Skip to Content

Composition in the Cloud: Run your own SAP NetWeaver CE 7.1 EHP 1 in the cloud (Part 1 of 3)


Are you curious about cloud computing or composition but haven’t gotten around to trying it? This step-by-step blog guides you through the setup of a complete SAP NetWeaver Composition Environment trial installation in the cloud. Following the instructions, you’ll get both a CE system on the internet and valuable first-hand experience with cloud computing.

In this three-part webblog series, we will setup our own server in the cloud and install and configure SAP NetWeaver Composition Environment CE 7.1 EHP 1 on it.

Our CE in the cloud will have the following features:

  • Runs on the internet – accessible from anywhere
  • Desktop access via Remote Desktop Connection
  • Virtual servers can be copied, shared, backed up and restored within minutes

Basic concepts and motivation

There are many usages of the term “cloud computing” and the following working definition is probably not the best. However, let us say it means that you run software without running a server. Instead of setting up a physical server and running your software on it, your software runs… elsewhere. It might as well be located in a cloud in the sky. If that sounds vague, it does so with full intent, because the very point of computing in the cloud is that you must no longer worry about the physical details of the server(s) running your software and where they are located. A provider company operates the servers for you.

Typically, your resources in the cloud are highly scalable and you pay according to usage. This means that you save money when you’re not using the resources, but you can also have three hundred new servers up and running within fifteen minutes if need be. The simplicity and speed with which resources are available are truly awesome. Setting up a dozen new high-performance servers is as quick and easy as filling out an absence form (but without the approval step).

Another aspect is that sharing the physical resources your software runs on with many other users is not only cost-efficient (because of scaling effects), but also highly energy-efficient. Any enterprise thinking green should consider cloud computing as a climate-friendly time-sharing model for their server farms.

Here’s the Wikipedia entry on Cloud computing:

What you will use during this blog

You can as well go ahead and download and install some of this software

Related blogs

This blog contains a lot of material that is already in those two other blogs. I did this because I wanted a document that is more or less complete in itself, so I hope you don’t mind the overlaps with the following excellent weblogs. Without these, I never would have found my way through Amazon Web Services.

Fellow SCN Blogger Martin English gives a great step-by-step guide for installing a full-blown IDES system on AWS EC2:

Dave Winer gives a Hello-World-style introduction to AWS in his “EC2 for Poets” blog:

Chris Carter hosted a Webinar about SAP in the Cloud. This sparked my interest so strongly that I had to go and try it out.

If you find anything in my blog unclear, I recommend you to check the above blogs for a better explanation.

Sign up to Amazon AWS

If you already have an Amazon account, you can use it and add the EC2 and S3 “facets” to it. Or you can go to and sign up for a new account if you want to separate your shopping from your computing.

Creating a new Amazon Web Services account is self-explanatory.

Get the access key and secret access key

Once you have created your account and received the confirmation mail, go to and get your access identifiers. These are the credentials you need to access and administrate your servers in the cloud.

The access key is like a username. It’s not secret and you use it to identifiy yourself.

The Secret Access Key is like a password, but it is never sent over the network. Instead, you (or the client software you use) use it to digitally sign some of the requests you send to AWS in order to authenticate the request.

Copy and paste both to a local file and don’t lose them.

You can ignore the X.509 certificates for now.

Sign up for EC2 and S3

The AWS account is not enough – now you need an EC2 account. EC2 (Elastic Compute Cloud) is a sub-product of AWS: It’s the actual cloud computing service that allows you to run virtual servers.

S3 (Simple Storage Service) is another sub-product: It’s a storage service that allows you to store data and retrieve it. When working with EC2, you need S3 because you’re going to store server images, virtual hard disks, and snapshots of hard disks.

An easy way to sign up for EC2 and S3 is to follow this link:

Here you can enter your credit card data so that Amazon EC2 knows how to bill you.


The EC2 signup page will also give you a pricing overview. As I’m writing this, some examples prices are:

  • $0.125 per Small Windows Instance (m1.small) instance-hour (or partial hour)
  • $0.50 per Large Windows Instance (m1.large) instance-hour (or partial hour)
  • $0.30 per High-CPU Medium Windows Instance (c1.medium) instance-hour (or partial hour)
  • $0.100 per GB Internet Data Transfer – all data transfer into Amazon EC2
  • $0.170 per GB Internet Data Transfer – first 10 TB / month data transfer out of Amazon EC2

S3 Storage prices are available at Current examples:

  • $0.150 per GB – first 50 TB / month of storage used
  • $0.140 per GB – next 50 TB / month of storage used
  • $0.130 per GB – next 400 TB /month of storage used

License fees for the installed software such as Windows Server 2003, Microsoft SQL Server, Oracle DB, are included.

Amazon AWS terminology

Before starting the Management Console, we should learn some of the concepts and terminology of Amazon AWS, EC2 and S3, because otherwise we will feel quite lost.


An Instance is a currently running virtual server. It comes to life by launching it and ends when you terminate it. A terminated instance cannot be revived or saved – in fact there’s nothing at all you can do with a terminated instance. An instance is just one run of a server image, so to speak.

Running instances can be bundled, which means that a reusable server image is made from the current state of the instance. Bundling is in fact the only way of persisting changed made you an instance – the result can either be a new AMI or an existing AMI can be overwritten.


An AMI is a sleeping server image. You create an AMI by bundling an instance. The AMI can be brought to life by launching an instance from it. Anything that happens to the instance after launch has no effect on the AMI, which rests silently and waits for the next instance to be launched from it.

