SAP® on Microsoft Azure osa 1

www.connmove.de

SAP on Microsoft Azure

Architect Workshop for Partners

Connmove Portfolio

Making you IT efficient – solid – agile

Making your IT efficient – solid – agile

IT Evolution – the wave to the cloud

Optimized Infrastructure Virtualization Private Cloud Cloud

Services

Experts with Passion for SAP and

Microsoft

Software

Smart software enables high-quality and

cost effective operation

Founded in 2007

> 14 Employees

Office in Germany:

Birkenau

(near SAP HQ)

Independent:

Owner controlled

SAP software partner

Microsoft partner

Timing (Part I)

08.30 – 09.00

Registration

09.00 – 09.15

Welcome and Introduction, organizational tasks

09.15 – 10.30

Microsoft Azure

Cloud Computing

Access to Azure

Azure Management Portal

Network services

10.30 – 10.45

Coffee Break

1/13/2015 3

Timing (Part II)

10.45 – 12.15

Microsoft Azure

Virtual Machines

Storage concept

Scripting on Azure

SQL Database

12.15 – 13.15

Lunch

13.15 – 14.30

SAP on Azure

SAP Support for Microsoft Azure

VM and VHD configurations for SAP

Performance Considerations

1/13/2015 4

Timing (Part III)

14.30 – 14.45

Coffee Break

14.45 – 15.45

SAP om Azure

HA/DR for SAP on Azure

Migration to Azure

Use Cases

Automation

15.45 – 16.15

Demo

References

Q&A

1/13/2015 5

Microsoft Azure

Services available in the cloud:

1/13/2015 6

Cloud Computing - Nomenclature

Microsoft Azure

1/13/2015 7

Cloud computing - Responsibilities

Microsoft Azure

1/13/2015 8

What is unique about?

Better together• More than one view of the world: cloud, on-premises, hybrid

• Familiar tools for management with System Center

• Familiar development tools with VS and TFS

• Familiar identity with AD

Better by design• IaaS + PaaS: build for the future while addressing today’s needs

• Better durability with geo replication

• Transparent SLAs: calculated monthly for Virtual Machines and Virtual Network

• SLA across more services (gateway, storage and more)

No lock-in• Consistent on and off-premises experience:

• VM portability with VHD

Better support

• Direct Microsoft support for validated workloads – i.e. SharePoint and SQL Server

• Variety of support plans

• Local enterprise and SMSP and support teams

• Enterprise ready business practices and procurement

Better presence• Single consistent price point across in all regions

• Local presence in 89 countries, support for 19 currencies

Microsoft Azure

PaaS – Platform as a service –

You don’t manage or control the network servers or operating system. PaaS can be more efficient in some ways, but is less flexible. More developer oriented.

IaaS – Infrastructure as a service –

What we’re focusing on today. You have control over your VMs and the network configuration, but don’t have to worry about hardware.

Cloud Service (in this context) –

A container or management grouping. Every virtual machine is contained within a cloud service.

Windows Azure Virtual Machines – IaaS

You can provision, migrate, and manage VMs. VMs can run Windows, Linux, and enterprise applications.

Windows Azure Virtual Network –

The networking overlay that allows you to create and manage virtual networks in Windows Azure and securely connect them to your own on-premises network.

1/13/2015 9

Terminology

Microsoft Azure

1/13/2015 10

Provided Services

Microsoft Azure

1/13/2015 11

Where are the services provided?

Microsoft Azure

“Pay what you use”

Avg. CPU utilization onPremise ~ 10 – 15%

Per minute billing

No charge for stopped VMs

Flexibility

Spin up and spin down resources dynamically

Cycle down -> “parking money”

1/13/2015 12

Why using Azure? - Cost aspects

Microsoft Azure

Azure Account (Microsoft Account ID) defines

How Azure usage is reported

Who is the Account Administrator

Azure Subscriptions

organize access to cloud service resources

help you control how resource usage is

Reported

Billed & paid

Subscription-Example

Name: “Company – Project 1 – <Development / Quality Assurance / Production>”

Service Administrator: <Development Manager / IT Manager>

Co-Administrators: Developers on Project 1

https://account.windowsazure.com/Home/Index

1/13/2015 13

Account & Subscription

Microsoft Azure

1/13/2015 14

Accout Portal

Microsoft Azure

MSDN Member Benefits

No credit card needed for MSDN members to sign up

Discounted rates for Dev/test scenarios

up to 97% savings

MSDN credits per month-use for any Dev/test scenario

1/13/2015 15

Subscription Benefits

Microsoft Azure

Each user which should manage the Azure subscription needs a Microsoft ID

(registration for any MS service like Office 365, outlook.com or Xbox)

One Account Administrator per Azure subscription

Authorized to access the Account Center (create subscriptions, cancel subscriptions, change billing for a subscription,

change Service Administrator, and more)

One Service Administrator

Authorized to access Azure Management Portal for all subscriptions in the account. By default, same as the Account

Administrator when a subscription is created

Up to 200 Co-administrators

Equal rights as a Service Administrator, but can’t change the association of subscriptions to Azure directories

1/13/2015 16

Microsoft ID & User Management

Microsoft Azure

Enterprise Agreement Customers:

Enterprise Administrator

The Enterprise Administrator has the ability to add or associate Accounts to the Enrolment, can view usage data

across all Accounts, can view the monetary commitment balance associated to the Enrolment, and can provide

Account Owner visibility to view charges.

