SAP ASCS/SCS instance multi-SID high availability with Windows Server Failover Clustering and file share on Azure

Windows

You can manage multiple virtual IP addresses by using an Azure internal load balancer.

If you have an SAP deployment, you can use an internal load balancer to create a Windows cluster configuration for SAP Central Services (ASCS/SCS) instances.

This article focuses on how to move from a single ASCS/SCS installation to an SAP multi-SID configuration by installing additional SAP ASCS/SCS clustered instances into an existing Windows Server Failover Clustering (WSFC) cluster with file share. When this process is completed, you have configured an SAP multi-SID cluster.

Note

This feature is available only in the Azure Resource Manager deployment model.

There is a limit on the number of private front-end IPs for each Azure internal load balancer.

The maximum number of SAP ASCS/SCS instances in one WSFC cluster is equal to the maximum number of private front-end IPs for each Azure internal load balancer.

The configuration introduced in this documentation is not yet supported to be used for Azure Availability Zones

For more information about load-balancer limits, see the "Private front-end IP per load balancer" section in Networking limits: Azure Resource Manager. Also consider using the Azure Standard Load Balancer SKU instead of the basic SKU of the Azure load balancer.

Prerequisites

You have already configured a WSFC cluster to use for one SAP ASCS/SCS instance by using file share, as shown in this diagram.

Figure 1: An SAP ASCS/SCS instance and SOFS deployed in two clusters

Important

The setup must meet the following conditions:

• The SAP ASCS/SCS instances must share the same WSFC cluster.
• Different SAP Global Hosts file shares belonging to different SAP SIDs must share the same SOFS cluster.
• The SAP ASCS/SCS instances and the SOFS shares must not be combined in the same cluster.
• Each database management system (DBMS) SID must have its own dedicated WSFC cluster.
• SAP application servers that belong to one SAP system SID must have their own dedicated VMs.
• A mix of Enqueue Replication Server 1 and Enqueue Replication Server 2 in the same cluster is not supported.

SAP ASCS/SCS multi-SID architecture with file share

The goal is to install multiple SAP Advanced Business Application Programming (ASCS) or SAP Java (SCS) clustered instances in the same WSFC cluster, as illustrated here:

Figure 2: SAP multi-SID configuration in two clusters

The installation of an additional SAP <SID2> system is identical to the installation of one <SID> system. Two additional preparation steps are required on the ASCS/SCS cluster as well as on the file share SOFS cluster.

Prepare the infrastructure for an SAP multi-SID scenario

Prepare the infrastructure on the domain controller

Create the domain group <Domain>\SAP_<SID2>_GlobalAdmin, for example, with <SID2> = PR2. The domain group name is <Domain>\SAP_PR2_GlobalAdmin.

Prepare the infrastructure on the ASCS/SCS cluster

You must prepare the infrastructure on the existing ASCS/SCS cluster for a second SAP <SID>:

• Create a virtual host name for the clustered SAP ASCS/SCS instance on the DNS server.
• Add an IP address to an existing Azure internal load balancer by using PowerShell.

These steps are described in Infrastructure preparation for an SAP multi-SID scenario.

Prepare the infrastructure on an SOFS cluster by using the existing SAP Global Host

You can reuse the existing <SAPGlobalHost> and Volume1 of the first SAP <SID1> system.

Figure 3: Multi-SID SOFS is the same as the SAP Global Host name

Important

For the second SAP <SID2> system, the same Volume1 and the same <SAPGlobalHost> network name are used. Because you have already set SAPMNT as the share name for various SAP systems, to reuse the <SAPGlobalHost> network name, you must use the same Volume1.

The file path for the <SID2> global host is C:\ClusterStorage\Volume1\usr\sap<SID2>\SYS.

For the <SID2> system, you must prepare the SAP Global Host ..\SYS.. folder on the SOFS cluster.

To prepare the SAP Global Host for the <SID2> instance, execute the following PowerShell script:

##################
# SAP multi-SID
##################

$SAPSID2 = "PR2"
$DomainName2 = "SAPCLUSTER"
$SAPSIDGlobalAdminGroupName2 = "$DomainName2\SAP_" + $SAPSID2 + "_GlobalAdmin"

# SAP ASCS/SCS cluster nodes
$ASCSCluster2Node1 = "ja1-ascs-0"
$ASCSCluster2Node2 = "ja1-ascs-1"

# Define the SAP ASCS/SCS cluster node computer objects
$ASCSCluster2ObjectNode1 = "$DomainName2\$ASCSCluster2Node1$"
$ASCSCluster2ObjectNode2 = "$DomainName2\$ASCSCluster2Node2$"

# Create usr\sap\.. folders on CSV
$SAPGlobalFolder2 = "C:\ClusterStorage\Volume1\usr\sap\$SAPSID2\SYS"
New-Item -Path $SAPGlobalFolder2 -ItemType Directory

# Add permissions for the SAP SID2 system
Grant-SmbShareAccess -Name sapmnt -AccountName $SAPSIDGlobalAdminGroupName2, $ASCSCluster2ObjectNode1, $ASCSCluster2ObjectNode2 -AccessRight Full -Force


$UsrSAPFolder = "C:\ClusterStorage\Volume1\usr\sap\"

