Safeguard Your SAP Landscape on Google Cloud Platform | SUSE Communities

Safeguard Your SAP Landscape on Google Cloud Platform


Undertaking the cloud migration of SAP S/4HANA can be difficult and face various challenges: both planned and unplanned downtime can stall business continuity and result in significant loss, and very often, a major outage is the result of accumulated minor issues that could have been identified and remediated in early stage. Enhanced security is needed to protect the data and applications, however managing a large-scale SAP environment to meet security compliance may require significant resources. Given all that, it’s critical to design and implement a robust SAP landscape with operational efficiency.

SUSE collaborates with Google Cloud Platform to safeguard the SAP landscape through the following solutions and services:

SLES for SAP Applications

SLES for SAP Applications is the leading Linux platform for SAP HANA, SAP NetWeaver and SAP S/4HANA solutions and is endorsed by SAP. It consists of the technical components to accelerate SAP deployment, minimize downtime, and increase operational efficiency. The pre-built images of SLES for SAP Applications are available in the GCP Marketplace with significant cost saving options.

Optimize SAP Workload with Auto-Tuning

saptune is a configuration tool to prepare a system to work optimally with SAP workloads by implementing the recommendations from various SAP notes. System admin can select the notes to be executed by saptune or choose one of the predefined groups – called solutions, e.g. HANA, NetWeaver, S4HANA-APPSERVER, etc. It relieves the system admin from having to collect the requirements from various SAP notes, or even having to remember which SAP notes to execute. You can even create your own predefined groups – your own solutions.

Minimize Downtime with High Availability Solutions

Besides Google Cloud’s built-in high availability features like Live Migration, SUSE offers critical High Availability solutions to enhance the SLA of SAP workloads. Two of the key components of SLES for SAP Applications are the High Availability Extension and resource agents. The High Availability Extension provides Pacemaker, an open-source cluster framework. The resource agents manage automated failover of SAP HANA System Replication, S/4HANA ASCS/ERS ENSA2, and NetWeaver ASCS/ERS ENSA1.

HANA System Replication (HSR) is a native HANA HA feature; however, its failover is not automated without the help of a 3rd party solution. SUSE has developed solutions to reliably identify the issue and trigger the failover in a timely manner. Various scenarios including HANA scale-up and scale-out are supported on GCP. Most recently, SUSE has released a new solution to tackle indexserver failure, called Fast-Dying indexserver HA solution, that proactively checks the service state change of HANA, identifying indexserver failure and triggering failover accordingly. The result for very large HANA databases is that the recovery time from a failing indexserver is reduced from hours to minutes. The details can be found in the blog Emergency Braking for SAP HANA Dying Indexserver.

For SAP NetWeaver and S/4HANA, the HA solutions are based on ASCS/ERS enqueue replication, ENSA1 and ENSA2, respectively. SUSE’s solutions are SAP HA-Interface certified to help avoid split-brain situation when customers perform maintenance through SAP tools like sapcontrol and MMC. For the details of the benefits of the HA-Interface, please refer to this blog SLES for SAP Applications 15 is now Certified for SAP S/4HANA and NetWeaver HA-Interface Certification.

For the list of supported HA solutions for SAP, please check this one-stop reference: Supported High Availability Solutions by SLES for SAP Applications.

Lifecycle Management with SUSE Manager

SUSE Manager is a true open-source infrastructure management solution designed to simplify and secure your entire mixed Linux environment. With its help, system admins can automate infrastructure security & compliance of the entire Linux estate, ensure compliance with internal security policies and external regulations, and optimize operations and reduce costs. It supports a hybrid environment, on-prem, in the Cloud, or on the Edge.

Enhance Security without Downtime with Live Patching

No disruption during patching is another critical principal for operational efficiency. SUSE has extended support of live patching not only in kernel, but also in user space, to enhance security compliance and reduce planned downtime. OpenSSL and glibc, two dependencies of SAP HANA, are the libraries commonly affected by security vulnerabilities. Without the user space live patching, a patch on these libraries will require a system reboot. With Live Patching, customers can avoid expensive reboot (for up to 1 year) to in-memory HANA databases and other mission critical workloads.

Maximize Insights with Validation and Monitoring

Complex HA deployments can often fail because of the lack of insights. Issues may not be fixed in a timely manner, leading to outages. Configuration errors are one of the main causes behind outages. These often take the form of minor issues that snowball into a major disruption. Therefore, it’s important to have a clear view of the SAP landscape during operations.

SUSE provides solutions to identify configuration issues and drifts in the Day-2 operation. SUSE Trento provides insights into the SAP landscape to help businesses discover, monitor, and proactively fix SAP system problems with a single console.

Enhance Security with Pre-Hardened Cloud Images

To improve overall security, SUSE provides hardened images SLES for SAP Applications 15, based on combination of government and industry standards STIG and CIS, minus rules that can only be applied after instance creation. The profile pcs-hardening-sap.profile is available in the ComplianceAsCode repository. It serves as a baseline for customers to further customize depending on individual application needs. The images are available in both BYOS and PAYG consumption models on GCP.

SUSE Services

When customers need help to build a cloud-optimized SAP Environment, they can confidently rely on SUSE Services. Out of the many services that SUSE offers, the following are the most popular offerings that are highly recommended to every SAP deployment on GCP:

SUSE ASSIST: Optimization Services

This service is ideal for when you are ready to optimize your infrastructure via technical health checks, fine-tune solutions to meet new business demands or integrate new solutions. Optimization Services ensures that you continue to deliver high quality IT services after migrating to Google Cloud Platform.

SUSE Premium Support Services

Premium Support Services is an optimization offering for those enterprises that want a direct relationship with named technical professionals, who provide in-depth and custom support services for business-critical production environments. The premium services team is backed by SUSE technical support, product management, and engineering. Since SUSE Premium Support engineers are also experts in HA solutions, the service is highly recommended to any SAP customers running HA solutions.

Find Out More

SUSE GCP Alliance landing page:

Contact SUSE:

Avatar photo
Sherry Yu Sherry Yu has worked over a decade in SAP solutions and is a trusted advisor in solutions building and reference architecture for key SAP products like SAP HANA, S/4HANA, NetWeaver, Data Intelligence, etc. Sherry has been focusing on SAP Solutions on Public Cloud by working closely with leading public cloud providers and is currently working at SUSE to help customers with SAP S/4HANA cloud migration.