Skip to Content

Recently, SAP released a clean (non-virtualized) installation of a Trial SAP NetWeaver Gateway 2.0 with ABAP 7.02 SP11 for Windows 64-bit on SCN.  This is basically a classic trial ABAP (NSP) system, with the addition of NetWeaver Gateway components pre-installed.  I thought it would be a good opportunity to install this on Amazon’s AWS EC2 (Amazon Web Services Elastic Compute) infrastructure-as-a-service in the cloud.  After all, a Gateway instance in the cloud brings with it opportunities to test out any number of client consumption approaches, including mobile and non-mobile use cases, outside the confines of one’s own home network.

A short note – It is well known that last year SAP made available a Trial Version of SAP NetWeaver Gateway in pre-packaged virtualized containers (both in VMware for Linux and Hyper-V for Microsoft Windows).  However to my understanding you cannot run these directly on an AWS EC2 instance unless you do some sophisticated extractions which are beyond my abilities.

I’ve never been comfortable in the area of SAP installations, even though I’ve installed my fair share of trial ABAP and Java servers on local machines in the past decade.  But as a developer you need to cross this bridge every so often in order to get up and running to try new things.  I was personally interested in having a NetWeaver Gateway instance in the cloud which I could connect my iPhone to.  Interestingly, another SAP developer  Jason Scott  who works in Western Australia by coincidence attempted the same installation on the same weekend.  Via Twitter, we found that we both hit the same hurdles with the installation.  Therefore I resolved that the community might benefit from our shared experiences so as to make it as painless as possible for those who follow the steps in this blog.

Also I should acknowledge some key resources which I leveraged as part of the installation.  People have been writing blogs about AWS installations for many years (including in-depth ones by the real experts such as Martin English and Chris Kernaghan), but for this exercise the ones I referenced most often were these …

Installing the 7.02 ABAP Trial System (NSP) in an Amazon AWS instance – Part 1 by Steve Rumsby

(This is an excellent resource – in some ways this blog here is an update to the steps posted in Steve’s original blog for setting up the instance)

Step by Step Installation Guide for SAP NetWeaver AS ABAP 7.02 SP6 32-bit Trial Version by Faisal Altaf

(This blog basically covers off the steps from where Steve’s blog ends)

Implementing SAP Solutions on Amazon Web Services

(An ‘official’ document which is essential pre-reading, although this document pertains to proper SAP instances, not the trial ABAP version which we install here)

Charges

Before commencing, familiarise yourself with the Amazon charges for this service.  Basically you need to pay for your Windows Usage on the Elastic Compute (EC2) service only for the hours that your instance is running.  Additionally, you will need to pay ongoing costs for your persistent storage using the Elastic Blog Store (EBS) service.

Here is an approximate cost (based on pricing as at 1 July 2012 – see website for updates)

Service Pricing
1 x Standard On-Demand Instance – Medium Window Usage – $0.23 – $0.25 per Hour (depending upon selected Region)
1 x Amazon Elastic Block Store – 90GB (30GB + 60GB)

$0.10 – $0.19 per GB-month of provisioned storage (depending upon selected Region)

+ charges per 1 million I/O requests (unlikely to be an issue for a Trial ABAP)

There are additional charges for internet data transfer, elastic IP addresses etc.  Check the website.  Given that we are dealing with a Trial instance it is unlikely that these additional charges will be significant. 

When looking at these charges, the most significant is for the on-demand instance itself.  If you leave it running permanently the costs will add up.  However if you simply start the instance when you are working on it, then stop it when it is not being used, you can keep the costs reasonable.

Steps

Step Screenshot
1.  Create a new AWS account via http://aws.amazon.com/
2.  In the AWS Management Console, select the EC2 (Elastic Compute) tab /wp-content/uploads/2012/07/step2_115272.jpg
3.  Select the most appropriate Region to create your instance (in my case I chose Asia Pacific Singapore because it has the lowest latency to where I reside). /wp-content/uploads/2012/07/step3_115273.jpg
4.  Select the Launch Instance button /wp-content/uploads/2012/07/step4_115283.jpg
5.  From the Request Instances Wizard, select Microsoft Windows Server 2008 R2 Base (64 bit) /wp-content/uploads/2012/07/step5_115284.jpg

6.  Select the Instance Type as ‘Large (m1.large, 7.5GB)’.  For the ‘Launch Instances’ section select an Availability Zone (any choice should suffice – but note down which you choose). 

Leave all other options as defaulted. 

** Note that during the installation we will use a large instance to expedite the process, however after the installation we can downgrade to a medium instance, hence keeping ongoing charges low **

Press ‘Continue’.

/wp-content/uploads/2012/07/step6_119189.jpeg

7.  In the ‘Advanced Instance Options’ window

Select the ‘Termination Protection’ flag.  This prevents you from accidentally terminating (destroying) your instance.  You can still terminate it (when you have finished working with the Trial), but you will be forced to uncheck this flag first.  I learned the hard way that this should always be selected to prevent accidental deletions of instances.

Leave all other options as per their default values.

Press ‘Continue’.

