure 13 illustrates the basic process flow.

Figure 13. Process flow of a standard SAP installation

The result is a self-service interface, requiring minimal initial input, and a full-fledged SAP system ready for logon.

A standard installation is essentially a distributed installation where all of the components are in a single host, as shown in Figure 14.

Automating a distributed installation


42

Figure 14. Distributed SAP installation workflow

Therefore, in automating a distributed installation, we use the same deployment strategy as for a standard SAP installation, except that the workflow appears as follows:

1. Create an ASCS virtual machine and use a script to install the instance.

2. Connect to ASCS and update the hosts file or DNS server with the new virtual machine.

3. Create a DB virtual machine and use a script to install the DB instance.

4. Create a PAS virtual machine, connect to the ASCS shared folders, and use a script to install an instance.

The scripts are adjusted as follows:

The file systems of SAP instances must be different from that of the DB instance

The group IDs (GID) and user IDs (UID) of the SAP and database users must be the same on all instances

The SAP product IDs must be changed according to what type of SAP instance is installed

There must be a command that mounts the SAP shared folders, such as /sapmnt/<SID>/exe, /sapmnt/<SID>/profile, and /sapmnt/<SID>/global

The /etc/hosts files of every virtual machine must be updated accordingly


43

If there is a need to scale out the SAP workload, you can now provision an AAS and automatically attach it to an existing ASCS. Configuring autoprovisioning of an AAS is mostly similar to that of a PAS, but a few differences must be considered when writing the script:

The ASCS details (hostname, SID) must be requested as user input so that the workflow knows where the provisioned AAS is to be attached

The DB details (hostname) must be requested

How autoprovisioning works

Figure 15 depicts the general automation workflow and shows the components that must be configured in vCloud Automation Center Application Services.

Figure 15. User workflow for self-provisioning an SAP system using vCloud Automation Center

The configuration workflow is encapsulated in a container called Application (A). The Application consists of the following:

An application blueprint (B), which contains all parameters and orchestrates the whole process

Deployment profiles (C), which serve as the blueprint’s customization

In the case of autoprovisioning, the Small deployment profile is used to implement a blueprint with minimal resources, while the Large profile deploys the same blueprint but with larger allocations.

Each Application services blueprint has two components, a Logical Template and a Service. The Logical Template contains information on the Cloud Provider (D) and the OS version. The Service contains the information needed to provision the virtual machine, including the script that we want to run against the virtual machine, and the

Elasticity: Automating an SAP AAS installation


44

OS that the script is compatible with. This script is the main script that triggers the SAP installation, as described earlier.

The Cloud Provider contains information about which cloud the application is working on. Application Services extracts templates from the Cloud Provider depending on the type required: a vCloud Automation Center blueprint (E), a catalog, or even another public cloud template. For this solution, we used a blueprint that clones the virtual machine template.

The Application container can be accessed through a service catalog in vCloud Automation Center. The service catalog is mapped to an application’s deployment profile in Application Services.

The following sections show detailed procedures on how to enable these functionalities.

Self-service provisioning

This section describes how to enable full self-service provisioning of an SAP system in vCloud Automation Center. The top-level steps are as follows:

1. Check the prerequisites.

2. Create an SAP-ready guest virtual machine template.

3. Set up an SAP unattended installation script.

4. Create a vCloud Automation Center blueprint to automate cloning from the virtual machine template.

5. Create an Application blueprint to automate SAP installation.

6. Create a vCloud Automation Center Service Catalog Item to serve as a user input screen.

7. Deploy an SAP system.

For validation, we provisioned an SAP system running on SLES/Oracle.

Note: The procedure described in the next section is applicable to all standard installations, distributed installations, and AAS installations, unless otherwise specified.

The following must be present before configuring the solution:

vCenter Server and vCloud Automation Center, configured according to the EMC Enterprise Hybrid Cloud 2.5.1, Federation Software-Defined Data Center Edition: Foundation Infrastructure Solution Guide

vCloud Automation Center application services, properly configured

The component IDs of the SAP systems that you want to include in the self-service portal; see SAP note 950619

Verifying prerequisites


45

SAP installation media downloaded from the SAP service marketplace; SAP S-user and authorization to download required

A mountable NFS file system that contains the SAP installation media. The automation script will mount this file system to the newly created virtual machines.

