Tutorial: Set up monitoring for SAP HANA - Amazon CloudWatch
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Tutorial: Set up monitoring for SAP HANA

This tutorial demonstrates how to configure CloudWatch Application Insights to set up monitoring for your SAP HANA databases. You can use CloudWatch Application Insights automatic dashboards to visualize problem details, accelerate troubleshooting, and facilitate mean time to resolution (MTTR) for your SAP HANA databases.

Supported environments

CloudWatch Application Insights supports the deployment of Amazon resources for the following systems and patterns. You provide and install SAP HANA database software and supported SAP application software.

  • SAP HANA database on a single Amazon EC2 instance — SAP HANA in a single-node, scale-up architecture, with up to 24TB of memory.

  • SAP HANA database on multiple Amazon EC2 instances — SAP HANA in a multi-node, scale-out architecture.

  • Cross-AZ SAP HANA database high availability setup — SAP HANA with high availability configured across two Availability Zones using SUSE/RHEL clustering.

Note

CloudWatch Application Insights supports only single SID HANA environments. If multiple HANA SIDs are attached, monitoring will be set up for only the first detected SID.

Supported operating systems

CloudWatch Application Insights for SAP HANA supports x86-64 architecture on the following operating systems:

  • SuSE Linux 12 SP4 For SAP

  • SuSE Linux 12 SP5 For SAP

  • SuSE Linux 15

  • SuSE Linux 15 SP1

  • SuSE Linux 15 SP2

  • SuSE Linux 15 For SAP

  • SuSE Linux 15 SP1 For SAP

  • SuSE Linux 15 SP2 For SAP

  • SuSE Linux 15 SP3 For SAP

  • SuSE Linux 15 SP4 For SAP

  • SuSE Linux 15 SP5 For SAP

  • RedHat Linux 8.6 For SAP With High Availability and Update Services

  • RedHat Linux 8.5 For SAP With High Availability and Update Services

  • RedHat Linux 8.4 For SAP With High Availability and Update Services

  • RedHat Linux 8.3 For SAP With High Availability and Update Services

  • RedHat Linux 8.2 For SAP With High Availability and Update Services

  • RedHat Linux 8.1 For SAP With High Availability and Update Services

  • RedHat Linux 7.9 For SAP With High Availability and Update Services

Features

CloudWatch Application Insights for SAP HANA provides the following features:

  • Automatic SAP HANA workload detection

  • Automatic SAP HANA alarm creation based on static threshold

  • Automatic SAP HANA alarm creation based on anomaly detection

  • Automatic SAP HANA log pattern recognition

  • Health dashboard for SAP HANA

  • Problem dashboard for SAP HANA

Prerequisites

You must perform the following prerequisites to configure an SAP HANA database with CloudWatch Application Insights:

  • SAP HANA — Install a running and reachable SAP HANA database 2.0 SPS05 on an Amazon EC2 instance.

  • SAP HANA database user — A database user with monitoring roles must be created in the SYSTEM database and all tenants.

    Example

    The following SQL commands create a user with monitoring roles.

    su - <sid>adm hdbsql -u SYSTEM -p <SYSTEMDB password> -d SYSTEMDB CREATE USER CW_HANADB_EXPORTER_USER PASSWORD <Monitoring user password> NO FORCE_FIRST_PASSWORD_CHANGE; CREATE ROLE CW_HANADB_EXPORTER_ROLE; GRANT MONITORING TO CW_HANADB_EXPORTER_ROLE; GRANT CW_HANADB_EXPORTER_ROLE TO CW_HANADB_EXPORTER_USER;
  • Python 3.6 — Install Python 3.6 or later versions on your operating system. Use the latest release of Python. If Python is not detected on your operating system, Python 3.8 will be installed.

    See installation examples.

  • Pip3 — Install the installer program, pip3, on your operating system. If pip3 is not detected on your operating system, it will be installed.

  • Amazon CloudWatch agent — Make sure that you are not running a preexisting CloudWatch agent on your Amazon EC2 instance. If you have CloudWatch agent installed, make sure to remove the configuration of the resources you are using in CloudWatch Application Insights from the existing CloudWatch agent configuration file to avoid a merge conflict. For more information, see Manually create or edit the CloudWatch agent configuration file.

