AWS Cloud Operations Blog

SAP on AWS – Streamlined Operations and Monitoring

SAP ERP (Enterprise Resource Planning) systems are at the core of many enterprises, supporting a wide range of mission-critical processes, including Procure to Pay, Order to Cash, Production Planning, Financial Accounting, Supply Chain Management (SCM), and Human Capital Management. Given the critical role of SAP ERP, maintaining the stability, security, and efficiency of these ERP systems is paramount. Managing SAP workloads comes with significant challenges as businesses must navigate the complexities of continuous monitoring, system upgrades, compliance management and robust cybersecurity measures to protect these critical SAP ERP systems. These challenges are further compounded as companies scale, making effective SAP ERP systems management a daunting task.

To address these challenges, AWS offers a suite of services, including AWS Managed Services (AMS) and AWS Incident Detection and Response (IDR), designed to ensure your operations in SAP ERP are optimized and secure. In this blog, we’ll explore how these AWS services can enhance your SAP operations by focusing on five key pillars: monitoring and incident management, patching, backup, cost optimization and security.

Monitoring and incident management

Continuous monitoring of SAP ERP systems is crucial for maintaining optimal performance and user experience. Given SAP’s scale, even minor issues can significantly disrupt operations. Proactive monitoring helps organizations identify and resolve potential problems quickly, ensure system stability and efficiency, boost user productivity by minimizing delays, and free up time for strategic initiatives. However, SAP infrastructure management faces two key challenges. First, achieving comprehensive visibility across the SAP ERP environment is difficult, especially with data spread across multiple platforms. Second, incident response complexity, particularly in large, distributed environments, requires significant expertise and coordination, potentially delaying problem resolution.

To address these challenges, AWS offers a holistic solution that integrates infrastructure monitoring, application monitoring, SAP cluster management and alert handling through a combination of Amazon CloudWatch, AWS Managed Services (AMS), AWS Managed Services Operations on Demand (OOD) and AWS Incident Detection and Response (IDR) AWS services. Let’s explore how these services work together to provide end-to-end monitoring and incident management.

Infrastructure monitoring with AMS

AMS provides AWS infrastructure management, monitoring, and remediation. This service covers key aspects of SAP infrastructure health by:

  • Monitoring AWS compute, storage and network services like Amazon Elastic Compute Cloud (EC2), Amazon Relational Database Service (RDS), Amazon Elastic File System (EFS) etc. utilized by your SAP ERP systems.
  • Automated responses to any AWS infrastructure-related incidents, such as scaling, performance degradation, or failures.
  • Incident investigation to analyze root causes and prevent recurring issues.
  • Remediation of detected issues, ensuring minimum downtime and maintaining optimal performance.

By ensuring a stable infrastructure, AMS forms the first layer of defense in our incident management framework. AMS deploys CloudWatch alarms to monitor the health and performance of AWS services utilized for SAP workloads based on the SAP specific AWS best practices (SAP Lens).

Extending to SAP cluster monitoring with OOD

SAP high availability (HA) systems are used to ensure that SAP workloads are available and reliable for critical business processes. Monitoring HA systems require specialized capabilities and AMS OOD offers SAP cluster monitoring, adding another layer of protection to your infrastructure. OOD includes:

  • Active monitoring of configured cluster resources and nodes.
  • Alarming and alerting on availability of cluster resources and nodes.
  • Investigating SAP cluster-related issues, identifying causes of failures in Pacemakers, and preventing interruptions.
  • Remediating SAP infrastructure issues, such as failover or cluster misconfigurations, ensuring that SAP environments remain operational and efficient.

OOD complements AMS by bridging the gap between AWS infrastructure management and SAP-specific needs, adding a vital layer of monitoring for SAP environments.

Application-level monitoring and incident management with IDR

To maintain a high level of security, availability, and performance, customers need a holistic understanding of their SAP application’s health, supplemented by data-driven insights for informed decision-making. Amazon CloudWatch Application Insights (CWAI) makes it easy for you to monitor the health of your SAP workloads like SAP NetWeaver applications, SAP HANA & AnyDB databases on a single pane of glass. CWAI monitoring includes Amazon EC2, Amazon EBS, Amazon EFS, SAP security, SAP availability, SAP performance and high-availability Pacemaker cluster metrics.

