Solution: SAP ERP, SAP ECC,SAP BW, SAP BOBJ(BO), SAP BODS, SAP BW, SAP PO, SAP DMS, SOLMAN, HANA Database, SAP SYBASE Database in Cluster.
OS: SUSE Linux Enterprise 11 for SAP HANA Landscape Systems, HP-UX VER 11.31.
During assessment we found
- On-premises servers performance was not optimal and hurdle for SAP Reporting tool workflow.
- Suse Linux Enterprise 11 upgrade was required to be done but due to on-premises hardware upgrade was not supportive.
- SAP standard transaction was not up to the mark in proportion to H/W resource
- Daily task were delayed either due to hardware failure or upgrade.
- HP-UX system was not supported further after Dec 2020.
- On-premises backup and restore strategy was not stable and hardware failures was struggle.
- MSEDCL has not much downtime window also they wanted to migrate and upgrade OS, SAP Application systems in one go.
- SAP ECC & HANA DR Service was not in place.
SCOPE OF WORK
- Orient has to study the utilization of the current IT Infrastructure and propose cloud infra required to achieve desired SLA.
- Orient to prepare Migration Plan with minimum downtime.
- Orient to showcase working on cloud and build environment that can be verified before the migration process is carried out.
- Orient to build Project Plan with timelines.
- Data to be tiered to Archival storage based on timelines
- Orient has proposed a VPC in Mumbai Region with the following design
- Administrators will have access to relevant EC2 and S3 Buckets
- All DATA at rest will be encrypted using EBS and S3 Encryption
- The Backup will be managed by Snapshots and taken using Lambda Service at 12 hour intervals
- The DR drill will be done once every 6 months
- Migrate SAP Systems with SAP Standard Methodlogy.
- Orient will migrate SAP SYBASE, SAP HANA databases and SAP applications to Cloud
Orient as part of the proposal has considered-
E-Mail and Communication Infrastructure be suitably replaced to reduce the total infra and license cost.
Business Applications, Databases Server and other required Application Servers be replaced with similar infrastructure on AWS.
Requirements for Critical Services:
- Backup will be automated and be done on Backup Storage every 12 Hours
- VM Uptime guaranteed for 99.9% uptime.
- Data Loss in case of a disaster will not exceed 12 Hours.
- Virtual Machine – Recovery Time will not exceed 24 Hours in case of disaster.
- Dedicated Technical Account Manager will be assigned for any escalations.
- Data Migration and Migration of the applications to be taken care of within 6 months.
- Optimization will be done once the infrastructure becomes stable and will be an ongoing activity every quarter.
- Data will remain in encrypted format at Rest in Cloud.
- DR to be implemented for SAP ECC, HANA servers in Cloud Endure DR
Orient as a part of the proposal considered and delivered the below list of AWS Service:
- AWS Elastic Compute Cloud (EC2) with Suse Linux Enterprise 12 & 15 SP2 and Windows Server 2012(SOLMAN), Database- Sybase, HANA 1.0 SP12 and HANA 2.0 SP00.
- AWS Lambda
- AWS Virtual Private Cloud (VPC)
- Identity and Access Management (IAM)
- Fortinet Firewall and SSL VPN
- Network Load Balancer
- Cloud Endure DR
- AWS Transit Gateway
- AWS Direct Connect
We have used the AWS EC2 instance for Application Server and Database Server.
AWS Lambda is used for automating the backup process. We created functions using python for automating the backup and deletion of backed up AMI.
AWS VPC is the service that provides a virtual private cloud network that functions similar to the traditional Datacenter network. It was used for deployment of database in the private subnet which making it not accessible over public internet. Applications deployed in public subnet inside VPC.
Fortinet Firewall is a highly secured and reliable firewall service via AWS . It was used for stringent firewall rules and SSL VPN access to multiple servers of SAP and non-SAP servers via secured connectivity of KMRL employees from anywhere to KMRL AWS Private Cloud.
IAM was used to manage the user’s access and identity management, by giving rights at the granular level. Using IAM two separate roles was created for Admin and Billing access.
Network Load Balancer used for balancing the requests loads coming from on-premises, internet, via SSL-VPN for connecting to SAP application servers and SAP Reporting Web tool.
Cloud Endure DR used for Disaster Recovery of SAP ECC DB, HANA DB with SAP application servers post final cut-over of all SAP servers.
AWS Transit Gateway used for inter-connectivity of multiple VPC’s in the multiple AZ’s in the region.
AWS Direct Connect used for migrating on-premises servers on to the AWS Cloud.
Solution Description and Implementation:
- KMRL has multiple in house users connecting to their applications via Web access and SSH using SSL VPN credentials provided to them. Users with role “Admin” help to do the deployment and development activities
- An EC2 instance with Suse Linux 15 SP2 for SAP HANA 1.0 SP 12 and SAP HANA 2.0 SP00 & Suse Linux 12 used for SAP ECC DB and Applications servers.
- The cloud endpoint was secured with a Fortinet Firewall. The EBS storage was used with Encryption.
- The security of an environment ensured using Security groups and F5 DDOS, AWS WAF.
- EC2 with SAP Workloads removed the lock-in of sticking to the existing environment, as there will be no commitment on AWS.
- The system could be scaled when required to increase processing and user loads during planned intervals. Auto scaling will be done as per required by MSEDCL only.
- Time for any query (irrespective of complexity or data requested) execution was significantly reduced by 15-20% if compared with earlier step.
- EC2-AMI snapshots (backup) in the encrypted format was completed within few minutes.
- Additionally backuped AMI Restoration to a new EC2 instance demonstrated to the customer.
- Service level agreement met as demanded i.e 30 Mintues for Business critical incidents which lead highly availble environment in AWS with as uptime increased to 50% .
- AWS Cloud Endure DR gave MSEDCL point-in recovery for on AWS DC SAP systems
- Daily mundane activity of backup was automated using the Lambda function.
- Security of the environment based on AWS best practices helped to build the secured environment.
- MSEDCL being public sector government based service to the customers, they wanted fully compliant data center which AWS already adheres too.