This section describes the specifications needed for an SAP-ready virtual machine template.

Note: The amounts of resources specified are initial values only. You must observe proper sizing based on business requirements when provisioning.

Table 3 shows the virtual machine specifications used for testing.

Table 3. Virtual machine specification and installation media

Hardware Software SAP Installation media (SAP ECC 6.0 EhP7 SR1)

4-core CPU (1 socket x 4 cores/socket)

8 GB RAM

1 SCSI controller

150 GB disk space

SUSE Linux 11 SP3

Oracle 11.2

SAP ERP 6.0 EhP 7

SAP Software Provisioning Manager (SWPM) 1.0 for Linux X86_64

SAP UC Kernel 741 (D51047455_6)

SAP ECC 6.0 EhP7 SR1 Installation export DVD 1 and 2

Oracle RDBMS 11.2.0.3 for Linux X86_64 (D51041939)

Oracle CLIENT 11.2.0.3 (CD51041940)

1. Ensure that the following packages are installed (check using RPM or YaST)

during SUSE Linux Enterprise (SLES) installation:

SAP Application Server Base (sapconf)

C/C++ compiler and tools

gcc (x86_64)

gcc-c++ (x86_64)

glibc-devel

libaio-devel

libstdc++

SAP locales (see SAP note 171356)

Java Developer Kit 1.4.2 (See SAP note 709140)

Bourne Again Shell (bash) and C Shell (csh)

Public Domain Korn Shell (ksh)

Creating an SAP-ready virtual machine template

https://service.sap.com/swdc


46

2. Change the soft and hard limit for SAP and Oracle users to 65536 in /etc/sysconfig/sapconf:

LIMIT_1=”@sapsys soft nofile 65536”

LIMIT_2=”@sapsys hard nofile 65536”

LIMIT_3=”@sdba soft nofile 65536”

LIMIT_4=”@sdba hard nofile 65536”

LIMIT_5=”@dba soft nofile 65536”

LIMIT_6=”@dba hard nofile 65536”

3. Reload the sapconf file by executing the command /etc/init.d/boot.sapconf reload.

4. Save the virtual machine to a template when all the adjustments are completed. This will be imported later.

The automation is enabled using the following executables:

vCAD MAIN SCRIPT, which you need to write. EMC recommends that EMC Services customize this main script for you to ensure reliability.

RUNINSTALLER to run an unattended Oracle installation. This command is incorporated into the main script.

SAPINST to run the SAP silent installation. The executed command is relatively simple, but the initial preparation takes some time to set up. SAP note 950619 guides you through the process. There may be some solution-specific customizations not covered by the SAP note, therefore EMC recommends deploying this through EMC Managed Services.

Once the scripts are prepared, create blueprints that will incorporate the scripts and workflows to automate the process.

When the templates, scripts, and NFS media server are ready, you can combine all these in vCloud Automation Center Application services. Figure 16 shows the interface.

Setting up silent installation scripts

Creating vCloud Automation Center Application blueprints

Deploying the automation workflow


47

Figure 16. SAP Blueprint interface in vCloud Automation Center Application services

Deploy the automation workflow as follows:

1. Log in to vCloud Automation Center. Under Catalog, select the deployment profile/catalog item that you configured in the previous section.

2. Type a description under Request Information.

3. Use the input screen under Properties to customize the details based on the Properties settings configured previously.

Quickly deploy and wait for the operations to finish. You can monitor the progress using vCenter Server.

Validation use case

This use case validates the effectiveness and efficiency of the automation features of EMC Enterprise Hybrid Cloud for SAP.

An EMC Enterprise Hybrid Cloud user intends to install a new distributed SAP system using the autoprovisioning capability of EMC Enterprise Hybrid Cloud.

Test scenario


48

Our test objective was to fully provision a distributed SAP system in EMC Enterprise Hybrid Cloud using only vCloud Automation Center Application services, without doing any manual procedure except the initial input.