To enhance our current monitoring capabilities through AMS and OOD, we recommend implementing additional application-level alerts such as monitoring the status of Primary Application Server (PAS) and Additional Application Server (AAS) for SAP NetWeaver Application. IDR strengthens this by proactively monitoring critical SAP ERP application signals, reducing the risk of workload failures, and accelerating recovery to minimize disruptions by:

  • Monitoring application performance to ensure that business-critical applications running on SAP systems and AWS infrastructure perform optimally.
  • Detecting application-level incidents, such as performance degradation, errors, and exceptions, which may not be visible through infrastructure or SAP cluster monitoring.
  • Responding to application-specific alerts by triaging and prioritizing them based on impact and urgency.
  • Remediating application issues by collaborating with application development and operations teams, ensuring that incidents are resolved before they affect end-users.

IDR addresses the gap not covered by infrastructure monitoring, providing an end-to-end incident management solution that extends all the way to application performance.

Integration for a holistic incident management solution

When integrated AMS, OOD, and IDR work together to deliver a seamless monitoring and incident management solution that spans across your entire IT infrastructure, from the underlying AWS resources to your SAP HA systems, HANA or AnyDB databases and SAP NetWeaver ABAP based applications. This integrated solution elevates observability and monitoring across your SAP landscape with AMS extending your teams operational capabilities with 24/7 monitoring and incident management. Ultimately, this unified approach helps organizations maintain high availability, optimal performance, and stability of critical systems, minimizing downtime while proactively managing IT environments, and mitigating risks.

SAP cluster aware patching

AMS offer specialized expertise and automation tools that streamline the AMS patching process, ensuring minimal disruption to business operations while maximizing system security and performance. Our approach to SAP patching begins with meticulous planning and preparation, leveraging the cluster-aware functionality and carefully orchestrating SAP application and HANA database start/stop processes. The cluster-aware functionality ensures that at least one node in the cluster remains operational while others are being patched, allowing the system to be available and minimize application downtime during updates. This approach is particularly crucial for maintaining the continuity and performance of mission-critical applications like SAP on AWS.

The cluster aware patch automation begins with verifying the health of the cluster. If the cluster is in a healthy state it proceeds to deactivate the secondary node, apply patches then reactivates the cluster once patched. The process repeats for the primary node which triggers a failover to the secondary node ensuring continuous availability of the SAP system as the primary node is patched. AWS also offers Systems Manager documents for stop/start of your SAP systems and this can easily be integrated with AMS patching automation.

The benefits of using AMS for SAP cluster-aware patching are multifaceted:

  • Firstly, it drastically reduces the risk of downtime. By leveraging automation tools like AWS Systems Manager, the patching process is expedited, and the chance of human error is minimized. This automation, coupled with the expertise of managed service professionals, ensures that patching is done quickly and accurately, with little to no impact to end-users. If the patch fails, AMS investigates the failure and recommends a course of action to remediate the issue.
  • Secondly, AMS provides enhanced security and compliance. Regular patching is vital for maintaining the security posture of any SAP environment. AMS ensures that patches are applied promptly, keeping the system secure against known vulnerabilities and in line with compliance requirements.

Continuity management

AMS protects your SAP landscape primarily via AWS Backup, a centralized solution that ensures business continuity and minimizes data loss for AWS resources, including EC2 instances, EFS, Amazon FSx, RDS and SAP HANA databases. Seamlessly integrated with the AWS Backint Agent, AWS Backup enables efficient SAP HANA backups and restores. Additionally, the AMS team proactively monitors SAP HANA database backup jobs, and in the event of a failure, promptly troubleshoots and resolves the issue, ensuring the reliability and availability of your critical data. AMS assists with the configuration and deployment of the AWS Backint Agent for backup and restore your SAP HANA database to and from Amazon Simple Storage Service (Amazon S3) or AWS Backup.

