Trademarks Adobe, the Adobe logo, Acrobat, PostScript, and Reader are trademarks or registered trademarks of Adobe Systems Incorporated in the United States and other countries. Apple, App Store, FaceTime, iBooks, iPad, iPhone, iPhoto, iPod, iTunes, Multi-Touch, Objective-C, Retina, Safari, Siri, and Xcode are trademarks or registered trademarks of Apple Inc. Bluetooth is a registered trademark of Bluetooth SIG Inc. Citrix, ICA, Program Neighborhood, MetaFrame now XenApp, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems Inc. Computop is a registered trademark of Computop Wirtschaftsinformatik GmbH. Edgar Online is a registered trademark of EDGAR Online Inc., an R.R. Donnelley & Sons Company. Facebook, the Facebook and F logo, FB, Face, Poke, Wall, and 32665 are trademarks of Facebook. Google App Engine, Google Apps, Google Checkout, Google Data API, Google Maps, Google Mobile Ads, Google Mobile Updater, Google Mobile, Google Store, Google Sync, Google Updater, Google Voice, Google Mail, Gmail, YouTube, Dalvik, and Android are trademarks or registered trademarks of Google Inc. HP is a registered trademark of the Hewlett-Packard Development Company L.P. HTML, XML, XHTML, and W3C are trademarks, registered trademarks, or claimed as generic terms by the Massachusetts Institute of Technology (MIT), European Research Consortium for Informatics and Mathematics (ERCIM), or Keio University. IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, z10, z/VM, z/OS, OS/390, zEnterprise, PowerVM, Power Architecture, Power Systems, POWER7, POWER6+, POWER6, POWER, PowerHA, pureScale, PowerPC, BladeCenter, System Storage, Storwize, XIV, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, AIX, Intelligent Miner, WebSphere, Tivoli, Informix, and Smarter Planet are trademarks or registered trademarks of IBM Corporation. Microsoft, Windows, Excel, Outlook, PowerPoint, Silverlight, and Visual Studio are registered trademarks of Microsoft Corporation. INTERMEC is a registered trademark of Intermec Technologies Corporation. IOS is a registered trademark of Cisco Systems Inc. The Klout name and logos are trademarks of Klout Inc. Linux is the registered trademark of Linus Torvalds in the United States and other countries. Motorola is a registered trademark of Motorola Trademark Holdings LLC. Mozilla and Firefox and their logos are registered trademarks of the Mozilla Foundation. Novell and SUSE Linux Enterprise Server are registered trademarks of Novell Inc.
g20151322520
OpenText is a registered trademark of OpenText Corporation. Oracle and Java are registered trademarks of Oracle and its affiliates. QR Code is a registered trademark of Denso Wave Incorporated. RIM, BlackBerry, BBM, BlackBerry Curve, BlackBerry Bold, BlackBerry Pearl, BlackBerry Torch, BlackBerry Storm, BlackBerry Storm2, BlackBerry PlayBook, and BlackBerry AppWorld are trademarks or registered trademarks of Research in Motion Limited. SAVO is a registered trademark of The Savo Group Ltd. The Skype name is a trademark of Skype or related entities. Twitter and Tweet are trademarks or registered trademarks of Twitter. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Wi-Fi is a registered trademark of Wi-Fi Alliance. SAP, R/3, ABAP, BAPI, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork, SAP HANA, the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, Sybase, Adaptive Server, Adaptive Server Enterprise, iAnywhere, Sybase 365, SQL Anywhere, Crossgate, B2B 360° and B2B 360° Services, m@gic EDDY, Ariba, the Ariba logo, Quadrem, b-process, Ariba Discovery, SuccessFactors, Execution is the Difference, BizX Mobile Touchbase, It's time to love work again, SuccessFactors Jam and BadAss SaaS, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE in Germany or an SAP affiliate company. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.
Disclaimer These materials are subject to change without notice. These materials are provided by SAP SE and its affiliated companies (“SAP Group”) for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.
g20151322520
g20151322520
About This Handbook This handbook is intended to complement the instructor-led presentation of this course, and serve as a source of reference. It is not suitable for self-study.
Typographic Conventions American English is the standard used in this handbook. The following typographic conventions are also used. Type Style
Description
Example text
Words or characters that appear on the screen. These include field names, screen titles, pushbuttons as well as menu names, paths, and options. Also used for cross-references to other documentation both internal and external.
2015
Example text
Emphasized words or phrases in body text, titles of graphics, and tables
EXAMPLE TEXT
Names of elements in the system. These include report names, program names, transaction codes, table names, and individual key words of a programming language, when surrounded by body text, for example SELECT and INCLUDE.
Example text
Screen output. This includes file and directory names and their paths, messages, names of variables and parameters, and passages of the source text of a program.
Example text
Exact user entry. These are words and characters that you enter in the system exactly as they appear in the documentation.
Variable user entry. Pointed brackets indicate that you replace these words and characters with appropriate entries.
Contents Course Overview .......................................................... xi Course Goals ........................................................... xi Course Objectives ..................................................... xi
Unit 1: SAP HANA Introduction ........................................ 1 SAP HANA – A Short Introduction....................................2 SAP HANA Information Sources.................................... 13 Revision strategy of SAP HANA .................................... 17
Unit 2: Preparing Installation.......................................... 23 Sizing of SAP HANA.................................................. 24 Requirements.......................................................... 35
Unit 3: Installation ....................................................... 43 Introduction SAP HANA Lifecycle Management Tools ........... 45 Advanced installation options ....................................... 66 SAP HANA Studio installation....................................... 79 SHINE - SAP HANA Interactive Education ....................... 89 Performing a Distributed System Installation.....................106
Unit 4: Post Installation ............................................... 117 Post-Installation Steps .............................................. 118 Updating SAP HANA ................................................126
Unit 5: Architecture and Scenarios ................................. 147 SAP HANA Memory Management and Data Persistence ......149 Software Packaging .................................................164 SAP HANA Roadmap and Scenarios .............................173 Deployment Options .................................................188
Unit 6: Admin Tools for SAP HANA................................. 203 Administration Tool Overview ......................................205 SAP HANA Studio and SAP HANA Cockpit......................210 DBA Cockpit ..........................................................230 HDBSQL Command Line Tool .....................................250
Unit 7: Operations ...................................................... 261 Starting and Stopping SAP HANA .................................263 Configuring SAP HANA .............................................276
SAP HANA Table Administration...................................297 Periodic Tasks ........................................................321 Transporting Changes...............................................355
Unit 8: Backup and Recovery ........................................ 381 Concept of Backup and Recovery .................................382 Data Area Backup ...................................................390 Log Area Backup.....................................................400 Additional Backup Topics ...........................................408 Recovery ..............................................................417 Backup and Recovery using Storage Snapshot .................433 Database Copy.......................................................438
Unit 9: Monitoring and Troubleshooting .......................... 445 Configuring Traces...................................................447 Working with Diagnosis Informations and Diagnosis Files .....459 SQL Console .........................................................478 Query Analysis .......................................................485 Monitoring with SAP Solution Manager ...........................495 Remote Support......................................................507 SAP Early Watch Alert ..............................................514
Unit 10: Security ........................................................ 525 Security Overview....................................................526 Authentication and Authorization ..................................533 Encryption.............................................................542 Auditing................................................................554
Unit 11: Maintaining Users and Authorization ................... 573 User Management ...................................................575 Types of Privileges...................................................585 Roles ..................................................................600 Administrative Tasks.................................................609 Information Sources for Administrators ...........................621 SAP HANA Live Authorization Assistant .........................642
Unit 12: High Availability and Disaster Tolerance ............... 647 Continuous Availability ..............................................648 High Availability ......................................................651 SAP HANA Scale Out ...............................................655 Disaster Recovery ...................................................681
Unit 13: Multitenant Database Containers ....................... 701 Architecture and Technology .......................................702
Administration of Multitenant Database Containers .............707 Backup and Recovery of Multitenant Database Containers....718
Appendix 1: Deep Diving into Memory Management and Persistence ........................................................... 729 Appendix 2: Dynamic Tiering
..................................... 737
Appendix 3: Transaction Management and Concurrency Control .................................................................. 739 Appendix 4: Abbreviations
Unit 1 SAP HANA Introduction Unit Overview Unit Objectives After completing this unit, you will be able to: • • • •
Be a little bit familiar with SAP HANA Find the most important information sources know the difference between SPS - Revision and Maintenance revision know the following terms within the framework of SAP HANA revision strategy
Unit Contents Lesson: SAP HANA – A Short Introduction ....................................2 Lesson: SAP HANA Information Sources .................................... 13 Lesson: Revision strategy of SAP HANA..................................... 17
Lesson: SAP HANA – A Short Introduction Lesson Overview This lesson will give you a short introduction about: What is SAP HANA Which components are part of SAP HANA What is inside SAP HANA
Lesson Objectives After completing this lesson, you will be able to: •
Be a little bit familiar with SAP HANA
Business Example Approximation to SAP HANA
Figure 1: SAP HANA as a platform
SAP HANA a short introduction or a database becomes a platform. If we go back some years ago SAP HANA you can red that SAP HANA database is the fastest Database on market.
“SAP HANA is an in-memory database and application platform, which is for many operations 10-1000x faster than a regular database like Oxxxxx on the same hardware. This allows simplification of design and operations, as well as real-time business applications. Customers can finally begin to reduce IT complexity by removing the need for separate and multiple Application Servers, Operational Data Stores, Datamarts and complex BI Tool implementations.”” . And what is the technical secret behind? SAP HANA is different by design. It stores all data in-memory, in columnar format and compressed. Because HANA is so fast, sums, indexes, materialized views and aggregates are not required, and this can reduce the database footprint by 95%. Everything is calculated on-demand, on the fly, in main memory. This makes it possible for companies to run OLTP and analytics applications on the same instance at the same time, and to allow for any type of real-time, ad hoc queries and analyses. On top of this SAP built solutions to all the problems of columnar databases, like concurrency (HANA uses MVCC) and row-level insert and update performance (HANA uses various mechanisms like a delta store). If this wasn’t enough SAP added a bunch of engines inside HANA to provide virtual OLAP functionality, data virtualization, text analysis, search, geospatial, graph (will be available soon) and web. It supports open standards like REST, JSON, ODBO, MDX, ODBC and JDBC.
Figure 4: The Past Disk-Centric, Singular Processing Platforms are the Bottleneck
The existing technology was never designed for these challenges and use cases. Long-running transactions can not keep pace with the speed of information. First and foremost, you need a new technology platform: a unified, low latency and low complexity platform that can support real-time business requirements. Explosion in data volume is causing major bottleneck in data transfers. I/O transfer rates from storage disks to servers has not kept up with data volumes. Disk-centric computing is causing major bottlenecks in data management. As a result, users are experiencing slow online transactions and batch processes.
To overcome these performance bottlenecks, IT systems have added complex deployment architectures that have compromised business user flexibility, as well as added significant cost.
Figure 5: The Future: Low Latency Computing Driven by In-Memory Technology
So it was time for a change, leveraging the new innovation of the recent years to build software that takes key characteristics into its design principles. Some unique features of in-memory technology are to store massive amounts of information compressed in main memory, utilize parallel processing on multiple cores, and move data-intensive calculations from the applications layer into the database layer for even faster processing. Since all the detailed data is available in main memory and processed on the fly, there is no need for aggregated information and materialized views, fundamentally simplifying the architecture and hence reducing latency, complexity, and cost. In addition, with new multi-core multi-threaded processors, 64-bit address space, and advancement in parallel data processing, you can get scalability beyond anything you have seen so far. SAP HANA In-Memory Computing Engine offers various algorithms for in-memory computing. It provides several application libraries for developers, partners, and customers who develop applications that run on SAP HANA. The libraries are linked dynamically to the SAP HANA database kernel. The Business Function Library (BFL) is one of these application libraries. It contains pre-built parameter-driven functions in the financial area. The functions are implemented by C++. Forecast Functions Max value or
Inflate Cash flow function. This library helps you develop compound business algorithms that are fully compliant with the SAP HANA calculation engine. It offers you the flexibility and efficiency to develop HANA-based applications with incredible performance. For example:
Figure 6: SAP HANA Deployment View
Figure 7: One Platform for Any Kind of Application
Some words to the individual components SAP HANA INA Toolkit HTML content The UI Toolkit for INA is basically a set of widgets that can be used in Web Applications to provide real time access to information stored in a SAP HANA™ database. You can also use the widgets to provide faceted search features for structured and unstructured text data. For those not familiar with this term (like I was until recently), faceted search means returning results grouped by attribute values instead of a flat list. These groups (facets) enable navigation, filtering, refining and visualization of the dimensions of the result set. The toolkit is based on HTML5 and JavaScript libraries such as JQuery/JQueryUI, d3 (Data Driven Documents), Tempo and FancyBox (in case this means something for you). The widgets consume “search enabled” Attribute Views. Every time you create a “search enabled” Attribute View, the SAP HANA™ REST service automatically creates an Entity Set, so to be more precise, the widgets consume Entity Sets thru the SAP HANA™ REST service whose responses are provided in JSON format. SAP HANA INteractive Education, or SHINE, is a demo application that makes it easy to learn how to build native SAP HANA applications. The demo application, delivered with SAP HANA in a special delivery unit (DU), comes complete with sample data and design-time developer objects for the application's database tables, data views, stored procedures, OData, and user interface. There is a special lesson about it in this course . More information about SHINE you will find here: http://help.sap.com/hana/sap_hana_interactive_education_shine_en.pdf
Enterprise Procurement Model - Is a Framework developed by SAP and it includes all the data models, tables, views, dashboards etc. with a real enterprise use case. Application Function Library includes the Predictive Analysis Library (PAL + Business Function Library (BFL) The Predictive Analysis Library (PAL) defines functions that can be called from within SQLScript procedures to perform analytic algorithms. This release of PAL includes classic and universal predictive analysis algorithms in nine data-mining categories: ● Clustering ● Classification ● Regression ● Association ● Time Series ● Preprocessing ● Statistics ● Social Network Analysis ● Miscellaneous For PAL and BFL you find separate documents on help.sap.com/hana/. The file loader is a set of HTTP services that you can use to develop your own applications to search in file contents. The file loader package also contains a basic example application with monitoring and statistical information about the current file loader schedule. The SAP HANA HW Configuration Check Tool allows you to measure the performance of your hardware components to ensure they meet the criteria for running SAP HANA.
It is useful to move with your ERP System to SAP HANA ? Sure, here some benefits • •
Innovate without disruption and boost business value with a global suite of real-time apps Combine transactions and analytics on a single in-memory platform – for simplified IT and low TCO
• • •
Gain instant insight-to-action to improve agility, responsiveness, and decision making. Get personalized access to apps on any device – for optimal usability and enterprise-wide engagement Choose from 3 deployment options (cloud, on-premise, or hybrid) delivered by SAP and our partners
And BW ?? Does SAP HANA Replace BW? No ... they complement each other. BW is MUCH better on HANA, and coupled with the fact that BW is free, there is a ton of pre-built content for BW AND you get instant certified solutions on top of BW! there is NO plan to sunset BW. Often, many BW customers have SAP Business Warehouse Accelerator to accelerate their slow disk based RDBMS for BW. SAP HANA provides a much simpler landscape reducing TCO and complexity. It reduces your hardware
footprint dramatically – e.g. to accelerate 5TB of BW data, you would need 21 blades in BWA vs. 1 HANA server with the added benefit of no third party database since HANA is the single persistent database. But putting a statement out there like “if you haven’t deployed BW you shouldn’t” would be incredibly irresponsible. HANA is definitely many things (A database for BW, a high-performance analytical appliance, a platform for new applications), but matching the entire “system” known as BW point-for-point is a huge project for any company.
Lesson: SAP HANA Information Sources Lesson Overview The further development of SAP HANA is quite fast. Therefore you have to know where you can find actual documents and guidelines for SAP HANA.
Lesson Objectives After completing this lesson, you will be able to: •
Find the most important information sources
Business Example
Figure 12: The Most Important Information Sources
Here you will find the most up-to-date information. Content of SAP HANA Master Guide
This Master Guide is the central starting point for the technical implementation of SAP HANA. The Master Guide provides the following information about SAP HANA: • • • •
Content of SAP HANA Server Installation Guide The SAP HANA installation guide describes how to install SAP HANA . For more information about the installation process, please see unit three in this document.
Figure 13: SAP HANA Guides
Content of Technical Operations Manual The Technical Operations Manual provides an end-to-end picture of the administration tools available with SAP HANA and the key tasks that a system administrator needs to perform. Links to the relevant administration documentation of each of the components included in the SAP HANA solution are provided for details and step procedures. Content of SAP HANA Database Admin Guide This document describes the administration of the SAP HANA database using the Administration Console of the SAP HANA studio. Hint: Related Information:
Sizing decision tree, Quick Sizer, Sizing guidelines Released platforms and technology-related topics such as maintenance strategies and language support–Platform Availability Matrix (PAM)
A good entry point for information and http://www.saphana.com demos
PAM Some few words to the Platform Availability Matrix (PAM). Yes, you can use your own storage , but these memory should be certified. The same also applies for the appliances . so taking a look into the PAM is well worthwhile. And last but not least there is a very good book, which covers a lot of topic around administration SAP HANA. The authors are: Richard Bremer and Lars Breddemann ., The book title is : SAP HANA Administration published by Galileo Press with 722 pages full of knowledge .
Lesson: Revision strategy of SAP HANA Lesson Overview SAP HANA is a quite dynamic product. Therefore it is important to know what is the best way to keep your SAP HANA database up to date . In this lesson you will get some informations and recommendations how to proceed.
Lesson Objectives After completing this lesson, you will be able to: • •
know the difference between SPS - Revision and Maintenance revision know the following terms within the framework of SAP HANA revision strategy
Figure 17: Adapt new SAP HANA releases at your own speed
Figure 18: SAP Data Center Service Points
What goes in? •Only fixes of major bugs regarding critical functionality in key SAP HANA scenarios (Business Suite on SAP HANA, BW on SAP HANA, SAP HANA Data Marts) •Only fixes for production systems
•Only fixes with limited code dependencies and code changes/impact What does NOT go in? •No performance improvements, no features, no metadata changes, … •Anything which prevents an update to a later standard SP revision
Lesson Summary You should now be able to: • know the difference between SPS - Revision and Maintenance revision • know the following terms within the framework of SAP HANA revision strategy
Unit Summary You should now be able to: • Be a little bit familiar with SAP HANA • Find the most important information sources • know the difference between SPS - Revision and Maintenance revision • know the following terms within the framework of SAP HANA revision strategy
Unit 2 Preparing Installation Unit Overview This unit deals with the preparation of a SAP HANA Installation. The main topics are the sizing and the requirements for hardware and explanation for the required system structure and directories and their recommended size.
Unit Objectives After completing this unit, you will be able to: • • • • • • •
Know what needs to be taken into consideration for sizing of an SAP HANA server Understand sizing of main memory, persistence and CPU Know where to look up sizing information depending on the SAP HANA scenario Use the SAP Quick Sizer for sizing an SAP HANA database server Explain some important definitions for SAP HANA installation Clarify the SAP HANA System concepts and system types Explain the required file system structure and directories and their recommended sizes
Unit Contents Lesson: Sizing of SAP HANA .................................................. 24 Lesson: Requirements .......................................................... 35
Lesson: Sizing of SAP HANA Lesson Overview The goal of this lesson is to know what is important for a correct sizing of SAP HANA.
Lesson Objectives After completing this lesson, you will be able to: • • • •
Know what needs to be taken into consideration for sizing of an SAP HANA server Understand sizing of main memory, persistence and CPU Know where to look up sizing information depending on the SAP HANA scenario Use the SAP Quick Sizer for sizing an SAP HANA database server
Business Example Even though the first units of this course focus on the process of the installation, in a real SAP HANA project we would typically need to acquire the appropriate hardware in advance. The size of the server(s) has an impact on the hardware cost as well as on the license (potentially, depending on the license model). At the same time, undervaluing the size of the server might lead to poor performance or faults. Hence it is important to understand what needs to be taken into consideration for an appropriate sizing.
General Concept Hint: The following information solely refers to the sizing of the SAP HANA database server. Depending on the scenario, sizing of other components like the application server would need to be considered additionally. Caution: Other applications than the SAP HANA database software must not be installed on the database server except for scenarios that are explicitly supported. This is discussed in the lesson “Deployment Options” as well. A co-deployment of database software and application software is currently not supported. Hence for the SAP HANA sizing only the database size needs to be taken into consideration.
Sizing of the SAP HANA appliance respectively database server is mainly based on the required main memory size. Memory sizing is determined by the amount of data that is to be stored in memory. In general the sizing of other components within the server is derived from the main memory size. In accordance with the appliance model certified pre-configured hardware solutions are offered that comply with the sizing regulations. Data is compressed in SAP HANA. Since the expected compression factor is not the same for different scenarios, the main memory size is evaluated depending on the scenario. Caution: Sizing recommendations apply for certified hardware only. Please contact your hardware vendor for suitable hardware configuration. Hint: Note that SAP HANA is constantly being optimized. This might have an impact on sizing recommendations as well. It is recommended to always check the latest documentation as described in SAP Notes (see below). SAP HANA sizing consists of • • • •
Main memory sizing for static data Main memory sizing for objects created during runtime (data load and query execution) Disk sizing CPU sizing
The RAM size is the basic figure to find the necessary T-shirt size.
We distinguish between the static and the dynamic RAM requirement: •
Static RAM requirement: The static RAM requirements relates to the amount of main memory that is used for the holding the table data. Static memory sizing of HANA is determined by the amount of data that is to be stored in memory, i.e. the amount of disk space covered by the corresponding database tables, excluding their associated indexes. Note that if the database supports compression, the space of the uncompressed data is needed. Based on this amount of data, a compression factor is applied to determine the size of the RAM needed for HANA.
•
Dynamic RAM requirement: Additional memory is required for objects that are created dynamically when new data is loaded or queries are executed. Since SAP recommends to reserve as much memory for dynamic objects as for static ones, for calculating the total RAM the static RAM is multiplied by two.
Since compression factor and other hardware requirements are dependent on the scenario, different sizing rules exist: •
General Sizing (SAP Note 1514966): This describes the sizing of the SAP HANA as it is used e.g. for replication of ERP data coming from an ERP system. In particular, these rules must not be used for sizing BW on HANA and Business Suite on HANA systems.
•
Sizing for BW on HANA (SAP Notes 1736976 and 1637145): In the SAP Notes listed above a detailed description of the sizing of the various components is included. Besides, there is a sizing script available that supports sizing for a migration.
•
Sizing for Suite on HANA (SAP Note 1872170): The corresponding SAP Note describe how to implements a report to estimate the memory space requirement for the database tables of Suite on HANA systems. Note: This report ZNEWHDB_SIZE is running with low system load but depend of the size of your suite on HANA system it takes up to 8 - 12 H.. Therefore the recommendation is to test it before in your consolidation system! Note: For a productive suite on HANA system currently is with SPS07 a scale out scenario available. SAP Note 1995460 . Citation “Meanwhile VMware and SAP have gathered further experience in running SAP HANA in virtualized environments, allowing us to now also announce support for virtual single-VM deployments of SAP HANA SPS 07 (or newer) on VMware vSphere 5.5 for production .......”
For various scenarios SAP HANA and related technologies provide features to displace data that is not frequently used either to the SAP HANA persistence or to other database management systems. If such a technology is used, this would need to be taken into account in the main memory sizing. Examples are: •
Non-active data concept for BW on HANA (SAP Note 1767880) and Nearline Storage Solutions: Large BW systems contain large amounts of data that are no longer or rarely actively used but that should remain in the system (historical data, keeping data for legal reasons, and so on). This data is called non-active data. An implementation for BW on HANA allows to displace non-active data in case of main memory bottlenecks leveraging a last-recently-used concept. This concept improves main memory resource management, which has positive effects on hardware sizing for a large amount of non-active data. For more information about this, see also SAP Note 1736976. Besides, nearline storage solutions could be used to store “cold data”, which can additionally help to reduce the memory amount.
•
SAP HANA Smart Data Access (SAP Note 1879294): SAP HANA smart data access enables remote data to be accessed as if it was stored in local tables. Since the data is not copied to SAP HANA, it does not need to be considered for the main memory sizing of the SAP HANA server.
Disk sizing distinguishes between the persistence respectively data area and the log area. While the persistence area stores data that is kept in memory persistently, in the operational disk space log files are stored to ensure that changes are durable and the database can be restored to the last committed state after a restart. The minimum size for the log volume is equal to the size of the SAP HANA server‘s main memory. The minimum size for the data volume is equal to the size of the main memory plus additional space for exports and executables. SAP recommends reserving approximately another 2-3 times the RAM value for these purposes. Hence in total data volume size must be at least 3-4 times the size of the RAM. This is due to the fact that the data volume must be able to hold: • • •
Space for at least one process image in case of software failure (1x) Space for one data export (1x) Shared volume (across multiple nodes) for Executables, other data visible for all nodes (up to 1x)
The first two components are essential to provide support. Any backup data must NOT be stored in this space, but should rather be moved to external storage media.
CPU Sizing
Figure 24: CPU Sizing - Based on moderate side-by-side Scenario
CPU resources for SAP HANA are implicitly defined by the certified hardware platforms that satisfy the memory requirements and that are available from your hardware vendor. To estimate the maximum number of active users (that is, users that cause any kind of activity on the server within the time period of one hour) that can be handled by a HANA server, we have chosen the following approach.
Like in the sizing algorithms for SAP BW and SAP BWA that have been implemented in SAP QuickSizer (for details, refer to http://service.sap.com/quicksizer), we assume that HANA queries can be divided into three categories (“easy”, “medium”, and “heavy”) that differ in the amount of CPU resources that they require. Typically, “medium” queries use twice as many resources as “easy” ones, while “heavy” queries require 10 times as many resources. Furthermore, we assume that SAP HANA users can be divided into three categories: “low activity”, “medium activity”, and “high activity” users. The user categories are defined by the frequency of query execution and the mix of queries from different categories. “low activity” users typically execute one query per hour and run 80% “easy” queries and 20% “medium” queries; “medium activity” users execute 11 queries per hour and run 50% “easy” queries and 50% "medium" queries; and “high activity” users execute 33 queries per hour and run 100% “heavy” queries. Together with a default distribution on the user categories (70% sporadic, 25% normal, 5% expert) and results from multiuser load tests on certified hardware, an average resource requirement of 0.2 cores per user has been determined. A more detailed description of the sizing algorithm can be found in the online help of the SAP QuickSizer. CPU Sizing in Complex Scenarios In more complex query scenarios additional CPU requirements are influenced by the following factors: •
Data volume The resource requirements for queries increase linearly with the amount of records that have to be processed.
•
Query complexity Queries with computationally expensive operations or complex parallelized execution plans will take more resources than the sample content queries used in the basic CPU sizing. Consequently, the CPU sizing has to be adapted accordingly.
