SAP on Azure Deployment Automation Framework
The SAP on Azure Deployment Automation Framework is an open-source orchestration tool for deploying, installing and maintaining SAP environments. You can create infrastructure for SAP landscapes based on SAP HANA and NetWeaver with AnyDB. The framework uses Terraform for infrastructure deployment, and Ansible for the operating system and application configuration. The systems can be deployed on any of the SAP-supported operating system versions and deployed into any Azure region.
Hashicorp Terraform is an open-source tool for provisioning and managing cloud infrastructure.
Ansible is an open-source platform by Red Hat that automates cloud provisioning, configuration management, and application deployments. Using Ansible, you can automate deployment and configuration of resources in your environment.
The automation framework has two main components:
- Deployment infrastructure (control plane)
- SAP Infrastructure (SAP Workload)
You'll use the control plane of the SAP on Azure Deployment Automation Framework to deploy the SAP Infrastructure and the SAP application infrastructure. The deployment uses Terraform templates to create the infrastructure as a service (IaaS) defined infrastructure to host the SAP Applications.
This automation framework is based on Microsoft best practices and principles for SAP on Azure. Review the get-started guide for SAP on Azure virtual machines (Azure VMs) to understand how to use certified virtual machines and storage solutions for stability, reliability, and performance.
This automation framework also follows the Microsoft Cloud Adoption Framework for Azure.
The automation framework can be used to deploy the following SAP architectures:
- Distributed (Highly Available)
In the Standalone architecture, all the SAP roles are installed on a single server. In the distributed architecture, you can separate the database server and the application tier. The application tier can further be separated in two by having SAP Central Services on a virtual machine and one or more application servers.
The Distributed (Highly Available) deployment is similar to the Distributed architecture. In this deployment, the database and/or SAP Central Services can both be configured using a highly available configuration using two virtual machines each with Pacemaker clusters.
The dependency between the control plane and the application plane is illustrated in the diagram below. In a typical deployment, a single control plane is used to manage multiple SAP deployments.
About the control plane
The control plane houses the deployment infrastructure from which other environments will be deployed. Once the control plane is deployed, it rarely needs to be redeployed, if ever.
The control plane provides the following services
- Terraform Deployment Infrastructure
- Ansible Controller
- Persistent storage for the Terraform state files
- Persistent storage for the Downloaded SAP Software
- Secure storage for deployment credentials
- Private DNS zone (optional)
The control plane is typically a regional resource deployed in to the hub subscription in a hub and spoke architecture.
The key components of the control plane are:
- Deployment virtual machine
- Storage account for Terraform state files
- Storage account for SAP installation media
- Azure Key Vault for deployment credentials
- Configuration Web Application
The following diagram shows the key components of the control plane and workload zone.
The application configuration will be performed from the Ansible Controller in the Control plane using a set of pre-defined playbooks. These playbooks will:
- Configure base operating system settings
- Configure SAP-specific operating system settings
- Make the installation media available in the system
- Install the SAP system
- Install the SAP database (SAP HANA, AnyDB)
- Configure high availability (HA) using Pacemaker
- Configure high availability (HA) for your SAP database
Software acquisition process
The framework also provides an Ansible playbook that can be used to download the software from SAP and persist it in the storage accounts in the SAP Library resource group.
The software acquisition is using an SAP Application manifest file that contains the list of SAP software to be downloaded. The manifest file is a YAML file that contains the following information:
- List of files to be downloaded
- List of the Product IDs for the SAP application components
- A set of template files used to provide the parameters for the unattended installation
The SAP Software download playbook will process the manifest file and the dependent manifest files and download the SAP software from SAP using the specified SAP user account. The software will be downloaded to the SAP Library storage account and will be available for the installation process. As part of the download the process the application manifest and the supporting templates will also be persisted in the storage account. The application manifest and the dependent manifests will be aggregated into a single manifest file that will be used by the installation process.
Deployer Virtual Machine
This virtual machine is used to run the orchestration scripts that will deploy the Azure resources using Terraform. It's also the Ansible Controller and is used to execute the Ansible playbooks on all the managed nodes, i.e the virtual machines of an SAP deployment.
About the SAP Workload
The SAP Workload contains all the Azure infrastructure resources for the SAP Deployments. These resources are deployed from the control plane. The SAP Workload has two main components:
- SAP Workload Zone
- SAP System
About the SAP Workload Zone
The workload zone allows for partitioning of the deployments into different environments (Development, Test, Production). The Workload zone will provide the shared services (networking, credentials management) to the SAP systems.
The SAP Workload Zone provides the following services to the SAP Systems
- Virtual Networking infrastructure
- Azure Key Vault for system credentials (Virtual Machines and SAP)
- Shared Storage (optional)
About the SAP System
The system deployment consists of the virtual machines that will be running the SAP application, including the web, app and database tiers.
The SAP System provides the following services
- Virtual machine, storage, and supporting infrastructure to host the SAP applications.
The following terms are important concepts for understanding the automation framework.
|System||An instance of an SAP application that contains the resources the application needs to run. Defined by a unique three-letter identifier, the SID.|
|Landscape||A collection of systems in different environments within an SAP application. For example, SAP ERP Central Component (ECC), SAP customer relationship management (CRM), and SAP Business Warehouse (BW).|
|Workload zone||Partitions the SAP applications to environments, such as non-production and production environments or development, quality assurance, and production environments. Provides shared resources, such as virtual networks and key vault, to all systems within.|
The following diagram shows the relationships between SAP systems, workload zones (environments), and landscapes. In this example setup, the customer has three SAP landscapes: ECC, CRM, and BW. Each landscape contains three workload zones: production, quality assurance, and development. Each workload zone contains one or more systems.
|Deployer||A virtual machine that can execute Terraform and Ansible commands.||Region|
|Library||Provides storage for the Terraform state files and the SAP installation media.||Region|
|Workload zone||Contains the virtual network for the SAP systems and a key vault that holds the system credentials||Workload zone|
|System||The deployment unit for the SAP application (SID). Contains all infrastructure assets||Workload zone|