What’s New in SAP HANA 2.0 SPS 06: Administration, Monitoring and Security
The release of SAP HANA 2.0 SPS 06 introduces many new innovations for administrators, operators and security experts of SAP HANA databases using the SAP HANA cockpit and SAP HANA database explorer management tools. The complete list of new features is available in the What’s New in the SAP HANA Platform 2.0 section of the SAP Help Portal. This blog entry highlights the key new functionality delivered in the SAP HANA cockpit (version SP 14) included with SAP HANA 2.0 SPS 06 and accompanies the webinar describing those features (register here for live or on demand viewing).
I’d like to acknowledge the following colleagues who also contributed content and video demos to this post: Nagendra Prabhu, Pavlo Melnyk, Ralf Czekalla and Srboljub Dave.
A similar blog post on the new features of the SAP HANA database explorer included with SAP HANA 2.0 SPS 06 is here: Recent Innovations in the SAP HANA Database Explorer 2.0 SP 13 and 14.
SAP HANA Database Administration and Monitoring
Managing Workload Class Hierarchies
SAP HANA 2.0 SPS 06 introduces the concept of hierarchical workload classes, where you can define a workload class as a ‘parent’, where the value of its memory limits is inherited by several other ‘child’ workload classes. When you create a new workload class in the SAP HANA cockpit, you now have the option to select whether this class is a ‘parent’. You can then create a new ‘child’ class and provide its parent class name, at which point your new ‘child’ class inherits the parent’s memory limits. This relationship is shown in the cockpit’s Workload Classes application by grouping all ‘child’ classes underneath its ‘parent’ class entry in the list.
SAP HANA Deployment Infrastructure (HDI) Administration
Use the SAP HANA cockpit to define the different HDI administrator roles to manage the HDI, such as the HDI administrator, the HDI container-group administrator, and the HDI container administrator. Once those roles are defined, those administrators can perform the necessary tasks to maintain the HDI, the HDI container-groups and the HDI containers using the new HDI administration application in the SAP HANA cockpit, which provides an interface to display detailed information about specific HDI components and carry out the necessary tasks to manage the HDI.
Preview When Applying Configuration Template
The Configuration Templates application is enhanced to preview the differences between the configuration parameters of the model database and the target database. When applying the template to other databases, you now see a ‘Preview’ button when selecting the target databases that opens a dialog listing the differences. This enhancement allows you to verify that the parameter changes you want to apply have the values you expect.
Temporary File Storage (TMPFS) Monitor
The new TMPFS Monitor application allows you to configure and inspect health metrics of system set up with the SAP HANA Fast Restart option. You can view the sizes of tables and columns stored in TMPFS, as well as the TMPFS memory used per schema, host, or schema and host.
Backup and Recovery
Compression for Data and Log Backups
Backup compression to reduce the amount of disk space consumed locally and on external storage media. Create compressed backups either manually or scheduled. Compression information can be viewed via HANA Cockpit for created and scheduled backups.
- Compress backups either manually or scheduled.
- Enable compression via Cockpit or by using the SQL statement BACKUP DATA with the option COMPRESSED.
- Parameters for changing the compression level and the compression algorithm can be found in the backup section of the global.ini parameter file. The level of compression impacts the backup and recovery time and the backup size.
- The only compression algorithm currently supported is LZ4.
Backup and Recovery of Configuration Parameters
Ability to back up and recover customer-specific changes to parameters for SAP HANA stored in INI configuration files. Increase the efficiency of backup and recovery for SAP HANA.
- You can now backup custom parameters. In the past customers had to back up their configurations manually, by saving their INI files. You can now back up those configuration files as part of the data backup.
- The BACKUP DATA statement offers a new option called INCLUDE CONFIGURATION.
- For a recovery, you can use the INCLUDE CONFIGURATION option with the RECOVER DATA or RECOVER DATABASE statements.
Parking of Log Backups in a Staging Area for Third-Party Backup Tools in Maintenance
Temporary writing of BACKINT log backups for SAP HANA to a staging area when the external backup tool is unavailable due to maintenance or a failure. Increase backup continuity through failover of BACKINT-based log backups into a staging area when the external backup tool is unavailable.
- SAP HANA now automatically detects whether an external storage system can no longer be accessed. It can then automatically redirect log backups to the file system. This ensures that log backups can continue to be written without interruption in case of a failure.
- The staging area is based on the HANA log area. If retention policies for the log area have been configured, they will also apply to the staging area.
- In case of a recovery, were in example the full backups are stored on the 3rd party backup tool and the log backups are stored on the staging area, both locations will be used together.
Automatically Continue Log Backups After a Disk Full
In a disk full situation, the log backups stop operating. In the past, Administrators needed to restart HANA after resolving the disk full situation. Now the log backups start automatically after the disk full situation has been resolved.
The following video demo showcases new functionality in SAP HANA 2.0 SPS 06 for administration, monitoring and backup and recovery:
High Availability, Disaster Recovery and Persistence
Reclaim Data with SAP HANA-Internal Snapshots Pages Existing in Data Volume
With SPS06 datavolume reclaim will become an integral part of the SAP HANA
datavolume management and runs as a permanent, incremental
housekeeping job in the background.
- Corresponding pages will be moved from the end of
the datavolume to fill up the free space in starting areas
- After each savepoint a truncation of the datavolume is attempted
- Snapshots pages can postpone the effect until they are dropped
- First, during pilot phase de-activated, later: Active by default
- Default thresholds: Start at 150% overhead, Stop at 120%
- Running on primary and secondary installations of system replication
The continuous reclaim is throttled to assure that the datavolume will not increase significantly by the reclaim in case snapshots exist which keep pages pinned w.r.t. datavolume reclaim.
Configurable File IO Throttling (IO Workload Management)
SAP HANA’s File IO layer tries to use the full bandwidth of the underlying
IO device/channel to guarantee maximum database performance. However, many components using the same IO device or channel compete for IO bandwidth. Administrators may be able to optimize throughput by setting values for the following configuration parameters in section [fileio]:
- max_throughput – limitation applied to total throughput for the service as a whole
- max_read_throughput – limitation applied to read requests
- max_write_throughput – limitation applied to write requests
(The parameters define an upper limit for IO throughput in MB/s)
Each IO request observes the limitations defined and the file IO layer balances requests within those limits.
Accordingly, these parameters can be indexed (itemized) per subcomponent, like [BACKUP] or [LOG] for redo log writing.
By default, no throttling is applied for each parameter (the default value for all parameters is zero), but limits applied by other matching parameters are respected.
System table M_VOLUME_IO_TOTAL_STATISTICS can be used to monitor physical and effective throughput
For example, with the following configuration, read requests would be throttled to 80 MB/s while write requests would be throttled to 100 MB/s (=megabytes per seconds):
would throttle only Backup I/O to 50 MB/s whereas
would throttle all I/O on this (exact) path to 100 MB/s
Optimizing Auto Reconnects by Multi-Target Replication
In SPS06 the known feature “Multi-Target Replication auto reconnects” known since SPS04 was optimized:
- Avoiding instance restarts during automatic reconnects of secondary sites
- Depends on comparison of redo log positions between site instances
- If Secondary log position more actual than new primary, still a restart is necessary to clean up situation (possibly caused by ASYNC replication)
SAP HANA System Replication & Scale-out & Cluster Manager
Better consolidated status info for cluster managers in case of multiple failures in a Scale-Out cluster.
Earlier e.g., if all active parts of a scale-out failed, but the standby server, no HSR-take-over was often triggered by external cluster managers because of an incomplete status transfer to them.
Cluster managers needed an own approach to determine this unusable status of such a Scale-out cluster to react accordingly.
Speedup SAP HANA Crash Behavior by Parallel Freeing Memory
Speedup HANA crash behavior by freeing all memory before entering kernel. Beneficial for takeover or failover scenarios.
- With primary not responding properly a clean shutdown is necessary
- Takeovers need to wait for this to finish for fencing purposes
Crash or shutdown operations of 24TB SAP HANA instances could be shortened from 12 down to 2 minutes by heavily parallelizing its execution.
System-Wide SAP HANA Scheduler That Can Execute Any SQL Statements
Use the system-wide scheduler to execute both scheduled backups and any defined SQL statement. Automate routine database administration tasks, including scheduled backups.
- The new system-wide scheduler can be used to execute both, scheduled backups and any defined SQL statement.
- It can be used via Cockpit or via the SQL statement CREATE SCHEDULER JOB.
Near-Zero Downtime for Tenant Copy
Increase business continuity by reducing the downtime during tenant copies.
- This feature helps reducing the downtime to near-zero in a tenant copy scenario.
- We achieved this by speeding up the root key renewal process.
- Benefit: This feature helps increase business continuity.
New M_Database Intermediate Database States
The Column ACTIVE_STATUS_DETAILS has been enhanced to show the database states in between starting and stopping the database.
- It will help you better understand the current database detailed status.
- You get now context sensitive functionalities via HANA Cockpit considering the detailed database state.
JWT Provider Configuration with Public Keys
You can now import public keys into your SAP HANA database using the new Public Key Store app. You can then add public keys to certificate collections with the purpose JWT in the Certificate Collections app.
Within JSON Web Tokens (JWT), SAP HANA provides an authentication mechanism that is based on private and public key pairs to create signed trust. To make it more convenient as of using a certificate-based authentication mechanisms, e.g. like X.509, the possibility to store public keys is added with this feature with adjustments to the JWT provider.
In addition to that the public keys could be added to the personal security environment stores (PSE) or also known as certificate collections. More you could see in the demo video listed below.
Support of Multiple User Mappings for JWT and SAML Authentications
In the past SAP HANA only allowed one single mapping between the database user and the SAML or JWT provider. Basically, what we had is 1:1 user mapping. With new SPS06 release the support of multiple mappings between logged-in session user and the dedicated used session token within SAML and JWT based authentication will be supported.
Enhanced Behavior for Data Masking Semantics
With a new release we provide an additional option for how masking authorization behave that is different from the DEFINER behavior we currently have.
With SAP HANA SPS06 release, we have an option with masking authorizations behave like analytic privileges. No matter where in the hierarchy a mask is defined, SAP HANA will always check whether the session user has the UNMASK privilege.
The advantage is that there is no need to define an invoker mode hierarchy down to the level you want to protect using masks and therefore do not need to grant end users privileges on lower-level objects. This allows for better isolation than the original INVOKER behavior.
Automatic TLS and SSL Setup
In this feature TLS and SSL-secured connections to HANA are included from the very beginning of the system installation without the need for manual setup. By means of automatic TLS and SSL setup the support for TLS and SSL certificates is direct and automatically generated.
In addition to that XSA will support TLS and SSL without doing a manual setup. Link to the documentation is also available.
The following video demo showcases new functionality in SAP HANA 2.0 SPS 06 for security:
SAP HANA 2.0 SPS 06 continues to improve and deliver new functionality for SAP HANA database administrators, operators and security experts. We hope that this blog post gives you a good understanding of those new features in the above-mentioned administration areas. For more details, please visit the What’s New in the SAP HANA Platform 2.0 section of the SAP Help Portal and the accompanying webinar (register here for live or on demand viewing).