# Set file and folder security
$Acl = Get-Acl $UsrSAPFolder

# Add the security object of the SAP_<sid>_GlobalAdmin group
$Ar = New-Object  system.security.accesscontrol.filesystemaccessrule($SAPSIDGlobalAdminGroupName2,"FullControl", 'ContainerInherit,ObjectInherit', 'None', 'Allow')
$Acl.SetAccessRule($Ar)

# Add the security object of the clusternode1$ computer object
$Ar = New-Object  system.security.accesscontrol.filesystemaccessrule($ASCSCluster2ObjectNode1,"FullControl",'ContainerInherit,ObjectInherit', 'None', 'Allow')
$Acl.SetAccessRule($Ar)

# Add the security object of the clusternode2$ computer object
$Ar = New-Object  system.security.accesscontrol.filesystemaccessrule($ASCSCluster2ObjectNode2,"FullControl",'ContainerInherit,ObjectInherit', 'None', 'Allow')
$Acl.SetAccessRule($Ar)

# Set security
Set-Acl $UsrSAPFolder $Acl -Verbose

Prepare the infrastructure on the SOFS cluster by using a different SAP Global Host

You can configure the second SOFS (for example, the second SOFS cluster role with <SAPGlobalHost2> and a different Volume2 for the second <SID2>).

Figure 4: Multi-SID SOFS is the same as SAP GLOBAL host name 2

To create the second SOFS role with <SAPGlobalHost2>, execute this PowerShell script:

# Create SOFS with SAP Global Host Name 2
$SAPGlobalHostName = "sapglobal2"
Add-ClusterScaleOutFileServerRole -Name $SAPGlobalHostName

Create the second Volume2. Execute this PowerShell script:

New-Volume -StoragePoolFriendlyName S2D* -FriendlyName SAPPR2 -FileSystem CSVFS_ReFS -Size 5GB -ResiliencySettingName Mirror

Figure 5: Second Volume2 in Failover Cluster Manager

Create an SAP Global folder for the second <SID2>, and set file security.

Execute this PowerShell script:

# Create a folder for <SID2> on a second Volume2 and set file security
$SAPSID = "PR2"
$DomainName = "SAPCLUSTER"
$SAPSIDGlobalAdminGroupName = "$DomainName\SAP_" + $SAPSID + "_GlobalAdmin"

# SAP ASCS/SCS cluster nodes
$ASCSClusterNode1 = "ascs-1"
$ASCSClusterNode2 = "ascs-2"

# Define SAP ASCS/SCS cluster node computer objects
$ASCSClusterObjectNode1 = "$DomainName\$ASCSClusterNode1$"
$ASCSClusterObjectNode2 = "$DomainName\$ASCSClusterNode2$"

# Create usr\sap\.. folders on CSV
$SAPGlobalFolder = "C:\ClusterStorage\Volume2\usr\sap\$SAPSID\SYS"
New-Item -Path $SAPGlobalFOlder -ItemType Directory

$UsrSAPFolder = "C:\ClusterStorage\Volume2\usr\sap\"

# Set file and folder security
$Acl = Get-Acl $UsrSAPFolder

# Add the file security object of the SAP_<sid>_GlobalAdmin group
$Ar = New-Object  system.security.accesscontrol.filesystemaccessrule($SAPSIDGlobalAdminGroupName,"FullControl", 'ContainerInherit,ObjectInherit', 'None', 'Allow')
$Acl.SetAccessRule($Ar)

# Add the security object of the clusternode1$ computer object
$Ar = New-Object  system.security.accesscontrol.filesystemaccessrule($ASCSClusterObjectNode1,"FullControl",'ContainerInherit,ObjectInherit', 'None', 'Allow')
$Acl.SetAccessRule($Ar)

# Add the security object of the clusternode2$ computer object
$Ar = New-Object  system.security.accesscontrol.filesystemaccessrule($ASCSClusterObjectNode2,"FullControl",'ContainerInherit,ObjectInherit', 'None', 'Allow')
$Acl.SetAccessRule($Ar)

# Set security
Set-Acl $UsrSAPFolder $Acl -Verbose

To create a SAPMNT file share on Volume2 with the <SAPGlobalHost2> host name for the second SAP <SID2>, start the Add File Share wizard in Failover Cluster Manager.

Right-click the saoglobal2 SOFS cluster group, and then select Add File Share.

Figure 6: Start "Add File Share" wizard

Figure 7: Select "SMB Share – Quick"

Figure 8: Select "sapglobalhost2" and specify path on Volume2

Figure 9: Set file share name to "sapmnt"

Figure 10: Disable all settings

Assign Full control permissions to files and sapmnt share for:

• The SAP_<SID>_GlobalAdmin domain user group
• Computer object of ASCS/SCS cluster nodes ascs-1$ and ascs-2$

Figure 11: Assign "Full control" to user group and computer accounts

Figure 12: Select "Create"

Figure 13: The second sapmnt bound to sapglobal2 host and Volume2 is created

Install SAP NetWeaver multi-SID

Install SAP <SID2> ASCS/SCS and ERS instances

Follow the same installation and configuration steps as described earlier for one SAP <SID>.

Install DBMS and SAP application servers

Install DBMS and SAP application Servers as described earlier.

Next steps

• [Install an ASCS/SCS instance on a failover cluster with no shared disks][sap-official-ha-file-share-document]: Official SAP guidelines for an HA file share

• Storage spaces direct in Windows Server 2016

• Scale-out file server for application data overview

• What's new in storage in Windows Server 2016