IBM Db2 for SAP Planning Guide
Version Control:
Version | Revision Date | Types Of Changes | Effective Date |
1.0 | 2019/2/28 |
This guide provides information that you can use to plan for the installation of an IBM Db2 system that supports SAP applications on Alibaba Cloud.
For more information about certified SAP products on Alibaba Cloud, including IBM Db2, please kindly refer to SAP Note 2552731.
Overview of Alibaba Cloud
Alibaba Cloud is built on a global infrastructure providing all kinds of IaaS products and services. Alibaba Could services are available to use in different geographical regions across the globe. Before running your SAP NetWeaver with IBM Db2 on Alibaba Cloud, following basic knowledge must be understood well:
Alibaba Cloud Elastic Compute Service (ECS)
Alibaba Cloud Elastic Compute Service (ECS) is a web service that provides resizable compute capacity in the cloud. Its simple web service interface allows you to obtain and configure computing capacity with minimal effort. You are able to quickly scale capacity up and down as your computing requirements change, and you only pay for capacity that you actually need.
You can use the standard Alibaba Cloud methods to deploy your ECS instances on Alibaba Cloud platform, including ECS Console (the Cloud Platform Console web UI) and REST API. You can read the following pages to get more useful information.
For detailed information and step-by-step instructions about deploying your SAP system with IBM Db2 on ECS, please refer to IBM Db2 for SAP Deployment Guide on Alibaba Cloud.
Alibaba Cloud Block Storage (Cloud Disk)
Alibaba Cloud Block Storage (Cloud Disk) provides persistent block-level storage volumes for use with Alibaba Cloud ECS instance on the Alibaba Cloud Platform. Cloud Disk volumes provide the consistent and low-latency performance needed to run your workloads. With Cloud Disk, you can scale your usage up or down within minutes – all while paying a low price for only what you provision.
Alibaba Cloud File Storage NAS (NAS)
Alibaba Cloud File Storage NAS (NAS) is a file storage service for Alibaba Cloud ECS instances, Alibaba Cloud E-HPC and Container Service. It provides standard file access protocols, so you do not have to modify existing applications. This enables you to have a distributed file system with unlimited capacity and performance scaling, with a single namespace, multi-party sharing, high reliability, and high availability.
Alibaba Cloud Virtual Private Cloud (VPC)
Virtual Private Cloud (VPC) creates an isolated network environment for users on Alibaba Cloud. You can select an IP address range, divide networks, and configure the routing list and gateway.SAP NetWeaver and the Alibaba Cloud services work together in particular ways to deliver combined business application and infrastructure capabilities to our customers.
SAP NetWeaver system and IBM Db2 use Alibaba Cloud ECS instances storage services as well as Virtual Private Cloud service.
SAP Host Agent/SAPOSCOL is deployed with standard installation of SAP NetWeaver and is able to make calls to the monitoring agent component provided by Alibaba Cloud.
Alibaba Cloud ECS Metrics Collector is the monitoring agent that collects required CPU\Memory\Disk\Network monitoring data and makes these metrics available to SAP applications.
For more information about SAP Netweaver on Alibaba Cloud, please kindly refer to SAP NetWeaver Planning Guide and SAP NetWeaver Implementation Guide.
Deployment Architecture
Depends on your business workload, you can setup your SAP system with IBM Db2 on 2-Tier or 3-Tier enviroment. The different is whether SAP application instance is located on same ECS instance as the underlying database or not. For more details information, please kindly refer to SAP NetWeaver Planning Guide.
In this guide, we take 2-Tier as example which requires:
1 supported ECS
File storage system layout:
The database id volume:
/db2/<DBSID>/
The instance volume:
/db2/db<DBSID>/
, which contains the home directory of db[DBSID] user and instance data.The log volume:
/db2/<DBSID>/log_dir
, which contains at least online log files.The dump volume:
/db2/<DBSID>/db2dump
, which contains Db2 dump and dianostic files.The data volume:
/db2/<DBSID>/sapdata<n>
. SAP data for container type database managed space (DMS) FILE or for use of Db2’s automatic storage management.The temporary tablespace volume:
/db2/<DBSID>/saptemp<n>
, which contains temporary tablespace.
Planning
Regions and Zones
When you deploy a VM, you must choose a region and zone. The Alibaba Cloud infrastructure is built around Regions and Zones. A Region is a physical location in the world, where for most cases, we have multiple Zones. Zones consist of one or more discrete data centers, each with redundant power, networking and connectivity, housed in separate facilities. These Zones offer you the ability to operate production applications and databases which are more highly available, fault tolerant and scalable than it would be possible from a single data center.
Following factors need to be taken into consider when you choose the region and zone:
The location of your end users and your resources, such as your IDC and network in order to reduce the latency.