AMIs have a visibility (public or private). You can publish your server images to the world by making them public, or you can release them to individual users by maintaining an ACL (access control list).

Bundle Tasks

When you give order to bundle a running instance, a bundle task is started. The bundle task creates a copy of your instance which you can use to create an AMI. This is how you persist changes made to an instance: bundle it while it’s running and create an AMI (possibly overwriting the old one) from the bundle task.

Volumes and Snapshots

Volumes are virtual hard disks that can be attached to running instances and detached from them. They are reusable and can be attached to many different instances, but only to one at a time. Volumes are persistent – the changes made to them are not lost when you terminate an instance. Volumes are completely ignored when an instance is bundled. The best way to think of a volume is probably as a very fast USB hard drive that can be quickly plugged and unplugged easily.

You can make snapshots from volumes – this is how you backup data – and create new volumes from snapshots – this is how you restore backups.


A bucket is a storage location provided by the S3 Storage Service. It is basically a folder which belongs to you and which you can use to store AMIs, Volumes, and Snapshots. Each bucket is located in a region (US or EU). Only the buckets located in the same region that is currently chosen in the AWS Console region settings can be used to store and retrieve data. Be careful not to create your bucket in the wrong region.

Region and Availability Zone

Amazon AWS has several data centers. These are called regions. The most obvious differentiation is between “US-East” and “EU-West”, which have slightly different price lists. Further, US-East and EU-West consist of a number of availability zones such as “us-east-1a”, “us-east-1b”, “us-east-1c”, and so on. It’s important to notice in which region and sub-region you are working because transferring data between regions is always expensive and sometimes impossible.

For example, a volume can only be attached to an instance running in the same region where the volume resides. If you launch an instance, make sure you launch it in the right region because otherwise there will be no way to attach your volume to it.

Security groups

A security group is a set of firewall rules. By default, all ports of an instance are blocked so it cannot be accessed from the internet. By adding unblocked ports to a security group and associating that security group with your instance upon launch, you can the instance accessible from the internet.

The most important service to be unblocked is Remote Desktop Connection (RDP), which you use to log on to the instance’s desktop.

Start the EC2 Management Console

You start the console at This is where you perform most administrative work concerning your server images.

Launch your first instance

Just for fun, let’s launch an instance. We’ll launch a plain vanilla Windows server.

Click on “Instances”, then “Launch Instance”. Select the “Basic Microsoft Windows Server 2003” AMI.

On the next screen, create a key pair. I call mine “thorstensterkey”. Please download the PEM file and store it in a secure location.

On the next screen, “Configure Firewall”, create a security group (these are firewall settings). I call mine “basicgroup” and include the Windows Remote Desktop Connection as suggested.

On the following “Launch” screen, set the value of “Number of Instances” to “1”, select instance type “Medium”, and click on “Show Advanced Options” to expand that section. Select availability zone “us-east-1a” and make it a habit to check the availability zones, because it is terribly annoying to find out that you cannot attach a volume to your running instance because you launched it in the wrong availability zone.

You have just reduced the process of acquiring a physical server and installing and licensing Windows Server on it to fewer mouse clicks than it probably takes you to fill out a purchase requisition form in your company.

After a few (let’s say, ten) minutes, the new instance is up and running.

Connect to your instance

You cannot connect to your instance immediately because of a security mechanism. When a new instance is launched, the Administrator account is given a random password. You can retrieve the encrypted random password and decrypt it by using the content of the PEM file you downloaded earlier (in my case “thorstensterkey.pem”) as your private key.

So when the instance’s status is “running”, right-click it and select “Get Default Administrator Password” from the context menu. It may take a few minutes for the password to be available.

While you’re waiting, locate your PEM file, open it with an editor, and copy its contents into your clipboard.

Paste the private key into the corresponding form field and click on “Decrypt Password”.

Copy and paste the resulting decrypted password (in my case “7XIVCBVXA7h”) into an editor window before closing the window. You will need it to log on and it’s probably not easy to remember.

Now we’re finally ready to connect! Select your running instance and click on “Connect”. Follow the instructions to establish a Remote Desktop Connection, then enter the decrypted password you just copied to an editor window (sadly, you can’t paste it into the password field).

That’s it, you’re in!


Composition in the Cloud: Run your own SAP NetWeaver CE 7.1 EHP 1 in the cloud (Part 2 of 3), we will configure the instance and operating system level and prepare everything for the installation of SAP NetWeaver Composition Environment.

You must be Logged on to comment or reply to a post.
    • Great job ! Thanks!

      The opportunities of using the cloud to run SAP systems are great.

      I am planning to give it a try to run some tests systems and I am glad you shared your experience.

      Wish I was going to SAPTechEd Vienna to meet you there... ;-(

      Leonardo De Araujo

      • Hi Leonardo,
        Did you create an ABAP or Java instance? From one of the test drives or a "real" installation?
        I just created a new NSP 7.01 SP3. I had to fiddle around a bit until it worked properly because you can't use the transient D: drive for the installation but the installer uses it automatically, but eventually it worked out ok. I hope I will find the time to blog about it.
        • Hi Thorsten,
          Thanks for your answer.
          No I haven't even started, but I was wondering how to automate the up-down logic so it is not up 100% of the time (as I pay per hour...).
          ABAP server... (NSP probably)



          • So you can script that on your windows hosts, or, if you want it to be executed even if you're offline, as a Google App. You can schedule cron jobs in Google Apps and it's free.