  • Amazon Systems Manager enablement — Install SSM Agent on your instances, and the instances must be enabled for SSM. For information about how to install the SSM agent, see Working with SSM Agent in the Amazon Systems Manager User Guide.

  • Amazon EC2 instance roles — You must attach the following Amazon EC2 instance roles to configure your database.

    • You must attach the AmazonSSMManagedInstanceCore role to enable Systems Manager. For more information, see Amazon Systems Manager identity-based policy examples.

    • You must attach the CloudWatchAgentServerPolicy to enable instance metrics and logs to be emitted through CloudWatch. For more information, see Create IAM roles and users for use with CloudWatch agent.

    • You must attach the following IAM inline policy to the Amazon EC2 instance role to read the password stored in Amazon Secrets Manager. For more information about inline policies, see Inline policies in the Amazon Identity and Access Management User Guide.

      { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue" ], "Resource": "arn:aws:secretsmanager:*:*:secret:ApplicationInsights-*" } ] }
  • Amazon resource groups — You must create a resource group that includes all of the associated Amazon resources used by your application stack to onboard your applications to CloudWatch Application Insights. This includes Amazon EC2 instances and Amazon EBS volumes running your SAP HANA database. If there are multiple databases per account, we recommend that you create one resource group that includes the Amazon resources for each SAP HANA database system.

  • IAM permissions — For non-admin users:

    • You must create an Amazon Identity and Access Management (IAM) policy that allows Application Insights to create a service-linked role, and attach it to your user identity. For steps to attach the policy, see IAM policy.

    • The user must have permission to create a secret in Amazon Secrets Manager to store the database user credentials. For more information, see Example: Permission to create secrets.

      { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "secretsmanager:CreateSecret" ], "Resource": "arn:aws:secretsmanager:*:*:secret:ApplicationInsights-*" } ] }
  • Service-linked role — Application Insights uses Amazon Identity and Access Management (IAM) service-linked roles. A service-linked role is created for you when you create your first Application Insights application in the Application Insights console. For more information, see Using service-linked roles for CloudWatch Application Insights.

Set up your SAP HANA database for monitoring

Use the following steps to set up monitoring for your SAP HANA database

  1. Open the CloudWatch console.

  2. From the left navigation pane, under Infrastructure monitoring, choose Application Insights.

  3. The Application Insights page displays the list of applications that are monitored with Application Insights, and the monitoring status for each application. In the upper right-hand corner, choose Add an application.

  4. On the Specify application details page, from the dropdown list under Resource group, select the Amazon resource group that contains your SAP HANA database resources. If you haven't created a resource group for your application, you can create one by choosing Create new resource group under the Resource group dropdown. For more information about creating resource groups, see the Amazon Resource Groups User Guide.

  5. Under Monitor CloudWatch Events, select the check box to integrate Application Insights monitoring with CloudWatch Events to get insights from Amazon EBS, Amazon EC2, Amazon CodeDeploy, Amazon ECS, Amazon Health APIs and notifications, Amazon RDS, Amazon S3, and Amazon Step Functions.

  6. Under Integrate with Amazon Systems Manager OpsCenter, select the check box next to Generate Amazon Systems Manager OpsCenter OpsItems for remedial actions to view and get notifications when problems are detected for the selected applications. To track the operations that are performed to resolve operational work items, called OpsItems, that are related to your Amazon resources, provide an SNS topic ARN.

  7. You can optionally enter tags to help you identify and organize your resources. CloudWatch Application Insights supports both tag-based and Amazon CloudFormation stack-based resource groups, with the exception of Application Auto Scaling groups. For more information, see Tag Editor in the Amazon Resource Groups and Tags User Guide.

  8. Choose Next to continue to set up monitoring.

  9. On the Review detected components page, the monitored components and their workloads automatically detected by CloudWatch Application Insights are listed.

    1. To add workloads to a component that contains a detected SAP HANA single node workload, select the component, then choose Edit component.

      Note

      Components that contain a detected SAP HANA multi node or HANA High Availability workload support only one workload on a component.