To conduct this test, we configured the automation and deployed a distributed SAP system. Figure 17 shows a sample self-service interface for a user who intends to create a new SAP system from scratch.

Figure 17. Install new SAP system

The average time to complete five SAP ERP 6 standard installation systems was 3 hours and 25 minutes. Figure 18 shows the result of SAP provisioning.

Figure 18. Result of SAP provisioning

Test objective

Test procedure

Test results

Chapter 7: Networking and Security

49

Chapter 7 Networking and Security


Overview .................................................................................................................. 50

Multitenant security................................................................................................. 50

Solution architecture ............................................................................................... 50



50

Overview

This chapter introduces the network and security design of the NSX platforms, and the network and security integration of an EMC Enterprise Hybrid Cloud solution for SAP.

Use this chapter as a reference to begin the networking, security planning, and design process for your hybrid cloud for SAP.

Note: Ensure that you have read the EMC Enterprise Hybrid Cloud 2.5.1, Federation Software-Defined Data Center Edition: Federation Infrastructure Solution Guide to fully understand tenants, business groups, and other multitenancy concepts used in this chapter.

Multitenant security

Valid concerns exist around information leakage and unauthorized access to data (“nosy neighbors”) on a shared network infrastructure. Consumers of the provisioned resources need to operate in a dedicated environment and benefit from infrastructure standardization. To address these concerns, this solution was designed for multitenancy with a defense-in-depth perspective, which is demonstrated through the following:

Implementation of VLANs to enable isolation at Layer 2 in the cloud management pod, and where the solution intersects with the physical network

Use of VXLAN overlay networks to segment tenant and business group traffic flows

Integration with firewalls that are functioning at the hypervisor level to protect virtualized applications and enable security policy enforcement in a consistent fashion throughout the solution

Deployment of Edge firewalls to protect the business group and tenant perimeters

In this solution, we assigned subnets to predefined business groups on which the firewall rules can be based.

This chapter demonstrates how SAP application networks can address data security by isolating different tenants and business groups from each other inside a cloud environment.

Solution architecture

In designing the physical architecture, our main considerations were the following:

Security

High availability


51

Performance

Scalability

Each layer is fault tolerant with physically redundant connectivity throughout. The loss of any one infrastructure component or link does not result in a loss of service to the tenant. If the architecture is scaled appropriately, the loss of a component or link does not impact service performance.

The logical network topology is designed to address the requirements of enabling multitenancy and securing separation of tenants and business groups in EMC Enterprise Hybrid Cloud. The topology is also designed to align with security best practices to segment the networks according to the purpose or traffic type.

Figure 19 shows the logical topology of the physical and virtual networks defined in the EMC Enterprise Hybrid Cloud solution for SAP.

Logical network topology


52

Figure 19. Security logical infrastructure

Validation use case

The default configuration for our environment allowed only virtual machines belonging to the same business group. More detailed rules can always be set, depending on customer requirements.

In this test environment, we took a simple case of a customer with two tenants, each with one or more business units. Each business unit has a three-system SAP landscape.

Test scenario


53

Our objective was to achieve the segregation scheme shown in Figure 20, such that:

EMC Enterprise Hybrid Cloud can block all external connectivity outside its business group or tenant.

EMC Enterprise Hybrid Cloud is flexible enough to make exceptions to the rules

Figure 20. Sample scenario

We tested the systems shown in blue in Figure 20. Table 4 shows the detailed information about the SAP systems that we tested.

Table 4. Detailed information on tested SAP systems

SID IP Address

1. ED1 2. 192.168.170.100

3. EQ1 4. 192.168.170.101

5. EP1 6. 192.168.170.102

7. HRP 8. 192.168.171.103

9. PIP 10. 192.168.180.101

The test procedure is as follows:

1. Configure Edge in the EMC Enterprise Hybrid Cloud environment.

2. Configure the firewall rules on Edge as shown in Figure 21.

Test objectives

Test procedure


54

Figure 21. Firewall rules

We created firewall rules in the Edge to control the access to the SAP system. The rules enabled us to define each of the SAP systems’ access rules to enhance the network security and monitor firewall logs.

