Monitoring of SAP Systems Using Azure Monitors – Part I
This Article is referenced from the approach announced by Microsoft in this blog. Microsoft has also provided documentation on this to help customers on Azure to enhance the monitoring of the SAP systems on Azure.
In this Article we will discuss about the Monitoring Service “Azure Monitor for SAP Solutions” delivered by Microsoft and how we can take benefit from this service.
Azure Monitor for SAP Solutions is an Azure-native monitoring product for customers, running their SAP landscapes on Azure Virtual Machines and Azure Large Instances. With Azure Monitor for SAP Solutions, we can collect telemetry data from Azure infrastructure and databases in one central location and visually the telemetry data. SAP has provided several notes which support SAP products on Azure:-
- 2015553 – SAP on Microsoft Azure: Support prerequisites
- 1928533 – SAP Applications on Azure: Supported Products and Azure VM types
We can monitor different components of an SAP landscape such as OS, High-availability cluster, SAP HANA , SAP NetWeaver and etc. Currently, Azure Monitor for SAP Solutions is under public preview and there is high probability of changes in coming days on this service, kindly refer to Microsoft documentation in advance
1. AZURE SERVICES
Below are services that will be used by Azure to deliver the solution
1.1 Azure Monitors
Azure Monitor for SAP Solutions uses the power of existing Azure Monitor capabilities which contains Log Analytics and Workbooks to provide more monitoring capabilities. It read the SAP data available in the Log Analytics and make data available for the workbooks to show it in a graphical Manner.
1.2 Log Analytics Workspace
A Log Analytics workspace is a unique environment for Azure Monitor log data. Each workspace has its own data repository and configuration, and data sources and solutions are configured to store their data in a workspace. All the data which is extracted from SAP Solutions will be stored in this space.
Workbooks can query data from multiple sources within Azure. In Workbooks we can transform this data to provide insights into the availability, performance, usage, and overall health of the underlying components. For instance, analyzing performance logs from virtual machines to identify high CPU or low memory instances and displaying the results as a grid in an interactive report. Workbook will use the data from the Log Analytics Workspace and then transforms into Text, charts, Grids, Tiles, Trees, Graphs etc…
1.4 Key Vault
Azure Key Vault is a cloud service for securely storing and accessing secrets. A secret is anything that we want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys. Vaults support storing software and HSM-backed keys, secrets, and certificates. All the secrets for the SAP systems will be stored in the Key Vault which will be used by the providers to access SAP solutions for collecting the data.
1.5 Managed Identities
Managed identities eliminate the need for services to manage credentials. Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication. Applications may use the managed identity to obtain Azure AD tokens. Managed Identities allow provides to use AD Authentications for retrieving the SAP system secrets from the Key Vaults
1.6 Azure Queue Storage
Azure Queue storage is a service for storing large numbers of messages that can be accessed from anywhere via authenticated calls using HTTP or HTTPS. A single queue message can be up to 64 KB in size, and a queue can contain millions of messages, up to the total capacity limit of a storage account. Queue storage is often used to create a backlog of work to process asynchronously. Queue Storage will be used by the providers to store the messages which came while connecting to the SAP Solutions.
1.7 Azure Virtual Machine
Azure Virtual Machines (VM) is one of several types of on-demand, scalable computing resources that Azure offers. VM will be deployed by the Azure Monitors. This is a Standard_B2ms VM. Responsibility of this VM is to host the Monitoring Payload.
2. ARCHITECTURE OVERVIEW
The following diagram explains about the collection of telemetry by Azure Monitor for SAP Solutions from SAP HANA database. The architecture is agnostic to whether SAP HANA is deployed on Azure Virtual Machines or Azure Large Instances.
2.1 Architectural Components
- Azure portal – We can go to marketplace within Azure portal and discover using Azure Monitor for SAP Solutions
- Azure Monitor for SAP Solutions resource – this is a landing place for customers to view monitoring telemetry
- Managed resource group – This will be deployed automatically as part of the Azure Monitor for SAP Solutions resource deployment. Resources which are deployed and their purpose are:
- Azure Virtual Machine: This is a Collector VM with size Standard_B2ms. The main purpose of this VM is to host the Monitoring Payload. In the above diagram, the monitoring payload contains the logic to connect to SAP HANA database over SQL port.
- Azure Key Vault: This resource is deployed to securely hold SAP HANA database credentials and to store information about providers.
- Log Analytics Workspace: This is the destination where the telemetry data resides.
- Visualization is built on top of telemetry in Log Analytics using Azure Workbooks.
- We can use their existing workspace within the same subscription as SAP monitor resource by choosing this option at the time of deployment.
- We can use Kusto query language (KQL) to run queries against the raw tables inside Log Analytics workspace.
2.2 Architectural Highlights
- Multi-instance – We can create monitor for multiple instances of a given component type (for example, HANA DB, HA cluster, Microsoft SQL server, SAP NetWeaver) across multiple SAP SIDs within a VNET with a single resource of Azure Monitor for SAP Solutions.