      
                                    The review components for monitoring page of the CloudWatch Application Insights console: select component to edit.
    2. To add a new workload, choose Add new workload.

      
                                    The edit component section of the CloudWatch Application Insights console: choose lower left button to add workload.
    3. When you are finished editing workloads, choose Save changes.

  10. Choose Next.

  11. On the Specify component details page, enter the username and password.

  12. Review your application monitoring configuration, and choose Submit.

  13. The application details page opens, where you can view the Application summary, the list of Monitored components and workloads, and Unmonitored components and workloads. If you select the radio button next to a component or workload, you can also view the Configuration history, Log patterns, and any Tags that you have created. When you submit your configuration, your account deploys all of the metrics and alarms for your SAP HANA system, which can take up to 2 hours.

Manage monitoring of your SAP HANA database

You can manage user credentials, metrics, and log paths for your SAP HANA database by performing the following steps:

  1. Open the CloudWatch console.

  2. From the left navigation pane, under Infrastructure monitoring, choose Application Insights.

  3. The Application Insights page displays the list of applications that are monitored with Application Insights, and the monitoring status for each application.

  4. Under Monitored components, select the radio button next to the component name. Then, choose Manage monitoring.

  5. Under EC2 instance group logs, you can update the existing log path, log pattern set, and log group name. In addition, you can add up to three additional Application logs.

  6. Under Metrics, you can choose the SAP HANA metrics according to your requirements. SAP HANA metric names are prefixed with hanadb. You can add up to 40 metrics per component.

  7. Under HANA configuration, enter the password and user name for the SAP HANA database. This is the user name and password that Amazon CloudWatch agent uses to connect to the SAP HANA database.

  8. Under Custom alarms, you can add additional alarms to be monitored by CloudWatch Application Insights.

  9. Review your application monitoring configuration and choose Submit. When you submit your configuration, your account updates all of the metrics and alarms for your SAP HANA system, which can take up to 2 hours.

Configure the alarm threshold

CloudWatch Application Insights automatically creates a Amazon CloudWatch metric for the alarm to watch, along with the threshold for that metric. The alarm changes to the ALARM state when the metric surpasses the threshold for a specified number of evaluation periods. Note that these settings are not retained by Application Insights.

To edit an alarm for a single metric, perform the following steps:

  1. Open the CloudWatch console.

  2. In the left navigation pane, choose Alarms>All alarms.

  3. Select the radio button next to the alarm that was automatically created by CloudWatch Application Insights. Then choose Actions, and select Edit from the dropdown menu.

  4. Edit the following parameters under Metric.

    1. Under Statistic, choose one of the statistics or predefined percentiles, or specify a custom percentile. For example, p95.45.

    2. Under Period, choose the evaluations period for the alarm. When you evaluate the alarm, each period is aggregated into one data point.

  5. Edit the following parameters under Conditions.

    1. Choose whether the metric must be greater than, less than, or equal to the threshold.

    2. Specify the threshold value.

  6. Under Additional configuration edit the following parameters.

    1. Under Datapoints to alarm, specify the number of data points, or evaluation periods, that must be in the ALARM state to initiate the alarm. When the two values match, an alarm is created that enters ALARM state if the designated number of consecutive periods are exceeded. To create an m out of n alarm, specify a lower value for the first data point than for the second. For more information about evaluating alarms, see Evaluating an alarm.

    2. Under Missing data treatment, choose the behavior of the alarm when some data points are missing. For more information about missing data treatment, see Configuring how CloudWatch alarms treat missing data.

    3. If the alarm uses a percentile as the monitored statistic, a Percentiles with low samples box appears. Choose whether to evaluate or ignore cases with low sample rates. If you choose ignore (maintain alarm state), the current alarm state is always maintained when the sample size is too low. For more information about percentiles with low samples, see Percentile-based CloudWatch alarms and low data samples.

  7. Choose Next.

  8. Under Notification, select an SNS topic to notify when the alarm is in ALARM state, OK state, or INSUFFICIENT_DATA state.

  9. Choose Update alarm.

View and troubleshoot SAP HANA problems detected by CloudWatch Application Insights

The following sections provide steps to help you resolve common troubleshooting scenarios that occur when you configure monitoring for SAP HANA on Application Insights.