In case that the query complexity of a customer scenario does not match or cannot be compared with the sample side-by-side scenario, throughput tests with customer specific data and queries have to be run to derive the sizing. Additionally, expert sizing can be requested (for details see attachments to SAP Note 1515966).
Sizing SAP HANA Using the Quick Sizer Hint: SAP HANA Database can also be sized using SAP Quicksizer! Go to http://service.sap.com/quicksizer for further information. The Quicksizer calculates: 1. 2. 3. 4.
CPU Disk Memory I/O resource categories
It calculates these based on throughput numbers and the number of users working with the different SAP solutions in a hardware- and database-independent format. Sizing is an iterative process that continuously brings together customers, hardware vendors, and SAP so, for example, direct links to SAP's hardware vendors facilitate the tendering procedure.
Figure 25: SAP Quicksizer
For an initial sizing recommendation using the SAP Quick Sizer, please follow the steps described above. Sample configurations can be checked at http://www.sap.com/benchmark.
Lesson Summary You should now be able to: • Know what needs to be taken into consideration for sizing of an SAP HANA server • Understand sizing of main memory, persistence and CPU • Know where to look up sizing information depending on the SAP HANA scenario • Use the SAP Quick Sizer for sizing an SAP HANA database server
Lesson: Requirements Lesson Overview This lesson describes the requirements that have to be fulfilled before you can start the installation of a standalone SAP HANA system. For gaining more indepth knowledge please have a look in the “SAP HANA Server Installation Guide” SPS09.
Lesson Objectives After completing this lesson, you will be able to: • • •
Explain some important definitions for SAP HANA installation Clarify the SAP HANA System concepts and system types Explain the required file system structure and directories and their recommended sizes
Business Example Lets start with some term, which you will find quite often in SAP HANA documents. Hint: Definitions for System Types A single-host system is a system with one host. That means you have one operating system environment in which to install an SAP HANA system. This SAP HANA system only uses the system resources of the one host. But you can install more the one. A multi-host (distributed) systems is used to spread the load over several hosts.
Note: The components of SAP HANA can only be installed by certified hardware partners, or those holding the respectively current E_HANAINS certification, on validated hardware running a specific operating system. An SAP HANA system is composed of three main components: the host, the system and the instance
And It is important to clearly understand what these terms mean when it comes to an SAP HANA installation. Hint: Definition of Host A host is the operating environment in which the SAP HANA database runs. The host provides all the resources and services (CPU, memory, network, and operating system) that the SAP HANA database requires. The host provides links to the installation directory, data directory, and log directory, or the storage itself. The storage for an installation does not have to be on the host. For multi-host systems, a shared storage or a storage that is accessible on-demand from all hosts is required. For more information, refer to the multi-host system concepts. Hint: Definition of System A system is one or more instances with the same number. The term "system" is interchangeable with the term "SAP HANA database". If a system has more than one instance, it must be dispersed over several hosts as a distributed system. The SAP system ID (SAPSID or short SID) is the identifier for the SAP HANA system. Hint: Definition of Instance An SAP HANA instance is the set of SAP HANA system components that are installed on one host. A system can be distributed as several instances among several hosts, but each instance in a multi-host system must have the same instance number.
Figure 29: The basic components of a SAP HANA System
Figure 30: Standalone SAP HANA System with Single-SID and Multiple-SID Installations
Operating System for SAP HANA SUSE Linux Enterprise Server (SLES) 11 SP2 is necessary for using hdblcm. For information about installing SLES 11 in an SAP environment, 1310037 Hardware Requirements For a new installation, you need to have at least 20 GB RAM in total just for the software - 15 GB for the basic software plus 5 GB for programs as well as some space for trace files. The additional memory required for data and log volumes varies according to your requirements. For an update, you also need to allow the space stated above, since the old software version is not deleted. Note: During the update and the installation of the SAP HANA database (from the SAP HANA lifecycle management tools), a hardware check is performed in order to ensure that problems do not arise due to wrong or unsupported hardware configurations in combination with the SAP HANA platform. The check is a script that is automatically called by the SAP HANA installer and aborts the installation process if it doesn't succeed. It is not possible to disable the check because SAP HANA is highly optimized for specific hardware configurations which have been designed and tested together with our hardware partners. Outside of these validated configurations, SAP HANA performance and stability cannot be guaranteed. Hardware Requirements for SAP HANA Network Connection
Figure 32: File System Structure for a Multi-SID Installation
Note: If you want implement a Multi - SID scenario you have only to start the hdblcm(gui) tool once more with the new SID. Caution: SAP is strongly recommend keeping the data volumes on different disk! Note: An SAP HANA system in a production environment must not share any infrastructure with another SAP HANA system. Hosts running more than one SAP HANA system (sometimes referred to as multi-SID installations) can only be used for non-production purposes such as development, quality assurance, or testing. For production systems with high availability, it is possible to share some temporarily unused resources from the standby hosts. As soon as the standby resources are needed, they must become exclusively available for the production system and no longer shared. For more details, refer to the high availability information in the SAP HANA Administration Guide.
Lesson Summary You should now be able to: • Explain some important definitions for SAP HANA installation • Clarify the SAP HANA System concepts and system types • Explain the required file system structure and directories and their recommended sizes
Unit Summary You should now be able to: • Know what needs to be taken into consideration for sizing of an SAP HANA server • Understand sizing of main memory, persistence and CPU • Know where to look up sizing information depending on the SAP HANA scenario • Use the SAP Quick Sizer for sizing an SAP HANA database server • Explain some important definitions for SAP HANA installation • Clarify the SAP HANA System concepts and system types • Explain the required file system structure and directories and their recommended sizes
Unit 3 Installation Unit Overview Unit Objectives After completing this unit, you will be able to: • • • • • • • • • • • • • • • • •
Understand SAP HANA Lifecycle Management Explain the various installation methods Install SAP HANA as a single-host Install and configure SAP HANA Studio Install the SAP HANA SHINE content Explain a multiple-host system installation Explain the use of the command line options. Explain the use of the configuration file. Explain the use of the configuration file in batch mode Install and configure SAP HANA Studio Understand the different installation features Setup an SAP HANA Studio Update site Explain the purpose of the SAP HANA Interactive Education (SHINE) List the features provides by SHINE Install and configure SHINE Explain the preparatory steps required to install a distributed system Describe the steps for installing a distributed system
Unit Contents Lesson: Introduction SAP HANA Lifecycle Management Tools ........... 45 Exercise 1: Installing Your Own Standalone SAP HANA System..... 53 Lesson: Advanced installation options ........................................ 66 Lesson: SAP HANA Studio installation ....................................... 79 Exercise 2: Connect SAP HANA Studio to an SAP HANA database. 85 Lesson: SHINE - SAP HANA Interactive Education ........................ 89
Exercise 3: Installing the SAP HANA Interactive Education (SHINE) Content........................................................................ 95 Lesson: Performing a Distributed System Installation .....................106
Lesson: Introduction SAP HANA Lifecycle Management Tools
Lesson: Introduction SAP HANA Lifecycle Management Tools Lesson Overview This lesson explains the various Lifecycle Management tools for installing SAP HANA system.
Lesson Objectives After completing this lesson, you will be able to: • • • • • •
Understand SAP HANA Lifecycle Management Explain the various installation methods Install SAP HANA as a single-host Install and configure SAP HANA Studio Install the SAP HANA SHINE content Explain a multiple-host system installation
Business Example You want to install an SAP HANA single-host system and are investigating which SAP HANA Lifecycle Management tools is the best to use.
Introduction SAP HANA Lifecycle Management Tools With the release of SAP HANA SPS09 the SAP HANA lifecycle management (HDBLCM) tools replace all the other tools in the previous releases. The tools SAP HANA unified installer, the on-site configuration tool, SUM for HANA and the SAP HANA lifecycle manager are all replaced by the, in SPS08 introduced, SAP HANA lifecycle management tools.
Platform Lifecycle Management Aspects The Platform lifecycle management tasks on your SAP HANA system can be performed by using one of the three SAP HANA database lifecycle manager tool user interfaces.
Lesson: Introduction SAP HANA Lifecycle Management Tools
Figure 34: SAP HANA database lifecycle manager user interfaces
Note: The web interface can be used stand-alone via a Web browser, or in the SAP HANA studio. SAP HANA platform lifecycle management tools can be used to installation, configuration and update an SAP HANA server, mandatory components and additional components. The tools can also be used to perform post-installation configuration tasks. Note: In general, installation and update is carried out from the installation medium. Configuration tasks are performed using the SAP HANA resident HDBLCM tool.
What task can be performed by the different HDBLCM tools?
Figure 36: Location of the HDBLCM tools
Depending on the task you will need to select the correct HDBLCM tool. The slide below gives an overview of the tools and their specific tasks.
Application Lifecycle Management (ALM) aspects SAP HANA application lifecycle management tasks can also be performed using different user interfaces. The available interfaces are: • • •
A web interface A command-line tool (hdbalm) ALM integrated in SAP HANA studio
SAP HANA application lifecycle management supports you in all phases of the lifecycle of an SAP HANA application or add-on product, from modelling your product structure, through application development, transport, assembly, to installing and updating products that you have downloaded from SAP Service Marketplace or which you have assembled yourself. System administrators use SAP HANA application lifecycle management mainly to install and update SAP HANA applications or add-on products.
Using the SAP HANA Platform LCM Tools The SAP HANA database lifecycle manager (HDBLCM) is used to perform tasks like installing, updating, and configuring an SAP HANA system. The SAP HANA database lifecycle manager is created to help hardware partners and administrators to perform their tasks in an efficient way. The SAP HANA database lifecycle manager can be run with a Graphical User interfaces, Command-line interface or a web user interface in a browser of from the SAP HANA Studio and it replace the old tools completely.. The first choice to make is which SAP HANA database lifecycle manager (HDBLCM) interface type you prefer to use. You change the default behavior of the LCM tools by using parameters. Parameters can modified a number of ways, for example, in the entry field of a graphical interface, as a call option with the
Lesson: Introduction SAP HANA Lifecycle Management Tools
program call, or in a configuration file. These options can be mixed and matched depending on the parameters you need to use and the program interaction mode you choose.
Figure 37: Many paths leading to a common goal
Once you've chosen the graphical user, command-line, or Web user interface, you can decide if you prefer to interactively enter parameter values, or give all required parameters with the call to the platform LCM tool, and let it run unattended to completion. Interactive mode is available for all user interfaces, and is the default mode for program interaction. To use interactive mode, you simply call the SAP HANA HDBLCM user interface, and enter parameter values as they are requested by the program. Advanced interactive mode involves entering some parameter values interactively and providing some parameter values as call options or in a configuration file. This is the recommended interaction mode if you'd like to modify parameter default values which are not requested in interactive mode. Batch mode is an advanced platform LCM interaction method because all required parameters must be provided with the call to the LCM program on the command line. Batch mode is designed for large-scale platform LCM tasks, which would be time consuming to perform interactively. Platform LCM parameters can be entered interactively (only available for interactive mode or advanced interactive mode), as a call option on the command line, or via a configuration file. If you are performing platform LCM tasks in advanced interactive mode, you can choose any of the three parameter entry methods (or use more than one). If you are using batch mode, you must enter parameter values either as call options to the SAP HANA database lifecycle manager or from a configuration file.
Use the Graphical User Interface to Perform Platform LCM Tasks SAP HANA platform lifecycle management tasks can be performed from a graphical interface. In the picture below you see an example of the user interface.
In general, installation and update is carried out from the installation medium. Configuration tasks are performed using the SAP HANA resident HDBLCM. Start the SAP HANA platform lifecycle management tool hdblcmgui from the appropriate directory.
Use the Command-Line Interface to Perform Platform LCM Tasks SAP HANA platform lifecycle management tasks can be performed from the command line.
Lesson: Introduction SAP HANA Lifecycle Management Tools
In general, installation and update is carried out from the installation medium. Configuration tasks are performed using the SAP HANA resident HDBLCM. Start the SAP HANA platform lifecycle management command line tool hdblcm from the appropriate directory.
Use the Web User Interface to Perform Platform LCM Tasks The SAP HANA database lifecycle manager (HDBLCM) can be accessed as a Web user interface in either a standalone browser or in the Platform Lifecycle Management view within the SAP HANA studio.
Figure 40: Web user Interface
Prerequisites • •
The SAP HANA database must be revision 90 or higher The communication port 1129 is open
Several browsers are supported when using the web user interface. The following Web browser are supported: • • • •
2015
Internet Explorer - Version 9 or higher Mozilla Firefox - Latest version and Extended Support Release Google Chrome - Latest version Safari 5.1 or higher on Mac OS
How to start the web interface depends on if you use SAP HANA Studio or a browser. • •
52
In the browser open https://:1129/lmsl/HDBLCM//index.html In SAP HANA Studio open the context menu of your system and select Lifecycle Management→ Platform Lifecycle Management→ SAP HANA Platform Lifecycle Management
Lesson: Introduction SAP HANA Lifecycle Management Tools
Exercise 1: Installing Your Own Standalone SAP HANA System Exercise Objectives After completing this exercise, you will be able to: • Work with PuTTY • Connect to the Linux desktop using the Remote Desktop Connection • Install a SAP HANA Single-Host System
Business Example During the SAP HANA implementation project there is the need for an sandbox system were the SAP HANA Developers and Modelers can get some hands-on with the newest SAP HANA features in the SPS09 release. To facilitate this request you need to install a Single-Host SAP HANA system that later also will include the SAP HANA Interactive Education (SHINE) SPS09 demo applications and content.
Task 1: Login to the SAP HANA host using PuTTY Use PuTTY to login to your host where SAP HANA will be installed. Your instructor will provide you with your group number. 1.
2.
Check if PuTTY is configured with the correct hostname for your group as shown in the table below. Group
hostname
01
wdflbmt7194.wdf.sap.corp
02
wdflbmt7195.wdf.sap.corp
Press 1 or 2 to connect automatically to your SUSE Linux server.
Task 2: Checking availability installation DVD and installation directory Check that the SAP HANA installation DVD is mounted and the installation directory is empty. 1.
Check the availability of the subdirectory DATA_UNITS and its content is present.
2.
During this exercise SAP HANA will be installed in the directory /hana. Check that this location is available and empty. Continued on next page
Task 3: login to the SAP HANA Server using Remote Desktop (RDP) The SAP HANA installation will be performed using the installation tool hdblcmgui. To be able to use the graphical installer you need to login to the SUSE Enterprise desktop on your SAP HANA host. 1.
2.
Use the Microsoft Remote Desktop (RDP) tool to connect to the SUSE Enterprise desktop. Use the hostnames as provided below. Group
hostname
01
wdflbmt7194.wdf.sap.corp
02
wdflbmt7195.wdf.sap.corp
On both hosts you can use the following username and password. Username : ha200root Password : ha200_KPS$
Task 4: Installing SAP HANA using hdbclmgui Start the SAP HANA Database installation the using the graphical installation tool hdblcmgui. 1.
Install the SAP HANA system using the system properties specified below: Parameter
Value
SAP HANA System ID
SHS
Instance number
20
Task 5: Checking the SAP HANA file system after installation After the installation you want to check if everything was installed in the correct locations. 1.
Use PuTTY or Remote Desktop to check the following directories Directory
Note some of the content you see
/hana /usr/sap /hana/data /hana/shared Continued on next page
Solution 1: Installing Your Own Standalone SAP HANA System Task 1: Login to the SAP HANA host using PuTTY Use PuTTY to login to your host where SAP HANA will be installed. Your instructor will provide you with your group number. 1.
Check if PuTTY is configured with the correct hostname for your group as shown in the table below.
a)
Group
hostname
01
wdflbmt7194.wdf.sap.corp
02
wdflbmt7195.wdf.sap.corp
In the cloud session provided by your instructor locate and start PuTTY using the Windows Start Menu → All Programs → PuttyConnect for HA200
Figure 41: Putty connection for HA200 with automatic logon
Lesson: Introduction SAP HANA Lifecycle Management Tools
2.
Press 1 or 2 to connect automatically to your SUSE Linux server. a)
The logon to the SUSE Linux server is automatic. In the case the logon fails the username and password can be provided by your instructor.
Figure 42: The PuTTY login Screen
Hint: If you don't like the default (gray on black) color settings in PuTTY then open the menu→ Change Settings→ Window→ Colours and mark the check box “Use system colours” and press Apply.
Task 2: Checking availability installation DVD and installation directory Check that the SAP HANA installation DVD is mounted and the installation directory is empty. 1.
Check the availability of the subdirectory DATA_UNITS and its content is present. a)
Change into the directory DATA_UNITS with the command: cd /data/training/install/SPS9/DATA_UNITS and execute the command: ls –l The output should look like the list shown below.
During this exercise SAP HANA will be installed in the directory /hana. Check that this location is available and empty. a)
Change into the SAP HANA installation directory with the command: cd /hana and execute the command: ls –l You should see the following result showing 0 files
Figure 44: Empty /hana directory
Task 3: login to the SAP HANA Server using Remote Desktop (RDP) The SAP HANA installation will be performed using the installation tool hdblcmgui. To be able to use the graphical installer you need to login to the SUSE Enterprise desktop on your SAP HANA host. 1.
Use the Microsoft Remote Desktop (RDP) tool to connect to the SUSE Enterprise desktop. Use the hostnames as provided below.
a)
Group
hostname
01
wdflbmt7194.wdf.sap.corp
02
wdflbmt7195.wdf.sap.corp
In the HB-HA200SPS9INST-XXX Citrix session start Remote Desktop Connection using the Windows Start Menu → Remote Desktop Connection
Figure 45: Linux RDP Login
2.
On both hosts you can use the following username and password. Username : ha200root Continued on next page
Lesson: Introduction SAP HANA Lifecycle Management Tools
Task 5: Checking the SAP HANA file system after installation After the installation you want to check if everything was installed in the correct locations. 1.
Use PuTTY or Remote Desktop to check the following directories Directory
Note some of the content you see
/hana /usr/sap /hana/data /hana/shared a)
Change to the directories in the table below with the command: cd and display the content with the command: ls -l. When listing the directories you should see at least the following content Directory
Task 6: Checking the SAP HANA services You want to check if all the SAP HANA service are running on the SAP HANA host. 1.
Using PuTTY and the shsadm user to on the command line to check the SAP HANA services. a)
Use the already opened PuTTY session and change to the shsadm user with the command: su - shsadm To see if all the SAP HANA service are running execute the command: HDB info The screenshot below show the output of the HDB info command.
Lesson: Introduction SAP HANA Lifecycle Management Tools
Lesson Summary You should now be able to: • Understand SAP HANA Lifecycle Management • Explain the various installation methods • Install SAP HANA as a single-host • Install and configure SAP HANA Studio • Install the SAP HANA SHINE content • Explain a multiple-host system installation
Related Information • •
2015
SAP HANA Master Guide - http://help.sap.com/hana/SAP_HANA_Master_Guide_en.pdf SAP HANA Server Installation and Update Guide http://help.sap.com/hana/SAP_HANA_Server_Installation_Guide_en.pdf
Lesson: Advanced installation options Lesson Overview This lesson explains the various advanced installation methods of an SAP HANA system.
Lesson Objectives After completing this lesson, you will be able to: • • •
Explain the use of the command line options. Explain the use of the configuration file. Explain the use of the configuration file in batch mode
Business Example You want to install several SAP HANA systems and need insight in the advanced, batch oriented installation methods that are available for installing multiple SAP HANA systems
Advanced installation options Installation automation is designed for those who are familiar with SAP HANA, and are installing it regularly, in various production environments. In particular, installation automation refers to installing SAP HANA systems using batch mode and a combination of a configuration file and call options passed on the command line. In order to provide flexibility, it is possible to install the same SAP HANA system in several ways. The differences between installation methods are best depicted through a one-to-one comparison of the same system installed with each available method Example for illustrating of the differences between the installation methods. The target is to install a SAP HANA single-host system with the following specifications:
Let's have a look at the automated installation with the SAP HANA lifecycle management tool hdblcm. For this, you have to use the batch mode. It is important to note that up to this point that it was necessary to enter passwords interactively and confirm other default parameters as part of the interactive mode. Batch mode runs the installer without asking for any confirmation or parameter entry, thereby allowing installation to run to completion by the push of one button. It can be started from the command line alone or in combination with the configuration file. Batch mode is designed to automate the installation process.
Default Parameters The installer uses the following default values unless you change them during installation. Some default values are based on the predefined values on the current host. Caution: In a multiple-host system, it is recommended to manually check the mandatory values on each host before installation. In a multiple-host system, it is recommended to manually check the mandatory values on each host before installation.
The user adm is the operating system user required for administrative tasks such as starting and stopping the system. The user ID of the adm user is defined during the system installation. The user ID and group ID of this operating system user must be unique and identical on each host of a multiple-host system.
sapadm
The SAP host agent administrator. •
•
SYSTEM
If there is no SAP host agent available on the installation host, it is created during the installation along with the user sapadm. If the SAP host agent is already available on the installation host, it is not modified by the installer. The sapadm user and password are also not modified.
Initially, the SYSTEM user has all system permissions. Additional permissions can be granted and revoked again, however the initial permissions can never be revoked.
Summary The following table gives an overview of the various installation methods:
2015
Installation variant
Detailed characterization
hdblcm only
All parameters are available
hdblcm + configuration file
All parameters are available
hdblcm + batch modus
All parameters are available; makes automation possible
hdblcm + configuration file + batch modus hdblcm + interactive modus
All parameters are available; makes automation possible Reduced parameter choice
Figure 60: Further SAP HANA platform lifecycle management changes since SPS07
Troubleshooting a failed installation Troubleshooting should be referred to if the installation fails for an unknown reason, or for workarounds in special circumstances. Checking the Log Files The SAP HANA lifecycle management tools hdblcm and hdblcmgui write log files during installation. The most recent log file is always available under /var/tmp/hdblcm.log or /var/tmp/hdblcmgui.log. Additionally, a copy of the log files is archived in the directory hdb__hdblcm__. Since the SAP HANA lifecycle management tools hdblcm and hdblcmgui are wrappers for underlying component installers, it is also possible to check the component logs. It is recommended to review and analyze the SAP HANA lifecycle management tools hdblcm and hdblcmgui logs first. Once the source of the problem is narrowed down to a specific component, then the component logs can be further analyzed. The component log files are stored in the following path: /var/tmp/hdb___ where ::= install | update | addhost | uninstall | and so on
The following log files are written during performing the action: • • •
.log: can be read using a text editor .msg: XML format for the display in the installation tool with the GUI _tracediff.tgz: provides a delta analysis of the original trace files, makes a detailed analysis more easy
You can also view the last three log files in the SAP HANA studio using the administration function Diagnosis Files.
Enabling the Installer Trace If the installer crashes or loops it may make sense to trace the installer until the problem occurs, open an SAP Support Ticket on http://support.sap.com, and attach the trace file for further analysis. You can switch on the installer trace by setting the environment variable HDB_INSTALLER_TRACE_FILE to . The directory containing the trace file must already exist.
Locating all SAP HANA File System Components In addition to the main components installed in the default file systems, it may also be necessary to locate the temporary files from the SAP HANA system. They can be found in the following directories.
Figure 61: Locating all SAP HANA File System Components
Accessing the Underlying Installer Components (pass_through_help) Since hdblcm and hdblcmgui are wrapper tools, in some troubleshooting cases, it may be useful to pass component options on to the underlying component tools (hdbinst or hdbupd) in combination with the call to the hdblcm or hdblcmgui SAP HANA lifecycle management tools.
To view the available underlying component parameters as extended help output, use the pass_through_help parameter. The action parameter and --help or -h must be specified in combination with pass_through_help.
Relocation of SAP HANA It may become necessary to move the SAP HANA system to different hardware. If so, the SAP HANA system must be unregistered, and re-registered on the new hardware. As of SPS 08, system relocation can be performed with the SAP HANA lifecycle management tool hdblcm(gui).
Figure 62: Example scenario: scale up – system relocation from source to target host - unregister
What are the steps for this challenge ? • • •
74
Logon to the source host . Navigate to the resident hdblcm execute “hdblcm --action=unregister_system”
Figure 63: Example scenario: scale up – system relocation from source to target host- register
What are the step for register the new host? • • •
Log on to the target host and mount the shared area Execute “hdblcm –action=register_rename_system. ” Execute the host mapping That's all!
SAP HANA Installation certification program With the introduction of SAP HANA Tailored Datacenter Integration (TDI) customers were allowed to install their own SAP HANA systems on certified hardware. To ensure quality and consistency in the installations in the customers datacenter SAP has setup a special certification program for installing SAP HANA systems.
Figure 64: Who Should Install Your SAP HANA System?
The execution of the installation requires that you have a special SAP Certificate (Booking code: E_HANAINS151). Note: By the way E_HANAINS151 means installation certification of the year 2015 in the 1st half year. Some examples: • •
E_HANAINS141 = SAP HANA SPS07 E_HANAINS142 = SAP HANA SPS08
The installation certification exam SAP Certified Technology Specialist (Edition 201x) – SAP HANA Installation is in line with our SAP HANA Tailored data center integration program. Some facts about the installation certification exam (E_HANAINSxxy): • • •
Mandatory prerequisite: passed the C_HANATECxxy Duration: 90 Minutes No. of Questions: 40
We strongly recommend that you attend the completely revised HA200 classroom training before you book the exam. Hint: In SAP Note 1905389, you find a good collection of important documents.
Figure 65: The Way to the Installation Certificate
Some more details: The most important prerequisite to pass the Certification C_HANATECxxy is the HA200 course. Below you find a approximately weighting of necessary courses for SPS09: Course
Weighting of the course topics for certification in %
HA200
80
HA240
10
HA250
5
HA100
5
A certification continues to be valid until the next three SAP HANA SPS. That means for instance . If you have pass the certification for SPS06 you should refresh the certification as soon as possible. Caution: You will find the detailed Informations in our training and certification shop https://training.sap.com/g/en/courses-and-curricula/hana The Data provisioning part based on HA100!
Lesson Summary You should now be able to: • Explain the use of the command line options. • Explain the use of the configuration file. • Explain the use of the configuration file in batch mode
Related Information • •
78
Training and Certification Shop: https://training.sap.com SAP Learning Hub: https://training.sap.com/shop/learninghub
Lesson: SAP HANA Studio installation Lesson Overview This lesson explains the various installation options of SAP HANA Studio
Lesson Objectives After completing this lesson, you will be able to: • • •
Install and configure SAP HANA Studio Understand the different installation features Setup an SAP HANA Studio Update site
Business Example During the implementation project the SAP HANA Administrator, Modelers and Developers need an up to date SAP HANA Studio on their PC or laptop. It is your task to provide an good strategy to keep all the SAP HANA Studio's up to date.
