In my first blog post I outlined the SAP LaMa environment. In this post, I will walk you through the architecture, installation and patching process. And finally, the connection of the system, to a Microsoft Azure subscription.
This blog post is a little image heavy but I thought they provided important context and clarity.
So lets begin with the Network Design.
Using the Reference architecture design for SAP on Azure, two VNets have been provisioned – one for the Hub and one for the Spoke.
The SAP LaMa and its managed systems have been deployed in the Spoke VNet. This VNet contains three subnets, for the Web, Application and Database tiers, respectively. What is not depicted here, is the Hub VNet, in which the Jumpbox resides. These two VNets have been peered.
If you are not already aware of this, there is a great feature in Azure which allows you to generate a schematic of your VNet. Navigate to Virtual Networks – select “your network” and click “Diagram”:
The above diagram depicts the Network topology.
Virtual Machine deployment
A side note: In addition to the VM’s required for the SAP LaMa system, a Windows Domain Controller has been deployed in the Hub VNet). This is requirement for a distributed installation of SAP in an Windows environment.
Thanks to Sebastian’s Github templates, deploying the three Virtual Machines required for a distributed installation, is 10 minute affair!
There are some prerequisite requirements, such as the User/password for the target system, Database type, SAP Host Agent, SAPCAR and SAPACEXT archives etc. I use Azure Files to store my software and this share can be mounted locally. The template also requires a target Subnet Id which can be retrieved by running the following command in a CloudShell:
Get-AzureRmVirtualNetwork -Name <Virtual Network> -ResourceGroupName <Resource Group>
Deploy the VM’s using the following Github Template’s for the Database, SCS and Application Server:
Software Requirements and Installation
The software required for the installation is as follows, but this will vary, depending on the OS/ DB combination:
- SWPM 1.0 SP24 for NW higher than 7.0x
- SAP Kernel 7.45 Linux on x86_64 64bit – NW 7.5
- NW 7.5 Installation Export
- NW 7.5 Java based SW Comp.s
- Database Software (in my case, SQL Server 2017)
- vcredist_x86.exe (for Windows)
- Install SCS
- Install DB Instance
- Instance PAS
Once the installation is complete, the system has to be patched before the SAP LaMa components can be deployed. The minimum recommended patch level is NetWeaver 750 SPS11 – I applied SPS14, the latest available at the time.
Using SWPM, install the following SAP LaMa Components:
Initial Setup for SAP Landscape Management
Up to this point, the installation has been a straightforward NetWeaver 750 Java install.
The next step is to run the “Initial Setup for SAP Landscape Management” from the NetWeaver Administrator (NWA). I have added screen shots to walk you through the process.
Open the SAP NetWeaver Administrator page of the java instance:
Navigate to Configuration Wizard:
Select “Initial Setup for SAP Landscape Management”:
Enter the Administrator password:
Enter default credentials for the SAP Host Agent (this can be changed later if required)
The following prompt allows you to specify a new User and Group for LaMa.
Patch SAP LaMa Components
The next task is patching the SAP LaMa components, using SWPM. The Azure connector for SAP LaMa is only available from SP05. I patched the system to the latest version available at the time – SP11:
Apply Java Template and update parameters
Apply SAP note 2350235 – SAP Landscape Management 3.0 – Enterprise edition – this is to adjust Java memory parameters.
You can access SAP Landscape Management using the following URL:
Setup Azure connector for SAP LaMa
The next part is where the magic happens.. Connecting SAP LaMa to Azure. This is very well documented, here. The Azure connector uses a Service Principal to authorize against Microsoft Azure.
1.Go to https://portal.azure.com
2. Open the Azure Active Directory blade
3. Click on App registrations
4. Click on Add
5. Enter a Name, select Application Type “Web app/API”, enter a sign-on URL (for example http://localhost) and click on Create
6. The sign-on URL is not used and can be any valid URL
7. Select the new App and click on Certificates & secrets in the Settings tab
8. Enter a description for a new key, select “Never expires” and click on Save
9. Write down the Value. It is used as the password for the Service Principal
10. Write down the Application ID. It is used as the username of the Service Principal
The Service Principal does not have permissions to access your Azure resources by default. You need to give the Service Principal permissions to access them.
1. Go to https://portal.azure.com
2. Open the Resource groups blade
3. Select the resource group you want to use
4. Click Access control (IAM)
5. Click on Add role assignment
7. Select the role Contributor
8. Enter the name of the application you created above
9. Click Save
10. Repeat step 3 to 8 for all resource groups you wish to use in SAP LaMa
Navigate to your SAP Landscape Management using the following URL:
Go to tab Cloud Managers and click on Add.
Select the Microsoft Azure Cloud Adapter and click Next. Enter the following information:
• Label: Choose a name for the connector instance
• User Name: Service Principal Application ID
• Password: Service Principal key/password
• URL: Keep default https://management.azure.com/
• Monitoring Interval (Seconds): Should be at least 300
• Subscription ID: Azure subscription ID
• Azure Active Directory Tenant ID: ID of the Active Directory tenant
• Proxy host: Hostname of the proxy if SAP LaMa needs a proxy to connect to the internet
• Proxy port: TCP port of the proxy
Click on Test Configuration to validate your input. You should see:
That’s all for this post – in my next blog post, I will walk through the process of Discovering and connecting systems to your SAP LaMa system.