Figure 22 shows the firewall rules from PIP to EP1. The rules show that all traffic to EP1 is blocked from PIP, except the RFC protocol, which uses TCP port 3300. The default rules for the firewall deny all traffic between different subnets.

Figure 22. Firewall rules from PIP to EP1

We tested two RFC connections from PIP to EP1. As shown in Figure 22 and Figure 23, the connection between PIP and EP1 was blocked except for the RFC port 3300. The firewall also captured the network packet and logged the detailed connection information.

Test results


55

Figure 23. Test results for firewall rules

Table 5 summarizes the test results. EMC Enterprise Hybrid Cloud for SAP can secure your data at the level that is required across different clouds, without affecting productivity.

Table 5. Use case test result

From To Expected Result Assessment

11. EQ1 12. HRP 13. Blocked 14. Blocked 15. Passed

16. EP1 17. HRP 18. Blocked 19. Blocked 20. Passed

21. HRP 22. EP1 23. Blocked 24. Blocked 25. Passed

26. PIP 27. HRP 28. Blocked 29. Blocked 30. Passed

31. PIP 32. EP1 33. Blocked except port 3300

34. Blocked except port 3300

35. Passed

Chapter 8: Cloud Monitoring and Root Cause Analysis

56

Chapter 8 Cloud Monitoring and Root Cause Analysis


Overview of EMC Enterprise Hybrid Cloud monitoring .............................................. 57

SAP monitoring ........................................................................................................ 57

ViPR SRM and vCenter Operations Manager-Blue Medora configuration.................. 58

Customized monitoring dashboard .......................................................................... 58



57

Overview of EMC Enterprise Hybrid Cloud monitoring

Using multiple management interfaces to gather performance and capacity information is not a practical solution when you maintain tens to hundreds of SAP systems. Using multiple management interfaces is time consuming and often results in mismanaged resources. These challenges require end-to-end visibility (from back-end storage to SAP application level) across the entire cloud.

This section shows how an integrated, automated management solution that is powered by EMC ViPR SRM and vCenter Operations Manager technologies provides service assurance so that the cloud or tenant administrator can do the following:

Obtain virtualized data center visibility (through ViPR SRM)

Enable system efficiency and maintain IT compliance to standards and best practices (through ViPR SRM)

Use customized and intelligent views and reports to get detailed information (through ViPR SRM and vCenter Operations Manager)

The EMC Enterprise Hybrid cloud monitoring solution provides the following capabilities:

Real-time performance monitoring and analysis

EMC ViPR integration

Reporting

Configuration validation and compliance

EMC ViPR SRM alerting

Scheduling and sending reports through emails

SAP monitoring using the Blue Medora vCenter Operations Management Pack for CCMS

In this chapter, we focus on the first item: real-time performance monitoring and analysis. For details on the remaining capabilities, refer to the EMC Enterprise Hybrid Cloud 2.5.1, Federation Software-Defined Data Center Edition: Federation Infrastructure Solution Guide.

SAP monitoring

SAP tenant administrators can use role-based performance dashboards to analyze individual metric behaviors and determine the health of an enterprise, in part or as a whole.

Blue Medora vCenter Operations Management Pack for SAP CCMS enables vCenter Operations Manager to collect health and performance metrics taken from the SAP Computing Center Management System (transaction code RZ20). It provides a unified view of the health, risk, and efficiency of the infrastructure and the SAP applications.


58

Real-time monitoring, displayed as widgets, improves the quality of service and provides early detection of issues related to performance, capacity, and configuration.

Enabling this solution requires configuration of ViPR SRM and vCenter Operations Manager, and customization of the Blue Medora interface. You can find the detailed procedures in the EMC Enterprise Hybrid Cloud 2.5.1, Federation Software-Defined Data Center Edition: Federation Infrastructure Solution Guide and in the corresponding product documentation. The next section provides a summary of the process.

ViPR SRM and vCenter Operations Manager-Blue Medora configuration

To deploy ViPR SRM to manage all data, perform the following steps:

1. Deploy ViPR SRM as a virtual appliance in a VMware environment or install the ViPR SRM core software on Linux or Windows Server.