/wp-content/uploads/2012/07/step7_119190.jpeg

8.  For the tags section, simply add the value ‘SAP ABAP7.02 + Gateway 2.0 SP04’ for the tag ‘Name’.  This simply gives your instance a visible name – you can change this later if you wish.

Press ‘Continue’

/wp-content/uploads/2012/07/step8_119191.jpeg

9.  At the ‘Create Key Pair’ step, enter any name for your key pair (eg. mykeypair) and press the ‘Create & Download Your Key Pair’ link.  This will download a file which you will need later to connect to your AWS system via your local machine.

Press ‘Continue’

/wp-content/uploads/2012/07/step9_119198.jpeg

10.  At the ‘Configure Firewall’ step, you can accept the suggested new Security Group name of ‘quick-start-1’, or alternatively change it to whatever name you wish.  What is important is to add the TCP ports 3200 and 8000 by typing them in and pressing the ‘Add Rule’ button in turn.  Opening port 3200 enables communication via a SAPGUI on your local machine, and opening port 8000 enables web communication with the SAP Internet Communication Manager (ICM) to invoke Gateway services from outside your instance.  If you leave the Source as 0.0.0.0/0 it means ANY external IP address can access this system via those ports.

Also ensure that TCP port 3389 is included as you need that open to connect later via Remote Desktop.

Press ‘Continue’

IMPORTANT NOTE: The setup here results in quite an open system which will allow you to later connect devices such as smartphones to your Trial instance.  However, from a security perspective you would presumably apply more stringent controls for a Productive system.

/wp-content/uploads/2012/07/step10_119199.jpeg

11.  At the ‘Review’ step, press the ‘Launch’ button.

You will see a window with the text ‘Your instances are now launching’. 

Select the option ‘View your instances on the Instances page’

/wp-content/uploads/2012/07/step11_119200.jpeg

12.  You should see your instance in the Instances page.  Within 30 seconds the instance should appear as ‘Running’.

/wp-content/uploads/2012/07/step12_119207.jpeg

13.  Next we need to allocate additional disk storage to this instance to accommodate the ABAP system. 

Select the option ‘Volumes’ under ELASTIC BLOCK STORE

/wp-content/uploads/2012/07/step13_119208.jpeg

14.  Here we create a volume (D drive) for our instance.

First, press the ‘Create Volume’ button at the top of the ‘EBS Volumes’ canvas.  For the window that appears, select the size as 60GB, and the availability zone which you selected in step 6.

Press the ‘Yes, Create’ button.

/wp-content/uploads/2012/07/step14_119209.jpeg

15.  You will now see two rows in the EBS Volumes area.  One which is 30GB was originally provisioned as part of your new instance – this is effectively the ‘C:’ drive.  The other which is 60GB appears with state ‘available’ – we want this to become the ‘D:’ drive for our instance. 

Right click on the available 60GB volume and select ‘Attach Volume’.

/wp-content/uploads/2012/07/step15_119210.jpeg

16.  In the popup window ‘Attach Volume’, select the instance you created.  Leave other fields defaulted.

Press the ‘Yes, Attach’ button.

/wp-content/uploads/2012/07/step16_119212.jpeg

17.  At this stage it may take a few minutes for the new volume to register as attached to the new instance. 

To see that the volume is attached, navigate back to the Instances page, click on the instance you created and you should see two entries (sda1 and xvdf) in the details pane against the field ‘Block Devices’.

NOTE: I have on occasions found that I needed to stop and start my instance to get the new volume to ‘attach’.  Be patient and cross your fingers.

/wp-content/uploads/2012/07/step17_119213.jpeg

18.  Next we need to retrieve the initial Windows password for the new system.  It takes a while (sometimes as long as 15 – 30 minutes) for this to be generated for you.

Right click on your instance in the instance page, and select the option ‘Get Windows Password’.  If you receive a popup saying that it is ‘not available yet’, wait a while longer and try again.

/wp-content/uploads/2012/07/step18_119215.jpeg

19.  You will see a popup window ‘Retrieve Default Windows Administrator Password’

Using a text editor (eg. Notepad), open the key pair file you downloaded in step 9.  Copy the ENTIRE contents of this file, and paste it into the ‘Private Key’ field as shown in the image shown here. 

Press the ‘Decrypt Password’ button. 

/wp-content/uploads/2012/07/step19_119220.jpeg

20.  You will be presented with the initial Windows password for your new instance.  Note down both the computer address, and the password.

/wp-content/uploads/2012/07/step20_119225.jpeg

21.  Launch a windows remote desktop client from your local machine.  Windows machines should have it available in the Accessories folder of your start menu.  If you have a Mac (as I do), you can download a free Windows remote desktop client here.

Insert the computer name you retrieved from step 20, then for user Administrator enter the password from step 20.   Enter ‘OK’ in the remote desktop client to login.

/wp-content/uploads/2012/07/step21_119226.jpeg

22.  If you have made it to this step, you should now be logged into your newly provisioned Windows Server.

At this stage, you SHOULD change your password.  From the Windows start menu, select

Start -> Windows Security.

Then select the option Change Password, and enter an appropriate new password.