SAP HANA database reaches memory allocation limit

Description

Your SAP application that is backed by an SAP HANA database malfunctions because of high memory pressure, leading to application performance degradation.

Resolution

You can identify the application layer that is causing the problem by checking the dynamically created dashboard, which shows the related metrics and log file snippets. In the following example, the problem may be because of a large data load in the SAP HANA system.


                        Memory allocation exceeded.

The used memory allocation exceeds the threshold of 80 percent of the total memory allocation limit.


                        Log group showing out of memory.

The log group shows the scheme BNR-DATA and table IMDBMASTER_30003 ran out of memory. In addition, the log group shows the exact time of the issue, current global location limit, shared memory, code size, and OOM reservation allocation size.


                        Log group text.

Disk full event

Description

Your SAP application that is backed by an SAP HANA database stops responding, which leads to an inability to access the database.

Resolution

You can identify the database layer that is causing the problem by checking the dynamically created dashboard, which shows the related metrics and log file snippets. In the following example, the problem may be that the administrator failed to enable automatic log backup, which caused the sap/hana/log directory to fill up.


                        Log group showing out of memory.

The log group widget in the problem dashboard shows the DISKFULL event.


                        Log group showing out of memory.

SAP HANA backup stopped running

Description

Your SAP application that is backed by an SAP HANA database has stopped working.

Resolution

You can identify the database layer that is causing the problem by checking the dynamically created dashboard, which shows the related metrics and log file snippets.

The log group widget in the problem dashboard shows the ACCESS DENIED event. This includes additional information, such as the S3 bucket, the S3 bucket folder, and the S3 bucket Region.


                        Log group showing out of memory.

Anomaly detection for SAP HANA

For specific SAP HANA metrics, such as the number of thread count, CloudWatch applies statistical and machine learning algorithms to define the threshold. These algorithms continuously analyze the metrics of the SAP HANA database, determine normal baselines, and surface anomalies with minimal user intervention. The algorithms generate an anomaly detection model, which generates a range of expected values that represent normal metric behavior.

Anomaly detection algorithms account for the seasonality and trend changes of metrics. The seasonality changes can be hourly, daily, or weekly, as shown in the following examples of the SAP HANA CPU usage.


                    Log group showing out of memory.

After you create a model, CloudWatch anomaly detection continuously evaluates the model and makes adjustments to it to ensure that is it as accurate as possible. This includes retraining the model to adjust if the metric values evolve over time or experience sudden changes. It also includes predictors to improve the models for metrics that are seasonal, spiky, or sparse.

Troubleshooting Application Insights for SAP HANA

This section provides steps to help you resolve common errors returned by the Application Insights dashboard.

Unable to add more than 60 monitor metrics

Error returned: Component cannot have more than 60 monitored metrics.

Root cause: The current metric limit is 60 monitor metrics per component.

Resolution: Remove metrics that are not necessary to adhere to the limit.

No SAP metrics or alarms appear after the onboarding process.

Error returned: In Amazon Systems Manager Run command, the AWS-ConfigureAWSPackage failed.

The output shows the following error:

Unable to find a host with system database, for more info rerun using -v

                    Log group showing out of memory.

Resolution: The user name and password may be incorrect. Verify that the user name and password are valid, and rerun the onboarding process.

The output shows the following installation errors:

ERROR: Can not execute `setup.py` since setuptools is not available in the build environment.

or

[SSL: CERTIFICATE_VERIFY_FAILED]

Resolution: Install Python using one of the following example SUSE Linux commands:

Example 1

sudo zypper install -y python36

Example 2

Install the latest version of Python 3.8.

wget https://www.python.org/ftp/python/3.8.<LATEST_RELEASE>/Python-3.8.<LATEST_RELEASE>.tgz tar xf Python-3.* cd Python-3.*/ sudo zypper install make gcc-c++ gcc automake autoconf libtool sudo zypper install zlib-devel sudo zypper install libopenssl-devel libffi-devel ./configure --with-ensurepip=install sudo make sudo make install sudo su python3.8 -m pip install --upgrade pip setuptools wheel