1/13/2015 17

Microsoft ID & User Management

Microsoft Azure

1. Portal access

Uses Live ID (Microsoft Account)

Go to http://manage.windowsazure.com

Role: Service Administrator or Co-Administrator

Uses special REST API without providing certificate

2. Management certificate

Certificate can be self-signed

Does not check certificate expiration

Used by PowerShell

Used by REST API

3. Storage access

Uses secret key

Or anonymous share access

4. RDP VM access

Uses username/password

1/13/2015 18

Ways for Azure Authentication and Access

Microsoft Azure Management Portal

Demo

1/13/2015 19

Microsoft Azure Design considerations for IaaS

Affinity Group (= placed near each other)

Virtual Network (= can communicate)

Cloud Service (= public IP and management unit)

Fault Domain (= physical racks)

Availability Set (= place in different racks)

Update Domain (= update at different times)

1/13/2015 20

Groupings

Microsoft Azure

Affinity groups

a way you can group your cloud services by proximity to each other in the Azure datacenter in order to achieve

optimal performance.

When you create an affinity group, it lets Azure know to keep all of the services that belong to your affinity group as

physically close to each other as possible.

1/13/2015 21

Affinity Groups

Microsoft Azure Network concept

Setup virtual private networks in the cloud

Logical isolation with network configuration options

Create subnets, private IP addresses

Two approaches:

1/13/2015 22

Virtual Network


Manage as extensions of on-premises datacenters

Build virtual networks that scale

Traditional, familiar approach to build extension to datacenter

Scalable approach to building virtual networks

Control over network configuration

Define your own IP address ranges

Be compliant with corporate IT security policy

Enables rich hybrid scenarios

Hybrid apps can reach all or portion of the on-premise network

Works with both Windows and non-Windows systems

1/13/2015 23

Virtual Network


1/13/2015 24

Virtual Gateways

10.2.2.0/24 10.2.3.0/24

10.1.2.0/24 10.1.3.0/24


Azure ExpressRoute enables you to create private connections between Azure datacenters and

infrastructure that’s on your premises or in a colocation environment.

ExpressRoute connections do not go over the public Internet

With ExpressRoute, you can establish connections to Azure at an ExpressRoute location (Exchange

Provider facility) or directly connect to Azure from your existing WAN network (such as a MPLS VPN)

provided by a network service provider.

1/13/2015 25

ExpressRoute


Active Directory in the Cloud

Integrate with on-premises Active Directory

Enable single sign-on within your apps

Supports SAML, WS-Fed, and OAuth 2.0

1/13/2015 26

Active Directory


Configuration wizard automatically launches

1/13/2015 27

Active Directory


Enter Windows Azure AD Credentials

1/13/2015 28

Active Directory


Enter Windows Server AD Credentials

1/13/2015 29

Active Directory


Enable Hashed Password Sync

1/13/2015 30

Active Directory


Almost done Finished, Sync will start automatically

No need to install on multiple DC’s. No reboot required!

1/13/2015 31

Active Directory








1/13/2015 32

Groupings

Microsoft Azure

What is a Cloud Service?

Cloud Service = Grouping of VMs with single public IP

+ Stop/Start/Delete operations

Cloud Service has:

DNS name (*.cloudapp.net) - worldwide unique

Public Virtual IP - worldwide unique

List of input endpoint

One or more VMs

A VM is always deployed in ONE Cloud Service (n:1 relationship)

1/13/2015 33

Virtual machine concept

Microsoft Azure Virtual Machine Concept

VM based in VHD files

VM is a Hyper-V VM

Azure runs thousands of physical Hyper-V servers

VHD file can be provided by

Azure („image“)

Customer („uploaded VHD file“)

IaaS VMs are persistent

Different than PaaS VMs

VM is connected to the internet

No use of easy-to-guess passowrd

1/13/2015 34

IaaS - VMs


Determines assigned memory and assigned processors

The size of the virtual machine affects the pricing and the tier affects some capabilities:

Number and type of vCPUs

Main Memory

# and IOPS per Data Disk

Different Tier Categories

Basic

Standard

Different VM sizes from A0 to A9

http://azure.microsoft.com/en-us/pricing/details/virtual-machines

1/13/2015 35

Sizes for Virtual Machines

http://azure.microsoft.com/en-us/pricing/details/virtual-machines


Windows Server and Linux Virtual Machines

Very easy to create a VM in Azure

Use Wizard or "Quick Create" (= super-wizard)

Will encounter several new concepts:

1/13/2015 36

Creating Your First VM in Azure

Gallery

Image

Disk

VM name

VM size

New user

+ Password

Cloud service

+ DNS name

Location

Storage account

Availability set

Endpoints


The VM has assets :

VM size

Disk (= lock on vhd-file)

DNS name (= cloud service name: *.cloudapp.net) - worldwide unique

Host name

Public Virtual IP - VIP (= cloud service IP) - worldwide unique

Internal IP - DIP (example: 192.168.1.4)

VM is connected to Internet

Endpoints (= map public port AUTO to internal port on VM 3389)

Note the importance of avoiding common name+password (!)

1/13/2015 37

After creation of the First VM


Three different methods to create an Azure VM:

Use a VM template provided by Azure

Create an own template for your personal VM Gallery

Upload a VHD file from onPremise to Azure

1/13/2015 38

How to create a VM


Microsoft Azure Management Portal

Click New, under Compute, click Virtual Machine, and then click From Gallery.

1/13/2015 39

How to create the virtual machine?


1/13/2015 40

How to create the virtual machine?


Install your Software or configure the OS as needed

Sysprep the VM which is running in Microsoft Azure

Capture the stopped VM using the Management Portal

VM template is available under Images

Source VM is deleted

1/13/2015 41

Build a VM template


Prerequisites:

Microsoft Azure PowerShell Module active

Supported Windows Operating System installed in a VHD (not VHDX!)

Sysprep the VM running on Hyper-V

Upload the VHD in an Azure storage account using

Add-AzureVhd -Destination "<BlobStorageURL>/<YourImagesFolder>/<VHDName>.vhd" -LocalFilePath<PathToLocalVHDFile>

Add the Image to Your List of Custom Images

Create virtual machines using the new image

1/13/2015 42

Upload a virtual machine to Microsoft Azure


1/13/2015 43

Upload a virtual machine to Microsoft Azure

Microsoft Azure Virtual Machine concept

Communication between VMs does not use Endpoints

Uses TCP or UDP

Endpoints provide:

Inbound access to VM

Load-balancing between multiple VMs

Load-balanced Endpoint provide two functions:

Performance

Spread load between multiple VMs

Fault tolerance

Ensure responsiveness if a VM is down

1/13/2015 44

Load Balancing - Endpoints








1/13/2015 45

Groupings

Microsoft Azure Virtual Machine concept

Affinity Group

Place VMs "near" each other

Availability set

But place VMs not "too close" together

SPOF = Fault Domain

Maintenance Windows = Update Domain

1/13/2015 46

Availability Groups

Microsoft Azure

Storage Account

highest level of the namespace for accessing the storage services

associated with your Azure subscription

Container

Blob

1/13/2015 47

Storage concept

Microsoft Azure

C:\ = OS Disk

D:\ = Non-Persistent Cache Disk (/dev/sdb/ on Linux)

E:\, F:\. G:\ ... Data Disks

1/13/2015 48

Storage concept

Capability OS Disk Data Disk

Host Cache Default ReadWrite None

Max Capacity 127 GB 1 TB

Imaging Capable Yes No

Hot Update Cache Setting Requires

Reboot

Change Cache Without Reboot,

Add/Remove without Reboot.

Microsoft Azure Storage concept

Data Disks can have caching enabled on up to 4 disks.

1/13/2015 49

Disk Caching

Disk Type Default Supported

OS Disk ReadWrite Read-only and ReadWrite

Data Disk None None, Read-only and ReadWrite


OS and Data Disks are stored in Windows Azure Storage

Data is 3 times replicated on:

Locally

Regional data center

1/13/2015 50

Persistent Disks and Highly Durable


1/13/2015 51

Persistent Disks and Highly Durable

If your Hardware fails, the VM will re-start immediately

Windows Azure Powershell

Azure cmdlets

Download from Microsoft

Configure connectivity to your subscription

cmdlet Reference

http://msdn.microsoft.com/en-us/library/azure/jj554330.aspx

cmdlet Modules

1/13/2015 52

Scripting

http://msdn.microsoft.com/en-us/library/azure/jj554330.aspx

Microsoft Azure SQL Database

Formerly SQL Azure or SQL Server Data Services

Relational database-as-a-service

Service tiers (Editions)

Basis, Standard, Premium, (Web, Business)

Default Collation

SQL_LATIN1_GENERAL_CP1_CI_AS

1/13/2015 53

Not supported for SAP

Technology

SAP® on Microsoft Azure osa 1