/wp-content/uploads/2012/07/step22_119227.jpeg
23.  Congratulations.  You now have provisioned a new Windows Server in the cloud for your ABAP Trial installation.

24.  If at this stage you wish to take a break, you can stop your instance by right-clicking your instance in the AWS instance page and selecting the ‘Stop’ option.  This will ensure you will not incur any unnecessary charges for the running instance (note however that you will incur ongoing charges for the disk storage which you have provisioned).  You will be automatically disconnected from your Remote Desktop session when you stop the instance.

Note that when subsequently starting your instance at a later stage (right-clicking on the instance and selecting the ‘Start’ option, you will need to look in the details pane for the instance and copy the generated computer address to use in your remote desktop session.  This address may differ from the one you had used earlier (you can avoid this problem by subsequently assigning an elastic IP address – Part 4 of this blog series, by fellow SAP Mentor Sascha Wenninger outlines how to accomplish this).

/wp-content/uploads/2012/07/step24_119231.jpeg

In Part 2 of this blog series I outline the steps necessary to prepare your running Windows Server for the ABAP Trial installation, downloading the necessary installation files, and in Part 3 I cover the actual SAP installation itself.

To report this post you need to login first.

10 Comments

You must be Logged on to comment or reply to a post.

    1. John Moy Post author

      Hi Paul,

      Thanks.  I hope to get Part 2 published within the next 48 hours.  Its not far away.  It is in Part 2 where I will document how to avoid a few interesting challenges I faced when I built my original system.

      Regards

      John

      (0) 
  1. Martin English

    Quick tip for security…

    In day to day usage of a trial system, I don’t know how often you will need to logon to the operating system; Sometimes it’s useful just to stop other people you share the system with from fiddling with it !!

    Essentially, I use two security groups  –

    • Install the system using an AWS Security group with the RDP authorisation,
    • Create a copy of this AWS Security group, but delete the RDP authorisation,
      (keep the original one!!)
    • Once you are happy you have the system installed to your liking…
    • Edit the PROFILE via RZ10, to Autostart=1
      (you can add it manually in \usr\sap\<sid>\SYS\profile\DEFAULT.PFL as well)
    • save / bundle your AWS image (this keeps your change in your AWS image)
    • restart the new AWS image with the ‘non RDP’ Security Group
    • SAP will start automatically
    • and Amazon won’t send you mail telling you that you have an insecure system

    If you do need RDP access, you need to start a copy of the image with the AWS Security Group that allows RDP. Additionally, If you’re really paranoid, you can change the SAP users at the operating system level so that you can’t connect as them even if RDP is allowed.

    hth

    (0) 
    1. John Moy Post author

      Hi Martin,

      Wow, thanks.  That takes the security focus to a new level for me!

      One question about Autostart=1 … so you mention the ABAP service will start automatically when the AWS instance is started, right?  What do you do for auto-stopping the ABAP server when you stop the AWS instance?  The reason why is if I wish to use my Cloud-Mgr iPhone app to start the AWS instance, I don’t want to later find a computer to RDP in to stop the ABAP server before stopping the AWS instance.  I know Chris Paine wrote a script to do that, but I’d be interested to know how you approach that problem.

      Regards

      John

      (0) 
      1. Martin English

        I use the SAP Snap-In for Microsoft Management Console (MMC).  This is the windows tool used to stop / start / restart an SAP windows instance or system, usually seen as a shortcut on the desktop. This can be installed stand alone, and the beauty of it (from my perspective anyway) is that you can specify any number of instances – UNIX and Windows – that you can view through it. The downside (for you) is that it runs on windows 🙂

        More details on the SAP MMC Snap-In

        PS you need ports 5nn13 and 5nn14 (where nn is your system number) open between the system running SAP MMC and the SAP instance.

        (0) 
  2. Emmanuel Somé

    Great series John.

    In order to have secure connection between the client (my laptop) and the SAP server on the AWS instance, I use the Free EC2 micro instance as a “gateway”.

    • install the free micro linux instance
    • attach a security group, we can called public-group,  with the SSH authorization with all external IP 0.0.0.0/0 (you restrict the public IP range if you want) as source
    • assign a elastic IP to the free AWS instance and let the instance up 24 hours a day, 7 days a week, 365 days a year (normaly in this case, no additonal fee apply  for the elastic IP)
    • create your AWS instance for SAP
    • attach a security group, we can call sap-group, with the RDP authorization with the public-group as source

    In this case, you cannot connect directly to Windows instance via RDP. The only way to access to your AWS windows instance is to create a ssh tunnel between you laptop/PC and the “Gateway” AWS instance.

    Regards,

    Emmanuel

    (0) 
    1. John Moy Post author

      Thanks Emmanuel.  That’s a very clever approach.  Wish I’d thought of that!  And it’s an excellent way to get the elastic IP for free.

      Thanks again

      John

      (0) 
  3. Jagadish Bojja

    Great blog. Thank you John.

    I wanted to try out AWS from quite some time but didn’t know where to start.  Trying it out with familiar SAP system is best thing. I just finished part 1 but will continue with rest…

    Thank you once again for taking time posting this blog.

    (0) 

Leave a Reply