Deploy S/4HANA infrastructure with Azure Center for SAP solutions (preview)
Azure Center for SAP solutions is currently in PREVIEW. See the Azure Center for SAP solutions - Legal Terms for legal notices applicable to Azure Center for SAP solutions.
The feature to use Azure role-based access control (Azure RBAC) with Azure Center for SAP solutions is currently in PREVIEW. See the Azure Center for SAP solutions - Legal Terms for legal notices applicable to Azure Center for SAP solutions.
In this how-to guide, you'll learn how to deploy S/4HANA infrastructure in Azure Center for SAP solutions. There are three deployment options: distributed with High Availability (HA), distributed non-HA, and single server.
- An Azure subscription.
- Register the Microsoft.Workloads Resource Provider on the subscription in which you are deploying the SAP system.
- An Azure account with Contributor role access to the subscriptions and resource groups in which you'll create the Virtual Instance for SAP solutions (VIS) resource.
- A User-assigned managed identity which has Contributor role access on the Subscription or atleast all resource groups (Compute, Network,Storage). If you wish to install SAP Software through the Azure Center for SAP solutions, also provide Storage Blob data Reader, Reader and Data Access roles to the identity on SAP bits storage account where you would store the SAP Media.
- A network set up for your infrastructure deployment.
There are three deployment options that you can select for your infrastructure, depending on your use case.
- Distributed with High Availability (HA) creates distributed HA architecture. This option is recommended for production environments. If you choose this option, you need to select a High Availability SLA. Select the appropriate SLA for your use case:
- 99.99% (Optimize for availability) shows available zone pairs for VM deployment. The first zone is primary and the next is secondary. Active ASCS and Database servers are deployed in the primary zone. Passive ASCS and Database servers are deployed in the secondary zone. Application servers are deployed evenly across both zones. This option isn't shown in regions without availability zones, or without at least one M-series and E-series VM SKU available in the zonal pairs within that region.
- 99.95% (Optimize for cost) shows three availability sets for all instances. The HA ASCS cluster is deployed in the first availability set. All Application servers are deployed across the second availability set. The HA Database server is deployed in the third availability set. No availability zone names are shown.
- Distributed creates distributed non-HA architecture.
- Single Server creates architecture with a single server. This option is available for non-production environments only.
Sign in to the Azure portal.
In the search bar, enter and select Azure Center for SAP solutions.
On the Azure Center for SAP solutions landing page, select Create a new SAP system.
On the Create Virtual Instance for SAP solutions page, on the Basics tab, fill in the details for your project.
For Subscription, select the Azure subscription into which you're deploying the infrastructure.
For Resource group, select the resource group for all resources that the VIS creates.
Under Instance details, enter the details for your SAP instance.
For Name enter the three-character SAP system identifier (SID). The VIS uses the same name as the SID.
For Region, select the Azure region into which you're deploying the resources.
For Environment type, select whether your environment is production or non-production. If you select Production, you can deploy a distributed HA or non-HA S/4HANA system. It's recommended to use distributed HA deployments for production systems. If you select Non-production, you can use a single-server deployment.
For SAP product, keep the selection as S/4HANA.
For Database, keep the selection as HANA.
For HANA scale method, keep the selection as Scale up.
For Deployment type, select and configure your deployment type.
For Network, create the network you created previously with subnets.
For Application subnet and Database subnet, map the IP address ranges as required. It's recommended to use a different subnet for each deployment.
Under Operating systems, enter the OS details.
For Application OS image, select the OS image for the application server.
For Database OS image, select the OS image for the database server.
Under Administrator account, enter your administrator account details.
For Authentication type, keep the setting as SSH public.
For Username, enter a username.
For SSH public key source, select a source for the public key. You can choose to generate a new key pair, use an existing key stored in Azure, or use an existing public key stored on your local computer. If you don't have keys already saved, it's recommended to generate a new key pair.
For Key pair name, enter a name for the key pair.
If you choose to use an Existing public key stored in azure, select the key in Stored Keys input
Provide the corresponding SSH private key from local file stored on your computer or copy paste the private key.
If you choose to use an Existing public key, you can either Provide the SSH public key from local file stored on your computer or copy paste the public key.
Provide the corresponding SSH private key from local file stored on your computer or copy paste the private key.
Under SAP Transport Directory, enter how you want to set up the transport directory on this SID. This is applicable for Distributed with High Availability and Distributed deployments only.