About the SAP HANA Studio The SAP HANA studio runs on the Eclipse platform and has a collection additional applications for SAP HANA. It enables technical users to manage the SAP HANA database, to create and manage user authorizations, and to create new or modify existing models of data in the SAP HANA database. It is a client tool, which can be used to access local or remote SAP HANA databases. SAP HANA Studio is available on Windows, Linux and Mac OS. For the details on which platform versions are supported please check the SAP HANA Studio Installation and Update Guide on http://help.sap.com/hana_platform
Installing SAP HANA Studio Use the graphical installation tool hdbsetup to install SAP HANA Studio. This installation tools is available on all the supported frontend platform. Before you start the SAP HANA Studio installation make sure that you checked all the platform specific prerequisites.
Default installation paths The default installation paths are specific to the operating system on which the SAP HANA studio is installed. The table below shows the default installation paths per operating system.
The default installation paths can be changed during the installation of SAP HANA Studio.
Installation SAP HANA Studio Features During installation or update you can select which SAP HANA studio features are installed. Depending on your use case for SAP HANA Studio you select between the following installation options. •
SAP HANA Studio Administration An installation setup for various administration tasks, excluding transportable design-time repository objects. General troubleshooting tools like tracing, the catalog browser and SQL Console are also included.
•
SAP HANA Studio Database Development An installation setup for content development. Used for DataMarts and ABAP on SAP HANA scenarios.
•
SAP HANA Studio Application Development An installation setup suited for developing SAP HANA native applications (XS and UI5 tools). SAP UI5 Tools are not included and need to be installed separately.
•
SAP HANA Answers An integrated tool to retrieve helpful content based SAP HANA information, documentation and expertise from the SAP HANA network.
Update the SAP HANA Studio Using an Update Site An update site can be used to provide the newest installation media for a large number of installations. Prerequisites Before you can manually update the SAP HANA studio and configure the SAP HANA studio to check automatically for updates, you must have configured the update site from which updates are downloaded. The SAP HANA XS Web server is used to provide the installation files for the SAP HANA studio update.
In the SAP HANA studio, specify the update site as follows: a) From the main menu, choose Window => Preferences => Install/Update => Available Software Sites b) Choose Add... and specify the name of the update repository (optional) and its location. If you are using the SAP HANA XS Web server http://:80/sap/hana/studio/ If you are using a file system location file:/ Note: The path for Mac OS X is different. Please check the SAP HANA Studio Installation and Update Guide on http://help.sap.com/hana_platform for the details.
2.
To update the SAP HANA studio manually, proceed as follows: a) From the main menu, choose Help→ Check for Updates. The SAP HANA studio checks the specified software site for an update. b) If an update is available, follow the on-screen instructions to install the update.
3.
To configure the SAP HANA studio to check for updates automatically and notify you of their availability, proceed as follows: a) From the main menu, choose Window→ Preferences→ Install/Update→ Automatic Updates b) Specify your update settings. You are automatically notified if an update is available in accordance with your settings. Note: By default, the SAP HANA studio does not automatically check for updates and notify you.
Exercise 2: Connect SAP HANA Studio to an SAP HANA database Exercise Objectives After completing this exercise, you will be able to: • Configure the SAP HANA Studio network settings to work with the local network • Add an SAP HANA database to your SAP HANA Studio
Business Example The IT department has rolled out SAP HANA Studio is rolled out to all the workplaces that require it. It is now your task to setup the connection from SAP HANA Studio to the SAP HANA database.
Task 1: Configure the SAP HANA Studio network settings. 1.
In SAP HANA Studio configure the network settings to work with the local network.
Task 2: Adding an SAP HANA database to the SAP HANA Studio 1.
2015
You have just installed an SAP HANA system and want to connect to this new system using SAP HANA Studio.
Task 2: Adding an SAP HANA database to the SAP HANA Studio 1.
2015
You have just installed an SAP HANA system and want to connect to this new system using SAP HANA Studio. a)
In SAP HANA Studio close the Welcome view.
b)
In the Systems view click on the “Add System …” icon.
c)
In the System window enter the Host Name and Instance Number from previously the installed system. Leave the rest of the field on the default settings and press Next.
d)
In the fields User Name and Password enter the SYSTEM user and the password you created during the installation. Mark the checkbox to store the user name and password in the secure store.
e)
Press Finish to complete the “Add System …” wizard.
f)
Double click on the SAP HANA system to open the Default Administration view.
Lesson Summary You should now be able to: • Install and configure SAP HANA Studio • Understand the different installation features • Setup an SAP HANA Studio Update site
Lesson: SHINE - SAP HANA Interactive Education Lesson Overview In this lesson you will learn about the SAP HANA Interactive Education (SHINE) demo application that makes it easy to learn how to build native SAP HANA applications.
Lesson Objectives After completing this lesson, you will be able to: • • •
Explain the purpose of the SAP HANA Interactive Education (SHINE) List the features provides by SHINE Install and configure SHINE
Business Example In your company the SAP HANA Developers need a sandbox system with some content so that they can get insight in the features provided by SAP HANA SPS09.
The SAP HANA Interactive Education (SHINE) Demo Application SAP HANA Interactive Education, or SHINE, is a demo application that makes it easy to learn how to build native SAP HANA applications. The demo application, delivered with SAP HANA in a special delivery unit (DU), comes complete with sample data and design-time developer objects for the application's database tables, data views, stored procedures, OData, and user interface.
The delivery unit defines the following applications: •
•
Enterprise Procurement Model Admin Console This application lets you generate large quantities of data for testing, as well as create synonyms for use in currency conversions. Enterprise Procurement Model Sample Application This is a sample Sales Order Dashboard and Purchase Order Worklist to show how you could construct similar native SAP HANA applications.
The delivery unit creates the schema SAP_HANA_DEMO. In this schema the database objects, including the tables, are created. The views and procedures are created in the _SYS_BIC schema. The delivery unit also comes with design-time objects for building the applications based on those database objects, and are located in the sap.hana.democontent.epm package.
Features available in SHINE After the SHINE demo application is installed the developers and modelers can explore the following features on the SAP HANA system:
Figure 70: Available features in SHINE
•
90
HDB Association SAP HANA Extended Application Services (XS) enables you to use the core data services (CDS) syntax to create associations between entities. The associations are defined as part of the entity definition, which are design-time files in the repository.
Spatial Spatial data is that which describes the position, shape, and orientation of objects in a defined space. Spatial data is represented as 2-Dimensional (2D) geometries in the form of points, line strings, and polygons. SAP HANA simple info access (SINA) The SINA API is a client-side or frontend JavaScript API for developing browser-based search UIs. SAP HANA UI Integration Services Fiori Launch Pad Site Is the entry point to Fiori apps on mobile or desktop devices. OData Batch Requests The OData standard allows the collection of multiple individual HTTP requests into one single batched HTTP request. Fuzzy Search Fuzzy search is a fast and fault-tolerant search feature that can be used in SAP HANA. Tax Calculation Using Rules The Rules for Tax Calculation are used to determine the tax code based on the Company (Business Partner ID) and Product ID. Core Data Services (CDS) / HDBDD Is a new infrastructure for defining and consuming semantically rich data models in SAP HANA. Using a data definition language (DDL), a query language (QL), and an expression language (EL), CDS is envisioned to encompass write operations, transaction semantics, constraints, and more. Rules on SAP HANA This introduces business rules in the from of decision tables in SAP HANA database layer. SAP HANA UI Integration Services Provide the required services and UI patterns to easily create and design single applications or application sites based on HANA native (XS) applications through efficient development tools, standardized services and consistent UI experience. Services Many new services have been added. Job Scheduling Scheduled jobs define recurring tasks that run in the background. Outbound XSJS SAP HANA Extended Application Services includes a server-side JavaScript API (Outbound API) that enables access to a defined HTTP destination. SAP HANA UI Integration Services You want to provide the end user a means to personalize your application. For this you can the personalization mechanism provided by the SAP HANA UI Integration Services (UIS).
Installing and Using the SHINE Demo Application To work with the demo application, a system administrator needs to perform the following tasks. • •
Import the demo application delivery unit. Assign roles to developers who want to work with the demo application.
Afterwards, a developer with the proper role can perform the following tasks. • •
Generate additional demo data, if necessary. The demo application comes with an initial set of data. View the demo application and subsequently explore the design-time objects for the demo applications to see how the applications were created.
Using the SHINE Demo Application You can work with and explore the demo EPM application and then view the code behind it to learn how it works. The application makes use of the purchase order data and sales order. Prerequisite To launch and explore the you must have the sap.hana.democontent.epm.roles::User role assigned to your user. If you want to configure the SHINE demo application you need the sap.hana.democontent.epm.roles::Admin role assigned to your user. Launch Pad Application The Launch Pad application is the entry point into the SHINE Demo Application. From the Launch Pad you can start the other applications that you want to explore. Open the Launch Pad Application using the this URL: http://./sap/hana/democontent/epm/ui/NewLaunchpad.html Make sure that you replace and with the host name and port for your SAP HANA XS installation. Generally, the port is 80 plus the 2-digit instance number, for example, if the instance is 00, then the port is 8000.
Figure 71: SAP HANA Interactive Education Launch Pad
From the Launch Pad application you can explore all the SAP HANA Interactive Education applications. Some applications need some extra configuration before being executed. This extra configuration is explained in the SHINE documentation and it is also mentioned in the introduction pop-up windows when you start a application for the first time. Note: For using this launch pad the role “sap.hana.democenter.epm.roles::admin ” is to assign to the user.
Exercise 3: Installing the SAP HANA Interactive Education (SHINE) Content Exercise Objectives After completing this exercise, you will be able to: • Install and configure SAP HANA Interactive Education (SHINE) Content
Business Example During the SAP HANA implementation project there is the need for a sandbox system were the SAP HANA Developers and Modelers can get some hands-on with the newest SAP HANA features in the SPS09 release. It’s your task to install the SAP HANA Interactive Education (SHINE) SPS09 demo content on the sandbox system.
Task 1: Unpack the SAP HANA Interactive Education (SHINE) package You need to extract the SHINE package from the SAP HANA Installation DVD before it can be imported into the SAP HANA database. 1.
Log on to the SAP HANA cloud landscape using the remote desktop connection.
2.
Copy the SHINE content package to the Documents folder.
Task 2: Import the SAP HANA Interactive Education (SHINE) package Use the SAP HANA Studio in the Windows environment to import the SAP HANA SHINE content. 1.
Start the SAP HANA Studio in the Windows environment and import the SHINE Delivery Unit
Task 3: Check the SHINE Delivery Unit import After the SHINE demo content import you want check what has been created during the import. 1.
In SAP HANA Studio open the Catalog and navigate to the SAP_HANA_DEMO schema.
Task 4: Add SHINE administrator role to your authorizations The demo application includes definitions for two new roles that are required to generate or reload demo data or to view the demo application. To be able to perform the post-installation step for SHINE you need the role sap.hana.democontent.epm.roles::Admin assigned to your administrator account. 1.
Use SAP HANA Studio to assign the sap.hana.democontent.epm.roles::Admin to your administrator account.
Task 5: Generate Time Data Now that you know that the SHINE content is imported correctly you need to generate some Time Data in the M_TIME_DIMENSION Time Dimension table that is located in the _SYS_BI schema. 1.
Generate Time Data for the SHINE content.
Task 6: Create Synonyms Some table synonyms need to be created for the use in the currency conversions. 1.
Use the Data Generator to generate the synonyms
Task 7: Explore SAP HANA SHINE Start and explore the SAP HANA SHINE demo application. 1.
96
Start the Google Chrome and open the SAP HANA SHINE demo application
Solution 3: Installing the SAP HANA Interactive Education (SHINE) Content Task 1: Unpack the SAP HANA Interactive Education (SHINE) package You need to extract the SHINE package from the SAP HANA Installation DVD before it can be imported into the SAP HANA database. 1.
2.
Log on to the SAP HANA cloud landscape using the remote desktop connection. a)
On your local Windows session select the Start Menu → Remote Desktop Connection.
b)
When prompted for the computer name enter the cloud hostname and the credentials provided by the instructor. Cloud user name
train-## (## is your group number)
Cloud password
initial
c)
Choose “Yes”when prompted to confirm the identity of the remote computer.
d)
Choose “OK”when prompted that the IE language was set to English.
Copy the SHINE content package to the Documents folder. a)
Select the Start Menu→ All Programms→ HANA Student.
b)
In the file explorer select→ HA200→ HCO_HANA_SHINE
c)
Copy the file HCODEMOCONTENT09_0.ZIP to Documents and unpack the zip file using the "Extract here" option from the context menu.
Task 2: Import the SAP HANA Interactive Education (SHINE) package Use the SAP HANA Studio in the Windows environment to import the SAP HANA SHINE content. 1.
Start the SAP HANA Studio in the Windows environment and import the SHINE Delivery Unit a)
Select the Start Menu→ All Programms→ SAP HANA Studio.
Task 3: Check the SHINE Delivery Unit import After the SHINE demo content import you want check what has been created during the import. 1.
In SAP HANA Studio open the Catalog and navigate to the SAP_HANA_DEMO schema. a)
To find the SAP_HANA_DEMO schema go to the Systems View and select and open the system SHS. Open the Catalog directory and look for the schema SAP_HANA_DEMO.
Task 4: Add SHINE administrator role to your authorizations The demo application includes definitions for two new roles that are required to generate or reload demo data or to view the demo application. To be able to perform the post-installation step for SHINE you need the role sap.hana.democontent.epm.roles::Admin assigned to your administrator account. 1.
Use SAP HANA Studio to assign the sap.hana.democontent.epm.roles::Admin to your administrator account. a)
Start SAP HANA Studio and in the Navigation Pane select the path SHS (SYSTEM)→ Security → Users and double click on the user SYSTEM. On the right hand side there the SHS - SYSTEM view opens. In this view select the tab Granted Roles and click on the green + sign to add and new role. In the pop-up window Select Roles search for the sap.hana.democontent.epm.roles::Admin role. In the Matching items area select the role and press OK. The sap.hana.democontent.epm.roles::Admin role is now in the list of Granted Roles. To activate this change press the Deploy (F8) button.
Task 5: Generate Time Data Now that you know that the SHINE content is imported correctly you need to generate some Time Data in the M_TIME_DIMENSION Time Dimension table that is located in the _SYS_BI schema. 1.
Generate Time Data for the SHINE content. a)
Open the SAP HANA Modeler perspective and navigate to the Quick Launch view. In the Quick Launch select “Generate Time Data“ and in the following pop-up select your SHS system and continue by pressing Next.
Figure 79: Generate Time Data
b)
In the “Generate Time Data” pop-up enter the same values as shown below and press “Finish”.
Task 7: Explore SAP HANA SHINE Start and explore the SAP HANA SHINE demo application. 1.
Start the Google Chrome and open the SAP HANA SHINE demo application a)
Select Google Chrome from the Windows quick-lunch menu.
b)
Open the url: http://wdflbmt719#:8020/sap/hana/democontent/epm/ui/NewLaunchpad.html
Figure 82: Start and explore the SAP HANA SHINE application
Because not all the SHINE applications work out of the box, you might want to try the Sales Dashboard, the Fiori Launchpad or the Sales Dashboard Mobile. The way to setup and configure the rest of the applications can be found in the SAP HANA Interactive Education (SHINE) guide on http://help.sap.com/hana/SAP_HANA_Interactive_Education_SHINE_en.pdf
Lesson Summary You should now be able to: • Explain the purpose of the SAP HANA Interactive Education (SHINE) • List the features provides by SHINE • Install and configure SHINE
Related Information •
•
2015
SAP HANA Interactive Education (SHINE) guide on http://help.sap.com/hana/SAP_HANA_Interactive_Education_SHINE_en.pdf SAP Note 1934114: SAP HANA DEMO MODEL - SHINE Release & Information Note
Lesson: Performing a Distributed System Installation Lesson Overview The objectives of this lesson are: What needs to be prepared to install a distributed system? What are the steps for this kind of installation? The installation of a distributed system is described in the SAP HANA Server Installation Guide.
Lesson Objectives After completing this lesson, you will be able to: • •
Explain the preparatory steps required to install a distributed system Describe the steps for installing a distributed system
Business Example The reason for a distributed landscape consisting of multiple hosts is to have more memory or more CPU power beyond the limitation of a single physical hardware box.
Multi-Host System Installation It is important to review multi-host system concepts like host grouping and storage options before installing a multi-host system. Hint: Host Types When configuring a multi-host system, the additional hosts must be defined as worker machines or standby machines (worker is default). Host types Worker machines process data Standby machines do not handle any processing and instead just wait to take over processes in the case of a worker machine failure. Another important term is the Server role. There are two definitions: MASTER
Lesson: Performing a Distributed System Installation
The actual master index server is assigned on the same host as the name server with the actual role MASTER. The actual index server role of this host is MASTER. The master index server provides metadata for the other active index servers (that is, those with actual indexserver role SLAVE). SLAVE The actual index server role of the remaining hosts (except those configured as standby hosts) is SLAVE. These are active index servers and are assigned to one volume. If an active index server fails, the active master name server assigns its volume to one of the standby hosts.
Figure 83: Scale Out
Note: We recommend that all servers have the same size!
Figure 84: A Typical Configuration for a Distributed System
Host grouping does not affect the load distribution among worker hosts – the load is distributed among all workers in an SAP HANA system. If there are multiple standby hosts in a system, host grouping should be considered, because host grouping decides the allocation of standby resources if a worker machine fails. If no host group is specified, all hosts belong to one host group called "default". The more standby hosts in one host group, the more failover security. Note: The installer distinguishes between two types of groups: sapsys groups and host groups. The SAP system group (sapsys group) is the group that defines all hosts in a system. Therefore, all hosts in a multi-host system must have the same sapsys group ID, which is the default configuration with hdblcm. A host group is a group of hosts that share the same standby resources only. Therefore, if the multi-host system has one standby host, it is important to leave all hosts in the same host group ("default") so that all hosts have access to the standby host in case a worker host fails.
Distributed Systems/Scale Out And you should also know the following: • •
108
In the context of SAP HANA, it is the name for multiple connected nodes of an SAP HANA database that use the same server software installation. Every system has a unique SAP system ID. This is called the .
Lesson: Performing a Distributed System Installation
Figure 86: Multi-Host System
Both the hdblcm and hdblcmgui SAP HANA lifecycle management tools can be used to install an SAP HANA multi-host system in one of the installer modes, and with a combination of parameter specification methods. Creating a Multi-Host System During Installation The SAP HANA lifecycle management tools hdblcm and hdblcmgui have the ability to build a multi-host system during installation in interactive mode, in batch mode, and with the available parameter specification methods: interactively, using command line options, or with the configuration file. Prerequisite for that is that the shared file systems for the data files and log files are configured so that they are present and mounted on all hosts, including the primary host. The suggested locations for the file systems are as follows: • • •
Lesson: Performing a Distributed System Installation
Figure 89: Test and Simulation
For testing and debugging, it is possible to copy a scale-out landscape to a single node! You will find the necessary copy function in SAP HANA studio to scale out and scale up a distributed landscape. Hint: We recommend to have an separately sandbox system to test out all the administrator tasks like backup and recovery etc.
Storage options In single-host SAP HANA systems, it is possible to use plain attached storage devices, such as SCSI hard drives, SSDs, or SANs. However, in order to build a multi-host system with failover capabilities, the storage must ensure the following: ● The standby host has file access. ● The failed worker host no longer has access to write to files – called fencing. There are two fundamentally different storage configurations that meet the two conditions above: shared storage devices or separate storage devices with failover reassignment. A shared storage subsystem, such as NFS or IBM's GPFS, is the commonly used storage option because it is easy to ensure that the standby host has access to all active host files in the system.
In a shared storage solution, the externally attached storage subsystem devices are capable of providing dynamic mount points for hosts. Since shared storage subsystems vary in their handling of fencing, it is the responsibility of the hardware partner and their storage partners to develop a corruption-safe failover solution. A shared storage system could be configured as shown in the figure below, however mounts may differ among hardware partners and their configurations.
Lesson: Performing a Distributed System Installation
Lesson Summary You should now be able to: • Explain the preparatory steps required to install a distributed system • Describe the steps for installing a distributed system
Unit Summary You should now be able to: • Understand SAP HANA Lifecycle Management • Explain the various installation methods • Install SAP HANA as a single-host • Install and configure SAP HANA Studio • Install the SAP HANA SHINE content • Explain a multiple-host system installation • Explain the use of the command line options. • Explain the use of the configuration file. • Explain the use of the configuration file in batch mode • Install and configure SAP HANA Studio • Understand the different installation features • Setup an SAP HANA Studio Update site • Explain the purpose of the SAP HANA Interactive Education (SHINE) • List the features provides by SHINE • Install and configure SHINE • Explain the preparatory steps required to install a distributed system • Describe the steps for installing a distributed system
Unit 4 Post Installation Unit Overview Unit Objectives After completing this unit, you will be able to: • • • •
Configure connections for remote support Install/check HANA licenses Understand the update process as a whole Updating dependent components
Unit Contents Lesson: Post-Installation Steps ............................................... 118 Lesson: Updating SAP HANA.................................................126 Exercise 4: Updating SAP HANA by a new support package .......137
Lesson: Post-Installation Steps Lesson Overview In this lesson, you will learn what to do after the installation SAP HANA.
Lesson Objectives After completing this lesson, you will be able to: • •
Configure connections for remote support Install/check HANA licenses
Business Example As part of initial setup you have to establish SAP Solution Manager connectivity and configure a Remote Service Connection (via SAP Router). In addition to running the on-site configuration tool, SAP recommends establishing SAP Solution Manager connectivity and configuring a Remote Service Connection (via SAP Router) as part of initial setup. • • • •
As of Solution Manager 7.1 SP04, the SAP HANA databases can be integrated into SAP Solution Manager. Performance Warehouse Alerting Infrastructure DBA Cockpit (also available in SAP NetWeaver BW systems as of SAP NetWeaver BW 7.30 SP05)
Remote service connection can be established through the SAP Router. New connection type allows SAP support to access customer databases via local SAP HANA studio installation.
Figure 92: Solution Manager Connectivity: Technical System Overview
As part of initial setup, the Solution Manager connectivity and the Remote Service Connection (via SAP Router) should be established.
Figure 93: Remote Connection: To Solution Manager
For setting up Root Cause Analysis, System Monitoring, and EarlyWatch Alert for SAP HANA with Solution Manager Version 7.10, refer to SAP Note 1747682. The note has attachments. Detailed instructions on how to set up are described in the attached documents within the note.
Figure 95: Configure Remote Support via SAP Router to HANA DB Studio (2)
1.
2.
3.
In some support cases, it may be necessary to provide OS-level access to SAP support. For HANA linux systems, an SSH or telnet remote connection should be set up. Please refer to SAP Notes 1275351 and 1327257. For Windows-based systems (potentially used for BusinessObjects components), we therefore recommend setting up a Netviewer connection (see SAPNote 1036616). A Netviewer connection requires the customer to actively “Accept a connection request”. For unattended access, a Windows Terminal Server connection can be set up (see SAP Note 605795).
For further information, see wiki “HANA in Solution Manager” https://wiki.wdf.sap.corp/wiki/download/attachments/1164477544/HANA+in+Solution+Manager.pdf?version=1&modificationDate=1343234635882 The General licensing process As with all SAP products, you will need to obtain a license from SAP in order to run SAP HANA. For all task around the license management you need the system privilege LICENSE ADMIN. Generally, there are two kinds of license keys: Temporary license keys: These license keys are automatically installed by the SAP HANA system. This license is valid for 90 days. After 90 days, the license expires and the system is locked down. Once you have installed a valid permanent license, your system is usable until this license expires.
Permanent license keys: These license keys are issued by SAP upon request. Note that these licenses may also be limited with respect to time. At any time, you can install and reinstall a new permanent license. If the current permanent license expires, a temporary license will be automatically installed. This temporary license following a permanent license is only valid for 28 days. To request your license key, access SAP Service Marketplace at http://service.sap.com/licensekey. This is a simple and safe way to request your license key. You can also use SAP HANA studio.
Figure 96: The General Licensing Process
There are two types of permanent license key available for SAP HANA: unenforced and enforced. If an unenforced license key is installed, the operation of SAP HANA is not affected if its memory consumption exceeds the licensed amount of memory. However, if an enforced license is installed, the system is locked down when the current memory consumption of SAP HANA exceeds the licensed amount of memory plus some tolerance. If this happens, either SAP HANA needs to be restarted, or a new license key that covers the amount of memory in use needs to be installed. Note: The list below contains licensing-related SAP Notes for further reference.
Number 2147483647 is the virtual unlimited licensed memory that the temporary license provided after HANA installation. The licensed memory is the amount of memory that a customer wants to assign to a particular HANA instance. When a customer requests a license key from the SAP Service Marketplace, it asks the customer to provide such a number. The customer can decide how much they want to assign to the particular instance from the whole amount the customer bought. Then the specified number will be put into the generated license key file. Once the license key is installed into the designated HANA instance, the number will be set in the HANA instance and it shows in SAP HANA studio. Memory allocation in HANA Database implements a pool concept. That is, memory is pre-allocated from the operating system to gain performance on actual allocations done in HANA DB code. By default, the Memory manager will allocate up to ~90% of the available physical memory and it is shown as Peak memory usage in SAP HANA Studio. Note: If the license expires you get a alert some days before Hint: Only a system with a valid license, that is, not locked down, can be backed up. The license will also be backed up and then restored with Recovery. When the Recovery of the backup is performed on the same system, that is, there is no change in System ID and Hardware Key; the license key from the backup will be recovered and used for license check. If the backup is too old, the license key from the backup might have expired. In this case, the database will be locked after recovery and a new valid license key is needed to unlock the database.
Further information can be obtained Content of Technical Operations Manual This Technical Operations Manual provides an end-to-end picture of the administration tools available with SAP HANA and the key tasks that a system administrator needs to perform. Links to the relevant administration documentation of each of the components included in the SAP HANA solution are provided for details and step procedures. Content of SAP HANA Database Admin Guide This document describes the administration of the SAP HANA database using the Administration Console of the SAP HANA studio.
Lesson: Updating SAP HANA Lesson Overview This lesson describes how you can update the SAP HANA system using the HANA lifecycle manager (HDBLCM)
Lesson Objectives After completing this lesson, you will be able to: • •
Understand the update process as a whole Updating dependent components
Business Example Hint: The detailed information about updating SAP HANA and its different components is described in: SAP HANA Administration Guide: and SAP HANA Server Installation and Update Guide. Hint: Plan to have a business downtime during the update process.
