This document is intended to provide technical guidance on how to deploy a High Available SAP system using KEMP LoadMaster to provide various Application Delivery network services for SAP on Azure HTTP protocol-based client traffic to SAP backend application systems.
Clients to an SAP backend are typically:
- End users who are using different browser types to work interactively iVPNn SAP systems
- Other SAP and non-SAP applications connecting using web-services or RESTful Application Program Interfaces (APIs) to an SAP backend system for application integration scenarios.
High Level Overview:
In the architecture above you can see a diagram of a highly available SAP system which typically has the above layout:
You can have domain controller inside a VM, which could be a replica of your active directory on-premises, then you have the SCS which is protected with Window Server Failover Cluster. The SIOS DataKeeper (3rd party solution) enable the creation of a cluster on Azure without shared disks.
On top of that layer you can place some other administration tools for example for monitoring or backup purposes.
In the middle of the diagram we see 3 small boxes:
- SAP Web Dispatcher
- Application Server Pool
- SAP Service Cluster
All services contains configuration within an Availability set where the primary replicas synchronize the content in the second replica, in these Av set you will have the option of replication / failover to reduce the downtime in case of hardware failure
In order to implement the Availability group functionality on Azure, you must use an Internal Load Balancer (ILB) to act as the listener of this Availability Group
The SAP application server, equally within an availability set. SAP can be deployed within multiple application servers through http / https, in which you can use load balancing.
The SAP Web dispatcher lies between the Internet and your SAP system. It is the entry point for HTTP(s) requests into your system, which consists of one or more SAP application servers.
However SAP Application servers are protected by virtue of multiplicity, in this case, HTTP(S) load balancing is being handled by the KEMP Virtual Loadmaster built on an Azure VM.
The KEMP Virtual Loadmaster therefore contributes not only to security purposes but also balances the load in your SAP system. You can have 2 different approaches:
- KEMP VLMredirect traffic to the SAP web dispatcher. The KEMP Virtual Loadmaster distributes traffic to the SAP Web Dispatcher VMs. This configuration implements the parallel web dispatcher option described in High Availability of the SAP Web Dispatcher.On the other hand, it enables failover in the Windows Server Failover Cluster, by directing incoming connections to the active/healthy node.
- KEMP VLM can perform key capabilities overriding SAP web dispatcher functionality:
- Persistence –
- There are a number of Layer 7 persistence methods available to select in the Virtual Services modify screen. These methods look beyond the IP address and port and provide a range of options to achieve layer 7 persistence.
- Configuration traffic distribution – You can choose a variety of methods to distribute traffic among a cluster or group of servers. The traffic distribution is based on a load balancing algorithm or scheduling method. The schedules are applied on a per Virtual Service basis.
- Content switching – Content switching allows you to break up traffic based on the content of the request. Traffic can be examined by the: Request URL, HTTP Header, Source IP address, Body of a request.
- Web caching – The LoadMaster can cache static content that fits certain criteria (file extension, query string, caching headers, size, etc.)
By adding the KEMP Virtual Loadmaster on top of the Azure Load balancer functionality you can efficiently distribute user traffic for the SAP workloads so that users get the best performance experience possible.
Also, High Availability (HA) and high capacity scale-out deployments of the SAP solutions are complemented from the network technology side. The entire KEMP LoadMaster product family, including the Virtual LoadMaster (VLM) supports SAP.
In the right layer – SAP HANA Subnet- you should deploy more than one instance and use HANA System Replication (HSR) to implement manual failover or enable automatic failover by using an HA extension for the specific Linux distribution.
Note: The DB layer, for SQL Server DB, you should use AlwaysOn Availability Group (AG) built on a WSFC leveraging node majority with a file share witness quorum.
Microsoft suggest to implement a VPN Gateway to extend your on-premises network to the Azure VNet. You can also use ExpressRoute, which uses a dedicated private connection that does not go over the public Internet.
At the very below layer I strongly recommend you deploy a KEMP 360 Central instance, a monitoring tool focused on network administrators, which provides a centralized view of the status and performance of your infrastructure, enabling rapid problem detection and RBAC management.
For High Available Scenarios consider the following:
- ·Eliminate single point of failure:
- Hardware redundancy
- Network redundancy
- Datacenter redundancy
- HA support:
- Backups
- Storage replication
- Host Auto-failover
KEMP LoadMaster supports SAP applications by providing comprehensive L4 -L7 traffic distribution and session persistence, application health checking, SSL acceleration, IPS and data Caching/Compression. These features along with Edge Security services like Single Sign-On (SSO), Web Application Firewall (WAF) and pre-authentication all enhance application performance and user experience for application workloads.