2. Log into the ViPR SRM GUI and apply the core suite licenses.

3. Enable the SNMPv1 on the SAN switch to support switch discovery, data collection, and alert consolidation.

4. Install and configure EMC SMI-S to support EMC VMAX data collection.

5. Install and configure the required solution package for each of the following:

a. Solution Package for SAN Switch

b. Solution Package for EMC ViPR

c. Solution Package for EMC VMAX

d. Solution Package for EMC VNX

e. Solution Package for VMware vCenter

6. Install vCenter Operations Manager.

7. Install and configure the SAP adapter.

8. Customize the dashboard in vCenter Operations Manager.

Customized monitoring dashboard

The monitoring dashboard is easy to customize, providing you with a clear, uncluttered view of the cloud environment. You can find detailed procedures in the relevant product documentation. Figure 24 shows an example of a customized dashboard for the SAP tenant administrator.


59

Figure 24. vCenter Operations Manager performance dashboard for SAP tenant administrator

This example shows statistics for two SAP systems, DX1 and EP1.

The widgets in Figure 24 are numbered 1 through 6 and display the following:

1. Health overview, which shows the health status of a tenant’s SAP

2. SAP system real-time KPIs, which include the following counters:

SAP Dialog response time

Database response time

Total online SAP users

Batch utilization

3. Tenant generic scoreboard, which shows the workload and read/write latency of the DX1 and EP1 systems

4. Metric graph of the DX1 and EP1 systems showing:

CPU utilization

Space usage under the /oracle folder

The blue line indicates that the file system of DX1 systems is full, and the tenant administrator can reclaim the space or assign more space to the /oracle folder.

Swap space usage

5. Health workload scorecard


60

6. Health tree of Tenant A’s SAP application instances

To understand how all these elements work together, we formed a test scenario to see the monitoring tools in action.

Validation use case

In this use case, we simulated an SAP system that was experiencing an abnormally high workload. The simulation demonstrates how a tenant administrator can monitor the SAP systems in real-time and coordinate with the cloud administrator to perform an end-to-end root-cause analysis.

For this use case, our objective was to determine the root cause of a simulated performance bottleneck using the EMC Enterprise Hybrid Cloud SAP monitoring solution.

This section explains the monitoring and root-cause analysis procedures and the derived conclusion.

Monitoring the SAP application

We logged into vCenter Operations Manager to monitor Tenant A’s SAP systems to identify the affected area. As shown in Figure 25, EP1’s dialog response time reached 1,124 ms and its DB response time reached 785 ms, while DX1’s dialog response time reached 1,292 ms and its DB response time reached 986 ms. On the workload generic scoreboard, EP1’s workload reached 21,225 IOPS and the DX1 workload reached 20,609 IOPS. The EP1 and DX1 workloads had high disk latency, but CPU and memory utilization were acceptable.

Test scenario

Test objective

Test procedure and results


61

Figure 25. Tenant A’s SAP system DX1 and EP1 performance dashboard

Identifying the topology path from virtual machine to storage

To efficiently locate the ESXi host and the storage of the affected virtual machine, we quickly retrieved an end-to-end view of the relationship between the virtual machine (saperp6-9V0YQYU) and the storage in ViPR SRM, as shown in Figure 26. The virtual machine on the C460-22 ESXi server was connected to the VNX storage (VNX2-2852) through two fabric switches.

Figure 26. End-to-end view from the virtual machine to storage


62

End-to-end detailed performance analysis of the affected virtual machine

Next, we examined more details about the virtual machine, ESXi host, fabric switches, and array. By clicking each of these objects and selecting CPU, memory, and storage performance, we could detect performance irregularities through the trends that the KPI charts in Figure 27 show.

Figure 27. Performance dashboard on EMC ViPR SRM

The figure shows the performance dashboards that relate to the SAP system in EMC ViPR SRM. The widgets comprising the dashboard are numbered 1 through 3 and show the following:

1. CPU and memory usage on the ESXi server that hosts the SAP systems

2. FC port throughput on the SAN switch used by the ESXi server

3. Disk response time, utilization, and IOPS on the storage

We analyzed virtual machine-to-array end-to-end performance using ViPR SRM and observed the results shown in Table 6.