Two ways for upgrading SAP HANA The SAP HANA lifecycle manager tools hdblcm (command line) and hdblcmgui were introduced with the SPS 07 release of SAP HANA. They are wrapper tools which make use of their underlying tools, including hdbinst for system installation, and hdbupd for update. Note: In the rest of the lesson hdblcm refers to the tools hdblcm and hdblcmgui. As of the SAP HANA SPS 08 release, hdblcm has additional configuration functionality that can be performed locally from system hosts. As of SAP HANA SPS09 the SAP HANA lifecycle manager tool (HLM) is fully replaced by the SAP HANA database lifecycle manager hdblcm. The SAP HANA lifecycle manager tools are available in two versions. First there is the hdblcm on the installation media and second there is the resident hdblcm. Both tools are needed and perform different tasks.
Figure 98: Task overview hdblcm and the resident hdblcm
The Update Process Before updating the SAP HANA components, make sure that no read or write processes are running on the SAP HANA database. Perform the update process in offline mode during a business downtime. After the update, you have to start SAP HANA and its components again. These is a general sequence of the steps you have to perform. Procedure 1. 2. 3. 4. 5. 6.
Stop all processes. Make a system backup if necessary. Perform an update. Update the depending components. Perform the post-update steps. Restart all processes.
When starting the SAP HANA Lifecycle Management tool from SAP HANA Studio you are presented with a nice user-friendly Fiori interface. How long will the upgrade take? Time for upgrade = (Time for shut down ) + (Time for restarting SAP HANA) + 20 minutes . An important fact is for instance how big the row-store is. Because all row stored table will be loaded immediately in the memory.
The resident SAP HANA lifecycle manager tool (HDBLCM) help to perform the following tasks: • • • • • • •
Add additional hosts to the SAP HANA system Configure inter-service communication Configure System Landscape Directory (SLD) Rename the SAP HANA System Uninstall SAP HANA components Unregister the SAP HANA System Install or update additional components
You can update SAP HANA using the SAP HANA lifecycle manager tool from the installation media.
SAP HANA lifecycle management function in detail In the rest of this lesson we will briefly explain all the options provided by the resident SAP HANA lifecycle manager tool. Add additional hosts to the SAP HANA system You can add hosts to an SAP HANA system using the SAP HANA database lifecycle manager (HDBLCM) resident program in the graphical user interface or the command-line interface.
Figure 101: Add additional hosts to the SAP HANA system
Configure Inter-Service Communication In addition to external network connections, SAP HANA uses separate, dedicated connections exclusively for internal communication. These internal communication channels can be defined using the SAP HANA database lifecycle manager. In a multiple-host system environment, inter-service communication takes place between the hosts of a multiple-host system on one site. Certified SAP HANA hosts contain a separate network interface card that is configured as part of a private network, using separate IP addresses and ports.
Figure 102: Configuring SAP HANA Inter-Service Communication
Configure SLD Registration You can configure an SAP HANA system to connect to the System Landscape Directory (SLD) using the SAP HANA database lifecycle manager (HDBLCM) resident program in the graphical user interface.
Figure 103: Register in System Landscape Directory
Renaming the SAP HANA system An SAP HANA system can be renamed by changing the system identifiers, like host names, SID, and instance number. Changing system identifiers can be performed with the SAP HANA database lifecycle manager (HDBLCM).
Uninstalling the SAP HANA components SAP HANA system components can be installed, updated, or uninstalled using the SAP HANA database lifecycle manager (HDBLCM). The following types of components can be managed: • • •
132
SAP HANA mandatory components (SAP HANA server and client) SAP HANA additional components (Application Function Libraries, SAP liveCache applications and SAP HANA smart data access) SAP HANA options (SAP HANA dynamic tiering and SAP HANA smart data streaming)
Uninstalling the SAP HANA System You can uninstall the previously installed SAP HANA system by running the SAP HANA database lifecycle manager (HDBLCM) from the SAP HANA resident HDBLCM directory.
Manage SAP HANA Application Content SAP HANA Application Lifecycle Management supports you in all phases of an SAP HANA application lifecycle, from modelling your product structure, through application development, transport, assemble, and install. You can import content using the SAP HANA Studio→ File→ Import...→ SAP HANA Content→ Delivery Unit. As of SAP HANA SPS09 it is also possible to user the SAP HANA Application Lifecycle Management tool. The screenshot below shows how to start the SAP HANA Application Lifecycle Management tool.
Troubleshooting the SAP HANA Lifecycle Manager If the SAP HANA lifecycle manager does not behave as expected, you can check the logs for the source of the problem, restart the lifecycle manager, or update to a more recent version. Checking the log files The SAP HANA lifecycle management tools hdblcm and hdblcmgui write log files during installation. The most recent log file is always available under /var/tmp/hdblcm.log or /var/tmp/hdblcmgui.log. Additionally, a copy of the log files is archived in the directory hdb__hdblcm__. Since the SAP HANA lifecycle management tools hdblcm and hdblcmgui are wrappers for underlying component installers, it is also possible to check the component logs. It is recommended to review and analyze the SAP HANA lifecycle management tools hdblcm and hdblcmgui logs first. Once the source of the problem is narrowed down to a specific component, then the component logs can be further analyzed.
Figure 109: Checking the log files
You can also view the last three log files in the SAP HANA studio using the administration function Diagnosis Files.
Exercise 4: Updating SAP HANA by a new support package Exercise Objectives After completing this exercise, you will be able to: • Update SAP HANA to a higher revision.
Business Example You have downloaded SAP HANA revision 91 from http://support.sap.com.and stored it in the directory /data/training/patch on your Linux server. Now you need to update your SAP HANA system SHS to this newer revision using the SAP HANA lifecycle management tools.
Task 1: login to the SAP HANA Server using Remote Desktop (RDP) The SAP HANA installation will be performed using the installation tool hdblcmgui. To be able to use the graphical installer you need to login to the SUSE Enterprise desktop on your SAP HANA host. 1.
2.
Use the Microsoft Remote Desktop (RDP) tool to connect to the SUSE Enterprise desktop. Use the hostnames as provided below. Group
hostname
01
wdflbmt7194.wdf.sap.corp
02
wdflbmt7195.wdf.sap.corp
On both hosts you can use the following username and password. Username : ha200root Password : ha200_KPS$
Task 2: Updating SAP HANA using hdbclmgui Start the SAP HANA update the using the graphical installation tool hdblcmgui from the installation media. 1.
Update your SAP HANA system (SHS) by using the revision 91 patch. The download location and the technical specifications are shown below:
Solution 4: Updating SAP HANA by a new support package Task 1: login to the SAP HANA Server using Remote Desktop (RDP) The SAP HANA installation will be performed using the installation tool hdblcmgui. To be able to use the graphical installer you need to login to the SUSE Enterprise desktop on your SAP HANA host. 1.
Use the Microsoft Remote Desktop (RDP) tool to connect to the SUSE Enterprise desktop. Use the hostnames as provided below.
a)
Group
hostname
01
wdflbmt7194.wdf.sap.corp
02
wdflbmt7195.wdf.sap.corp
In the HB-HA200SPS9INST-XXX Citrix session start Remote Desktop Connection using the Windows Start Menu → Remote Desktop Connection
Figure 110: Linux RDP Login
2.
On both hosts you can use the following username and password. Username : ha200root
When presented the SUSE Linux Enterprise Desktop login screen enter the username/password provided above.
Figure 111: Login on the SUSE Linux Enterprise Desktop
Task 2: Updating SAP HANA using hdbclmgui Start the SAP HANA update the using the graphical installation tool hdblcmgui from the installation media. 1.
Update your SAP HANA system (SHS) by using the revision 91 patch. The download location and the technical specifications are shown below:
a)
Parameter
Value
SAP HANA System ID
SHS
Instance number
20
download location patch
/data/training/patch
User: shsadm
The password you used during the installation.
User: system
The password you used during the installation.
To update the SAP HANA system called SHS follow the screenshot instructions below.
Unit Summary You should now be able to: • Configure connections for remote support • Install/check HANA licenses • Understand the update process as a whole • Updating dependent components
Unit 5 Architecture and Scenarios Unit Overview • • • • •
What needs to be taken into consideration when sizing an SAP HANA system Details about memory management and the persistence in SAP HANA How SAP HANA software is packaged and delivered Which SAP HANA scenarios exist and what a potential roadmap for an implementation could look like Details about possible deployment options and the combination of multiple scenarios on one SAP HANA system
Unit Objectives After completing this unit, you will be able to: • • • • • • • • • • • • • • •
2015
Identify the components for memory management and persistence in the SAP HANA database architecture Describe the SAP HANA memory usage and allocation behaviour Know details about memory management in row store and column store Understand how data is persisted in data and log volumes Identify optimization potential with regards to memory management and persistence Talk about solution packages Know what elements the SAP HANA Platform Edition consists of Name additional components that are included in SAP HANA Enterprise Edition Know which components are installed per default and which can be activated additionally as add-ons Understand how content is bundled and provided with SAP HANA Describe SAP HANA use cases and scenario categories Discuss the SAP HANA roadmap Look up customer stories and use cases Explain the different deployment options for SAP HANA Explain SAP HANA cloud offerings
Understand the availability and capabilities of virtualization for SAP HANA Describe the option for tailored data center integration Identify available co-deployment scenarios Know which limitations exist with regards to productive usage Describe the new option for multitenant database containers
Unit Contents Lesson: SAP HANA Memory Management and Data Persistence.......149 Lesson: Software Packaging ..................................................164 Procedure: Showing SAP HANA Software in Service Marketplace .171 Lesson: SAP HANA Roadmap and Scenarios..............................173 Lesson: Deployment Options .................................................188
Lesson: SAP HANA Memory Management and Data Persistence
Lesson: SAP HANA Memory Management and Data Persistence Lesson Overview Even though SAP HANA is often referred to as “in-memory database management system”, data is not solely kept in the RAM, but also durably persisted in data and log volumes. This lesson provides you with details on the memory management and persistence.
Lesson Objectives After completing this lesson, you will be able to: • • • • •
Identify the components for memory management and persistence in the SAP HANA database architecture Describe the SAP HANA memory usage and allocation behaviour Know details about memory management in row store and column store Understand how data is persisted in data and log volumes Identify optimization potential with regards to memory management and persistence
Business Example For monitoring purposes you want to understand the SAP HANA memory usage and allocation behaviour in detail and know about optimization potential.
SAP HANA Database Architecture Note: The SAP HANA database architecture is covered in detail in the course HA100. Hence you find only a short recap with a focus on memory management and persistence below.
Figure 119: Core Processes on an SAP HANA Single-Node Instance
The SAP HANA Database functionalities are implemented in different services that are shown and briefly described in the graphic above. Following the idea of a shared nothing architecture each of the processes persists data in the corresponding data and log volumes independently. Hint: Please note that some of the services are optional. For example, the xsengine service can be deactivated and removed if not required. For details, see also SAP Note 1867324. Starting with SAP HANA SPS7 there is also a new Statistics Service implementation design available which leads to performance and flexibility improvements and makes the statisticsserver component obsolete. For prerequisites and details on the implementation, see also SAP Note 1917938. Since it keeps the tables in main memory and executes requests, for this lesson the indexserver process is most relevant. It is described in detail below.
Lesson: SAP HANA Memory Management and Data Persistence
Figure 120: Architecture of the SAP HANA Indexserver
From an architectural point of view the SAP HANA Indexserver consists of several components that implement various features: •
External Interfaces: SQL, MDX and Web interfaces allow clients to connect and communicate with the SAP HANA database
•
Request Processing / Execution Control: Depending on the interface and the statement different components for processing can be invoked, e.g. SQL Script implementations are executed within the so-called Calculation Engine.
•
Relational Engines: The table data in SAP HANA is kept in two different relational stores: Row Store and Column Store. Each of these stores show substantial differences with regards to the main memory management. This is discussed in detail in this lesson.
•
Storage Engine and Disk Storage: To achieve consistency and persist changes durably a Storage Engine with Page Management and Logger is used. This ensures that the database can be restored to the most recent committed state after a restart and that transactions are either completely executed or completely undone. Disk Storage is divided in Data Volumes and Log Volumes. While changes need to be written to the log area before a successful commit of a transaction (synchronous writing), the data area contains the complete main memory content at a specific point in time and is written asynchronously.
Figure 121: In-Memory Data Is Regularly Saved to Disk
Disk storage is still required to ensure the ability to restart in case of power failure and for permanent persistency. The SAP HANA persistency layer stores data in persistent disk volumes that are organized in pages. It is divided in log and data area: •
•
Data changes such as insert, delete, and update are saved on disk immediately in the logs (synchronously). This is required to make a transaction durable. It is not necessary to persist the complete data, but the transaction log can be used to replay changes after a crash or database restart. In customizable intervals (standard: every five minutes) a new savepoint is created, i.e. all the pages that were changed are refreshed in the data area of the persistence.
Whether or not disk access can become to a performance bottleneck depends on the usage. Since changes are written to the Data Volumes asynchronously, the user/application does not need to wait for this. When data that already resides in the main memory is read, there is no need to access the persistent storage. However, when applying changes to data the transaction cannot be successfully committed before the changes are persisted to the log area. To optimize the performance, for the log area fast storage is used like SSD or Fusion-io drives (cf. certified hardware configurations in the Product Availability Matrix).
Lesson: SAP HANA Memory Management and Data Persistence
Figure 122: Storing Data in Data Volumes: Details
Like many modern database management system, SAP HANA can use the host operating system‘s file abstraction layer. Each data volume contains one file in which data is organized into pages, ranging in size from 4KB to 16MB (page size class). Data is written to and loaded from the data volume page-wise. Over time, pages are created, changed, overwritten, and deleted. The size of the data file is automatically increased as more space is required. However, it is not automatically decreased when less space is required. This means that at any given time, the actual payload of a data volume (that is the cumulative size of the pages currently in use) may be less than its total size. This is not necessarily significant – it simply means that the amount of data in the file is currently less than at some point in the past (for example, after a large data load). If a data volume has a considerable amount of free space, it might be appropriate to shrink the data volume. However, a data file that is excessively large for its typical payload can also indicate a more serious problem with the database. SAP support can help to analyze the situation.
With large SAP HANA appliances – in particular, single-host SAP ERP systems – the situation can occur that the Ext3 file system file size limitation of 2 TB is reached. In this case SAP HANA automatically creates additional files. This allows the use of Ext3 file systems even with applications that have a larger memory requirement per host.
Lesson: SAP HANA Memory Management and Data Persistence
While (redo) log entries are written synchronously, changed data in data volumes is periodically copied to disk in a so-called savepoint operation. During the savepoint operation, the SAP HANA database flushed all changed data from memory to the data volumes. The data belonging to a savepoint represents a consistent state of the data on disk and remains so until the next savepoint operation has been completed. Note: The frequency for savepoint creation can be configured (described in detail later in this course). Savepoints are also triggered automatically by a number of other operations such as data backup, and database shutdown and restart. You can trigger a savepoint manually by executing the following statement ALTER SYSTEM SAVEPOINT. The phases of the savepoint operation are shown in the graphic above. SAP HANA uses a so-called “Shadow Paging Concept”. This means that write operations write to new physical pages and the previous savepoint version is still kept in shadow pages. Consequently, if a system crashes during a savepoint operation, it can still be restored from the last savepoint.
Figure 125: Restart Process
In the event of a database restart (for example after a crash) the data from the last completed savepoint can be read from the data volumes and the redo log entries written to the log volumes since the last savepoint can be replayed. This allows restoring the database to the last committed state. Note: After a system restart, per default not all tables are loaded into the main memory immediately.
While the row store is always to loaded entirely, only those columns of column tables that are usually essential are loaded into memory. The other columns are loaded if requested. For example, if a query only uses some of the fields (columns) of a table, only these are loaded into the memory at time of query execution. All row-based tables (usually system tables) are available in the main memory. Their size significantly influences the time required to start the database. Other factors that influence startup time are mentioned in the graphic below. During the normal operation SAP HANA tracks a list of column tables which are currently loaded (once per day). This list is now the basis of loading the necessary tables into main memory during restart. Reloading column tables in this way restores the database to a fully operational state more quickly. However, it does create performance overhead and may not be necessary in non-productive systems. You can deactivate the reload feature in the indexserver.ini file by setting the reload_tables parameter in the sql section to false.
Lesson: SAP HANA Memory Management and Data Persistence
Figure 127: Start-Up Process
Note: It is possible to mark individual columns as well as entire column tables for preload. When the preload flag is set tables are automatically loaded into memory after an index server start. The current status of the preload flag is visible in the system table TABLES in the PRELOAD column. Possible values are 'FULL', 'PARTIALLY' and 'NO'. Also in system table TABLE_COLUMNS in column PRELOAD with possible values being 'TRUE' or 'FALSE'. Note: When fields of large column tables are not in the main memory, the first access to the table might be significantly slower, because all requested columns are loaded to main memory before the query can be executed. This applies even if a single record shall be selected. Caution: Simply flagging all tables for preload in order to accelerate initial queries, could slow down startup time tremendously. The preload flag is a tuning option and should be used carefully depending on the individual scenario and requirements.
Memory Usage The total amount of memory used by SAP HANA is referred to as used memory. It includes program code and stack, all data and system tables, and the memory required for temporary computations. In the Linux operating environment, memory is allocated for the program code (sometimes called the text), the program stack, and data. Most of the data memory, called the heap, is under program control.
As an in-memory database, it is critical for SAP HANA to manage and track its own consumption of memory carefully. For this purpose, the SAP HANA database preallocates and manages its own data memory pool. The memory pool is used for storing in-memory tables, for thread stacks, as well as for temporary computations, intermediate results, and other data structures. SAP HANA's utilization of memory thus includes its program code (exclusive and shared), the program stack, and the memory pool, which includes all data tables (row and column), system tables, and created tables. At any given time, parts of the pool are in use for temporary computations. The total amount of memory in use is referred to as used memory. This is the most precise indicator of the amount of memory that the SAP HANA database uses.
Figure 129: Virtual, Physical, and Resident Memory
When (part of) the virtually allocated memory actually needs to be used, it is loaded or mapped to the real, physical memory of the host and becomes “resident”. Physical memory is the DRAM memory installed on the host. On SAP HANA
Lesson: SAP HANA Memory Management and Data Persistence
hosts, it typically ranges from 128 Gigabytes (GB) to 4 Terabytes (TB). It is used to run the Linux operating system, SAP HANA, and all other programs. Resident memory is the physical memory actually in operational use by a process.
Figure 130: Memory Consumption
The SAP HANA database, across its different processes, reserves a pool of memory before actual use. This pool of allocated memory is preallocated from the operating system over time, up to a predefined global allocation limit, and is then efficiently used as needed by the SAP HANA database code. When memory is required for table growth or for temporary computations, the SAP HANA code obtains it from the existing memory pool. When the pool cannot satisfy the request, the HANA memory manager will request and reserve more memory from the operating system. At this point, the virtual memory size of the HANA processes grows. Once a temporary computation completes or a table is dropped, the freed memory is returned to the memory manager, which recycles it to its pool, without informing Linux. Thus, from SAP HANA's perspective, the amount of Used Memory shrinks, but the process virtual and resident sizes are not affected. This creates a situation where the Used Memory may even shrink to below the size of SAP HANA's resident memory, which is perfectly normal. Note: The database may also actively unload tables or individual columns from memory, for example, if a query or other processes in the database require more memory than is currently available. It does this based on a least recently used algorithm. Caution: Due to the preallocation of memory as described above, Linux memory indicators such as top and meminfo do not accurately reflect the actual SAP HANA used memory size. Main memory monitoring should always be based on SAP HANA monitoring features.
Memory Management in the Column Store The column store is optimized for read operations but also provides good performance for write operations. This is achieved through two data structures: main storage and delta storage.
Figure 131: Column Store Memory Management
The column store uses efficient compression algorithms that help to keep all relevant application data in memory. Fortunately you do not need manually choose the compression for each column. Instead SAP HANA does this during compression optimization, a process step that is automatically applied after an automatic delta merge, if the table content have been changed substantially since the last compression optimizations. The threshold for optimization compression to kick in are defined as parameter, as shown in the following table:
Lesson: SAP HANA Memory Management and Data Persistence
Parameter
Default
Description
Active
Yes
Compression optimization status
min_change_ratio
1.75
Minimum required change row count (ratio)
min_hours_since_last_merge_of_part 24
Minimum hours since the last merge of part
min_rows
Minimum required rows (which stored in the table)
10240
Write operations on this compressed data would be costly, as they would require reorganizing the storage structure. Therefore, write operations in column store do not directly modify compressed data. All changes go into a separate area called the delta storage. The delta storage exists only in main memory. Only delta log entries are written to the persistence layer when delta entries are inserted. Delta merge operation: • • • •
The delta merge operation is executed on table level. Its purpose is to move changes collected in write-optimized delta storage into the compressed and read-optimized main storage. Read operations always have to read from both main storage and delta storage and merge the results. The delta merge operation is decoupled from the execution of the transaction that performs the changes. It happens asynchronously at a later point in time. Note: For the delta merge operation a double buffer concept is used. This has the advantage that the table only needs to be locked for a short time. Details can be found in the Administration Guide. Caution: The minimum memory requirement for the delta merge operation includes the current size of main storage + future size of main storage + current size of delta storage + some additional memory. It is important to understand that even if a column store table is unloaded or partly loaded, the whole table is loaded into memory to perform the delta merge.
The request to merge the delta storage of a table into its main storage can be triggered in several ways: •
The standard method for initiating a merge in SAP HANA is the auto merge. A system process called mergedog periodically checks the column store tables that are loaded locally and determines for each individual table (or single partition of a split table) whether or not a merge is necessary based on configurable criteria (for example, size of delta storage, available memory, time since last merge, and others). •
Smart Merge: If an application powered by SAP HANA requires more direct control over the merge process, SAP HANA supports a function that enables the application to request the system to check whether or not a delta merge makes sense now. This function is called smart merge. For example, if an application starts loading relatively large data volumes, a delta merge during the load may have a negative impact both on the load performance and on other system users. Therefore, the application can disable the auto merge for those tables being loaded and send a “hint” to the database to do a merge once the load has completed. When the application issues a smart merge hint to the database to trigger a merge, the database evaluates the criteria that determine whether or not a merge is necessary. If the criteria are met, the merge is executed.
•
Hard and Forced Merges: Delta merge operations for a table can be manually triggered using an SQL statement. This is called a hard merge and results in the database executing the delta merge immediately once sufficient system resources are available. An immediate merge (regardless of the system resource availability) can be triggered by passing an optional parameter in the statement.
•
Critical Merge: The database can trigger a critical merge in order to keep the system stable. For example, in a situation where auto merge has been disabled and no smart merge hints are sent to the system, the size of the delta storage could grow too large for a successful delta merge to be possible. The system initiates a critical merge automatically when a certain threshold is passed. Critical merge is inactive by default. Hint: The delta merge operation is a potentially expensive operation and must be managed according to available resources and priority. There are various option for controlling and monitoring delta merge operations. For details see also the SAP HANA Administration Guide. Note: Detail detailed information on memory management do you find in appendix 1 “Deep Diving into Memory Management and Persistence”
Lesson: SAP HANA Memory Management and Data Persistence
Lesson Summary You should now be able to: • Identify the components for memory management and persistence in the SAP HANA database architecture • Describe the SAP HANA memory usage and allocation behaviour • Know details about memory management in row store and column store • Understand how data is persisted in data and log volumes • Identify optimization potential with regards to memory management and persistence
Lesson: Software Packaging Lesson Overview This lesson discusses Software Packaging in SAP HANA.
Lesson Objectives After completing this lesson, you will be able to: • • • • •
Talk about solution packages Know what elements the SAP HANA Platform Edition consists of Name additional components that are included in SAP HANA Enterprise Edition Know which components are installed per default and which can be activated additionally as add-ons Understand how content is bundled and provided with SAP HANA
Business Example The SAP HANA Platform Edition is the foundation of various other SAP HANA editions, like the SAP HANA Enterprise Edition. These editions bundle additional components that customers might require, for example, for data replication. For landscape planning and setup it is important to know about the content of the software editions and to understand which components are installed per default and which can be activated additionally.
The SAP HANA Platform Edition is composed of the following components: •
SAP HANA Database: The SAP HANA database software is installed on SUSE Linux operating system on certified hardware.
•
SAP HANA Client and SAP HANA Client for Excel: SAP HANA client software is required for connecting to the SAP HANA database. Versions exist for AIX, HP-UX, Linux, Microsoft Windows and Solaris. There is also a special client software available for connecting a Microsoft Excel installation with SAP HANA.
•
SAP HANA Studio: The SAP HANA studio is a collection of applications for the SAP HANA appliance software. It enables technical users to manage the SAP HANA database, to create and manage user authorizations, and to create new or modify existing models of data in the SAP HANA database. The SAP HANA studio is covered in detail in Unit 7 of this course.
•
SAP HANA Lifecycle Manager: The SAP HANA lifecycle manager is a tool for customizing an SAP HANA system. It can be used with an SAP HANA studio installation, in a command line and with a standalone browser.
•
Host Agent: SAP Host Agent is a tool that can be used for monitoring and control of SAP instances and non-SAP instances, operating systems, and databases.
•
SAP HANA AFL / LCApps: This refers to an optional application framework supporting function libraries (AFL, BFL, PAL). This topic is covered in detail in the slides below.
•
SAP HANA RDL Content Package: The River Design Language is - like SQL - a declarative data-definition-, query- and control language, based on SAP HANA Core Data Services (CDS) This topic is covered in detail in the slides below.
•
SAP HANA INA Toolkit for HTML: This refers to a built-in enablement of SAP HANA to retrieve and visualize data in an end-user friendly way. Based on the analytics, search, and text analysis capabilities of SAP HANA, INA provides APIs and UIs for an easy access to the information.
•
SAP HANA EPM Content Package: Enterprise Performance Management content is used to design, deliver and operate Planning & Consolidation-Applications.
SAP HANA Smart Data Access: Smart data access drivers are required for transparent access to remote database tables via HANA proxy tables. This topic is depicted in detail in the previous lesson (Memory Management and Persistence).
•
SAP HANA Studio SAPUI5 Plug-in: SAP UI5 is an extensible JavaScript-based HTML5 browser rendering library for Business Applications.
•
SAP HANA HW Config Check: This is a tool to verify SAP HANA software requirements on proposed hardware capabilities
•
SAP HANA Information Composer: SAP HANA Information Composer is a Web-based environment which allows business users to upload data to the SAP HANA database and to manipulate that data by creating Information Views.
SAP HANA Platform Edition is bundled together with other products into editions as license bundles for special purposes.
Figure 133: Solution Packages
The most important editions and their components are outlined in the slide above.
Abbreviations used for the components of the Enterprise Edition and Real-Time Data Edition: • • • • • • • •
SLT: SAP Landscape Transformation Replication Server for SAP HANA DS: SAP BusinessObjects Data Services DXC: SAP Direct Extractor Connection IQ: Sybase IQ RS: Sybase Replication Server SQLA: SQL Anywhere ESP: Sybase ESP PD: Sybase Power Designer Data Architect Note: For additional software contained in the various SAP HANA editions certain license limitations might exist. Please contact your SAP sales representative for details.