The location of your SAP applications and databases. One system which consiste of SAP application and database should be located within 1 zone.
For more information please kindly refer to Regions and Zones.
Supported ECS Types
Alibaba Cloud ECS offers a number of instance types (virtual machine sizes) for deploying SAP solutions. Each instance type offers different CPU, memory, and I/O capabilities. You can only run your SAP applications with IBM Db2 on ECS instances which have been certified by SAP. Each SAP-certified ECS instance type has been sized using SAP’s Standard Application Sales and Distribution (SD) benchmark toolkit. For details about SAP certified instance, please kindly refer to:
SAP Note 2552731 - SAP Applications on Alibaba Cloud: Supported Products and IaaS VM types
In case you do not have access to SAP note, please refer to SAP NetWeaver Planning Guide. For detailed descriptions of ECS instance types, please kindly check the official website of Alibaba Cloud.
As mentioned above, SAP supports various of ECS VM types on Alibaba Cloud, you need to choose correct one based on your current business workload and potential increase. For more details about SAP sizing, please kindly refer to official SAP Sizing.
Supported Operation Systems
When you create an ECS instance, you use an image that contains a pre-installed base operating system. Alibaba Cloud works with operating system partners to provide you with up-to-date, optimized operating system images. There are several ways you can specify an image for your ECS instance.
Public image
Licenses for the operating system in public images are already included in the price of ECS instance charge. You are not required to provide your own operating system licenses. Following ones are the required operating systems for SAP applications usage available in Public Image list:
SLES-11-SP4
SLES-12-SP1
SLES-12-SP2
Windows Server 2016 Data Center Edition 64 bit
Windows Server 2012 R2 Data Center Edition 64 bit
Windows Server 2008 R2 Enterprise Edition 64 bit
Marketplace image
Marketplace image: OS vendor certified images which contains preinstalled operation system and configured user environment. Alibaba Cloud currently supports the following images for running SAP NetWeaver systems::
Red Hat Enterprise Linux Server (RHEL)
For the most current supported operating systems please kindly refer to
SAP Note 2552731 - SAP Applications on Alibaba Cloud: Supported Products and IaaS VM types.
Networking and Security
Security Group
A security group functions similarly to virtual firewalls, and is used to set network access controls for one or more ECS instances. When creating instances, you must select a security group. You can also add security group rules to control outbound and inbound network access for all ECS instances in the security group.
SSH Key Pairs
Alibaba Cloud offers two authentication methods for remote logon to ECS instances:
Password logon: A standard authentication method using the administrator password. It applies to both Windows instances and Linux instances.
SSH Key Pair logon: This method only applies to Linux instances. If you are running Linux, it is recommended that you choose this authentication method to protect your ECS instance’s security.
An SSH Key Pair is a pair of keys generated by an encryption algorithm: one key is intentionally available, known as the public key; and the other key is kept confidential, known as the private key.
Alibaba Cloud can help you to generate the key pair using 2048-bit RSA key by default. You are also welcome to import the public key of a key pair that has been generated by other key pair generation tool. For more details, please kindly see SSH key pair on Alibaba Cloud as follows: https://www.alibabacloud.com/help/doc-detail/51792.htm.
If you have placed the public key in a Linux instance, you can use the private key to log on to the instance using SSH commands or related tools from local computer or another instance, without the need to enter a password.
Router configuration
When you create a VPC network on Alibaba Cloud, a vRouter and route table are automatically created after the VPC creation. You cannot create or delete them directly. They will be deleted automatically with the deletion of the VPC. You can add route entries to the route table to route network traffic.
Each entry in the route table is a route entry determining where network traffic is directed. A route entry with the destination CIDR block 100.64.0.0/10 is added by the system by default, when you create a VPC. You are allowed to add customized route entries for your VPC.
If an ECS instance in the VPC, without external IP address, wants to access the internet, a NAT gateway is needed. You can see more details about NAT gateway from following link: https://www.alibabacloud.com/product/NAT.
Bastion Server
Bastion hosts provide an external facing point of entry into a VPC network containing private-network VMs. This host can provide a single point of fortification or audit and can be started and stopped to enable or disable inbound SSH communication from the Internet.
SSH access to VMs that do not have an external IP address can be achieved by first connecting to a bastion host.
When using a bastion host, you log into the bastion host first, and then into your target private ECS instance through an SSH based tool, like putty.
NAT Gateway
When an ECS instance is created within VPC and without an assigned external IP address, it cannot make direct connections to external services.
To allow these ECS instances to access the Internet, you can set up and configure a NAT gateway. The NAT gateway can route traffic on behalf of any ECS instance in the VPC. You should have one NAT gateway per VPC.
In the case of deploying an SAP solution, an NAT gateway configure with SNAT for the VPC is a must. For more details about this configuration, please kindly refer to Implementation guide.
