What’s New in SAP HANA Cloud – July 2021
The Q2 update of SAP HANA Cloud is now available for all customers. Find out more about the main highlights of this release below. You can also REGISTER NOW to join our webinar series to hear more details and see demos of chosen highlights.
Innovations in Availability for SAP HANA Cloud, SAP HANA database
In this quarter, we’ve released the following innovations in availability:
- Near-zero downtime upgrade
- High Availability via synchronous replication
Near-zero downtime upgrades
You can activate software upgrades for SAP HANA Cloud, SAP HANA databases in SAP HANA Cloud Central using one of the two available options:
- Upgrade without a restart – as a Near Zero Downtime process
- Initiates an automatic process in background to create a temporary additional system (shadow) and execute a takeover as soon as it’s prepped
- Real downtime is defined by the takeover execution time only
- Upgrade with a restart
- Executes the update in a downtime of the instance
- The systems start up with the new software installed
- Downtime is defined by the restart plus software installation time
High Availability for SAP HANA database
This innovation allows SAP HANA Cloud, SAP HANA databases to take advantage of a controlled synchronous replication with autonomous failover capability. The goal is to then ensure database availability, using the following:
- SAP HANA Cloud replicates all persistent data and changes to a secondary server in the same availability zone
- Fail detection and autonomous, automatic host failover managed by SAP HANA Cloud
The official SLA of SAP HANA Cloud, SAP HANA database is: 99.95 uptime.
You can order replicas using SAP HANA Cloud Central to ensure high availability in the same availability zones.
Innovations in Security and Authentication
In this quarter, we’ve released the following innovations in security and authentication:
- Support for connecting to SAP HANA Cloud, data lake using external IDPs. This includes LDAP and JWT for external authentication
- Authentication mechanism LDAP for SAP HANA Cloud, SAP HANA database
- Customer managed encryption keys for the SAP HANA Cloud, SAP HANA database
Authentication mechanism LDAP for SAP HANA Cloud, SAP HANA database
- Authentication users against an LDAP directory server using the username and password provided by the client
- Synchronization of users and roles between external LDAP user directory and the SAP HANA user base
- Transmit the password securely from the client to SAP HANA using a hybrid encryption-based protocol that uses a combination of symmetric and asymmetric encryption.
- Decrypt the password using the SAP HANA server, and use it to authenticate the user with the LDAP server
Customer managed encryption keys
SAP HANA Cloud offers comprehensive encryption options for SAP HANA database, such as:
- Communication encryption
Encrypt data in transit using TLS/SSL
- Data at rest encryption
Encrypt data stored on disk using data volume encryption and log encryption
- Backup encryption
Encrypt backups with SAP HANA native
- Keys secured by Local Secure Store (LSS)
Encryption keys/KMS credentials stored at strictly separated operating system user
- Additional features via SAP Data Custodian KMS
CMEK and HYOK with possibility to revoke the encryption key at any time
Data storage and key storage (LSS) are strictly isolated
- SAP HANA and LSS are run by different OS users
- Only legitimate OS processes can call into LSS to access keys
- SAP HANAs keys are stored in LSS PayloadDB, which is encrypted with locally stored key owned by LSS
LSS enables secure CMEK/HYOK setups
- The key to encrypt the PayloadDB can be externalized into a KMS
-> LSS at runtime can serve keys to HANA only if KMS cooperates, i.e. if it provides access to the customer key
- KMS credentials only known to LSS
- Customer has full control over keys in Data Custodian KMS
- Key hierarchy starts at Data Custodian KMS and it is technically impossible to decrypt any data or backup without this master key
- The key to encrypt the PayloadDB can be externalized into a KMS
Second access key as (optional) fail-safe
- LSS can use an additional public key to encrypt its PayloadDB
- If KMS has issues, the corresponding private key can be used to rescue that data/backups
Innovations in Migration to SAP HANA Cloud, SAP HANA database
In this quarter, we’ve released the following innovations in migration to SAP HANA database:
- Self-service support for the migration of SAP HANA service (earlier version on Cloud Foundry)
- Support for self-service migration of HDI containers from SAP HANA service for SAP BTP to SAP HANA Cloud
Enablers for SAP HANA Cloud Migration
- Automates key migration tasks to reduce the cost and effort of migration
- Reduces uncertainty and helps to plan/prepare for migration by identifying potential issues upfront
- Self-service tool provided as a service (free of charge) through SAP Business Technology Platform
- No additional storage necessary needed. SAP manages the temporary storage for export and import
Innovations in Smart Multi-Model
In this quarter, we’ve released the following innovations in the area of Smart Multi-Model withing the SAP HANA database:
JSON Document Store innovations
Expansion of JSON arrays to a list of rows in SQL queries. This gives you the ability to return all values in a JSON array as individual rows in the result set. You can also select and filter array data in JSON documents.
We now also offer support for COUNT (DISTINCT) Function and LIKE Predicate. And, there is now HDI Support for INDEX-Creation on Document Store collections.
SAP HANA Graph now supports heterogenous network data, i.e. different vertex types containing different attributes, and different edge types. Vertex and edge data are stored in multiple tables under the same graph workspace.
SAP HANA Cloud Alert Integration with SAP BTP Alert Notification Service (ANS)
Via a new integration of SAP HANA Cloud into the SAP BTP Alert Notification Service, one can use the ANS to collect and distribute Alerts created by the database service via multiple channels to ease the service administration.
Be notified via various channels including:
- Microsoft Teams
- Splunk On-Call (VictorOps)
- SAP Automation Pilot
- Post to a URL (webhook)
Subscriptions are composed of conditions and actions
- Conditions can match broad or specific events
- Actions specify which channels to notify
Details of the alerts are documented here and include tags such as:
- unique name for alert type
- INFO, NOTICE, WARNING, ERROR
Self-service for data recovery in SAP HANA databases
- Speed up the recovery of your SAP HANA Cloud data platform through self-service instead of service requests through support tickets
- Self-service recovery for SAP HANA database has to be used via SAP HANA Cloud Central
- A new action item called “Start Recovery” is listed
- Select a point in time in the past via calendar
- Time will be displayed in UTC and local time
Enable and disable backups in SAP HANA Cloud, data lake
Backups can be enabled and disabled for SAP HANA Cloud, data lake, allowing you to better control your storage costs for test and development instances. By default, backups will remain activated and users have the possibility to explicitly disable the backup process.
Looking for more details on the latest features and updates to SAP HANA Cloud? Join our next webinar to hear about these highlights in detail, and don’t forget to subscribe to our SAP HANA Cloud newsletter.
Moreover, you can find a summary of all the innovations introduced to SAP HANA Cloud here. Apart from that, further insights into future innovations are published via our SAP HANA Cloud roadmap.
In case you want to discuss some of the outlined innovations or have any other questions related to SAP HANA Cloud, feel free to post them in our Q&A.
I attended your HANA Overview session which was quite informative. We are workign on Cloud Foundry where we are trying to integrate data from ServiceNow (on Cloud) into HANA Cloud through Rest API's. But we are unable to proceed as SNOW API's doesnt provide a WADL path to complete the configurations.
Can you please share a blog to explain the steps that needs to be considered to consume the Rest API's in HANA Cloud.
thanks for joining my session!
In oder to push data from ServiceNow into SAP HANA Cloud, you can either create native SAP BTP applications or use pre-defined adapters.
To develop an integration yourself via a custom BTP app, the CF or Kyma environment is recommended.
Alternatively, you can also use the BTP Open Connectors to directly connect to ServiceNow and ingest data into SAP HANA Cloud. You can find a useful blog describing the Open Connectors integration here.
I hope this was helpful.