The Client is a global data solutions company offering management and governance of critical master data with a full portfolio of software and professional services. It is one of only 25 companies worldwide that are an SAP-approved solution extension (SOLEX) partners and they are SAP’s development partner for Master Data Governance. Companies rely on the client to develop solutions that make perfect data, perfectly possible.
The Client’s sales and marketing offices are based in Chicago (two offices), and their Center of Excellence is in Bangalore, India.
The Client had around 120 servers for development, testing and production. These servers were located in a third-party data center. As the Client’s business grew, they found that scaling their IT infrastructure in line with growth was not easy. After a thorough evaluation, the Client decided to migrate to the cloud for its benefits of dynamic scalability, redundancy and pay-as-you use model.
It evaluated several Cloud services providers to partner with them for the migration. They needed someone who had a sound knowledge of the cloud, proven competence, and capabilities to minimize downtime during the migration from the third-party datacenter to the cloud. Crimson Cloud was chosen as it’s migration partner.
The Client runs its SAP S/4 HANA and non-SAP solution on N. Virginia Region of AWS.
The solution in production uses Suse Linux 12-SP1 on Amazon Elastic Compute Cloud (Amazon EC2). Amazon Elastic Block Store (Amazon EBS) of General Purpose SSD (GP2) has been provisioned for the file systems and database with 3 IOPS/GB which can burst up to 10,000 IOPS. For the database backup, the General Purpose SSD (st1) has been provisioned.
The snapshots of Amazon EBS volumes and SAP HANA binaries are stored on Amazon Simple Storage Service (Amazon S3). The data is protected at rest using AES 256 algorithm encryption and in transit using SSL (upload and download of data). The Client can retrieve a snapshot stored in Amazon S3 and create Amazon Elastic Block Store
(Amazon EBS) volume from the AMI and attach the Amazon EBS volume to an Amazon EC2 instance.
Automatic Snapshot has been configured on the incremental basis to recover the instance in a disaster scenario.
Migrating workloads from third-party data center to AWS
- CloudEndure Live Migration tool was used for migrating SAP HANA workloads from third-party data center to AWS cloud with downtime of 1 hour. It utilizes block-level continuous replication, application stack orchestration, and automated machine conversion to ensure 100% data integrity.
- AWS CloudFormation template has been used for deployment of SAP HANA DB instances
Ensuring data security
- The Client isolated its environment by provisioning Amazon Virtual Private Cloud (Amazon VPC) with two public and two private subnets. SAP HANA, S4, BO, and Solution Manager Instances were run on a private subnet.
- Sit-to-Site VPN was established between on-premises DC and AWS VPC to access the application securely. Cisco ASAv was implemented on AWS to manage VPN from AWS VPC to SAP Router. CISCO ASAv also connected to the two locations that the Client has in Bangalore. Anyconnect VPN client access was implemented for remote users.
- Identity and Access Management (IAM) was used to enable role based and granular permissions to secure access to AWS services and resources. Multi-Factor Authentication was implemented to add an extra layer of security.
- AWS instance auto-recovery was enabled for high availability and recovery from failed instances.
AWS services used for Infrastructure Monitoring and Management by Crimson team
- AWS Config and AWS Config rules was enabled to create workload standards and used to benchmark environment compliance.
- AWS CloudTrail has been enabled to log and monitor activities that have taken place in the AWS AWS infrastructure. The log of AWS CloudTrail is stored in the console for 7 days. Thereafter, it is moved to Amazon S3.
- Metrics and thresholds have been configured in CloudWatch to monitor the operational health of workloads and usage of AWS resources.
- Trusted Advisor is used to find un-used & underutilized resources and security vulnerabilities at the AWS environment level followed by corrective action.
AWS services used for administration and automation
- AWS System Manager is used for administration and management of AWS services. It is also used to automate tasks across AWS resources without having to log into each individual instance. The services of AWS System Manager include ‘State Manager’ for execution of scripts, ‘Documents service’ to store scripts, ‘Inventory service’ to track versions and configuration of resources, and ‘Run Command’ to execute commands
- Use AWS Lambda function to automate routine day-to-day operations of Start & Stop of various instances, AMI backup, and deletion of older AMI backups.
CloudEndure and AWS storage has helped the Client in migrate its development & test servers with minimum downtime.
The Client can now easily scale its infrastructure dynamically to meet future growth and spikes in demand. Furthermore, the Client has lowered it’s capital expenditure with the AWS pay-as-you-go model
Coming soon – an event on ‘Best practices of Migrating SAP to AWS’.
It will feature Speakers from AWS and Crimson Cloud. If you would like to attend this event, please fill in the form below