- Multi-provider – The above architecture diagram shows the SAP HANA provider as an example. Similarly, we can configure more providers for corresponding components (for example, HANA DB, HA cluster, Microsoft SQL server, SAP NetWeaver) to collect data from those components.
- Open source – The source code of Azure Monitor for SAP Solutions is available in GitHub. We can refer to the provider code and learn more about the product, contribute or share feedback.
- Extensible query framework – We can request specific telemetry data to be added to Azure Monitor for SAP Solutions.
3. SOLUTION OVERVIEW
With Azure Monitor for SAP Solutions, we can collect telemetry data from Azure infrastructure and databases in one central location and visually see telemetry data for faster troubleshooting. Azure Monitor for SAP Solutions is an Azure-native monitoring product for customers, running their SAP landscapes on Azure.
- Azure Virtual Machine
- Azure Large Instance
- SAP HANA Database
- HANA 1.0 SPS 12 Rev. 120 or higher
- HANA 2.0 SPS03 or higher
- Single node (scale-up) and multi-node (scale-out)
- Single database container (HANA 1.0 SPS 12) and multiple database containers (HANA 1.0 SPS 12 or HANA 2.0)
- Auto host failover (n+1) and HSR
- Microsoft SQL Server
- SQL Server 2012 SP4 or higher
- Default or named standalone instances in a virtual machine
- Clustered instances or instances in an AlwaysOn configuration when either using the virtual name of the clustered resource or the AlwaysOn listener name. Currently no cluster or AlwaysOn specific metrics are collected
- Azure SQL Database (PAAS) is currently not supported
- SAP NetWeaver
- SAP NetWeaver 7.0 or higher
- Dual-Stack SAP NetWeaver Application Server
3.2 Data Collection
Data collection in Azure Monitor for SAP Solutions depends on the providers that are configured. The following data is being collected
3.2.1 SAP NetWeaver
- SAP system and application server availability including instance process availability of Dispatcher, ICM, Gateway, Message Server, Enqueue Server, IGS Watchdog
- Work process utilization statistics and trends
- Enqueue Lock statistics and trends
- Queue Utilization statistics and trends
3.2.2 SAP HANA Database
- CPU, memory, disk, and network utilization
- HANA System Replication (HSR)
- HANA backup
- HANA host status
- Index server and Name server roles
3.2.3 Linux Operating System
- CPU utilization, fork’s count, running and blocked processes.
- Memory utilization and distribution among utilized, cached, buffered.
- Swap utilization, Paging, and swap rate.
- Filesystems utilization, Number of bytes read and written per block device.
- Read/write latency per block device.
- Ongoing I/O count, Persistent memory read/write bytes.
- Network packets in/out, Network bytes in/out
3.2.4 Pacemaker High Availability Cluster
- Node, resource, and SBD device status
- Pacemaker location constraints
- Quorum votes and ring status
3.2.5 Microsoft SQL Server
- CPU, memory, disk utilization
- Hostname, SQL Instance name, SAP System ID
- Batch Requests, Compilations, and page Life Expectancy over time
- Top 10 most expensive SQL statements over time
- Top 12 largest table in the SAP system
- Problems recorded in the SQL Server Error log
- Blocking processes and SQL Wait Statistics over time
As Azure released it for public preview, this service will be available in East US 2, West US 2, East US and West Europe
Azure Monitor for SAP Solutions is a free product (no license fee). We are responsible for paying the cost for the underlying components in the managed resource group such as below: –
- Azure Virtual Machine and disk associated with it
- Azure Key Vault
- Log Analytics workspace
- Azure Managed Identity
- Storage Account
These are released for public previews are excluded from service level agreements.
For taking advantage of the above architecture below are some of the pre-requisite
Configuring user must have access for the below: –
- Creation of Azure Virtual Machines
- Creation and Deletion of secrets from Azure Key Vault
- Creation of Managed Identity
- Creation and assignment of Network Interface to the VM
- Creation of Network Security Groups
- Creation of Azure Storage account
- Creation of Log Analytics Workspace
4.2 Namespace Registration
Below Namespace should be registered beforehand to perform an uninterrupted configuration: –
4.2.1 Managed Identities
We must register our subscription for using Managed Identities, to check the same we need to go to Subscription → Resource Providers and then search for ManagedIdentity. We must register Microsoft.ManagedIdentity to our Subscription
4.2.2 Operational Insights
We must register our subscription for using Operational Insights, to check the same we need to go to Subscription → Resource Providers and then search for OperationalInsights. We must register Microsoft.OperationalInsights to our Subscription
This is end of Part – I, in next part Monitoring of SAP Systems Using Azure Monitors – Part II of this article you can find more information about Deployment and Configuration of Azure Monitors for SAP Solutions.