SAP HANA Software and Content Provisioning Components of the SAP HANA Platform edition are divided into mandatory server components, optional server components and front-end tools:
Figure 134: SAP HANA Software Provisioning
Equally, while some content is provisioned with SAP HANA per default, there is also the option to activate additional packages:
SAP HANA XS: XS (Extended Application Services) engine that allows building high-performance applications based on SAP HANA
•
SAP HANA IDE: Web-client accessible, Integrated-Development-Environment
•
SAP HANA TA Config: HANA Text-Analysis configurator 1.0
Detailed Information on Selected Components SAP HANA Application Function Library (AFL): SAP HANA Application Function Library is part of the SAP HANA Platform edition and can be used to implement complex logic:
Instead of pure text-based implementations, now the so-called Application Function Modeler can also be used as graphical editor to facilitate the creation of wrapper-procedures.
Open the SAP Software Download Center in the Service Marketplace: https://service.sap.com/swdc
2.
Navigate to the SAP HANA Platform Edition Software: SAP Software Download Center → Support Packages and Patches → A-Z Index → H → SAP HANA PLATFORM EDITION → SAP HANA PLATFORM EDIT. 1.0 → Comprised Software Component Versions
3.
Show the different components included in the Platform Edition (refer to the slides above).
Lesson Summary You should now be able to: • Talk about solution packages • Know what elements the SAP HANA Platform Edition consists of • Name additional components that are included in SAP HANA Enterprise Edition • Know which components are installed per default and which can be activated additionally as add-ons • Understand how content is bundled and provided with SAP HANA
Lesson: SAP HANA Roadmap and Scenarios Lesson Overview This lessons focuses on SAP HANA use cases and scenario categories. These are discussed in conjunction with the SAP HANA roadmap and customer examples.
Lesson Objectives After completing this lesson, you will be able to: • • •
Describe SAP HANA use cases and scenario categories Discuss the SAP HANA roadmap Look up customer stories and use cases
Business Example While SAP HANA can be used as database management system in classic system setups for existing applications, it can also be the basis for a new generation of in-memory applications and use cases. For customers it is important to understand the different use cases and scenario categories to be able to discuss potential roadmaps and migration paths for the system landscape.
Overview: SAP HANA Roadmap The figure below depicts a potential roadmap for the adoption of SAP HANA: side-car scenarios allow starting with a comparably small SAP HANA system implementing clear scenarios and solving existing issues. Using SAP HANA as primary persistence for existing applications facilitates more comprehensive optimizations and the maximum improvement can be achieved by implementing tailor-made applications for SAP HANA.
Figure 139: A Potential Roadmap for Using SAP HANA in Your System Landscape
Note: This is just an example for a potential roadmap with an increasing adoption of SAP HANA in the system landscape, but no standard recommendation. Depending on the customer requirements, other steps could be more reasonable, e.g. using SAP HANA as primary database already in the first wave.
SAP HANA Scenarios Depending on the system architecture we generally distinguish between so-called side-by-side scenarios and integrated scenarios. While in side-by-side scenarios SAP HANA is added as additional component to an existing landscape to facilitate analytical features or accelerate processed, in integrated scenarios SAP HANA is used as primary database. Furthermore, SAP HANA contains features that allow using it as platform for a new generation of applications. Examples for SAP HANA side-by-side scenarios are operational and agile data marts as well as SAP HANA-based accelerators:
Data Mart Scenarios Agile and operational data marts leverage the analytical capabilities of SAP HANA and the tight integration with various data acquisition technologies. Agile Data Marts
Figure 140: Side-by-Side Scenarios: Agile Data Marts
The focus of using SAP HANA as an agile data marts lies on the objective to create more flexibility compared to an Enterprise Data Warehouse as it is often realized using SAP NetWeaver Business Warehouse. Data is typically loaded by means of traditional ETL (e.g. SAP BusinessObjects Data Services) and has already been transformed. On top of this data models in SAP HANA can be implemented to connect data in different tables or implement additional logic. Agile data marts generally do not target at realizing a real-time reporting, but at increasing the modeling and reporting flexibility. Operational Data Marts
Figure 141: Side-by-Side Scenarios: Operational Data Marts
In contrast to agile data marts, operational data marts are oriented towards the requirements of operational reporting. Data can be acquired with low latency from SAP and non-SAP sources using SAP System Landscape Transformation Replication Server for SAP HANA (SLT) or similar technologies. Since data models implemented in SAP HANA do not require to materialize aggregated data,
the combination of using SAP HANA data models with a (near) real-time data acquisition technologies allows to implement reporting solutions that reflect data changes in the source systems immediately. SAP HANA Accelerators
Figure 142: SAP HANA-Based Accelerators
SAP HANA accelerators enable the acceleration of standard ABAP reports as well as selected business processes in SAP Business Suite Systems. One example for this is a solution for SAP HANA accelerated finance and controlling that comprises using SAP HANA for financial accounting, controlling, material ledger, production cost analysis and profitability analysis. It is also offered as RDS (for details see also SAP Service Marketplace: https://websmp109.sap-ag.de/rds-hana-fin). Various other SAP HANA-based accelerators are offered by SAP. Besides, there is the possibility to use SAP HANA as accelerator also for customer-individual implementations. Architecturally data is transferred with low latency to SAP HANA which is used as secondary database. Using the appropriate Database Shared Library (DBSL) the SAP Business Suite system accesses SAP HANA instead of the primary database for the reports or processes specified to benefit from the acceleration or additional functionality implemented in SAP HANA.
In integrated scenarios SAP HANA is used as primary persistence for applications. This can be achieved by migrating existing SAP Business Suite systems to SAP HANA or performing greenfield installations directly on SAP HANA. With SAP HANA becoming the primary persistence of the ABAP application server all objects and processes can make use of the in-memory technology. Caution: Even though architecturally it looks like as if the change solely affected the database layer, the application running on SAP HANA has to be explicitly optimized in advance to leverage the capabilities and push down calculation intense logic to the database. Hence minimum versions respectively EHP levels exist that contain SAP HANA support. Examples for SAP applications that have been optimized to use SAP HANA as primary persistence are: • • • • • •
SAP BW 7.30 SP05 EHP 7 for SAP ERP 6.0 EHP 3 for SAP CRM 7.0 EHP 3 for SAP SCM 7.0 EHP 3 for SAP SRM 7.0 SAP Portfolio and Project Management 6.0
Deployment Options for SAP HANA and SAP NetWeaver AS ABAP SAP HANA and SAP NetWeaver AS ABAP could be deployed one two different servers or on one server.
Figure 144: Deployment Options for SAP HANA and SAP NetWeaver AS ABAP
Deployment of SAP HANA and SAP NetWeaver AS ABAP on one hardware is available for all productive and non-productive SAP HANA SPS7 single node installations. All products based on SAP NetWeaver AS ABAP 7.4 are supported Requirements: • •
Additive sizing: Additional memory resources for the SAP NetWeaver AS ABAP system needs to be available on the SAP HANA server. Separate SID‘s for both systems required
SAP HANA cannot only be used as a sidecar to or primary database of existing applications, but also as entire application platform: • •
Any application could directly connect to SAP HANA using standard interfaces like JDBC and ODBC. Native SAP HANA applications can be implemented in SAP HANA even without requiring an additional application server on the basis of SAP HANA Extended Application Services (XS). This is described in detail below.
SAP HANA XS facilitates the development of new applications directly on SAP HANA and can also be used by SAP customers or partners to implement own applications:
Figure 146: SAP HANA Extended Application Services
For this, a combination of several technologies can be used for controlling the data processing and calculation logic, implementing the control flow and creating the front-end:
Figure 147: SAP HANA Extended Application Services (2)
Combination of Multiple SAP HANA Scenarios Note: When discussing potential SAP HANA scenarios and implementation roadmaps, please be aware that under certain prerequisites it is also possible to implement several scenarios on the same SAP HANA database. Hence – for example – one SAP HANA database could be used as primary persistence of a SAP BW system providing accelerator capabilities to an SAP ERP system at the same time. Examples are shown in the slide below. This topic is also discussed in detail in the lesson on deployment options.
Figure 148: Combination of Multiple SAP HANA Scenarios
Migration to SAP HANA Technically a migration to SAP HANA is only a change of the database that does not affect most of the other components in the landscape. A SAP Business Suite system running on SAP HANA can still connect to and be integrated with other systems and hubs the same way as a Business Suite system running on any other database. Furthermore, the same frontends and clients can be used to connect to the system. Even the application servers can be reused as they are, given they are running on separate servers and not on the database host.
Figure 149: Overview: Migration of SAP Systems to SAP HANA
Migrating your existing SAP system to the SAP HANA database means switching the SAP system to a new database that is running on a new host, since SAP HANA is an appliance. A migration to SAP HANA could be performed in two ways: • •
2015
Heterogenous system copy using Software Provisioning Manager (SWPM). Database migration option (DMO) of the Software Update Manager (SUM)
The classical migration is the sequence of SAP software update (using Software Update Manager, SUM) and heterogenous system copy (using Software Provisioning Manager, SWPM). DMO simplifies the migration and is often referred to as the one-step procedure to SAP HANA.
Figure 151: Initial Situation
DMO is not a new tool, it is just an option; a new option in an existing tool named Software Update Manager. SUM is the trusted tool for system maintenance, such as:
Release upgrades EHP implementations SP stacks for SAP NetWeaver-based systems In case of an inplace migration using DMO, upgrade and migration are performed in a combined procedure which reduces TCO and risks.
Figure 152: The Migration Process
Performing the migration in a combined procedure offers the following benefits: •
The combined procedure requires only one maintenance phase (not two). Reduces business downtime (TCO), less regression tests necessary
•
Original database is kept, can be reactivated as fallback Reduces risk, no restore required, more time for testing before cutover
•
Lower prerequisites for SAP and DB start releases Reduces effort (TCO), no additional licenses for traditional database updates
•
In-place migration keeps application server and System ID stable Low impact on system landscape: only the database server is new
•
For SAP NetWeaver BW, DMO can be applied when PCA (Post Copy Automation) is used.
SAP HANA Platform SAP HANA Platform Converges Database, Data Processing and Application Platform Capabilities & Provides Libraries for Predictive, Planning, Text, Spatial, and Business Analytics to enable business to operate in real-time.
Figure 153: SAP HANA – A Platform to Innovate Enterprise Applications
SAP HANA is an in-memory database management system, but also comprises many additional features for specific use cases. Examples are spatial processing, search and text mining and integrated libraries. Some of these features can be used when running traditional applications on SAP HANA, others are leveraged in entirely new in-memory applications.
Figure 154: SAP HANA is More than an In-Memory Database Management System
These features enable new scenarios and use cases. However, applications need to be explicitly adapted to tap the full potential of SAP HANA.
Customers use SAP HANA in different scenarios. Besides the optimization potential, the way in which SAP HANA is integrated into the system landscape has also an impact on aspects like system architecture, administration, operations and security. Therefore it is essential to include all stakeholders into the scenario discussion.
Customer Stories and Use Cases In a nutshell there are standard SAP solutions and scenarios for SAP HANA, but at the same time a lot of flexibility for customers to use SAP HANA according to their individual requirements and for implementing their own scenarios and applications. Therefore SAP has created a community in which use cases and customer stories are shared and discussed, which might help to inspire and contribute to scenario and roadmap discussions.
Figure 155: SAP HANA Community: Use Cases
SAP HANA use cases can be viewed and shared on http://www.saphana.com/community/implement/use-cases. They are ordered in different categories, e.g. Automotive, Banking and Retail, and can be filtered by tags.
Besides, more than 50 videos are available in which customers explain their SAP HANA scenarios and share which improvements they were able to achieve by adopting it: http://www.saphana.com/community/learn/customer-stories
Lesson Summary You should now be able to: • Describe SAP HANA use cases and scenario categories • Discuss the SAP HANA roadmap • Look up customer stories and use cases
Lesson: Deployment Options Lesson Overview Depending on the requirements for productive and non-productive usage, various deployment options for SAP HANA exist. These are explained in detail in this lesson.
Lesson Objectives After completing this lesson, you will be able to: • • • • • • •
Explain the different deployment options for SAP HANA Explain SAP HANA cloud offerings Understand the availability and capabilities of virtualization for SAP HANA Describe the option for tailored data center integration Identify available co-deployment scenarios Know which limitations exist with regards to productive usage Describe the new option for multitenant database containers
Business Example At the time of its market introduction; SAP HANA was solely offered following an appliance model as a certified combination of hardware and software that could be deployed as an on-premise solution. Meanwhile SAP is continuously working on increasing the flexibility and choice of deployment options for SAP HANA. For customers it is essential to understand which deployment options exist, what their capabilities and limitations are and which scenarios can be combined and run together on one SAP HANA server or database.
Overview When discussing SAP HANA deployment options we generally distinguish between an on-premise and cloud deployment. A combination of both is called “hybrid”. For each of the deployment options various solutions exist that are discussed in detail below.
Figure 157: SAP HANA Deployment Options Overview I
The different deployment options can be categorized according to on-premise/private vs. virtual private/public deployment and release of productive usage:
Figure 158: SAP HANA Deployment Options Overview II
On-premise and on-demand options and offerings are explained in detail below.
From an infrastructure point of view, SAP HANA can be deployed on premise as single server or scale out cluster (distributed system) and runs on x86 based hardware. SAP HANA hardware is not proprietary, but following an appliance model certified combinations of hardware and software are offered by several hardware vendors. The appliance model allows a deployment of SAP HANA in a standardized and highly optimized way. Due to the preconfigured hardware setup and the preinstallation of the software package a fast implementation that is fully supported by SAP and the hardware vendors is ensured. While this approach is easy and comfortable, it might bring limitations with regards to hardware flexibility and compliance with existing IT operation processes. Therefore SAP HANA tailored data center integration is offered as a new option to provide customers with more flexibility.
Figure 160: SAP HANA Tailored Data Center Integration Option - Overview
Tailored data center integration can help to reduce hardware and operations cost by reusing existing hardware components and processes. Note: Tailored data center integrations offers freedom and flexibility, which also leads to an increased responsibility of the customer for the system that ranges from the installation up to running the landscape.
Figure 161: SAP HANA Tailored Data center Integration
In the first wave, all storages that successfully passed the hardware certification can be used in combination with servers listed in the Product Availability Matrix. Please visit the Partner Information Center for details: http://www.sap.com/partners/overview.html There is also a new installation certification exam offered which is in line with the tailored data center integration program. This exam needs to be passed successfully to perform SAP HANA installations at customer side. Detailed information can be found in the SAP Training and Certification Shop: https://training.sap.com For the second wave SAP plans to start a pilot customer program for tailored data center integration in the are of enterprise network. Further information will follow soon.
SAP HANA in the Cloud Several options are offered by SAP and partners to run SAP HANA in the cloud:
The different options are briefly described below. For details, please see also the SAP HANA Community: http://www.saphana.com/community/abouthana/deployment-options •
SAP HANA One: Fully-featured SAP HANA hosted in the public cloud. Infrastructure and license are offered on an hourly subscription basis.
•
SAP HANA Infrastructure Subscription: High-performance cloud infrastructure to quickly deploy existing SAP HANA licenses. This is an infrastructure-only solution on a monthly subscription basis (license bought separately).
•
SAP HANA Cloud Platform: SAP HANA Platform-as-a-Service (PaaS) in a cloud environment. Infrastructure and license are offered on an monthly subscription basis.
•
SAP HANA Enterprise Cloud: Enterprise-class SAP HANA managed cloud offering. Infrastructure and Managed Services are offered on a monthly subscription basis (license bought separately).
Co-Deployment Options The “classical” deployment option is a single application on one SAP HANA system, which is also known as Single Component on One System (SCOS). To more readily describe the various other options for technical deployment, it is useful to first illustrate the simple, straightforward approach to deploying an application on an SAP HANA system. This will be useful for comparison purposes. In this configuration, a single application runs in a single schema, in a single SAP HANA database as part of an SAP HANA system. This is a simple, straightforward scenario that is supported for all scenarios without restriction.
Figure 163: Single Application on One SAP HANA System (SCOS)
For running multiple scenarios on one system or database, it is required to know about the availability and capabilities of co-deployment options. An overview is depicted below. We distinguish between: • • • •
194
Multiple Components on one System (MCOS) Multiple Components on one Database (MCOD) Virtualization Technical Co-Deployment
Figure 164: Multiple Components on One Database (MCOD)
In MCOD scenarios, multiple applications are running on one database. Data can be separated using different database schemas. For production systems whitelists exist in which supported scenarios are explicitly specified.
Multiple Components on One System (MCOS)
Figure 165: Multiple Components on One System (MCOS)
MCOS refers to the installation and operation of multiple SAP HANA databases on a single SAP HANA system. Note: This relates to the installation of additional SAP HANA systems, which has already been performed as an exercise with the SAP HANA Lifecycle Manager in a previous unit of this course. SAP does not support running multiple SAP HANA databases (SIDS) on a single production SAP HANA appliance. However, SAP does support running multiple SAP HANA databases on a single non-production (DEV, QA, test, production fail-over, etc) single-node SAP HANA system. SAP does support multiple SAP HANA databases on a distributed (multi-node) non-production SAP HANA system.
Virtualization One benefit of virtualization is the possibility to assign dedicated CPU and memory resources to specific databases and thereby increasing the flexibility of hardware usage.
For customers already standardizing on virtualization technology, SAP HANA offers the customer TCO reductions and additional options for planning and managing their systems landscapes. • • • •
Ease of HW replacement / Avoidance of re-certification of OS & SAP installations Separation of IT Ownership (HW and SW layer) OS independent monitoring Low-cost HA capabilities in Dev & Test environments
Private and Public Cloud offerings also lower entry barrier e.g. for startups by starting their business small and later scale along their needs in regards to user and data volume. •
Positive impact on capital expenditures
Technical Co-Deployment Technical co-deployment is an additional alternative that can be used to combine several applications. This is available for Supplier Relationship Management (SRM) and Supply Chain Management (SCM) being provided as ERP add-on and can be used productively.
Figure 167: Technical Co-Deployment
Multitenant Database Containers SAP HANA multitenant database containers establishes a foundation for providing multitenancy in SAP HANA. When discussing multitenancy the first question will be to define the term multitenancy. Multitenancy refers to a principle in software architecture where a single instance of the software runs on a server, serving multiple tenants. A tenant
is a group of users sharing the same view on a software they use. With a multitenant architecture, a software application is designed to provide every tenant a dedicated share of the instance including its data, configuration, user management, tenant individual functionality and non-functional properties. Multitenancy contrasts with multi-instance architectures where separate software instances operate on behalf of different tenants. From http://en.wikipedia.org/wiki/Multitenancy. In the standard SAP HANA Deployment Scenario you have one SAP HANA Database Management System (DBMS), one database, one application, one schema. The benefits of this scenario are; • • •
Simple, straightforward scenario Maximum resource allocation to single application/scenario with no resource contention with others Supported with no restrictions
The concept of SAP HANA multitenant database containers allows to manage several databases in one DBMS.
Concept and Terminology of SAP HANA multitenant database containers: • • • • • • • •
A single database container is also called a tenant database Run multiple tenant databases on one SAP HANA system Run/support multiple applications/scenarios on one SAP HANA system in production Strong Separation of data and users Backup and restore available by tenant DB Resource management by tenant (CPU, Memory) Move/copy tenant DBs/applications to different hosts/systems Integration with existing data center operations procedures Note: One database software version for a SAP HANA system (all tenant databases).
Lesson Summary You should now be able to: • Explain the different deployment options for SAP HANA • Explain SAP HANA cloud offerings • Understand the availability and capabilities of virtualization for SAP HANA • Describe the option for tailored data center integration • Identify available co-deployment scenarios • Know which limitations exist with regards to productive usage • Describe the new option for multitenant database containers
Related Information For additional information on SAP HANA deployment options, please see also the following SAP Notes: • • • • • •
200
SAP Note 1666670: Multiple SAP HANA databases on one appliance SAP Note 1661202: Support for multiple applications on SAP HANA SAP Note 1826100: Multiple applications SAP Business Suite powered by SAP HANA SAP Note 1681092: BW on SAP HANA - landscape deployment planning SAP Note 1788665: SAP HANA running on VMware vSphere VMs
Unit Summary You should now be able to: • Identify the components for memory management and persistence in the SAP HANA database architecture • Describe the SAP HANA memory usage and allocation behaviour • Know details about memory management in row store and column store • Understand how data is persisted in data and log volumes • Identify optimization potential with regards to memory management and persistence • Talk about solution packages • Know what elements the SAP HANA Platform Edition consists of • Name additional components that are included in SAP HANA Enterprise Edition • Know which components are installed per default and which can be activated additionally as add-ons • Understand how content is bundled and provided with SAP HANA • Describe SAP HANA use cases and scenario categories • Discuss the SAP HANA roadmap • Look up customer stories and use cases • Explain the different deployment options for SAP HANA • Explain SAP HANA cloud offerings • Understand the availability and capabilities of virtualization for SAP HANA • Describe the option for tailored data center integration • Identify available co-deployment scenarios • Know which limitations exist with regards to productive usage • Describe the new option for multitenant database containers
Unit 6 Admin Tools for SAP HANA Unit Overview • • • •
The functionality of the SAP HANA studio How to monitor with administration console tools How to monitor SAP HANA using DBACOCKPIT How to use the HDBSQL command line tool
Unit Objectives After completing this unit, you will be able to: • • • • • • • • • • • • •
Describe which administration tools exist for SAP HANA Know briefly what capabilities the various administration tools have and when to use them Understand the basic functions of the SAP HANA studio and SAP HANA Cockpit Explain the concept of perspectives Add an SAP HANA system to an SAP HANA Studio installation Obtain an initial system overview in the Administration Console of the SAP HANA studio Monitoring dashboard Understand the basic functions of the DBA Cockpit Explain how to monitor SAP HANA using DBACOCKPIT Know about the capabilities of HDBSQL Explain different ways of logging on to the SAP HANA database Describe the functionality and usage of the hdbuserstore Establish a connection to SAP HANA using HDBSQL and execute commands
Unit Contents Lesson: Administration Tool Overview .......................................205 Lesson: SAP HANA Studio and SAP HANA Cockpit ......................210
Exercise 5: Connecting to the SAP HANA Database and Opening the Administration Console ....................................................223 Lesson: DBA Cockpit...........................................................230 Exercise 6: Monitoring SAP HANA with DBACockpit..................243 Lesson: HDBSQL Command Line Tool ......................................250 Exercise 7: Working with HDBSQL ......................................255
Lesson: Administration Tool Overview Lesson Overview Before going into details, this lesson provides you with an initial overview of tools that can be used for administration of an SAP HANA database.
Lesson Objectives After completing this lesson, you will be able to: • •
Describe which administration tools exist for SAP HANA Know briefly what capabilities the various administration tools have and when to use them
Business Example For administrators of SAP HANA systems it is required to know which tools for administration and monitoring exist, how they are integrated with SAP HANA and what their capabilities are. The previously most common tool is the SAP HANA studio. But with SPS09 SAP HANA Cockpit is increasingly becoming this role. Because several tools are available for the administration of SAP HANA it is important to know what are the differences between these options is!
SAP HANA Administration Tools - Overview Lets have an overview about the most important tools (a thorough overview is available in the SAP Administration guide).
2015
Tool
Description
SAP HANA studio
The SAP HANA studio is main tool for general system administration and monitoring tasks. You will be hearing more about this in a special lesson within this course .
SAP HANA cockpit
Web-based tool for administration and monitoring of a single SAP HANA database The SAP HANA cockpit is an SAP Fiori Launchpad site that provides you with a single point-of-access to a range of Web-based applications for the administration of SAP HANA. We will go deeper in this functionality in the next lesson.
The DBA Cockpit is a platform-independent tool that you can use to monitor and administer your SAP HANA database. The DBA Cockpit offers a subset of the functionality of the SAP HANA studio. In addition, you can use the DBA Cockpit to schedule backups and configure logging. There is a special lesson for this topic within this course .
SAP Solution Manager
If you are using SAP HANA in conjunction with other SAP business applications, it is possible to integrate with SAP Solution Manager. SAP Solution Manager provides basic administration and monitoring features for SAP HANA systems within existing SAP system landscapes through the enablement of the DBA Cockpit, solution manager diagnostics, the System Landscape Directory (SLD), and the Maintenance Optimizer (MOPZ)
SAP HANA HDBSQL
SAP HANA HDBSQL is a command line tool for executing commands on SAP HANA databases. More in a separate lesson during this course .
SAP DB Control Web-based tool for administration and monitoring of your Center landscape of SAP HANA databases. Support thousands of SAP Databases (including ASE, IQ ) in Data Center or Cloud . The inclusion of MaxDB is in progress .
Figure 169: SAP HANA Administration Tools - Overview
Because the monitoring with SAP DB Control Center is part of the course HEC100 (HEC means HANA Enterprise Cloud) need not be gone into here.
Only for one impression see the following graphic!
Figure 170: SAP DB Control Center
SAP DB Control Center is not part of auto installed content.
Monitoring Multitenant Database Container This section is in anticipation of the special Unit about the Multitenant Database Container by the end of this course . The definition of a Multitenant Database Container is the following one: A multiple-database system is a system that is installed in multiple-database mode and as a result is capable of containing more than one database. Otherwise, it is a single-database system. A multi-DB system always has exactly one system database and any number of tenant databases (including zero). An SAP HANA system installed in multi-DB mode is identified by a single system ID (SID). Databases are identified by a SID and a database name. From the administration perspective, there is a distinction between tasks performed at system level and those performed at database level. Database clients, such as the SAP HANA studio, connect to specific databases. All the databases in the same multi-DB system share the same installation of database system software, the same computing resources, and the same system administration. However, each database is self-contained and fully isolated with its own: Set of database users,
Lesson Summary You should now be able to: • Describe which administration tools exist for SAP HANA • Know briefly what capabilities the various administration tools have and when to use them
Lesson: SAP HANA Studio and SAP HANA Cockpit Lesson Overview This lesson gives an introduction to the SAP HANA Studio and SAP HANA Cockpit and explains some basic features of both tools . Further details are discussed in conjunction with the respective topics in other lessons of this course.
Lesson Objectives After completing this lesson, you will be able to: • • • • •
Understand the basic functions of the SAP HANA studio and SAP HANA Cockpit Explain the concept of perspectives Add an SAP HANA system to an SAP HANA Studio installation Obtain an initial system overview in the Administration Console of the SAP HANA studio Monitoring dashboard
Business Example With SPS09 a new Administration tool is available. SAP HANA cockpit. SAP HANA Cockpit is Fiori launched pad based tool. It is definitely currently not a replacement of HANA Studio. But it as a long term goal to have it the only one administration tool. Currently version is not yet completely but more feature will come with the next versions The well-known SAP HANA studio runs on the Eclipse platform and is both the central development environment and the main administration tool for SAP HANA.