For SAP Transport Options, you can choose to Create a new SAP transport Directory or Use an existing SAP transport Directory or completely skip the creation of transport directory by choosing Dont include SAP transport directory option. Currently, only NFS on AFS storage account fileshares are supported.
If you choose to Create a new SAP transport Directory, this will create and mount a new transport fileshare on the SID. By Default, this option will create an NFS on AFS storage account and a transport fileshare in the resource group where SAP system will be deployed. However, you can choose to create this storage account in a different resource group by providing the resource group name in Transport Resource Group. You can also provide a custom name for the storage account to be created under Storage account name section. Leaving the Storage account name will create the storage account with service default name ""SIDname""nfs""random characters"" in the chosen transport resource group. Creating a new transport directory will create a ZRS based replication for zonal deployments and LRS based replication for non-zonal deployments. If your region doesn't support ZRS replication deploying a zonal VIS will lead to a failure. In such cases, you can deploy a transport fileshare outside ACSS with ZRS replication and then create a zonal VIS where you select Use an existing SAP transport Directory to mount the pre-created fileshare.
If you choose to Use an existing SAP transport Directory, select the pre - existing NFS fileshare under File share name option. The existing transport fileshare will be only mounted on this SID. The selected fileshare shall be in the same region as that of SAP system being created. Currently, file shares existing in a different region can not be selected. Provide the associated privated endpoint of the storage account where the selected fileshare exists under Private Endpoint option.
You can skip the creation of transport file share by selecting Dont include SAP transport directory option. The transport fileshare will neither be created or mounted for this SID.
Under Configuration Details, enter the FQDN for your SAP System.
- For SAP FQDN, provide only the domain name for you system such "sap.contoso.com"
Under User assigned managed identity, provide the identity which Azure Center for SAP solutions will use to deploy infrastructure.
For Managed identity source, choose if you want the service to create a new managed identity or you can instead use an existing identity. If you wish to allow the service to create a managed identity, acknowledge the checkbox which asks for your consent for the identity to be created and the contributor role access to be added for all resource groups.
For Managed identity name, enter a name for a new identity you want to create or select an existing identity from the drop down menu. If you are selecting an existing identity, it should have Contributor role access on the Subscription or on Resource Groups related to this SAP system you are trying to deploy. That is, it requires Contributor access to the SAP application Resource Group, Virtual Network Resource Group and Resource Group which has the existing SSHKEY. If you wish to later install the SAP system using ACSS, we also recommend to give the Storage Blob Data Reader and Reader and Data Access roles on the Storage Account which has the SAP software media.
Select Next: Virtual machines.
In the Virtual machines tab, generate SKU size and total VM count recommendations for each SAP instance from Azure Center for SAP solutions.
For Generate Recommendation based on, under Get virtual machine recommendations, select SAP Application Performance Standard (SAPS).
For SAPS for application tier, provide the total SAPS for the application tier. For example, 30,000.
For Memory size for database (GiB), provide the total memory size required for the database tier. For example, 1024. The value must be greater than zero, and less than or equal to 11,400.
Select Generate Recommendation.
Review the VM size and count recommendations for ASCS, Application Server, and Database instances.
To change a SKU size recommendation, select the drop-down menu or select See all sizes. Filter the list or search for your preferred SKU.
To change the Application server count, enter a new count for Number of VMs under Application virtual machines.
The number of VMs for ASCS and Database instances aren't editable. The default number for each is 2.
Azure Center for SAP solutions automatically configures a database disk layout for the deployment. To view the layout for a single database server, make sure to select a VM SKU. Then, select View disk configuration. If there's more than one database server, the layout applies to each server.
Select Next: Tags.
Optionally, enter tags to apply to all resources created by the Azure Center for SAP solutions process. These resources include the VIS, ASCS instances, Application Server instances, Database instances, VMs, disks, and NICs.
Select Review + Create.
Review your settings before deployment.
Make sure the validations have passed, and there are no errors listed.
Review the Terms of Service, and select the acknowledgment if you agree.
Wait for the infrastructure deployment to complete. Numerous resources are deployed and configured. This process takes approximately 7 minutes.
To confirm a deployment is successful:
In the Azure portal, search for and select Virtual Instances for SAP solutions.
On the Virtual Instances for SAP solutions page, select the Subscription filter, and choose the subscription where you created the deployment.
In the table of records, find the name of the VIS. The Infrastructure column value shows Deployed for successful deployments.
If the deployment fails, delete the VIS resource in the Azure portal, then recreate the infrastructure.