Cost optimization

As organizations modernize their SAP environments, optimizing costs become a top priority. By streamlining SAP workload expenses, valuable resources can be reallocated to drive innovation and growth. AMS Operations leverages SAP on AWS cost optimization guidance to deliver expert cost optimization recommendations and implementation for SAP workloads. Our cost optimization process involves a comprehensive review of existing SAP on AWS architecture and an analysis of AWS Cost Explorer for all AMS accounts hosting SAP workloads. This provides tailored recommendations for cost savings.

Implementation may involve EC2 right-sizing, AWS Savings Plans implementation, utilizing AMS Resource Scheduler to automate start & stop non-critical workloads so they are utilized only when needed, migrating to latest-generation EC2 instances and EBS volume types, and rearchitecting workloads as needed. Additionally, customers can run self-service SAP Lens reviews using the AWS Well-Architected Tool to identify risks and cost optimization opportunities, and share reports with AMS for review and implementation.

By collaborating with AMS, organizations can unlock significant cost savings and accelerate their SAP modernization journey.

Security

Security is a critical consideration when running mission-critical SAP workloads in the cloud and requires careful planning, implementation, and ongoing monitoring. By following best practices and leveraging AWS security features, organizations can ensure the integrity and confidentiality of their SAP environments. AMS employs a robust security framework to safeguard your assets and ensure the integrity of your SAP infrastructure. This includes maintaining a library of AWS Config Rules and remediation actions to enable seamless compliance with industry standards. Additionally, AMS leverages Amazon GuardDuty to continuously monitor for potential security threats, with findings reviewed 24/7 by the AMS team. AMS also supports Amazon Macie to help protect sensitive data such as PII and financial information. By proactively mitigating risks and providing preventative and detective security controls, AMS elevates operational excellence for customers running SAP on AWS. This multilayered approach empowers organizations to focus on their core business objectives while AMS manages the security of their SAP environments.

Conclusion

By partnering with AMS, organizations can navigate the challenges of managing SAP environments and unlock the full potential of their SAP investments, driving business success in the digital age. With AMS, your SAP infrastructure is continuously monitored, ensuring that any issues are swiftly identified and resolved, thus maintaining high levels of performance and availability while reducing the burden on your internal IT teams. Lastly, AMS provides access to a team of AWS and SAP experts who can offer guidance, best practices, and specialized support. This helps you to optimize your SAP environments and ensure smooth operation, enabling your teams to focus on the core business objectives rather than the complexities of infrastructure management.

Discover how to enhance your SAP systems on AWS using AMS, OOD, and IDR services by exploring AWS Managed Services (AMS). For a comprehensive evaluation of your SAP environment and to understand how AWS can improve your SAP operations, get in touch with your AWS account representative or connect with an AMS specialist via our Contact page. Additionally, you can initiate a complimentary AWS Well-Architected SAP Lens review today to pinpoint potential areas for optimizing your SAP workload operations.

TAGS: , , , , , ,
Mahnoor Hussain

Mahnoor Hussain

Mahnoor Hussain is a Specialist Solutions Architect focused on cloud operations and security. With a passion for modernizing and architecting solutions, she helps organizations optimize their cloud environments to maximize performance and enhance resilience. When not immersed in the world of cloud technology, Mahnoor enjoys spending time with family and exploring new destinations through her love of travel.

Tega Agbogidi

Tega Agbogidi

Tega is a Senior Cloud Architect with AWS Managed Services (AMS). He has more than a decade of experience related to cloud operations and specializes in optimizing SAP workloads on AWS and leveraging AWS Managed Services (AMS) to deliver robust, scalable solutions.

Khaliluddin Siddiqui

Khaliluddin Siddiqui

Khaliluddin Siddiqui is a Principal Technical Account Manager at AWS with over 19 years of experience in enterprise IT transformation. As a technical leader of AWS's Enterprise Support SAP offerings, he established global Centers of Excellence and provided strategic advisory for more than 60 Fortune 500 companies in their cloud journey. He specializes in complex SAP implementations/migrations, having led technical transformations for multi-billion-dollar mergers and acquisitions.