This document is intended to provide technical guidance on how to deploy a High Available SAP system using KEMP LoadMaster to provide various Application Delivery network services for SAP on Azure HTTP protocol-based client traffic to SAP backend application systems.
Clients to an SAP backend are typically:
In the architecture above you can see a diagram of a highly available SAP system which typically has the above layout:
You can have domain controller inside a VM, which could be a replica of your active directory on-premises, then you have the SCS which is protected with Window Server Failover Cluster. The SIOS DataKeeper (3rd party solution) enable the creation of a cluster on Azure without shared disks.
On top of that layer you can place some other administration tools for example for monitoring or backup purposes.
In the middle of the diagram we see 3 small boxes:
All services contains configuration within an Availability set where the primary replicas synchronize the content in the second replica, in these Av set you will have the option of replication / failover to reduce the downtime in case of hardware failure
In order to implement the Availability group functionality on Azure, you must use an Internal Load Balancer (ILB) to act as the listener of this Availability Group
The SAP application server, equally within an availability set. SAP can be deployed within multiple application servers through http / https, in which you can use load balancing.
The SAP Web dispatcher lies between the Internet and your SAP system. It is the entry point for HTTP(s) requests into your system, which consists of one or more SAP application servers.
However SAP Application servers are protected by virtue of multiplicity, in this case, HTTP(S) load balancing is being handled by the KEMP Virtual Loadmaster built on an Azure VM.
The KEMP Virtual Loadmaster therefore contributes not only to security purposes but also balances the load in your SAP system. You can have 2 different approaches:
By adding the KEMP Virtual Loadmaster on top of the Azure Load balancer functionality you can efficiently distribute user traffic for the SAP workloads so that users get the best performance experience possible.
Also, High Availability (HA) and high capacity scale-out deployments of the SAP solutions are complemented from the network technology side. The entire KEMP LoadMaster product family, including the Virtual LoadMaster (VLM) supports SAP.
In the right layer – SAP HANA Subnet- you should deploy more than one instance and use HANA System Replication (HSR) to implement manual failover or enable automatic failover by using an HA extension for the specific Linux distribution.
Note: The DB layer, for SQL Server DB, you should use AlwaysOn Availability Group (AG) built on a WSFC leveraging node majority with a file share witness quorum.
Microsoft suggest to implement a VPN Gateway to extend your on-premises network to the Azure VNet. You can also use ExpressRoute, which uses a dedicated private connection that does not go over the public Internet.
At the very below layer I strongly recommend you deploy a KEMP 360 Central instance, a monitoring tool focused on network administrators, which provides a centralized view of the status and performance of your infrastructure, enabling rapid problem detection and RBAC management.
For High Available Scenarios consider the following:
KEMP LoadMaster supports SAP applications by providing comprehensive L4 -L7 traffic distribution and session persistence, application health checking, SSL acceleration, IPS and data Caching/Compression. These features along with Edge Security services like Single Sign-On (SSO), Web Application Firewall (WAF) and pre-authentication all enhance application performance and user experience for application workloads.