Administrators use the SAP HANA studio, for example, to start and stop services, to monitor the system, to configure system settings, and to manage users and authorizations. The SAP HANA studio accesses the servers of the SAP HANA database by SQL. Developers can use the SAP HANA studio to create content such as modeled views and stored procedures. These development artifacts are stored in the repository, which is part of the SAP HANA database.
After the installation, SAP HANA Studio does not contain any system. By right-clicking into the system window, SAP HANA systems can be added. Two options exist: • •
Add System... Add System Archive Link...
Figure 174: Option: Add System
The first option adds an individual SAP HANA system following a guided procedure in which information needs to be provided such as: • • • • • •
212
Host name Instance number Description (for identification in SAP HANA Studio only) Locale Database User Database Password
Figure 175: Second option: Add System Archive Link
The second option allows to insert a link to a centrally-stored archive of SAP HANA systems. To allow users who work in the SAP HANA studio to connect efficiently to multiple SAP HANA systems, you can manage a list of all systems in a centrally-accessible archive. Users can then simply link to this archive. A centrally-stored archive of SAP HANA systems is an efficient way to deploy system information to all users of the SAP HANA studio, for example, developers, content modelers, and other administrators. It avoids users having to obtain the connection details of all systems individually and then having to add them all individually. In addition, if you change the central file, for example to add new systems or change the host of an existing system, you can ensure that users always have up-to-date system access.
After having added the system, it appears in the system navigator screen on the left hand side of the SAP HANA Studio window. It contains the following elements: • •
Backup: Here you can configure the backup (Destination, File size) and here you could find the backup catalog too. Catalog: The catalog contains all schemas that include the respective column and row tables. While some schemas exist per default (for internal SAP HANA usage), others can be created by users respectively administrators.
•
Content: The content folder holds packages in which development and modeling artefacts are stored.
•
Provisioning: Provisioning relates to the functionality of “Smart Data Access”. It contains remote sources and proxy tables.
•
Security: Within the security folder, users and roles as well as other security settings can be maintained.
Figure 177: SAP HANA Studio - Available Perspectives
The SAP HANA studio is developed in Java and based on the Eclipse platform. The SAP HANA studio presents its various tools in the form of perspectives. Database administration and monitoring features are contained primarily within the SAP HANA Administration Console perspective. Additional perspectives include the SAP HANA Modeler perspective and the SAP HANA Development perspective. The figure below provides an overview of the administration and monitoring activities of SAP HANA using the administration console of the SAP HANA studio (the studio). The administration console of the studio allows system administrators to manage the database including creating and managing user authorizations. The studio also contains perspectives for other tasks, such as the information modeler that allows modeling users to create new or modify existing models of data, and the lifecycle management that allows you to update the HANA system.
Figure 178: Administration Console Perspective: Screen Areas
The administration console is predelivered by SAP. You can access the administration console in one of the following ways: • • •
Select the Administration icon in the top right corner. Double-click the system in the system monitor. Double-click the system in the Navigator view.
The SAP HANA Systems view provides you with a hierarchical view of all the SAP HANA systems managed in the SAP HANA studio and their contents (database catalog, users, roles). This view allows you to see the status of your systems at a glance. It is also the central access point for performing system-specific administration and monitoring activities.
From the context menu of the systems view, a range of administrative functions can be accessed. The administration console comprises the following tabs: • • • • • • • • •
2015
Overview Landscape Alerts Performance Volumes Configuration System Information Diagnosis Files Trace Configuration
Regularly check the database status on the Overview tab page of the Administration editor. To open the Administration editor, choose Administration in the context menu or perform a double-click on the database entry. Here, the most important database information is displayed. In the upper part of the screen, the overall database state and general database information (software versions, etc.) are displayed. The warning section shows the latest warnings generated by the statistics server. The bar views provide an overview of important database resources: the amount of memory, CPUs, and storage space available on the server as well as the used amount of these resources (used by all processes, not only by the SAP HANA database).
In a distributed landscape, the amount of available resources is aggregated over all servers. In addition, the resource information of the server with the highest resource consumption is displayed. Links in each section guide you to more detailed information about the specific topic – for example, a database version history, a detailed alert list, or detailed storage information.
Figure 182: The Administration Editor – Diagnosis Mode
The SAP HANA studio normally collects information about the system using SQL. However, when the system has not yet started or is down, no SQL connection is available. In this situation, the SAP HANA studio collects information about the database using the connection of the SAP start service (sapstartsrv). You can view this information in the Administration editor in diagnosis mode. In this way, you can analyze any problems that may occur during startup or while the system is stopped. You can also access diagnosis files. You can open the Administration editor in diagnosis mode only as the operating system user, adm Note: The other tabs, e.g. Landscape, Alerts, Performance etc., are not explained in this lesson, but in subsequent chapters of this course.
User defined SQL Statements for System Monitoring
Figure 183: Create your own monitoring
When you save the Administration editor, all statements, together with the defined folder structure, are saved to a single XML file and are available on the System Information tab of the Administration editor for all systems registered in the SAP HANA studio.
SAP HANA Cockpit With SPS09 the first version of SAP HANA cockpit is available . That means more tiles will coming with the next SPS. Actually it is not a replacement of SAP HANA Studio, but it is a long term goal !
From the technical side it based on SAP Fiori launchpad (This tool allows to collect the most frequently used function in a new user interface) . So you can arrange the tiles as you like or define new groups with a subset of tiles from the catalog. One special topic for example is that HANA Administration guide is available in a separately tile Hint: In any case, it is a good idea to check the functionality of each single tile, because some tile offer more informations than you can find in the HANA Studio ! It will be explain more and deeper in Unit 'Operation'.
Figure 184: SAP HANA Cockpit
The tiles of HANA cockpit were already available in HANA studio version SPS08, on the monitoring Dashboard. That was an interim solution on our way to provide a web-based monitoring tool. All SAPUI5 editors were moved from SAP HANA Studio to HANA cockpit to provide just one single point of access to these tools. Note: The required privileges are granted automatically to roles sap.hana.admin.roles::Administrator and sap.hana.admin.roles::Monitoring
Tiles not only function as entry points to individual applications but also display selected application specific data for immediate review. For example, the Latest Alerts tile shows you the number of high and medium priority alerts currently in the system. From these tiles, you can drill down into the relevant application for more detailed information and functions.
Exercise 5: Connecting to the SAP HANA Database and Opening the Administration Console Exercise Objectives After completing this exercise, you will be able to: • Connect to the SAP HANA Database using SAP HANA studio. • Open the System Monitor to get an overview of the status of all systems • Navigate to the Administration Console and check the status of the system in the Overview tab
Business Example You need to log in to the SAP HANA studio and create a connection to the SAP HANA database. This is required for using the SAP HANA Studio for further administration activities.
Task 1: Connect to the SAP HANA database using the SAP HANA studio. 1.
Log on to the SAP HANA cloud landscape using the remote desktop connection.
2.
Open the SAP HANA Studio
3.
Connect to the SAP HANA system with SYSTEM user.
Task 2: Obtain an overview of the system status in the System Monitor and Administration Console 1.
Open the System Monitor to get an initial overview of the system status
2.
Open the Administration Console of the SAP HANA system and display the overview
3.
Please add the role “sap.hana.admin.roles::monitoring ”to your user and deploy.. Please start the SAP HANA Cockpit directly from HANA Studio and create an own group. Choose as group name: HA200-#### = your group number Please add the following tiles in alphabetical order to your group: Continued on next page
Solution 5: Connecting to the SAP HANA Database and Opening the Administration Console Task 1: Connect to the SAP HANA database using the SAP HANA studio. 1.
Log on to the SAP HANA cloud landscape using the remote desktop connection. a)
Choose (from the CITRIX connection) Start Menu → Remote Desktop Connection.
b)
Choose System Monitor icon when prompted.
c)
Enter the cloud alias and credentials provided by the instructor.
d) 2.
(cloud) User
train-##
(cloud) Password
initial
Choose YES when prompted. Choose OK when prompted with IE language set to English.
Open the SAP HANA Studio a)
You find the SAP HANA Studio in the Windows start menu: Start → All Programs → SAP HANA → SAP HANA Studio
Connect to the SAP HANA system with SYSTEM user. a)
In the Welcome, Overview screen, click Administration Console.
b)
Right-click on the white space in the Systems screen.
c)
Select Add System...
d)
Enter the connection data as provided by your instructor (hostname, instance number etc.) Leave the Locale default to English and leave the remaining fields blank.
e)
Click Next.
f)
Select Authentication by Database User and enter your credentials chosen during installation. User Name
SYSTEM
Password g)
Click Finish.
h)
In case that the Secure Storage prompt displays, choose No. Return to the Systems tab,
i)
Verify that the system appears in the Systems window
Task 2: Obtain an overview of the system status in the System Monitor and Administration Console 1.
Open the System Monitor to get an initial overview of the system status a)
Click on the SAP HANA system in the Systems window
b)
Click on the System Menu icon (in the top left corner of the Systems window)
c)
A new tab “System Monitor” opens which displays the status of all SAP HANA systems Note: Although you have added multiple users, for each of the systems added only one entry in the System Monitor is displayed
Open the Administration Console of the SAP HANA system and display the overview a)
Right-click on the SAP HANA system in the Systems window
b)
Click on Administration(available as separate icon in navigation bar or in context menu under "Configuration and Monitoring") )
c)
Check the system status in the overview tab: • • • • • •
3.
General Information Current Alerts and Messages Database Used Memory Resident Memory CPU Usage Disk Usage
Please add the role “sap.hana.admin.roles::monitoring ”to your user and deploy.. Please start the SAP HANA Cockpit directly from HANA Studio and create an own group. Choose as group name: HA200-#### = your group number Please add the following tiles in alphabetical order to your group: - Latest Alerts - Used Memory - SAP HANA Admin Guide and - SHINE document a)
Lesson Summary You should now be able to: • Understand the basic functions of the SAP HANA studio and SAP HANA Cockpit • Explain the concept of perspectives • Add an SAP HANA system to an SAP HANA Studio installation • Obtain an initial system overview in the Administration Console of the SAP HANA studio • Monitoring dashboard
Lesson: DBA Cockpit Lesson Overview This lesson describes the functionality of the DBA Cockpit.
Lesson Objectives After completing this lesson, you will be able to: • •
Understand the basic functions of the DBA Cockpit Explain how to monitor SAP HANA using DBACOCKPIT
Business Example The DBA Cockpit is used in SAP Solution Manager to get a detailed insight into the status of the database. Basically, this is about the same data that you can see in the SAP HANA studio for your in-memory database. But the DBA Cockpit supports other databases as well. If you have heterogeneous databases in your environment because your business applications still run on traditional databases, the DBA Cockpit enables you to use the same tool for the different databases.
DBA Cockpit - Overview The DBA Cockpit is a platform-independent tool to monitor and administer databases from an AS-ABAP environment. It allows remote monitoring of SAP HANA databases using the Solution Manager. For SAP HANA databases, the DBA Cockpit offers much the same functionality as the SAP HANA studio. In addition, you can use the DBA Cockpit to schedule database backups.
To start the DBA Cockpit, use transaction code DBACOCKPIT. Alternatively, you can use the transaction codes for specific SAP monitoring tools to open the corresponding application within the DBA Cockpit. The initial screen of the DBA Cockpit is divided into the different areas as indicated in the following areas.
Provides basic functions, for example, to display or hide the System Landscape toolbar and the navigation frame.
System landscape toolbar •
Provides central functions to manage the system landscape, for example, to manage database connections and choose the system to monitor.
Navigation frame •
Provides quick access to a range of analysis information. For example, performance monitoring, space management, and job scheduling.
Framework message window •
The framework message window contains a complete history of the messages sent during the session.
The navigation frame on the left shows the available functionality, for example, Overview and Alerts under the Current Status folder, INI files under the Configuration folder, Performance, Jobs, Diagnostics, System Information, etc. Central system data •
Provides the following information: time of last refresh; database startup time; name of database.
Action area •
Displays the details of the currently selected action.
Action message window •
Displays additional information for the selected action.
Some functionality is only available in particular tools and not in others, for example, the DBA Planning Calendar is only available in the DBACOCKPIT and not yet in the SAP HANA studio.
Integrating SAP HANA as Remote Database With SAP Solution Manager Version 7.10 Support Package 4 or higher SAP HANA can be integrated into monitoring as remote database and included in the end-to-end database analysis.
Prerequisites for the Solution Manager integration are: • • • • •
Installation of the HANA client software Supported kernel version (at least 7.20 Patch 100) SAP HANA DBSL (minimum 7.20 Patch 110) SAP Host Agent (at least 7.20 Patch 84) SAP Solution Manager Diagnostics Agent
Please refer also to: • • • •
SAP Note 1664432 : DBA Cockpit: SAP HANA database as remote database SAP Note 1612172: Additional corrections for setting up the DBA Cockpit using the Solution Manager SAP Note 1672429: Corrections with regard to the technical system "HANA DATABASE" for the setup in the Solution Manager SAP Note 1721598: Corrections regarding the technical system 'HANA DATABASE'; the system also saves required attributes in the Landscape Management Database (LMDB)
Figure 189: Adding an SAP HANA System as Remote Database
If the prerequisites are met, an SAP HANA system can be added to DBA Cockpit by clicking on the button Add.
To connect to a remote SAP HANA database it is first required to add a respective secondary database connection. The following parameters must be specified: • • • • • •
234
Connection Name Database System (SAP HANA database) User Name (SAP HANA database user with at least monitoring privileges) Password (SAP HANA database user password) Database Host (hostname of SAP HANA database) SQL Port (315)
Subsequently, a new system entry for the SAP HANA database can be added. This entry refers to the database connection created in the step before.
Figure 192: Result of the Configuration
After clicking on save, DBA Cockpit stores the information and tries to connect to the newly added system. The SAP HANA system should appear in the System Landscape Toolbar (H00 in the screenshot). By clicking on it, the available functionality is displayed.
Monitor: Current Status The Current Status monitor provides an overview of the statuses of the most important database resources. The section overview provides information about: • • • • • • • •
The status of the available disk space and physical memory The status of the services The time at which the database was started Current alerts Memory and CPU consumption from the perspective of the SAP HANA database Disk consumption from the perspective of the SAP HANA database Memory and CPU consumption from the perspective of the operating system Disk space used on a particular host, from the perspective of the operating system
Figure 195: DBA Cockpit vs. SAP HANA studio – Overview
Note: Even if the database is unavailable, the Overview section is always available, and jobs can always be scheduled. The other sections in this monitor provide deeper insight into the status of the system services, currently active threads, and the usage of disks and volumes.
Monitor: Performance You can analyze performance data of your database system using the Performance Warehouse. As a prerequisite, an SAP Solution Manager system with Solution Manager Diagnostics (SMD) enabled is required. In the Performance Warehouse, all relevant performance indicators that are collected by the DBA Cockpit are stored in an SAP Business Intelligence (BI) system. This SAP BI system is used by the Solution Manager Diagnostics (SMD) back end of an SAP Solution Manager system. SMD already uses this SAP BI to store workload data of SAP applications. To configure the extraction of data into the SMD BI, you use the SMD Setup Wizard. Based on this architecture, the DBA Cockpit uses SAP BI technology to provide reports for performance analyses, which you can customize according to your needs. All collected data has a time dimension, so you can analyze the database performance for any point in time or over a specified time frame. Almost all reports are displayed as a chart to visualize the key performance indicators (KPIs). In addition, there is also a detailed table view. To navigate within these reports, you can use the SAP BI drilldown feature. Violations to performance thresholds are highlighted based on predefined SAP BI exceptions to make you immediately aware of performance issues. The Performance Warehouse is shipped with predefined content that you can use to create your own reports according to your needs.
The section Statistics Server provides an overview of the tables in schema _SYS_STATISTICS. These tables contain data that is useful for analyzing system performance. To display the content of a table, select the table and choose Display Table Content.
Figure 197: Monitor Performance → Statistics Server
Monitor: Diagnostics The Diagnostics node comprises the following sections: •
Audit Log The DBA audit log records all actions that make changes to the database. For example, starting, stopping, and reconfiguring services, changes to parameters in configuration files, deletion of trace files, and table imports.
•
Missing Tables and Indexes Missing Tables and Indexes shows the differences between the database in the SAP system and the ABAP dictionary. Note: The Missing Tables and Indexes function is only available for local systems or for ABAP systems, for which an additional RFC destination has been assigned. It is not available for remote systems.
•
EXPLAIN EXPLAIN shows the execution plan for SELECT, INSERT, UPDATE, or DELETE statements.
• • •
SQL Editor You can use the SQL Editor to execute SQL statements. Tables/Views You can display a table view, a view, or a monitoring view.
•
Diagnosis Files Used for SAP HANA databases that are offline (cannot be reached by SQL).
•
SQLDBC Trace Activating, deactivating, and analyzing the SQLDBC Trace
•
Database Trace Activating, deactivating, and analyzing the SQLDBC Trace
Monitor: System Information The information displayed in the sections of this monitor may be helpful for analyzing performance issues. •
Connections Provides detailed information about open connections
•
Transactions Displays open transactions
•
Connection Statistics Provides information about open connections, such as network IO statistics
•
Caches Provides information about caches created by the SAP HANA database. The Total Size column shows the size of the available caches.
•
Query Cache Provides information about the query cache, which is where SQL statements executed are cached.
•
Large Tables Provides information about the largest tables in the SAP HANA system. This information is helpful for analyzing performance and system dimensions. You can see the table sizes in main memory, the delta sizes, and the fastest growing tables.
•
SQL Workload Provides an overview of statements that were executed.
Exercise 6: Monitoring SAP HANA with DBACockpit Exercise Objectives After completing this exercise, you will be able to: • Configure DBACOCKPIT for SAP HANA Database Connection. • Monitor SAP HANA with DBACOCKPIT tools.
Business Example You already use DBACOCKPIT for monitoring of other database management systems than SAP HANA. Now you need to add SAP HANA to the list of databases that you can monitor with this tool.
Task 1: Configure the DBACOCKPIT connection for SAP HANA. 1.
First you have to start the ABAP-Server. Therefore connect to your Linux Server using Putty. Use the hostnames and ABAP-Systems as provided below: Group
hostname
01
wdflbmt7194.wdf.sap.corp
T4N
02
wdflbmt7195.wdf.sap.corp
T4D
Log on as ha200root and do a su - t4nadm or t4dadm depending on your group number. Run the command “startsap” Check that the dispatcher and the workprocesses are started using the command ps -ef | grep dw 2.
Create a new SYSTEM Connection to SAP HANA
3.
Test the new DBACOCKPIT connection to SAP HANA.
Task 2: Monitor SAP HANA using the DBACOCKPIT. 1.
Using DBACOCKPIT, check the SAP HANA Services.
2.
Using the DBACOCKPIT review the Delta Merge Statistics table. Continued on next page
Solution 6: Monitoring SAP HANA with DBACockpit Task 1: Configure the DBACOCKPIT connection for SAP HANA. 1.
First you have to start the ABAP-Server. Therefore connect to your Linux Server using Putty. Use the hostnames and ABAP-Systems as provided below: Group
hostname
01
wdflbmt7194.wdf.sap.corp
T4N
02
wdflbmt7195.wdf.sap.corp
T4D
Log on as ha200root and do a su - t4nadm or t4dadm depending on your group number. Run the command “startsap” Check that the dispatcher and the workprocesses are started using the command ps -ef | grep dw a)
Open SAP Logon: Start Menu → SAP Logon for Windows
b)
Double-click on the system entry of the ABAP-System assigned to your group (T4N or T4D and insert credentials: User
In DBACockpit: System Configuration Maintenance, press Add System entry. Enter SHS in the System field, and select Remote Database. Check Database Connection. Press the Create icon.
b)
Enter the following in DB Connection: Add Connection Entry: Connection Name
SHS
Database System
SAP HANA database
Connection Maximum
100
Connection Optimum
100
User Name
SYSTEM
Password
Database Host
wdflbmt7194.wdf.sap.corp or wdflbmt7195.wdf.sap.corp
SQL Port
32015 (means 3++index server)
c)
Press save and navigate back to the Add System Entry screen
d)
On the Administration Data tab, enter the description: HANA.
e)
Press SAVE. (At the top of the screen.) You will see this message at the bottom of the screen confirming your new connection: Database connection SHS has been saved. Note: The new connection information is written to table DBCON. In case of problems you can check the entries in table DBCON using transaction DBCO,
3.
Test the new DBACOCKPIT connection to SAP HANA. a)
Return to the initial screen in the DBA Cockpit. From the dropdown list at the end of the SYSTEM button (on the left), choose SHS
b)
Under the Current Status folder, double-click Overview .
c)
Under System State, check the Operational State of your SAP HANA Connection. A green light means all services are started.
In the Current Status → Overview screen click on All services are started
b)
Review the status of each of the SAP HANA services.
Using the DBACOCKPIT review the Delta Merge Statistics table. a)
From the initial screen of DBACockpit, choose Performance → Statistics Server.
b)
Select the table HOST_DELTA_MERGE_STATISTICS (Attention: Please select the table from the list of hints! Right mouse click on the first row in the table and choose Details.
3.
Using DBACOCKPIT, determine the configuration for the SAVEPOINT interval. a)
4.
From the initial screen of DBA Cockpit, choose Configuration → INI Files. INIFILE PARAMETER LIST→global.ini → persistence→ savepoint_interval_s.
Using DBACOCKPIT, review the definition of table sap.hana.democontent.epm.data::EPM.MD.Products in the SAP_HANA_DEMO schema a)
From the initial screen of DBACockpit, choose Diagnostics → Tables/Views.
b)
Enter: Schema
SAP_HANA_DEMO
Table/View
*
Press Display/Find. In the resulting list find and select the table: sap.hana.democontent.epm.data::EPM.MD.Products c)
Select the Columns tab. Review the Column names and definitions.
d)
Press the Send to SQL Editor button on the top of the screen.
e)
On the Input Query tab enter the following SQL statement: select "PRODUCTID", "CATEGORY", Continued on next page
"WEIGHTMEASURE", "WEIGHTUNIT", "CURRENCY", "PRICE", "PRODUCTPICURL" from "SAP_HANA_DEMO"."sap.hana.democontent.epm.data::EPM.MD.Products"
Press the Execute icon on the top (above the System button) to execute the query. Note: You can generate this SQL statement in the SAP HANA Studio and copy/paste it to this SQL editor in DBA Cockpit. In the SAP HANA Studio, navigate to the SAP_HANA_DEMO Schema. In the Tables folder find sap.hana.democontent.epm.data::EPM.MD.Products. From the context menu, choose Generate → Select Statement.
Lesson: HDBSQL Command Line Tool Lesson Overview This lesson describes the usage of HDBSQL and some of the most important commands.
Lesson Objectives After completing this lesson, you will be able to: • • • •
Know about the capabilities of HDBSQL Explain different ways of logging on to the SAP HANA database Describe the functionality and usage of the hdbuserstore Establish a connection to SAP HANA using HDBSQL and execute commands
Business Example SAP HANA HDBSQL is a command line tool for entering and executing SQL statements, executing database procedures and querying information about SAP HANA databases. This might be required for administrators to execute statements from a command line or schedule scripts that access the SAP HANA database.
Connecting to SAP HANA with HDBSQL You can use HDBSQL interactively or import commands from a file and execute them in the background. You can access databases on your local computer and on remote computers. The SAP HANA studio provides functions similar to HDBSQL, but has a graphical user interface. HDBSQL can be used on all operating systems supported by the database system. It is a component of the SAP HANA software. Features of HDB SQL • • • • • • •
250
Execute SQL statements Execute database procedures Request information about the database catalog Execute shell commands Execute commands (command syntax and options) Overview of all HDBSQL call options Overview of all HDBSQL commands
To use HDBSQL interactively and to execute some commands, you must log on to the database as a database user. Note: The user logging on must be a database user. If you do not specify a username and password of a database user, logon is attempted using Kerberos authentication. Two different options exist: • •
One-step logon with username and password (specifying credentials in the start command of hdbsql) Two-step logon with username and password (starting hdbsql first and subsequently connecting to the system)
Figure 198: Options to connect to an SAP HANA System
In this example, HDBSQL is used to connect to a HANA system with instance number 1 on the localhost. Database user MONA is specified with password RED.
Figure 199: Logon with HDBSQL - An Example
Hint: It is also possible to log on with user credentials for the user store with “-U ”. This would be the preferred option for scripts and is also used for the connection of SAP systems with HANA.
HDBSQL commands can be executed in interactive and non-interactive mode. To execute some commands, you must be logged on to the database. In addition to executing commands individually, you can execute multiple commands from a batch file. HDBSQL imports the commands from the specified file and processes them in the background. Note: If you execute from a batch file, AUTOCOMMIT mode is activated by default. If you deactivate it, the batch file must contain an explicit COMMIT statement to ensure that HDBSQL executes the SQL statements immediately after the batch file has been imported.
Figure 201: HDBSQL Commands, Source SAP – HANA Administration Guide
Note: A more detailed description of the features can be found in the SAP – HANA Administration Guide.
Secure User Store (hdbuserstore) In the secure user store of the SAP HANA client (hdbuserstore), you can securely store user logon information, including passwords, using the SAP NetWeaver secure store in the file system (SSFS) functionality. This allows client programs to connect to the database without having to enter a password explicitly.
Figure 202: Using hdbuserstore for connecting to SAP HANA - example
Note: The tool didn't check if the user really exists! You can also use the hdbuserstore to configure failover support for application servers in a 3-tier scenario (for example, SAP NetWeaver Business Warehouse) by storing a list of all the hosts that the application server can connect to. The secure user store is installed with the SAP HANA client package. After installation, it is located in the /usr/sap/hdbclient directory. The secure user store runs on all platforms supported by SAP HANA client interfaces and SAP BASIS 7.20 EXT. When hdbuserstore is executed (in the context of the correct operating system user), the user store can be opened using a user key. Only the operating system user owning the corresponding secure password store files can access the secure user store.
Exercise 7: Working with HDBSQL Exercise Objectives After completing this exercise, you will be able to: • Connect to the SAP HANA database using HDBSQL specifying username and password • Create an hdbuserstore entry • Connect to the SAP HANA database using HDBSQL specifying the created user store entry • Execute statements with HDBSQL
Business Example You need to execute statements against your SAP HANA database, but do not have a graphical user interface available to use the SAP HANA Studio. Therefore you decide to perform these activities using HDBSQL.
Task 1: Open Putty and connect to the SAP HANA database with user adm 1.
Open Putty
2.
Specify the configuration data and open the connection
3.
Insert credentials of adm user
Task 2: Log on to your SAP HANA database using HDBSQL specifying the credentials of user SYSTEM directly 1.
Navigate to the folder of the hdbclient which contains hdbsql
2.
Log on to the SAP HANA database specifying the credentials of user SYSTEM directly
3.
