Operations - SAP NetWeaver on Amazon
Tagging Amazon resourcesMonitoringOperating system maintenanceAutomationCost optimization
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Operations

Tagging Amazon resources

A tag is a label that you assign to an Amazon resource. Each tag consists of a key and an optional value, both defined by you. Adding tags to various Amazon resources will make managing SAP environments more efficient, and help you search for resources quickly. Many Amazon EC2 API calls can be used in conjunction with a special tag filter. For more information, see Tagging Amazon resources. The following are some examples of how you can use tags for your operational needs.

Tag name

Tag value

Name

SAP server’s virtual (host) name

Environment

SAP server’s landscape role; for example: SBX, DEV, QAT, STG, PRD.

Application

SAP solution or product; for example: ECC, CRM, BW, PI, SCM, SRM, EP

Owner

SAP point of contact

Service level

Known uptime and downtime schedule

After tagging your resources, you can apply specific security restrictions, such as access control (as seen in the following example policy), based on tag values.

            {
                "Version": "2012-10-17",
                "Statement": [
                    {
                    "Sid": "LaunchEC2Instances",
                     "Effect": "Allow",
                    "Action": [
                        "ec2:Describe*",
                         "ec2:RunInstances"
                    ],
                    "Resource": [
                        "*"
                    ]
                    },
                    {
                    "Sid": "AllowActionsIfYouAreTheOwner",
                    "Effect": "Allow",
                    "Action": [
                        "ec2:StopInstances",
                        "ec2:StartInstances",
                        "ec2:RebootInstances",
                         "ec2:TerminateInstances"
                    ],
                    "Condition": {
                        "StringEquals": {
                        "ec2:ResourceTag/PrincipalId": "${aws:userid}"
                        }
                    },
                    "Resource": [
                        "*"
                    ]
                    }
                ]
            }

IAM only allows specific permissions based on the tag value. In this scenario, the current ID must match the tag value to enable permissions for the user. For more information, see Tag your Amazon EC2 resources.

Monitoring

Amazon provides multiple native services to monitor and manage your SAP environment. CloudWatch and CloudTrail can be used to monitor your underlying infrastructure and APIs. CloudWatch provides ready-to-use KPIs for CPU, disk utilization, and enables you to create custom metrics for KPIs that you want to monitor. CloudTrail allows you to log the API calls made to your Amazon infrastructure components.

Operating system maintenance

In general, operating system maintenance across large estates of Amazon EC2 instances can be managed by using:

  • Third-party products, such as those available on Amazon Marketplace.

  • Amazon Systems Manager

The following are some key operating system maintenance tasks.

Patching

You can follow SAP recommended patching process to update your landscape on Amazon. With Amazon Systems Manager Patch Manager, you can roll out OS patches according to your corporate policies. It has multiple benefits:

  • Scheduling based on tags

  • Defining patch baselines

  • Auto-approving patches with lists of approved and rejected patches

Amazon Systems Patch Manager integrates with IAM, CloudTrail, and CloudWatch Events to provide a secure patching experience that includes event notifications and the ability to audit usage. For details about the process, see How Patch Manager operations work. Third-party products are available on Amazon Marketplace.

Maintenance Windows

Amazon Systems Manager Maintenance Windows lets you define a schedule to perform potentially disruptive actions on your instances, such as patching an operating system, updating drivers, installing software or patches.

Administrator access

For administrative purposes, you can access the backend of your SAP systems via SSH or Amazon Systems Manager Session Manager.

Automation

Amazon Systems Manager Automation simplifies common maintenance and deployment tasks of Amazon EC2 instances and other Amazon resources. For more information, see Amazon Systems Manager Automation.

Automation using Infrastructure-as-Code with Amazon CloudFormation

We recommend following the principle of Infrastructure-as-Code (IaC) for automating and maintaining your workloads on Amazon. Amazon CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment in a repeatable and automated manner.

Cost optimization

We recommend cost optimization as an ongoing process. There are many Amazon services that help with budgeting, cost control and optimization. For more details, see Cost Optimization Pillar - Amazon Well-Architected Framework and Cost Optimization Pillar -SAP Lens.