63

Table 6. Virtual machine-to-array performance analysis in EMC ViPR SRM

Component Measure Value Normal values

Virtual machine (saperp6-9V0YQYU)

CPU utilization 71% < 80%

IOPS 20,609 (informational)

ESXi server CPU utilization 40%

Memory Utilization 53%

SAN switch Port throughput 750 MB/s

Port link status No link failure, no signal loss

No failure

Array Storage processor (SP) utilization

SPA: 50%

SPB: 54% < 70%

SP dirty page 80% < 100%

SP total throughput 42,665 IOPS (informational)

Disk IOPS 125 IOPS/disk < 80 for NL_SAS

Disk latency 14 ms < 10 ms

The virtual machine I/O reached 20,609 IOPS. However, the virtual machine CPU utilization was 71 percent. The virtual machine CPU did not cause the bottleneck, and we proceeded to the host level.

The ESXi host and SAN switch showed similar behavior to that of the virtual machine chart. The CPU and switch port utilization were both acceptable. Neither the ESXi host nor the switches caused the bottleneck, and we proceeded to the array level.

The array’s SPA and SPB utilization were 50 percent and 54 percent respectively, with no force flush (100 percent dirty page), so the array’s SPs were healthy. But when we looked at the disks in the storage pool used by this SAP system, we found that each NL_SAS disk I/O reached up to 125 IOPS, and the response time was about 14 ms. Therefore, we concluded that this is a storage-level issue.

Root cause

The root cause for the performance degradation is that the NL_SAS storage pool used is not sufficient to handle the workload of the two SAP systems. The average disk IOPS reached 125, which exceeds the prescribed workload of 80 IOPS for an NL_SAS disk. This resulted in high disk latency on the disk layer, leading to high SAP dialog response time.

EMC recommends that you add more SAS or flash disks in this pool, or migrate some SAP systems to a higher storage-service level (a VNX SAS tier, for example) to resolve this issue.

Chapter 9: Conclusion

64

Chapter 9 Conclusion

This chapter presents the following topic:

Conclusion ............................................................................................................... 65

Chapter 9: Conclusion

65

Conclusion

EMC Enterprise Hybrid Cloud enables an IT organization to balance the criticality requirements versus the TCO of each SAP virtual machine in the environment, while maintaining management autonomy and data privacy.

EMC Enterprise Hybrid Cloud for SAP demonstrates higher operational efficiency for the following:

Security—EMC Enterprise Hybrid Cloud offers an easy way to implement network and security rules that can be mapped to a two-tier multitenancy model.

Self-service provisioning—EMC Enterprise Hybrid Cloud provides tools that can automate virtual machine lifecycle processes, such as the creation of a virtual machine, up to installing a full SAP system, greatly reducing the manual effort required to do similar tasks.

Migration—EMC Enterprise Hybrid Cloud enables you to migrate and transform SAP systems into an EMC Enterprise Hybrid Cloud-ready virtual machine with a few clicks.

Cloud monitoring and root-cause analysis—EMC Enterprise Hybrid Cloud gives you full and user-friendly visibility across all components in the environment, from the storage level all the way up to SAP level.

The EMC Enterprise Hybrid Cloud provides a preconfigured, easy-to-deploy environment, with most of the characteristics that IT users expect when interacting with public cloud portals validated for SAP system landscape architectures and operational requirements. By providing full integration between public and private cloud environments, the EMC Enterprise Hybrid Cloud enables the implementation of a hybrid cloud-computing environment in a faster, simpler, and cheaper way.

To meet ever-evolving business scenarios and corresponding changing IT requirements, the EMC Enterprise Hybrid Cloud for SAP is a foundation based on industry standards with an open and flexible core. It provides the foundation to get enterprises ready for the unexpected, and is the right choice when uncertainty demands careful risk management in terms of IT investments.

Documents

EMC Enterprise Hybrid Cloud 2.5.1, Federation Software ... Software-Defined Data Center Edition Foundation for SAP Solution Guide ... SAP Blueprint interface in vCloud Automation Center