See more details about NAT Gateway, from Alibaba Cloud official site as follows: https://www.alibabacloud.com/product/NAT
If you want to allow the access to your SAP system from Internet, it is suggested that you use a NAT gateway.
VPN Gateway
You can securely connect your existing IDC to your VPC on Alibaba Cloud through a VPN connection using IPSec by using VPN gateway on Alibaba Cloud. Traffic traveling between the two networks is encrypted by one VPN gateway, then decrypted by the other VPN gateway. This protects your data as it travels over the Internet. For more information, please kindly check Alibaba Cloud official site.
See more details of VPN Gateway from Alibaba Cloud official network as follows: https://www.alibabacloud.com/product/vpn-gateway
If you only want to have access your SAP system from local data center or office LAN, it is suggested that you can connect your local data center and office LAN to VPC on Alibaba Cloud through VPN Gateway.
Security document
Following additional resources will help you to further understand your SAP environment on Alibaba Cloud from security and compliance perspective:
Storage
Alibaba Cloud Block Storage (Cloud Disk) provides persistent block-level storage volumes for use with Alibaba Cloud ECS instance. You can choose different Cloud Disk type depending on your requirement:
Disk Category | Basic Cloud Disk | Ultra Cloud Disk | SSD Cloud Disk |
Max size of single disk | 2 TB | 32.768 TB | 32.768 TB |
Max IOPS per disk | 300+ IOPS | 3,000 IOPS | 20,000 IOPS |
Max throughput per disk | 20~40 MBps | 80 MBps | 300 MBps |
Access latency | 5.0~10.0 ms | 1.0~3.0 ms | 0.5~2.0 ms |
Typical scenarios | Data is not frequently accessed or with low I/O loads. | - Small and medium sized databases. - Development and testing. - Cloud Server logging. | - I/O intensive applications. - Medium sized or large relational databases. - NoSQL databases. |
For Data reliability, with the strength of the Alibaba Cloud distributed storage technology, which uses a triplicate storage system, all these 3 disk types ensure data integrity of 99.9999999%. |
Cloud disk is located independently from your ECS instance, which means you can detach or move your cloud disk between different ECS instances and also be kept after the ECS instance is dropped. Besides, you can also resize your cloud disk to meet potential workload increase requirement.
Supported IBM Db2 Versions
SAP certified SAP NetWeaver with the following editions of IBM Db2 on Alibaba Cloud:
Db2 Advanced Enterprise Server Edition (AESE) version 11.1 for Linux, UNIX, and Windows
Db2 Advanced Enterprise Server Edition (AESE) version 10.5 for Linux, UNIX, and Windows
You must use the SAP-certified IBM Db2 software fix pack (FP) levels. The use of other IBM Db2 software levels is not allowed.
For more information, see SAP Note 101809 - DB6: Supported Db2 Versions and Fix Pack Levels.
Supported IBM Db2 Scenarios
SAP supports most IBM Db2 features on Alibaba Cloud exclude following scenarios:
High Availability and Disaster Recovery for Db2 with cluster manager TSAMP
Multi-partition Db2 databases
IBM Db2 pureScale feature
IBM Db2 backup and recovery
Since most SAP NetWeaver systems are used for mission critical workloads, customers must have a data backup and restore plan to ensure that their system and database can be restored if the worst case happens.
For information about the backup and recovery of IBM Db2 systems that support SAP, please kindly refer to:
Licensing
SAP License
Running SAP on Alibaba Cloud requires you to bring your own license (BYOL).
For more information about SAP licensing, please contact SAP.
Linux License
In Alibaba Cloud, there are two ways to license SUSE Linux:
Pay-as-you-go licensing model:
Alibaba Cloud provides SLES 11 SP4 and SLES 12 SP2 as public images, and the SLES license cost is included in ECS instance price
BYOL model:
Customer can purchase their own SLES license and import SLES operating system as customized images.
Regarding Red Hat Enterprise Linux, there are two ways to consume Alibaba Cloud:
Pay-as-you-go licensing model:
You can choose Red Hat Enterprise Linux 7.4 and 7.5 as marketplace image, while the RHEL license needs to be obtained from Red Hat separately.
Subscription model:
You can choose Red Hat Enterprise Linux 7.4 and 7.5 as marketplace image, while the RHEL license needs to be obtained from Red Hat separately.
Windows License
In Alibaba Cloud, we provide Pas-as-you-go licensing model for following Windows version:
Windows Server 2016 Data Center Edition 64bit
Windows Server 2012 R2 Data Center Edition 64bit
Windows Server 2008 R2 Enterprise Edition 64bit
IBM Db2 License
In order to run your SAP with IBM Db2 on Alibaba cloud, you can bring your own license(BYOL) which can be obtained from IBM or SAP. For more information about licensing and support, please kindly refer to: