About the Authors
Dr.-Ing. Michael Missbachis the head of the SAP Cisco Competence Center in Walldorf, Germany. With 14 years of SAP experience, his work focuses currently on HANA, and unified and stateless computing infrastructures for mission critical applications in public and private cloud scenarios. As a senior consultant he was responsible for the development of adaptive SAP infrastructures and the SAPS-meter Web service. Earlier, he worked as IT Super-intendent for ALCOA and implemented outsourcing and network projects for GE. He studied Mechanical Engi-neering at the University of Karlsruhe and received his doctorate in Materials Science at what has become now the Karlsruhe Institute of Technology (KIT). Besides this book where he acted as lead author, provided the concept and wrote Chaps.2,3,9and10he published also books on SAP hardware, SAP system operation, adaptive SAP infrastructures and SAP on Windows.
Thorsten Sta¨rkalways wanted to be an inventor—and has come close to it. He conducted COBOL trainings, published SAP benchmarks, designed HANA appliances and wrote a book on electronics. Thorsten works for VCE, an EMC company, as an SAP Solutions Engineer. In his role he strives to turn the paradigm of converged infra-structure into customer reality—always combining VMware virtualization,Cisco UCS hardware andEMC storage (VCE). His passion is to find out “why” no matter where. For this book he wrote Chap.1.
#Springer-Verlag Berlin Heidelberg 2016
M. Missbach et al.,SAP on the Cloud, Management for Professionals, DOI 10.1007/978-3-662-47418-1
Cameron Gardineris a developer working for Microsoft SQL Server R&D team based in Tokyo Japan. His role is to run Microsoft’s customer facing development programs such as “First Customer Shipment” of new releases of Windows, SQL Server and new technologies such as SQL Server 2012 Column Store, Hyper-V 3.0 and cloud deployments.
Prior to joining Microsoft he worked as a SAP Basis Consultant covering UNIX, Oracle and DB2 platforms. Cameron is a contributor to the popular SAP on SQL Server blog and has written numerous whitepapers on topics ranging from Hardware Technologies to Securing SAP systems on Microsoft platforms.
He is a regular speaker at events and is an instructor teaching a course on SAP on Microsoft platforms to several hundred students per year. His ambition is to transfer knowledge to allow customers to modernize their Business Critical Systems and benefit from modern high performance commodity platforms and cloud deployment options. For this book he wrote Chap.4together with Joshua McCloud.
Joshua McCloudis a cyber security Business Develop-ment Manager and Solutions Architect with Cisco’s Asia Pacific Enterprise Networking organization. Joshua works across various industry sectors throughout Asia, using architectural approaches to help customers improve operational effectiveness in cyber security. Joshua has worked for over 19 years in the public and private sector environment supporting customers in the US, Europe, Middle East, Africa, and Asia. Joshua has deep expertise in the areas of architectural methodologies and frameworks, cyber security, cloud, IP mobility, and mili-tary communications systems.
Mag. Robert Madl, MBAserves as SAP Specialist for the Cisco SAP competence centre where he takes care of projects in Europe, Middle East, Africa and Russia. Prior joining Cisco he was a Business Architect for a SAP hosting provider and system vendor. Coming from cloud based mobile device development his journey as a con-sultant in IT business led him through automated software provisioning, high-level network design, data centre infra-structure projects, automated resource provisioning projects for large-scale virtualization environments to UNIX migration and SAP HANA projects. With his expe-rience spanning from organizational management to command-line knowledge he often acts as the link between business and engineering. He studied Informa-tion Management at the Johannes Kepler University Linz where he earned his master’s degree and he earned his MBA in Sales Management at the LIMAK business school of Johannes Kepler University Linz. For this book he wrote Chaps.6and7.
Mark Tempesis a Senior Architect and leads the SAP NetWeaver consulting team at Hewlett-Packard Enterprise Services South Pacific. He has more than 11 years of experience in the SAP service market and his main focus is the management, delivery and sales of largescale SAP NetWeaver engagements. Mark has managed implementa-tion teams in Europe, Asia and Australia primarily for enterprise customers of Hewlett-Packard. He has both governance and sales responsibility and manages the com-mercial aspects for initiatives on which his team is engaged. In his current role, he leads initiatives around SAP on Hewlett-Packard’s cloud and utility offerings including the transition, management and delivery of tech-nical SAP projects from bid-phase through design and implementation, to go-live and support, he wrote Chap.8.
Dr George W. Andersonserves as the managing architect and senior director for Microsoft’s mission critical IP development team. He is an accomplished consulting pro-fessional with 15 years of SAP experience spanning busi-ness application architecture, deployment, organizational transformation, innovation and operational excellence initiatives, and more. A frequent speaker at conferences and industry events, George’s perspectives on SAP imple-mentation and support are considered by many to be the reference standard for SAP projects around the world. He has authored or co-authored numerous books, articles, and other papers relevant to how technology solutions may be used in conjunction with SAP to solve complex business problems. George’s aspirations are modest: To redefine what it means to architect, build, and operate the next generation of platforms underpinning mission-critical applications. He and his team are actively developing the architectural patterns and principles capable of enabling the kind of business agility and awareness that IT has been promising for years and business enterprises need more than ever. For this book he wrote Chaps.5and11. You can reach him at [email protected].
Index
A
Active directory (AD) DEP, 117
harden windows, 115–116 Internet Explorer, 116–117 Microsoft Security patches, 117–118 SCW transform command, 116 SSO integration, 114
users and SAP system, 114–115 Adaptive computing controller (ACC), 31 Amazon Machine Images (AMI), 174 Amazon Web Services (AWS)
AZs, 176–177
backup/restore, 175–176 CloudWatch, 206 monitoring, 206
Network–Amazon VPC, 175 service levels, 206
storage
Amazon EBS snapshots, 175 Amazon S3, 175
EBS storage, 175
AMI.SeeAmazon Machine Images (AMI) Appliances, SAP
Business Warehouse Accelerator, 40 Duet and Alloy, 38
High Performance AnalyticalAppliance, 39–47
Application centric infrastructure (ACI), 101–104
Availability management, SAP downtimes, 71
MTBF and MTTR, 71 parallel components, 72 planned downtimes, 72 resources, disaster, 72–73
serial components, 72 stability, 73
Availability zones (AZs), 176–177 AWS.SeeAmazon Web Services (AWS)
B
BO.SeeBusiness objects (BO) BotNet, 79
Business ByDesign (ByD), 37 Business economics, cloud computing
analyst predictions, 238–239 cost delta, 240
IT business cases, 241 macroeconomics, 239–240 people-based savings, 239 real options analysis, 241
risks, functionality and data sensitivity, 240–241
Business objects (BO), 36 Business suite, SAP
SAP CPM, 29–30 SAP CRM, 25–27
SAP ERP/SAP ECC, 23–25 SAP GRC, 30
SAP NetWeaver, 31–36 SAP PLM, 29
SAP SCM, 27–28
SAP Solution Manager (SSM), 30–31 SAP SRM, 28–29
Business warehouse accelerator (BWA), 40 Buying hierarchy
convenience, 242 description, 242 functionality, 242 price, 242
#Springer-Verlag Berlin Heidelberg 2016
M. Missbach et al.,SAP on the Cloud, Management for Professionals, DOI 10.1007/978-3-662-47418-1
Buying hierarchy (cont.) reliability, 242
BWA.SeeBusiness warehouse accelerator (BWA)
ByD.SeeBusiness ByDesign (ByD)
C
Cache misses, 41
Capital expenses (CAPEX), 6 Centric infrastructure
application policies and profile, 225–226 desired state controller, 227
modeled entities, 227
software defined infrastructures, 225 storage, 227
Change and configuration management system (CCMS)
accountability and alignment, 125 business and IT lifecycle, 125 business applications, 122 cloud infrastructure, 122 data types, 123 elements, 122–123 logical systems, 122 organizational change, 124 technological changes, 124
Cisco Application Control Engine (ACE) high performance SSL, 202
load balancing consolidation, 202 optimized application server selection, 202 Cisco’s InterCloud Fabric
hybrid cloud, 158 data privacy, 159–160 network connectivity, 159 Provider Lock-In, 160 requirements, 158 security, 159–160 Cisco’s threat-centric model
block, 84
containment, 84–85 continuous approach, 86–87 defending, 84
detect, 83–84 discover, 83 enforce, 83 harden, 83
IT environment, 85–86 point-in-time security, 86–87 remediate, 85
scope, 84
Cloud appliance library (CAL), 178–179 Cloud data center
blocks and pods, 228 containerized data centers, 228 data bunkers, 228
energy star, 229 intel “Speed Step”, 229
power consumption, CPU, 229, 230 Cloud deployment models, 72 Cloud operation, stateless computing
adaptive SAP infrastructure, 221 configuration policies, 221, 222 global policies, 221
identity pools (IDPools), 222 MAC pools, 222
SAP system operation, 227 server pools, 223–224 UUID Suffix pools, 223 WWNN, WWPN pools, 223, 224 Cloud services
availability, 13 business needs, 5–7 complexity, 13–14 data loss, 12
eavesdropping, data security, 11 fallback solution, 15
HaaS, 4 history, 9–10 hybrid, 7–8 IaaS, 3
legal requirements, 14 measured service, 3 mind map, 2 network access, 3 networking changes, 15–16 on-demand self-service, 3 on-premisesvs.off-premises, 8–9 PaaS, 3
performance, 12–13 rapid elasticity, 3 resource pooling, 3 SaaS, 4
SAP software, 9–11 Cloud services router (CSR), 105 Cloud standards
physical, 168
virtualization, 167–169 VMs, 168
Composite applications, 245
Control Objectives for Information and Related Technology (COBIT), 81
Converged network adapters (CNAs), 208–209
Corporate performance management (CPM), 29–30
Customer relationship management (CRM) call center, 25
cloud, 26 hybris, 26–27 multichannel retail, 26 web-shop, 25–26
D Data center
ACI design model, 101–104 database flows, 101 DoS attack, 99 infrastructure, 97 protection model, 100
security functions and services, 100–101 server flows, 100
traditional design, 100–101 Data execution prevention (DEP), 117 Data privacy, 157, 159–160
Data sources, 93
Demilitarized zone (DMZ), 92 Denial-of-service (DoS) attack, 79, 99 Dual In-Line Memory Modules (DIMM), 196
E
Economic and legal aspects, cloud computing constraints, 235
costs, 234–235 description, 233 trial and error cycles, 234 Economic myths, cloud computing
CapExvs.OpEx, 238 licensing models, 237–238 pay-as-you-go licensing, 237–238 volume discounts, 236–237 Enterprise core component (ECC).See
Enterprise resource planning (ERP) Enterprise portal (EP), 70–71
Enterprise resource planning (ERP) business processes, 23 industry solutions, 24 simplified finance, 23–24 talent management, 25 EP.SeeEnterprise portal (EP)
ERP.SeeEnterprise resource planning (ERP)
F
Fibre Channel over Ethernet (FCoE) bandwidth, 204
description, 204 implementation, 204
“lossy” and “loss-less” Ethernet, 205 Fog computing
big data interfaces, 146 business process integration, 146 compute platform, 145
IoT computing model, 144
security and identity management, 146 wireless sensors and actuators, 146
G
Government-risk-compliance (GRC) filters, gates, and checklists, 250 U.S. Patriot Act, 250
Greenfield projects, 57–58
H
HANA Cloud Platform (HCP), 10 HANA Enterprise Cloud (HEC), 10 Harden windows, 115–116 Hardware Configuration Check Tool
(HWCCT), 46
Health Information Portability Protection Act (HIPPA), 76
High performance Analytical Appliance (HANA)
cloud, 46–47 compression, 42–43 database, 42 delivery, 44–45
fast ad-hock reporting, 43 HANA studio, 44 main memory, 44 memory, 40–41 OLAP, 41–42 OLTP, 41
recognition reaction time, 39 replication method, 43 response times, 39 restore, 44
rowvs.column orientation, 41 savepoints and logs, 44 TDI, 45–46
volatile and persistent data storage, 44 Human as a service (HaaS), 3–5 Human capital management (HCM), 25 Hybrid cloud
app portability, 108 centralized monitoring, 107
Hybrid cloud (cont.) Inter-cloud fabric, 110 lifecycle management, 108 policy portability, 107
private IP address extension, 107 secure communications, 107 security functions and services, 109 service brokers, 161–162
service catalogue, 162 SLAs, 162
VM
creation, 110–111 format conversion, 107 mobility, 112 traffic flow, 111–112 Hypervisors, 118
I
Identity Policy Audit (IPA) tool, 114 Industrial Wireless, 148
Information security management system (ISMS), 81
Infrastructure as a service (IaaS), 3, 5, 155 Intel Turbo Boost Technology, 191 Internet Explorer, 116–117 Internet of Things (IoT)
autonomy, 142 control, 140 description, 139
Fog computing (seeFog computing) intra-technological discipline, 143 monitoring, 140
PdMS, 148
Inter processor Communication (IPC), 208 Intrusion detection sensors (IDS), 83–84 IT service management reference model,
51–52
K
Knowledge warehouse (KW), 33
L
Landscape & virtualization management (LVM), 30–31
Legal considerations of cloud computing people considerations, 250
security considerations, 251–252 U.S. FDA validation requirements, 250 U.S. Patriot Act, 250
M
Man-in-the-Middle (MITM) attack, 79 Markov chain model, 55
Master-data management (MDM), 35 Mean time between failures (MTBF), 71 Mean time to repair (MTTR), 71 Media access control (MAC)
identity pool, 222–223 meta-data, 220 SAN, 223 service profile, 218 UCSM, 219
Microsoft Windows, 114–118 Mobile Platform, 34–35
N
NetFlow, 84 NetWeaver, 31–33
Network attached storage (NAS), 203 Network file system (NFS), 203 Non-uniform memory access (NUMA),
192–193
North American Electrical Reliability Corporation (NERC), 76
O
Online analytical processing system (OLAP), 41–42
Online transaction processing system (OLTP), 41
Operational expenses (OPEX), 6 OPEXvs.CAPEX, 157
Organizational management, CCMS change processes, 134
help desk and operations, 135–136 human involvement, 133–134 IT’s process discipline, 137–138 outsource and augment, 136 real life experience, 136–137 staffing paradigms, 136
ultra-lean service operation organizations, 130–131
P
PaaS.SeePlatform as a Service (PaaS) Performance management, SAP
Queue theory, 55–56 response time
cloud provider, 53
CPU load, 54–55 database size, 61–62 productivity, 53 transactions, 61 users, 54, 55 Phishing attack, 79
Platform as a service (PaaS), 3, 5, 154–155 PLM.SeeProduct lifecycle management
(PLM) Predicting the system load
Greenfield sizing, 57–58 Quicksizer, 60–61 seasonal peak loads, 59 transaction based sizing, 59 users, 58
Predictive Maintenance for Mining (PdMS), 148–151
Private cloud infrastructures, SAP landscapes (seeSAP landscapes) networks (seeNetworks) platforms, 185–186 Private cloud model, 160 Privilege escalation, 79 Process integration (PI), 70
Product lifecycle management (PLM), 29 Project monsoon, SAP, 181
Provider Lock-In, 157–159 Public clouds
AWS (seeAmazon Web Services (AWS)) Amazon virtual private cloud, network,
175
application requirements, 171 AZs, 176–177
CAL, 178–179 cloud APIs, 169–170 project moonshot, 179–182
Q
Queue theory, 55–56
R
Red Hat Linux, 113–114 Red Hat Network Satellite, 113 Red Hat Update Infrastructure, 113 Role based access control (RBAC)
S
SaaS.SeeSoftware as a Service (SaaS) SAP
application environment, 113
Microsoft Windows, 114–118 Red Hat Linux, 113–114 application requirements
availability and performance, 172 business criticality, 172
integration and interfacing, 172 applications, 166–170, 218
cloud application library (CAL), 178–179 COBIT, 81
compliance and corporate governance, 81 corporate governance, 81
cyber security, 77–78 early watch reports
hardware configuration, 63 performance indicators, 63 resource consumption, 63 EP and PI, 70–71
founders, 19
HANA (seeHigh performance Analytical Appliance (HANA))
hypervisors, 81
internal backend systems, 169 ISMS, 81
IT service management reference model, 51–52