Test whether the connection works by executing a command
4.
Close hdbsql
Task 3: Insert an entry in hdbuserstore for user SYSTEM 1.
Create a user key for database user SYSTEM in the user store and store the password under this user key Continued on next page
Lesson Summary You should now be able to: • Know about the capabilities of HDBSQL • Explain different ways of logging on to the SAP HANA database • Describe the functionality and usage of the hdbuserstore • Establish a connection to SAP HANA using HDBSQL and execute commands
Unit Summary You should now be able to: • Describe which administration tools exist for SAP HANA • Know briefly what capabilities the various administration tools have and when to use them • Understand the basic functions of the SAP HANA studio and SAP HANA Cockpit • Explain the concept of perspectives • Add an SAP HANA system to an SAP HANA Studio installation • Obtain an initial system overview in the Administration Console of the SAP HANA studio • Monitoring dashboard • Understand the basic functions of the DBA Cockpit • Explain how to monitor SAP HANA using DBACOCKPIT • Know about the capabilities of HDBSQL • Explain different ways of logging on to the SAP HANA database • Describe the functionality and usage of the hdbuserstore • Establish a connection to SAP HANA using HDBSQL and execute commands
Unit 7 Operations Unit Overview This unit discusses the following topics: • • • • •
Starting and stopping SAP HANA Configuring SAP HANA SAP HANA Table Administration Periodic manual tasks Transporting changes
Unit Objectives After completing this unit, you will be able to: • • • • • • • • • • • • • • • • • •
2015
Start and stop SAP HANA using SAP HANA Studio Start and stop SAP HANA using command line Start and stop distributed SAP HANA systems Restart individual database services Configure the SAP HANA studio Configure the SAP HANA database Organize SAP HANA systems in folders Know where configuration files are stored Use the filter function in the Configuration tab of the SAP HANA Studio Apply changes to database parameters Decide when to use column-based and row-based storage Create tables using SQL commands Create tables using SAP HANA Studio Display table definition and content Describe the advantages of table partitioning Know which specifications for single-level partitioning exist in SAP HANA Use the Table Distribution Editor in SAP HANA Studio Partition tables
Check partitioning consistency Replicate tables to multiple hosts Load and unload column store tables manually Trigger delta merge operations manually Export and import tables and other catalog objects Know which administrative tasks need to be performed initially, regularly and on demand Check the SAP HANA system status Check the status of services Check the alerts and error logs Perform backups Check the performance Check the volume configuration Check the system information Check diagnosis files Work with traces Know, how SAP HANA Studio and SAP HANA Cockpit actively support you in this tasks Understand the Application Lifecycle Management of SAP HANA Know what Delivery Units and Packages are in the context of Software Lifecycle Management Name different transport scenarios and suitable transport management tools Describe the functionality of the SAP HANA Application Lifecycle Manager Understand how the Enhanced Change and Transport System (CTS+) is integrated with SAP HANA Know about the possibility to use SAP HANA Transport Containers Export and import SAP HANA content manually
Unit Contents Lesson: Starting and Stopping SAP HANA .................................263 Exercise 8: Starting and Stopping SAP HANA .........................271 Lesson: Configuring SAP HANA..............................................276 Exercise 9: Configuring SAP HANA Studio .............................291 Lesson: SAP HANA Table Administration ...................................297 Exercise 10: Table Administration........................................313 Lesson: Periodic Tasks.........................................................321 Exercise 11: Monitoring SAP HANA using Administration Console Tools..........................................................................349 Lesson: Transporting Changes ...............................................355 Exercise 12: Transporting Changes .....................................375
Lesson: Starting and Stopping SAP HANA Lesson Overview The goal of this lesson is to learn about the different ways to start and stop SAP HANA.
Lesson Objectives After completing this lesson, you will be able to: • • • •
Start and stop SAP HANA using SAP HANA Studio Start and stop SAP HANA using command line Start and stop distributed SAP HANA systems Restart individual database services
Business Example As the administrator of the SAP HANA database, you need to stop the system for maintenance purposes.
Starting and Stopping the SAP HANA Database To be able to start and stop an SAP HANA system, you must have the credentials of the operating system user (adm) that was created when the system was installed. Alternatively, SAP HANA can be started and stopped by root users. The SAP start service (sapstartsrv) is the standard SAP mechanism for starting and stopping systems. It starts all necessary database services, such as the name server, index server, and statistics server services. The SAP HANA database can be started or stopped by using SAP HANA studio or by using OS commands.
Figure 203: Tools for Starting and Stopping the SAP HANA Database
Stopping and Starting the SAP HANA Database with SAP HANA Studio Note: To start and stop SAP HANA using sapcontrol, you need to log on, at the operating system level, as a user with root authorization. When starting the SAP HANA database with the SAP HANA studio, you have to enter the user name and password of the operating system user adm. Optionally, a start timeout can be specified. The start timeout defines how long sapstartsrv waits for a service to start. If the end of the timeout period is reached, the remaining services are not started.
Figure 204: Starting SAP HANA Database – Using SAP HANA Studio
The Administration Editor opens in diagnosis mode and the database services start one by one. When all services have started, a green dot appears in the system icon in the Navigator view.
When the system is started, the following activities are executed: • •
The database receives the status of the last committed transaction. All the changes of committed transactions that were not written to the data area are redone. All write transactions that were open when the database was stopped are rolled back. Row tables are loaded into memory, except those tables that are configured to be loaded on demand and that are not marked for preload. A savepoint is performed with the restored consistent state of the database. Relevant column tables and their attributes are loaded into memory asynchronously, in the background.
• • • •
When stopping the SAP HANA database, you are able to define how you want to stop the system:
2015
Option
Description
Hard
A hard shutdown forces all database services on all hosts to stop immediately.
Soft
A soft shutdown triggers a savepoint operation before stopping all database services. During the savepoint operation, all modified data is written to disk. You can also specify a timeout after which a hard shutdown is triggered.
Stop wait timeout (sec)
This value specifies how long to wait for a service to stop. If the timeout expires, the remaining services are shut down anyway.
Figure 205: Stopping the SAP HANA Database – Using HANA Studio
The Administration editor opens in diagnosis mode and the database services stop one by one. When all services have stopped, a red dot appears in the system icon in the SAP HANA Systems view. On operating system level, the SAP HANA database can be started or stopped using the commands sapcontrol or HDB.
Figure 206: Starting and Stopping the SAP HANA Database – Using OS Commands
Starting and Stopping the SAP HANA Database – Using OS Command
The SAP HANA studio normally collects information about the system using SQL statements. However, when the system has not yet started, no SQL connection is available. Therefore, while the system is starting up or is stopped, the SAP HANA studio collects information about the database using the connection of the SAP Start service (sapstartsrv). You can view this information in the Administration editor in diagnosis mode. In this way, you can analyze any problems that may occur during startup or while the system is stopped. You can also read diagnosis files even when the system is stopped. The Administration editor opens automatically in diagnosis mode in the following situations: • •
When you open the Administration editor for a system without an SQL connection. When you initiate the start, stop, or restart of a system.
Starting and Stopping a Distributed SAP HANA System Note: HDB start or HDB stop only starts and stops the local host. You can use sapcontrol to start or stop all the hosts in a scaled-out SAP HANA system from the command line.
Figure 208: Starting and Stopping Distributed SAP HANA Systems Using sapcontrol
Note: You need to be logged on to the SAP system host as user adm or as user with root permissions.
Stopping and Starting Individual Database Services You can stop and start the individual database services (nameserver, indexserver, statisticsserver, xsengine and so on) running on hosts.
Figure 209: Stopping and Starting Individual Database Services
To stop and (re)start database services, you must have the system privilege SERVICE ADMIN. Examples of situations where you have to restart an individual database service are, for example: •
•
A host in a distributed system failed and a standby host took over. However, the services of the failed host remain inactive even after the host is reachable again. In this case, you need to restart the services manually. After an update of SAP HANA Extended Application Services (SAP HANA XS), the xsengine service needs to be restarted.
The following options for stopping and (re)starting database services are possible:
The service is stopped normally and then typically restarted.
Kill...
The service is stopped immediately and then typically restarted.
Reconfigure Service...
The service is reconfigured. This means that any changes made to parameters in the system's configuration files are applied.
Start Missing Services...
Any inactive services are started.
Note: The SAP HANA database provides several features in support of high availability, one of which is service auto-restart. In the event of a failure or an intentional intervention by an administrator that disables one of the SAP HANA services, the SAP HANA service auto-restart function automatically detects the failure and restarts the stopped service process.
Exercise 8: Starting and Stopping SAP HANA Exercise Objectives After completing this exercise, you will be able to: • Understand the procedures of starting and stopping the SAP HANA system
Business Example There are multiple ways to start and stop the SAP HANA database. You can use the SAP HANA Studio or operating system level commands.
Task 1: Use the SAP HANA Studio to stop and start the SAP HANA Database. 1.
Open the HANA Studio.
2.
Stop the SAP HANA Database and check the services to make sure if all services are stopped.
3.
Now, start the SAP HANA database and check the services to see if all services are started.
Task 2: Use the HDB commands to stop and start the HANA database. 1.
Use the HDB command to stop the HANA database and check the processes before and after stopping the HANA database.
2.
Use the HDB command to start the HANA database and check the processes after starting the HANA database
Task 3: Use the sapcontrol commands to stop and start the HANA database. 1.
Use sapcontrol as adm user to stop the HANA database. Note: Note: In our training environment, the adm user has root authority, which is required to start and stop HANA with sapcontrol.
2015
2.
Use the sapcontrol to check the processes during database shutdown.
3.
Use the sapcontrol to start the HANA database.
4.
Use sapcontrol to check the processes during startup of the database.
Task 2: Use the HDB commands to stop and start the HANA database. 1.
2.
Use the HDB command to stop the HANA database and check the processes before and after stopping the HANA database. a)
Open Putty by choosing Start → All Programs → PuttyConnect for HA200.
b)
Select your SAP HANA server.
c)
Once logged in to HANA server using adm, type the command HDB info to check the status of the processes.
d)
Then type the command HDB stop to stop the HANA database.
e)
After the database is stopped, check the status of the processes using the command HDB info.
Use the HDB command to start the HANA database and check the processes after starting the HANA database a)
If you are already in Putty, continue with step c. Otherwise, open Putty by choosing Start → All Programs → Putty → putty.exe.
b)
Enter the password of adm.
c)
Once logged in to the HANA server using adm, type the command HDB start.
d)
Then type the command HDB info to check the status of the processes.
Task 3: Use the sapcontrol commands to stop and start the HANA database. 1.
Use sapcontrol as adm user to stop the HANA database. Note: Note: In our training environment, the adm user has root authority, which is required to start and stop HANA with sapcontrol. a)
If you are already in Putty, continue with step c. Otherwise, open Putty by choosing Start → All Programs → PuttyConnect for HA200.
b)
Select your SAP HANA server.
c)
Type the command below: sapcontrol –nr ## –function Stop where ## is the instance number of your SAP HANA system.
Lesson Summary You should now be able to: • Start and stop SAP HANA using SAP HANA Studio • Start and stop SAP HANA using command line • Start and stop distributed SAP HANA systems • Restart individual database services
Lesson: Configuring SAP HANA Lesson Overview This lesson shows you how to configure the SAP HANA Studio and the SAP HANA Database.
Lesson Objectives After completing this lesson, you will be able to: • • • • • •
Configure the SAP HANA studio Configure the SAP HANA database Organize SAP HANA systems in folders Know where configuration files are stored Use the filter function in the Configuration tab of the SAP HANA Studio Apply changes to database parameters
Business Example You are an administrator and want to adjust the configuration of the SAP HANA Studio as well as change database parameters according to your requirements.
Configuring Properties for SAP HANA Systems The SAP HANA system entry in the SAP HANA Studio and several SAP HANA system details can be configured by right-clicking on the system in the “Systems” window and selecting Properties:
Figure 211: Configuring Properties for SAP HANA Systems: SAP System Logon
The adm user credentials are stored if the option Store User Name and Password in Secure Storage is flagged.
Organizing SAP HANA Systems in Folders Systems that have been added to an SAP HANA Studio installation can be organized in folders:
Figure 212: Organize System Landscape
Note: Adding folders only works in the SAP HANA Administration Console perspective. In the SAP HANA Modeler perspective this feature is not available. Caution: If possible, please avoid using space characters for the folder name as in some SAP HANA Studio versions this can lead to issues.
Define System usage type Every day, something can happen that could turn our lives upside down.
For example if you try out something in your Test - System and suddenly you realize that isn't the test system, that is the productive system. With SPS08 you shouldn't run is this problem.
Figure 213: System usage type
What is to do for setting the usage type? 1. 2. 3.
In the Administration editor, choose the Configuration tab Navigate to the global.ini file and expand the system_information section Configure the usage parameter.
Available warnings: - Information in Systems View (Navigator) Yellow header in: -the Admin editor -the SQL editor the Table/Index/… editor - Backup editor Security console - User editor Information on Overview screen in the Admin editor Warning in the wizard when - Deleting catalog objects
-Changing the configuration -Importing objects -Starting/stopping the system - Backing up/recovering a system
Maintaining SAP HANA Studio Preferences The preferences of the SAP HANA studio include many options for customizing the features of the SAP HANA Administration Console. To open the preferences of the SAP HANA studio, choose Window → Preferences. The preferences related to SAP HANA perspectives are all available under SAP HANA. Hint: Detailed information on the preferences can be found in the SAP HANA Administration Guide. One example is maintaining the preferences for the networks connections:
Figure 214: SAP HANA Studio Preferences – Network Connections
An error is indicated if sapstartsrv cannot be reached. If this is the case but all other services are running (their status having been determined through an SQL connection), the system itself is operational and accessible.
In many cases, sapstartsrv cannot be reached because the HTTP proxy is incorrectly configured in the SAP HANA studio. To resolve this, from the main menu, choose Window → Preferences → Network Connections and change the value for active provider from Native to Direct. Hint: For more information, see also SAP Note 1639568: SAP HANA Studio displays system status as yellow
Configuring the SAP HANA Database The properties of an SAP HANA database system are determined by the configuration parameters.
Configuration Parameters in SAP HANA Studio The properties of an SAP HANA database system are defined in the parameters of its configuration files. Configuration files are separated into sections; sections bundle parameters of the same category. Parameters can be displayed and changed on the Configuration tab of the Administration Editor of the SAP HANA studio. Do not change parameters directly in the configuration files on operating system level. To be able to change the parameters of configuration files, you must have the system privilege INIFILE ADMIN.
Figure 215: Configuring the SAP HANA Database – Overview
Note: The Filter function is quite helpful to find a parameter in the parameter structure! In the Filter field, simply type the name of a parameter (or few characters of a parameter).
Figure 216: Maintain Parameters – Using the Filter Function
If you get a new revision of SAP HANA you get automatically the newest parameter settings based on the newest experiences . But your own changes are unchanged from this update. We distinguish between parameters that are valid at system level and host-specific parameters. Parameters that are valid at system level are indicated by the disabled icon (–) in the Host column of the list view. Parameters that are currently active and deviate from the default settings, are marked with a green icon.
Configuration Files
Figure 217: Example: Configuration File Locations
The configuration files are located in the following directories: • •
/usr/sap//SYS/global/hdb/custom/config /usr/sap//HDB// Note: Configuration files (.ini files) are only created in the above directories if customer-specific changes are made to them after installation. If no customer-specific changes have been made, these directories may be empty.
During installation of SAP HANA database, the following customer-specific configuration files are created: •
sapprofile.ini: Contains system identification information, such as the system name (SID) or the instance number.
•
daemon.ini: Contains information about which database services to start.
•
nameserver.ini: The nameserver.ini file contains global information for each installation. The landscape section contains the system-specific landscape ID and assignments of hosts to roles MASTER, WORKER, and STANDBY.
Changing Parameter Values Parameters can be changed in the Change Configuration Value dialog box. Therefore choose Change... in the context menu of the configuration parameter. Caution: SAP only permits changes to configuration parameters of the HANA database if these changes are recommended in SAP documentation, SAP Notes, or by SAP employees (for example, consulting, development, support). To guarantee optimal performance and the highest stability, SAP appliance hardware partners can deliver HANA systems with settings that deviate from the standard. For more information see also SAP Note 1730999: Configuration changes in HANA appliance
Figure 218: Changing Parameter Values in SAP HANA Studio (1)
Figure 219: Changin Parameter Values in SAP HANA Studio (2)
In the Change Configuration Value dialog box, you can expand the Hosts area if host-specific values are possible. If it is not possible to enter a different value for each host, the disabled icon (–) is displayed in the Host column of the list view, and there is no Hosts area in the Change Configuration Value dialog box. After you have entered a new value for a parameter at system level, it is displayed in the System column with a green circle. After you have entered a new value for a parameter at host level, a gray rhombus appears in the Host column. To show information on a specific host, select the host from the Host filter.
The global_allocation_limit parameter is used to limit the amount of memory that can be used by the database. The value is the maximum allocation limit in MB. Note: A missing entry or a value of 0 results in the system using the default settings. The global allocation limit is calculated by default as follows: 90% of the first 64 GB of available physical memory on the host plus 97% of each further GB. Or, in the case of small physical memory, physical memory minus 1 GB. If you enter only a value for the system, it is used for all hosts. For example, if you have 5 hosts and set the limit to 5 GB, the database can use up to 5 GB on each host (25 GB in total). If you enter a value for a specific host, then for that host, the specific value is used and the system value is only used for all other hosts. This is relevant only for distributed systems. Hint: For details on the memory allocation of SAP HANA, see also lesson “Memory Management and Persistence” of this course. savepoint_interval_s: save_point_interval_s controls how often the internal buffers are flushed to the disk, and a restart record is written. Upon restart after a power failure or crash, the log since the last savepoint needs to be replayed. Thus, this parameter indirectly controls the restart time.
Figure 221: savepoint_interval_s
Note: Since changes to data are persisted to the log area synchronously, they are not lost in case of a power failure or crash.
enable_auto_log_backup: Automatic log backup can be enabled or disabled using the parameter enable_auto_log_backup. The default setting is: enable_auto_log_backup = yes
Figure 222: enable_auto_log_backup
During normal system operation (log mode normal), we recommend that you keep the automatic log backup activated. Caution: If automatic log backup is disabled and log mode normal is used (described below), the log area grows until the file system is full. If the file system is full, the database will freeze. log_mode:
Using log_mode = normal log segments are automatically backed up if parameter enable_auto_log_backup is enabled. Log mode normal is recommended to provide support for point-in-time recovery. After the system has backed up the full log segment, the system can reuse the space that the full log segment occupied in the log area to overwrite it with new log entries. If the log area does become full and no more log segments can be created on disk, a log full situation arises and the database freezes. When the log area is full, no more log entries can be written until a log backup has been completed. There is another mode: log_mode = overwrite Log segments are freed by savepoints and no log backup is performed. For example, this can be useful for test installations that do not need to be backed up or recovered. Automatic log backups can prevent log-full situations from arising. Note: log_mode = overwrite is not recommended for production systems. With log_mode = overwrite, no point-in-time recovery is possible. For recovery, only data backups are used; the logs are not used. Only the following recovery option can be selected: Recover the database to a specific data backup. Caution: When you change the log mode, you must restart the database system to activate the changes. We also recommend that you create a full data backup of the database. log_buffer_size_kb: The parameter log_buffer_size_kb sets the size of one in-memory log buffer in kilobytes.
Figure 224: log_buffer_size_kb
Setting a higher buffer size may increase the throughput at the cost of COMMIT latency. During COMMIT of a transaction, this data must be flushed to the I/O subsystem (provided all preceding buffers are already flushed). content_vendor:
A delivery unit is a collection of packages that are to be transported together. You assign all the packages belonging to your application to the same delivery unit to ensure that they are transported consistently together within your system landscape. Each delivery unit has a unique identity. The identity of a delivery unit consists of two parts: a vendor name and a delivery-unit name. The combined ID ensures that delivery units from different vendors are easy to distinguish and follows a pattern that SAP uses for all kinds of software components. To create and manage delivery units you first need to maintain the identity of the vendor, with whom the delivery units are associated, and in whose namespace the packages that make up the delivery unit are stored. This means: Before creating a delivery unit, the content_vendor parameter in indexserver.ini file must be defined:
Exercise 9: Configuring SAP HANA Studio Exercise Objectives After completing this exercise, you will be able to: • Maintain Properties in HANA studio • Maintain Preferences in HANA studio • Organize the system landscape • Maintain a parameter of a configuration file
Business Example After the SAP HANA studio has been installed, you may personalize the user interface by maintaining the Properties and Preferences. Also, if there are many systems, it is possible to create a personalized system landscape in the Navigator within the HANA Studio. The HANA configuration files (*.ini files) should be maintained in the SAP HANA studio, not at the operating system level.
Task:
2015
1.
Store the adm user ID and password information in the Secure Store of the HANA Studio so that, when stopping the HANA DB using the HANA studio, it will use this information.
2.
Change the Active Provider from Native to Direct for Network Connection.
3.
Execute a select statement on a large table (for example table sap.hana.democontent.epm.data::EPM.SO.item in schema SAP_HANA_DEMO). Determine how many rows are fetched by default. Increase this value to 2000.
4.
Organize the system landscape to identify the systems by datacenter. The SAP HANA system on the host wdflbmt7194 and host wdflbmt7195 will be displayed in separate folders.
5.
Check the database parameter content_vendor so the delivery unit can be created. To change a database parameter, you need the permissions of the SYSTEM user.
6.
Now that you have configured the content vendor, create a new delivery unit and a package.
Store the adm user ID and password information in the Secure Store of the HANA Studio so that, when stopping the HANA DB using the HANA studio, it will use this information. a)
Open the SAP HANA studio.
b)
Right-click on the system in the Systems window.
c)
Select Properties.
d)
SAP start Service Logon
e)
Enter the adm user ID and its password, which is provided by the instructor.
f)
Flag the option Store user name and password in secure storage
g)
Then click Apply and then OK.
Change the Active Provider from Native to Direct for Network Connection. a)
Open the SAP HANA studio.
b)
Choose Window → Preferences from the menu bar.
c)
Click General → Network Connections.
d)
Please check if the value for Active Provider is Direct. If this is not the case, change the value to Direct. Then click Apply and then OK.
Execute a select statement on a large table (for example table sap.hana.democontent.epm.data::EPM.SO.item in schema SAP_HANA_DEMO). Determine how many rows are fetched by default. Increase this value to 2000. a)
Open the SAP HANA studio.
b)
Open the SQL Editor: Select the context menu of the system, and choose SQL Console.
c)
Execute the following SQL statement: select * from "SAP_HANA_DEMO". "sap.hana.democontent.epm.data::EPM.PO.Item" The number of rows displayed in the result is restricted to 1000 by default. To change this value, you have to change the preference option Maximum Number of Rows Displayed in Result.
d)
Choose Window → Preferences from the menu bar.
e)
Click SAP HANA → Runtime → Result
f)
Change the value for Maximum Number of Rows Displayed in Result from 1000 to 2000; then click Apply and then OK.
g)
Verify that the new setting will be effective by executing the following SQL statement: select * from "SAP_HANA_DEMO". "sap.hana.democontent.epm.data::EPM.PO.Item"
Organize the system landscape to identify the systems by datacenter. The SAP HANA system on the host wdflbmt7194 and host wdflbmt7195 will be displayed in separate folders. a)
Navigate to the Systems tab in the SAP HANA Studio.
b)
Create two folders. From the Administration Console Perspective, choose File → New → Folder from the menu bar. Enter the name of the folder Primary Datacenter under root (/). Repeat the same step for Secondary Datacenter folder.
c)
Refresh the screen by choosing File → Refresh, from the menu. Organize the systems. Drag the HANA system SHS on the host wdflbmt7194 user to the Primary Datacenter folder. Drag the HANA system SHS on the host wdflbmt7195 user to the Secondary Datacenter folder.
5.
Check the database parameter content_vendor so the delivery unit can be created. To change a database parameter, you need the permissions of the SYSTEM user. a)
Navigate to the Modeler Perspective. In Quick Launch, try to create a delivery unit. The message is: “Cannot create Delivery Unit as content vendor is not defined for this system.” Navigate back to the Administration Console. Open the Administration Editor with the permissions of the SYSTEM user. Double-click the HANA system entry that is using the SYSTEM user for connection.
b)
Click the Configuration tab.
c)
To search for the parameter content_vendor, type a few characters (like Content) in the field Filter. Then it will search all the parameters according to what you are typing.
d)
Double-click the parameter content_vendor. The parameter is located in the file indexserver.ini in the repository section. Type the name of the content vendor sap.training and click Save.
Lesson Summary You should now be able to: • Configure the SAP HANA studio • Configure the SAP HANA database • Organize SAP HANA systems in folders • Know where configuration files are stored • Use the filter function in the Configuration tab of the SAP HANA Studio • Apply changes to database parameters
Lesson: SAP HANA Table Administration Lesson Overview For SAP HANA administrators table administration is an important task. In this lesson details on table definition and partitioning are covered. Besides, various administrative tasks in this area are explained.
Lesson Objectives After completing this lesson, you will be able to: • • • • • • • • • • • • •
Decide when to use column-based and row-based storage Create tables using SQL commands Create tables using SAP HANA Studio Display table definition and content Describe the advantages of table partitioning Know which specifications for single-level partitioning exist in SAP HANA Use the Table Distribution Editor in SAP HANA Studio Partition tables Check partitioning consistency Replicate tables to multiple hosts Load and unload column store tables manually Trigger delta merge operations manually Export and import tables and other catalog objects
Business Example You are an administrator and need to create tables, optimize partitioning and perform administrative tasks in this context.
Recap: Column-Based and Row-Based Storage Please keep in mind that the SAP HANA database supports both row-based and column-based storage. However, it is optimized for column storage. When creating a table you have to choose in advance whether it shall be stored rowor column-wise.
Figure 228: Column-Based and Row-Based Storage (1) - When to Use Column Store
Tables that are organized in columns are read optimized and have better compression rates than tables organized in rows. Furthermore, some features of the SAP HANA database, such as partitioning, are available only for column tables. Column-based storage is typically suitable for big tables with bulk updates. However, update and insert performance is better on row tables. Row-based storage is typically suitable for small tables with frequent single updates. Note: The SAP HANA database allows row tables to be joined with column tables. However, it is more efficient to join tables of the same storage type.
Figure 229: Column-Based and Row-Based Storage (2) - When to Use Row Store
Hint: It is possible to change an existing table from one storage type to the other (ALTER TABLE ALTER TYPE).
Creating Tables In order to load data into the SAP HANA database, you need to create tables. As outlined above, tables can be kept in row store or column store depending on the use case. Note: To create a table, you must be authorized to create objects in the selected schema.
