In order to give you a better understanding of what we are actually offering, we have decided to write this post which will describe the technical part of the infrastructure. If you need high availability, or have significant system load, or require additional integration with external systems and cloud services – we should suggest your using the enterprise support and personal architecture design based on your requirements.
Before we turn to the technical part itself, let us say a few words about selecting an appropriate infrastructure provider.
If you are looking for non-productive usage, Hetzner Online is most likely to be the right choice for you as it will give you at least 2-3 times cheaper landscape (and frankly speaking, most likely with higher performance since you are to use bare-metal installation without any overheads for virtualization). Here you can find the details about the proposed hardware
In case you are looking for productive hosting, you need to determine the degree of risk that can be acceptable for you. The worst possible scenario is a complete failure of the server and having to restore from the backup. Considering the fact that you will have to order a new machine, or wait for the original one to get fixed, it can take as long as 1-2 working days (which can be reduced in some cases using “cold standby” on AWS – please read the article below). If you see that such downtime is going to cost you much more than the AWS costly infrastructure, it will be wise not to use Hetzner Online. Still, if such downtime is acceptable, it makes sense to save money on infrastructure, and rent a dedicated server from Hetzner Online.
If you decide to use AWS because of your strict requirements on availablity – please be aware that the Cloud infrastructure itself does not provide you with 100% uptime and high availability. You are still at risk with datacenter level failure, and still need to design a distributed architecture. Please refer to official AWS documentation for more details. In fact, such configuration is out of scope of our simple support services. We can help you with this either on a regular project basis, or as part of our enterprise support services.
Our proposal based on service packages is designed mainly for small- and mid-size installations, or non-productive systems. The idea behind this is to use the standardized infrastructure design prepared by us.
System Landscape and Security
Should you be using non-productive systems only, or your security policies are ok with direct access to systems via the Internet – we can offer a very simple architecture – just separate instances with configured firewall (both Hetzner and AWS allow setting up a firewall in between the instances).
Should you need a better-secured solution, we have 2 possible options depending on the infrastructure provider you choose:
- If you decide to use Hetzner Online infrastructure – we suggest choosing the option with additional physical connection between the servers. All the servers are physically placed in one rack and connected by a dedicated network switch. Direct access from outside is blocked to all SAP systems, and one additional server acts as the access gateway. Another option is to use vSwitch option allowing creating a similar configuration on VLAN level.
- If you decide to use AWS – you will have a built-in option to put your instance inside VPC (Virtual Private Cloud), block direct access from the Internet, and enable, for example, VPN. AWS allows for quite a wide range of configuration options, so please refer to official AWS documentation once you need to go into technical details, or ask in comments right there, or email to email@example.com
Backup, Failure Protection and Disaster Recovery:
For both AWS and Hetzner Online infrastructure, we are offering a regular database and transactional log backup. In addition to AWS, you can have a built-in option for creation snapshots of instances. So, if AWS is the choice, the recovery strategy is quite simple – in the worst case you will have to recover the instance from snapshots, and next run database recovery for the point-in-time from backup.
Once you have at least 2 instances you can organize a cross-system backup, i.e. store backups on both the instances, in addition to the external backup – to reduce downloading time in case of urgent recovery.
However, with Hetzner Online we suggest you should use physical servers (the reason is that Hetzner Cloud is not yet certified to run SAP applications). And here in the worst imaginable case (complete server failure and replacement) it can take about 24-48 hours to fix. The likeliness of this scenario is quite low but still possible though. If such downtime is too high for you – we can offer a solution of “cold” standby.
Let us check how this works. We create an additional instance on AWS containing a system copy that we protect. Normally, this instance remains disabled. In case of any serious problem with the “original” system – the instance on AWS can be started, and the latest database backup and redo logs can be applied. This is not HA configuration; still it reduces unexpected downtime to 1-3 hours (depending on the database size and the reaction time of the support team).
In addition to such configuration, some load-balancing should be configured on front of SAP server itself – it might be either sap-router/web-dispatcher, or simply any load balancer able to work on tcp level (or even something like redirection in iptables). In our case we prefer to use HAproxy as a simple well-known balancing solution. Below is a sample scheme showing how to transparently switch to the standby SAP instance.
As you can see, combining cheaper instances from Hetzner Online with AWS services makes it possible to keep downtime within 2-3 hours limit, without using permanently enabled standby instances or creating huge additional costs
Here is the video showing this approach in action.
Hope that this post managed to provide you with some insights on how your infrastructure can be organized. We are continuously improving our services, so the exact solution offered to the customer might be slightly different from the described concept. So if you have questions regarding any details, feel free to ask in comments or contact firstname.lastname@example.org