This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.
SAP on Azure Files SMB Documentation
The official SAP on Azure documentation now contains detailed information on how to use Azure Files SMB for standalone and High Availability SAP solutions in the article High availability for SAP NetWeaver on Azure VMs on Windows with Azure Files Premium SMB for SAP applications
The documentation covers using Azure Files SMB for hosting ‘sapmnt’, ‘trans’ and interface directories.
Feedback from customers is that setting up Azure Files SMB for SAP systems is not technically difficult, but it is logistically complex. Most organizations have separate administrators or teams for Active Directory, DNS and Azure. Azure Active Directory Connect is a hard prerequisite Azure Files SMB. Some organizations may not have Azure Active Directory Connect already established and the approval process to setup this tool may take some time.
It is recommended that the SAP Basis team involve the Active Directory and Azure teams at an early stage when planning to use Azure Files SMB.
Customers with no experience of Azure Active Directory Connect, AAD and Azure Files may benefit from creating a temporary isolated Azure subscription for testing purposes. A separate isolated test Active Directory, AAD tenant and Azure Files deployment can be easily deployed. This will allow the Active Directory and Azure Administrators to test and scope the deployment, security and operational impacts of Azure Files SMB without changing anything in the production Active Directory and Azure infrastructure. This isolated Azure subscription can then be deleted or the resources deallocated to save cost.
Top 10 Recommendations for Azure Files SMB
Before deploying SAP applications with Azure Files SMB review the items on the list below:
- Azure Files SMB requires Active Directory, Azure Active Directory, DNS, Networking and Azure knowledge. Typically most SAP Basis administration teams will not have the knowledge or the security access required. Collaboration between different teams is required to successfully implement this feature
- Watch these videos before planning SAP on Azure Files SMB Overview - On-premises AD DS authentication to Azure file shares | Microsoft Docs
- Check the current SAP systems and verify the size and number of files in sapmnt, trans and interface directories. Most well maintained SAP systems have no more than 200,000 files in their sapmnt directory. Some SAP systems with very high batch job loads may have many more job log files. Recent versions of SAP permit moving job logs into the DBMS
- Do not consolidate more than approximately 4 SAP systems to a single storage account. NEVER consolidate an entire Development, QAS and Production landscape to a single storage account
- Choose an appropriate size, IOPS and throughput. A suggested size for the share is 256GB per SID. The maximum size for a Share is 5120 GB
- It is recommended to use a Private Network Endpoint in all cases. The private endpoint should be on the Virtual Network where the SAP DBMS, ASCS and application servers are located. If a public endpoint is enabled work with the Azure Administrator to secure the storage account with additional security measures
- Remember to move the Azure Files Computer Account or Service Account to a Container that has no account expiration. The name of the Computer Account will be the storage account name
- It is not advisable to consolidate the ‘sapmnt’ and Transport directories on the same storage account except for very small systems. During the installation of the SAP PAS Instance, SAPInst will request a Transport Hostname. The FQDN of a different storage account should be entered <storage_account>.file.core.windows.net.
- Consider using DFS-N to simplify Name Resolution and allow a simple host.domain.com
- If performance problems are suspected map a network drive to the sapmnt share and test performance using diskspd.exe. The performance should be as per the SLA for a given share size. If performance from a remote host on a different Azure Virtual Network is insufficient, calibrate the performance from a VM running on the same Azure Virtual Network first. This will isolate the problem to either disk performance or network performance.
There are important reasons for separating Transport, Interface and ‘sapmnt’ onto separate storage accounts. Distributing these components onto separate storage accounts improves throughput, resiliency and simplifies the performance analysis. If many SIDs and other file systems are consolidated onto a single Azure Files Storage account and the storage account performance is poor due to hitting the throughput limits, it is extremely difficult to identify which SID or application is causing the problem.
Prerequisites for Azure Files SMB
Prerequisites for the installation of SAP NetWeaver High Availability Systems on Azure Files SMB with Active Directory Integration
- The SAP servers must be joined to an Active Directory Domain
- The Active Directory Domain containing the SAP servers must be replicated to Azure Active Directory using Azure AD connect.
- It is highly recommended that there is at least one Active Directory Domain controller in Azure landscape to avoid traversing the Express Route to contact Domain Controllers on-premises.
- The user executing the Azure Files PowerShell script must have permission to create objects in Active Directory
- SWPM version 1.0 SP 32 and SWPM 2.0 SP 09 or higher are required. SAPInst patch must be 749.0.91 or higher. Do not attempt to use older releases as this will not work
- An up-to-date release of PowerShell should be installed on the Windows Server where the script is executed. Open PowerShell as an administrator and run Update-Module (without specifying a specific module will update all PowerShell modules)
SWPM & SAPInst Version Dependencies
The minimum required SWPM 1.0 SP 32 and SWPM 2.0 SP 09 (August 2021). The minimum required SAPInst patch is 91(SAPinst 749.0.91). If earlier versions are used there will be installation errors. Older versions of SWPM limit the number of characters for SAPGLOBALHOST to 13 or less.
Useful Links & Resources
To verify the performance of an Azure Files SMB share download the utility diskspd.exe and map a drive to the Azure Files Share. Run this command line and compare to the published ingress, egress and iops for the size of the share