KW (seeKnowledge warehouse (KW)) license keys, 215–216
load profiles, 69–70 measurement, 49–50 monitoring, 177
performance management, 53–56 SAPS (seeSAP Application Performance
Standard (SAPS)) security architecture
access control, 92 campus zone, 96
cloud provider zone, 104–107 mobile zone, 96–97
security control model, 88–89 security design model, 89–91 TrustSec, 94–96
virtual machines, 92–93 service level management, 52–53 sizing, measurement, 62–64
sourcing and hosting options, 170–171 system operation
locales, 228 organisations, 277 RBAC, 228
resources and policies, 227 threats, 79–80
vendor lock-in, 169 vulnerabilities, 79–80
SAP Application Performance Standard (SAPS)
horsepower, SAP system, 56 release-independent, 57 SAP central services (SCS), 127 SAP landscapes
database licenses, 189 instances and processes, 187 system architecture, 187–188 2-tiervs.3-tier, 188–189
SAP solution manager (SSM), 21, 30–31 SAP solutions for small and medium
companies SAP All-in-One, 36 SAP Business ByDesign, 37 SAP Business One, 36–37
SCM.SeeSupply chain management (SCM) SCS.SeeSAP central services (SCS) Security control model, 88–89 Security design model, 89–91 Security Group Tags (SGT), 94 Server architectures
batch workloads, 191
Intel Turbo Boost Technology, 191 inter core communication and access,
192–193 memory, 196 multi-core, 190–192 multi-thread, 190–192 parasitic capacitances, 190 platform certification, 191–192 rack mountvs.blade servers, 196 scale-upvs.scale-out, 194–196 Server network, 202–203, 205, 213 Service level agreements (SLAs), 12, 13,
49, 50, 52, 53, 56, 61, 72–74, 124, 161, 162, 172, 173, 218, 239, 245
Service profile auto discovery, 219 bare metal virtualization, 218 firmware management, 219 policies, 218
Single-Sign-On (SSO) integration, 114 SLA.SeeService level agreements (SLAs) Social engineering attack, 79
Software as a service (SaaS), 3–5, 154 Solid-state drives (SSD), 200
SRM.SeeSupplier relationship management (SRM)
SSM.SeeSAP solution manager (SSM) Stateless computing
application mobility, bare metal, 216–217 cloud operation (seeCloud operation,
stateless computing) HANA disaster recovery, 217–218 SAP license keys, 215–217 server personality, 213
and service profile (seeService profile) Storage networks, 203
Storage system, SAP disk paradox, 197
in-memory paradox, 198–198 input/output (IO) challenge, 197
Input/Output operations per second (IOPS), 198
Supplier relationship management (SRM), 28–29
Supply chain management (SCM) LiveCache, 27
load profile, 60 RFID, 28
T
Tailored datacenter integration (TDI), 45–46 Technology management, CCMS
baseline, 130
cloud constructs, 125–126 configuration management process,
126–127
development system, 128–129 load tests, 130
service templates, 127–128 technical sandbox, 128–129 testing tools, 129
The Burke-Litwin change model, 247–248
U
Unified Computing System (UCS) CNAs, 208–209
fabric extender, 209 fabric interconnects, 209–210
hardware based fabric extender, 211–212 IPC, 208
port extender (PE), 209 SAN and LAN, 207–208
software based fabric extender, 211 unification and virtualization, 210 Unified Computing System Management
(UCSM), 219 platform emulator, 219–220 policy-driven device managers, 221
remove command, 219 transaction service, 219 vNIC template, 220 User network
bandwidth, 201
high performance SSL, 202 latency, 201–202
V
Virtual interface (VIF), 220 Virtual machines (VMs)
export/import, 168 hybrid cloud
creation, 110–111
format conversion, 107 mobility, 112 traffic flow, 111–112 online-transition, 168 Virtual private cloud (VPC), 175 VMware
ESX kernel, 220 runtime policy, VIF, 221 vNIC connection policies, 220 vNIC template, 220–221
W
Web application firewalls (WAF), 92 Wireless sensors and actuators (WSANs), 146