Tables can be created using SQL or alternatively using the SAP HANA Studio interface:
Figure 230: Creating Tables (1) - Sample SQL Command for Creating a Column Table
A sample SQL command for creating a column table is depicted above. With that, column table CUSTOMER is created within database schema TRAINING. It contains five different columns of which CUSTOMER_ID is the primary key. Hint: For details and options please see also SAP HANA SQL Reference. Alternatively it is possible to create a table directly within SAP HANA Studio:
Figure 231: Creating Tables (2) - Using SAP HANA Studio
Procedure for creating tables using SAP HANA Studio: • • • • • •
In the Systems view, open the catalog schema in which you want to create the new table. In the context menu of the schema in which you want to create the table, choose New Table Enter table name and table type (column store or row store) Define the columns of your table (name and properties) If required, you can add indexes Choose Create Table Note: An index does not have to be defined with the table, but can also be created any time.
Displaying Table Definition and Content In SAP HANA Studio multiple options for displaying table definition and content exist:
Figure 232: Displaying Table Definition and Content
Displaying catalog object definitions and changing existing catalog objects requires specific privileges. If these have not been granted to the user, error ‘Insufficient privilege’ will be returned. To open the table editor choose ‘Open Definition’ in the context menu of a specific table.
In the table definition, besides columns and indexes in the column Runtime Information details about the memory and disk consumption as well as the compression of individual columns are displayed. Note: By default, double-clicking the table in the Systems view opens its definition. You can configure this setting in the preferences of the SAP HANA studio.
Displaying the table content can be useful, for example, if you want to view the content of a system view to help you understand what is happening in the database. Note: By default, only the first 1,000 rows are displayed. You can change this setting in the preferences of the SAP HANA studio under SAP HANA → Runtime → Catalog
Figure 235: Data Preview
Table Partioning and Distribution The partitioning feature of the SAP HANA database makes it possible to split column-store tables horizontally into disjunctive sub-tables or partitions. In this way, very large tables can be broken down into smaller, more manageable parts. Hint: Partitioning is typically used in distributed systems, but it may also be beneficial for single-host systems.
Figure 236: Additional DDL Statements for Table Partitioning in the SAP HANA Database
When a table is partitioned, the split is done in such a way that each partition contains a different set of rows of the table. There are several alternatives available for specifying how the rows are assigned to the partitions of a table, for example, hash partitioning, partitioning by range or value.
Load balancing in a distributed system: Individual partitions can be distributed across multiple hosts. This means that a query on a table is not processed by a single server but by all the servers that host partitions.
•
Overcoming the size limitation of column-store tables: A non-partitioned table cannot store more than 2 billion rows. It is possible to overcome this limit by distributing the rows across several partitions. Each partition must not contain more than 2 billion rows.
•
Parallelization: Partitioning allows operations to be parallelized by using several execution threads for each table.
•
Partition pruning: Queries are analyzed to determine whether or not they match the given partitioning specification of a table. If a match is found, it is possible to determine the actual partitions that hold the data being queried. Using this method, the overall load on the system can be reduced, thus improving the response time.
•
Improved performance of the delta merge operation: The performance of the delta merge operation depends on the size of the main index. If data is only being modified on some partitions, fewer partitions will need to be delta merged and therefore performance will be better.
•
Explicit partition handling: Applications may actively control partitions, for example, by adding partitions to store the data for an upcoming month.
When a table is partitioned, its rows are distributed to partitions according to different criteria known as partitioning specifications. The SAP HANA database supports the following single-level partitioning specifications:
Hash Partitioning: Hash partitioning is used to distribute rows to partitions equally for load balancing and to overcome the 2 billion row limitation. The number of the assigned partition is computed by applying a hash function to the value of a specified column. Hash partitioning does not require an in-depth knowledge of the actual content of the table.
•
Range Partitioning: Range partitioning can be used to create dedicated partitions for certain values or certain value ranges in a table. Usually, this requires an in-depth knowledge of the values that are used or are valid for the chosen partitioning column. For example, a range partitioning scheme can be chosen to create one partition for each calendar month.
•
Round Robin Partitioning: Round-robin partitioning is used to achieve an equal distribution of rows to partitions. However, unlike hash partitioning, you do not have to specify partitioning columns. With round-robin partitioning, new rows are assigned to partitions on a rotation basis. The table must not have primary keys. Hint: For additional details see also SAP HANA Administration Guide. Note: Besides single-level partitioning, in SAP HANA various options for multi-level partitioning exist. Details are described in the SAP HANA Administration Guide.
With SAP HANA SPS7 a new feature called “Time Selection Partitioning (Aging)” is included:
Figure 239: New with SAP HANA SPS7: Time Selection Partitioning (Aging)
Figure 240: Example for Creating a Hash-Partitioned Table Using SQL
In the example depicted above, three partitions are created on columns a and b of the table MY_TABLE. Alternatively, the Table Distribution Editor in SAP HANA Studio can be used:
The Table Distribution editor provides an overview about the distribution of tables in a distributed system. It can be opened using the context menu on folder Console or any schema or tables folder in the Navigator. For performance reasons not all tables of the selected schema are displayed, but only 1000 tables of that schema (number configurable in Preferences → Administration Console → Common → Table Distribution Editor). A message is displayed, if more tables exist in the selected schema. It is displayed, if a table is distributed to several partitions and on which host each of these partitions is stored. Existing partitions can be moved to different hosts. Tables which are not partitioned yet can be moved to other hosts as well. However, it is not possible to split a table or change the partitioning using this view.
SAP HANA Table Administration - Administrative Tasks To ensure consistency for partitioned tables, you can execute checks and repair statements if required:
As the SAP HANA database automatically manages the loading and unloading of tables, you should normally not have to interfere with this process. However, you can manually load and unload individual tables and table columns if necessary. For example: • •
To precisely measure the total or “worst case” amount of memory used by a particular table (load) To actively free up memory (unload) Hint: You can see detailed information about a table's current memory usage and load status by viewing its table definition (as described above).
As discussed in lesson “Memory Management and Persistence” per default SAP HANA controls the delta merge process automatically. However, it may be necessary or useful to trigger a merge operation manually in some situations, for example: • •
An alert has been issued because a table is exceeding the threshold for the maximum size of delta storage. You need to free up memory.
Delta merges can be triggered manually using SAP HANA Studio or SQL:
Note: Additional options exist. Please refer to SAP HANA Administration Guide for details. Hint: Even though the delta merge operation moves data from the delta storage to the main storage, the size of the delta storage will not be zero. This could be because while the delta merge operation was taking place, records written by open transactions were moved to the new delta storage. Furthermore, even if the data containers of the delta storage are empty, they still need some space in memory. Load, unload and merge are available in the context menu of a specific column store table. Multiple tables can be selected at once. The chosen operation is then executed for all selected tables. Tables - as other catalog objects - can be easily exported and imported back into another database:
Figure 247: Administrative Tasks: Importing and Exporting Tables
Note: The size of a CSV format file can be very large compared to the binary file size. As a default, the exported data will be stored on the database server. However, it is also possible to export the data to the local client machine. Importing data will create the tables in the same schema as in the source system. If the table already exists, you have to mark the flag that it can be overwritten – otherwise the import will abort with an error message.
Exercise 10: Table Administration Exercise Objectives After completing this exercise, you will be able to: • Create a table in SAP HANA • Insert content into the newly created table • Check loading status of tables • Unload tables from the memory of the HANA server • Load tables to the memory of the HANA server • Check the size of the memory consumption of main storage and delta storage • Manually trigger a delta merge using SAP HANA Studio • Work with the Table Distribution Editor in SAP HANA Studio • Check partitioning status of tables • Partition tables • Check the integrity of partitions • Merge partitions of tables
Business Example You need to create tables in the SAP HANA system that you are administrating. Furthermore, you want to optimize partitioning and check the integrity.
Task 1: Create a table and insert data 1.
Create a new table EPM.PO.Item_Part in schema SAP_HANA_DEMO with the same structure as table sap.hana.democontent.epm.data::EPM.PO.Item
2.
Insert all data from table sap.hana.democontent.epm.data::EPM.PO.Item into EPM.PO.Item_Part
Task 2: Check the loading status of the table and trigger unload and load manually 1.
Unload table EPM.PO.Item_Part from the memory of the HANA server
2.
Confirm that the table has been unloaded successfully by checking the loading status in the Runtime Information
3.
Load the table completely into the memory and check the loading status again
Task 3: Check the size of the memory consumption of main storage and delta storage and trigger a delta merge operation manually 1.
Check the size of the memory consumption of main storage and delta storage of table EPM.PO.Item_Part
2.
Trigger a delta merge operation of table EPM.PO.Item_Part manually
3.
Check the size of the memory consumption of main storage and delta storage of table EPM.PO.Item_Part after the delta merge operation has been performed
Task 4: Create and merge table partitions and verify the integrity with an extended data check
314
1.
Open the Table Distribution Editor and display table partitions of table EPM.PO.Item_Part
2.
Partition table EPM.PO.Item_Part by range for the column PURCHASEORDERITEM
3.
Check the integrity of partitions in table EPM.PO.Item_Part (execute extended data check)
Solution 10: Table Administration Task 1: Create a table and insert data 1.
2.
Create a new table EPM.PO.Item_Part in schema SAP_HANA_DEMO with the same structure as table sap.hana.democontent.epm.data::EPM.PO.Item a)
Open SAP HANA Studio
b)
In the Systems window right-click on the SAP HANA system where you are logged on as user SYSTEM
c)
From the context menu choose SQL Console
d)
Insert a command to create the table: CREATE TABLE "SAP_HANA_DEMO"."EPM.PO.Item_Part" like "SAP_HANA_DEMO"."sap.hana.democontent.epm.data::EPM.PO.Item";
e)
Click on Execute
f)
In the Systems window right-click on Tables and click on Refresh
g)
Confirm that the table has been created
h)
Open the definition of the table by right-clicking on it and selecting Open Definition
i)
Confirm that the table has the same structure as table sap.hana.democontent.epm.data::EPM.PO.Item
Insert all data from table sap.hana.democontent.epm.data::EPM.PO.Item into EPM.PO.Item_Part a)
In the SQL Console enter the following statement: INSERT INTO "SAP_HANA_DEMO"."EPM.PO.Item_Part" SELECT * FROM "SAP_HANA_DEMO"."sap.hana.democontent.epm.data::EPM.PO.Item";
b)
Click on Execute
c)
In the Systems window right-click on table EPM.PO.Item_Part and select Open Content
d)
Confirm that the entries from table sap.hana.democontent.epm.data::EPM.PO.Item have been inserted into EPM.PO.Item_Part
Task 2: Check the loading status of the table and trigger unload and load manually 1.
2.
3.
Unload table EPM.PO.Item_Part from the memory of the HANA server a)
In the Systems window right-click on table EPM.PO.Item_Part
b)
From the context menu select Unload from Memory...
c)
Confirm by clicking on OK
Confirm that the table has been unloaded successfully by checking the loading status in the Runtime Information a)
Right-click on the table in the Systems window and select Open Definition
b)
Navigate to the tab Runtime Information
c)
Confirm that column Loaded in table Details for Table indicates that the table is not loaded. Additionally, you can see that currently the table does not consume memory (indicated by “Total Memory Consumption (KB)”)
Load the table completely into the memory and check the loading status again a)
In the Systems window right-click on table EPM.PO.Item_Part
b)
From the context menu select Load into Memory...
c)
Confirm by clicking on OK
d)
Right-click on the table in the Systems window and select Open Definition
e)
Navigate to the tab Runtime Information
f)
Confirm that column Loaded in table Details for Table indicates that the table is fully loaded. Additionally, you can see that currently the table now consumes memory (indicated by “Total Memory Consumption (KB)”)
Task 3: Check the size of the memory consumption of main storage and delta storage and trigger a delta merge operation manually 1.
2.
3.
Check the size of the memory consumption of main storage and delta storage of table EPM.PO.Item_Part a)
Right-click on the table in the Systems window and select Open Definition
b)
Navigate to the tab Runtime Information
c)
Check the “Memory Consumption in Main Storage (KB)” and “Memory Consumption in Delta Storage (KB)”
Trigger a delta merge operation of table EPM.PO.Item_Part manually a)
Right-click on the table in the Systems window and select Perform Delta Merge...
b)
Confirm by clicking on OK
Check the size of the memory consumption of main storage and delta storage of table EPM.PO.Item_Part after the delta merge operation has been performed a)
Navigate to the tab Runtime Information in the table definition again and click on Refresh
b)
Check the “Memory Consumption in Main Storage (KB)” and “Memory Consumption in Delta Storage (KB)”
Task 4: Create and merge table partitions and verify the integrity with an extended data check 1.
Open the Table Distribution Editor and display table partitions of table EPM.PO.Item_Part a)
Expand the schema SAP_HANA_DEMO in the Systems window
b)
Right-click on folder Tables in schema SAP_HANA_DEMO
c)
From the context menu choose Show Table Distribution to open the Table Distribution Editor
d)
Select table EPM.PO.Item_Part
e)
Confirm that the table is not partitioned (visible in partition details of table)
Partition table EPM.PO.Item_Part by range for the column PURCHASEORDERITEM a)
Right-click on table EPM.PO.Item_Part in the Table Distribution Editor
b)
Choose Partition Table...
c)
For the Partitioning Specification select Range and click on Next
d)
As column leave PURCHASEORDERITEM
e)
Click on Add right to the table Value Ranges to add a value range
f)
As start value for partition 1 enter 0000000000, as end value 0000000040
g)
Add an additional value range with start value 0000000040and end value 0000000080 Note: Since an additional partition for all other values will be created automatically, in total three partitions will be created
h)
Click on Check Input
i)
Click on Finish
j)
In the partition details (Table Distribution Editor) of table EPM.PO.Item_Part expand the host. Now the three partitions with their respective sizes should be visible.
Check the integrity of partitions in table EPM.PO.Item_Part (execute extended data check) a)
In the Systems window right-click on the SAP HANA system where you are logged on as user SYSTEM
b)
From the context menu choose SQL Console
c)
Insert the following SQL command to check partitioning consistency of the table: CALL CHECK_TABLE_CONSISTENCY('CHECK_PARTITIONING_DATA', 'SAP_HANA_DEMO','"EPM.PO.Item_Part"');
d)
Click on Execute
e)
Confirm that no errors are displayed, i.e. the extended data check has shown that no issues exist
Lesson Summary You should now be able to: • Decide when to use column-based and row-based storage • Create tables using SQL commands • Create tables using SAP HANA Studio • Display table definition and content • Describe the advantages of table partitioning • Know which specifications for single-level partitioning exist in SAP HANA • Use the Table Distribution Editor in SAP HANA Studio • Partition tables • Check partitioning consistency • Replicate tables to multiple hosts • Load and unload column store tables manually • Trigger delta merge operations manually • Export and import tables and other catalog objects
Lesson: Periodic Tasks Lesson Overview This lesson describes typical tasks of an administrator and how SAP HANA Studio can be used to support their execution.
Lesson Objectives After completing this lesson, you will be able to: • • • • • • • • • • •
Know which administrative tasks need to be performed initially, regularly and on demand Check the SAP HANA system status Check the status of services Check the alerts and error logs Perform backups Check the performance Check the volume configuration Check the system information Check diagnosis files Work with traces Know, how SAP HANA Studio and SAP HANA Cockpit actively support you in this tasks
Business Example After installation, you need to have an overview which tasks you need to perform as administrator and how to achieve this using SAP HANA Studio. You want to ensure good performance for the processing of your SAP HANA database. Therefore you perform regular checks and take preventive action if required.
Overview of Administrative Tasks Administrative tasks of the SAP HANA database are performed using the administration console perspective of the SAP HANA studio. The administration console perspective of the SAP HANA studio allows technical users to manage the SAP HANA database as well as to create and manage user authorizations.
The administrative tasks are divided into three categories. •
Initial tasks
•
– Perform a full data and a file system backup Regular tasks
•
– Check the system status – Check the status of the services – Perform data backups – Check the alerts and error logs – Check the performance – Check the volume configuration – Maintain configuration – Check the system information On-Demand Tasks – – – – –
Check the diagnosis files Activate and analyze additional traces Avoid LOG FULL situations Avoid log backup area becoming full Monitor disk space that is used for diagnosis files
Initial Tasks Performing an Initial Backup It is strongly recommended after the initial setup and after the initial load, that you perform a full data and file system backup (including a configuration backup). For more information, see the SAP HANA Database Administration Guide. Note: Backup and Recovery is covered in detail in a dedicated unit of this course.
Installing a Valid License for the SAP HANA Database Additionally, please make sure that a valid license is installed (see Configuration lesson for details).
Regular Tasks (Administration and Monitoring) Checking the System Status Overview Regularly check the system status on the Overview tab page of the administration editor in the SAP HANA studio. This displays the most important system information: • • •
•
2015
Overall system state General system information (software versions and so on) The Alerts section shows the latest warnings and messages generated by the statistics server, which is a monitoring tool for the database. It collects statistical and performance information using SQL statements. The bar views provide an overview of important system resources: The amount of available memory, CPUs, and storage space is displayed as well as the used amount of these resources. In a distributed landscape, the amount of available resources is aggregated over all servers. Additionally, the resource information of the server with the highest resource consumption is displayed.
Regularly perform data backups (including configuration backups). There are no general guidelines for the backup frequency (this depends on the usage scenario). For more information, see the unit “Backup and Recovery” in this course and the SAP HANA Database – Backup and Recovery Guide. Checking the Status of Services On the Landscape tab page, check that all services that belong to your database are running: preprocessor, name server, and index server for each host and one statistics server. The Services tab page contains information about the status of your database services. Running services are indicated with a green icon.
Figure 251: The Administration Editor – Landscape > Services Tab
In addition, information about resource usage and possible bottlenecks is displayed. Using the context menu, you can restart services: When using the Stop or Kill command, the respective service is stopped or killed and then automatically started again. Because all services are restarted automatically when they are stopped, there is no need to start single services manually. As an administrator, you actively monitor the status of the system, its services, and the consumption of system resources. However, you are also alerted of critical situations, for example: a disk is becoming full, CPU usage is reaching a critical level, or a server has stopped. Monitoring Resource Utilization and Memory Allocation
Indicates total amount of memory currently used by the SAP HANA database in relation to the allocation limit. For multiple-host systems, values are displayed for all worker hosts. The host with the highest (most critical) memory usage is also shown.
This tile provides access to the Memory Overview app where you can analyze current memory usage in more detail. If the system is distributed, memory usage is available for each host individually. The initial view shows the memory usage of the master host. You can switch between hosts as necessary.
SAP HANA Cockpit provides a detailed graphical breakdown of the following main categories of memory usage: Physical memory SAP HANA database Table data Database management Other information regarding the current size of used resources can be seen on the Overview tab of the Administration editor. The following information is displayed in screen areas identified above: 1. The components of the selected service listed in descending order of current used memory (default) 2. Current breakdown of SAP HANA used memory displayed as a pie chart 3. Allocators of the selected component listed in descending order of current used inclusive memory (default) 4. Current breakdown of memory usage of the 10 highest consuming allocators displayed as a pie chart Besides, the new Resource Utilization Statistics editor enables you to visualize and explore the usage history of key system resources:
The tile can help to analyze bottlenecks, identify patterns, and forecast requirements. It can be opened via the context-menu of the specific SAP HANA system. Monitoring Hosts in a Distributed System In a distributed system, hosts can be monitored from the Hosts sub-tab in SAP HANA Studio:
Figure 258: The Administration Editor – Landscape > Hosts Tab
Redistributing Data in a Scale-Out System In a distributed system, tables and table partitions are assigned to an index server on a particular host at the time of their creation, but this assignment can be changed. In certain situations, it is even necessary. SAP HANA supports several “redistribution operations” that use complex algorithms to evaluate the current distribution and determine a better distribution depending on the situation.
Figure 259: The Administration Editor – Landscape > Redistribution Tab
Setting Up and Monitoring System Replication System replication is a mechanism for ensuring the high availability of an SAP HANA system. Through the continuous replication of data from a primary to a secondary system, including in-memory loading, system replication facilitates rapid failover in the event of a disaster. Productive operations can be resumed with minimal downtime. SAP HANA system replication can be set up and monitored from within the administration console:
Figure 260: The Administration Editor – Landscape > System Replication Tab
Figure 261: Extended system Replication configuration
Checking Alerts As one of the main components of the monitoring infrastructure of the SAP HANA database, the statistics server performs regular checks and issues an alert when an alert condition is fulfilled.
Figure 262: The Administration Editor – Alerts Tab (1/3)
The priority of the alert indicates the severity of the problem and depends on the nature of the check and configured threshold values. For example, per default if 90% of available disk space is used, a low priority alert is issued; if 98% is used, a high priority alert is issued.
On the left hand side you have an overview about all checks . And on the right hand side you have some details to the selected check. For each check you can configure: - a specific E-mail alert ,
- threshold , - the schedule and the activation of this concrete check And there is the possibility to “Run the check now”, that is helpful in that case when the check is running e.g. each 6 hours (backup) and you will check now if this process now work fine .Otherwise you must wait any hours again to get the result. Assessing Performance Information Gathering and analyzing data regarding the performance of your SAP HANA systems is important for root-cause analysis and the prevention of future performance issues. General information about overall system performance is available in the System Monitor and on the Overview tab of the Administration editor. You can monitor more fine-grained aspects of system performance on the Performance tab.
Figure 267: The Administration Editor – Performance Tab
The Threads sub-tab allows monitoring of running threads:
The Group and sort filter provides a meaningful and clear structure for thread analysis: - Threads with the same connection ID are grouped - Within each group, the call hierarchy is depicted - Groups are displayed in order of descending duration Additional actions can be performed here:
Besides identifying active/inactive sessions and their relation to applications, the monitor shows if a session is blocked and if so, by which other session. It also shows if a session is blocking other sessions and how many transactions are inside. Moreover, statistics like average query runtime and the number of DML and DDL statements in a session are included. The table shows the result from the system information statement sessions. You can cancel a session by right-clicking the session and choosing Cancel Session. Blocked transactions, or transactionally blocked threads, can impact application responsiveness.
Blocked transactions are transactions that are unable to be processed further because they need to acquire transactional locks (record or table locks) that are currently held by another transaction. Transactions can also be blocked waiting for other resources such as network or disk (database or metadata locks). The SQL plan cache can provide you with an insight into the workload in the system as it lists frequently executed queries.
Figure 272: The Administration Editor – Performance > SQL Plan Cache Tab
Technically, the plan cache stores compiled execution plans of SQL statements for reuse, which gives a performance advantage over recompilation at each invocation. For monitoring reasons, the plan cache keeps statistics about each plan, for instance number of executions, min/max/total/average runtime, and lock/wait statistics. Analyzing the plan cache is very helpful as one of the first steps in performance analysis because it gives an overview about what statements are executed in the system. Note: Due to the nature of a cache, seldom used entries will be evicted from the plan cache.
Expensive statements are individual SQL queries whose execution time was above a configured threshold. The expensive statements trace records information about these statements for further analysis and displays them in the Administration editor. Note: The expensive statements trace is deactivated by default. The individual steps of statement execution are displayed in a hierarchical tree structure underneath aggregated statement execution information. Hint: Some administrator views in SAP HANA Studio are personalized. The settings are restored the next time the view is opened. The procedure is system independent. This function applies to the following tabs: •
340
Sessions, SQL Plan Cache, Expensive Statements Trace, Job Progress and System Replication
Figure 276: The Administration Editor – Performance > Load Tab
You can use the load graph for performance monitoring and analysis. For example, you can use it to get a general idea about how many blocked transactions exist now and in the past, or troubleshoot the root cause of slow statement performance. Monitoring Disk Usage and Volumes
Figure 277: The Administration Editor – Volumes Tab
To ensure that the database can always be restored to its most recent committed state, you must ensure that there is enough space on disk for data and log volumes. You can monitor disk usage, volume size, and other disk activity statistics on the Volumes tab of the Administration editor. There are two views available on the Volumes tab for monitoring the size of volumes on disk: service and storage type (that is data, log, and trace). Hint: Although trace files are not stored in volumes, they are displayed on the Volumes tab in the Storage view as they consume disk space and therefore need to be monitored. Maintaining the Database Configuration
Figure 278: The Administration Editor – Configuration Tab
Hint: For detailed information, please see also lesson “Configuration” of this course. Retrieving System Information
Figure 279: The Administration Editor – System Information Tab
Double-clicking an entry in this list executes the underlying statement. To see the actual statement, from the context menu, choose Show. System Information: Additional Functionality • • • • •
344
User-defined SQL statements on the System Information tab Filter on name or description Show user-defined or system statements Dialog to create or edit own SQL statements with the possibility to delete an own SQL statement Own SQL statements are stored in a local file. The file location is specified in the global settings.
Figure 280: System Information: Additional Functionality
On Demand Tasks
Figure 281: On-Demand Tasks
Avoiding Log Full Situations When the log is backed up, the backed up log segments remain on disk until they have been released automatically after a savepoint. After the log has released, the oldest unused log segment can be overwritten with new log entries. If there are no unused log segments, new log segments are created. If the disk becomes full and
no more log segments can be created, a log full situation arises. When the log is full, no more logging is possible until the log backup has completed. Automatic log backup prevents log full situations from arising. Avoid log backup area becoming full. Regularly archive old log backups to a different location (using operating system commands). In case of problems with the SAP HANA database, you can check log and trace files for errors. These log files are available in the SAP HANA studio on the Diagnosis Files tab page of the administration screen. Checking Diagnosis Files
Figure 282: The Administration Editor – Diagnosis Files Tab
In the Diagnosis Files view, it is possible to show the first lines of a file. It is still possible to display the last lines or to display the entire file. The number of lines is configurable, the max. limit is 100.000 lines. For large files (more than 100.000 lines) showing the entire file is not possible, instead a download option is provided. You can turn on and configure several traces on the Trace Configuration tab. For more details, see “Configuring Traces” in the SAP HANA Database – Administration Guide. Configuring Traces
Figure 283: The Administration Editor – Trace Configuration Tab
Overview of the different traces available in SAP HANA: Database trace (including user-specific and end-to-end database traces) The database trace records information about activities in the components of the SAP HANA database. You can use this information to analyze performance and to diagnose and debug errors. Each service of the SAP HANA database writes to its own trace file. By default, the database trace is active with default trace level ERROR. The SQL trace collects information about all executed SQL statements and saves it as an executable python program. This is good for recording a scenario. By default, the SQL trace is inactive. Expensive statements are individual SQL queries whose execution time was above a configured threshold. The expensive statements trace records information about these statements for further analysis. By default, the expensive statements trace is inactive. Performance trace The performance trace is a performance tracing tool built into the SAP HANA database. It records performance indicators for individual query processing steps in the database kernel. By default, the performance trace is inactive. Kernel profiler
The kernel profiler is a sampling profiler built into the SAP HANA database. It collects, for example, information about frequent and/or expensive execution paths during query processing. By default, the kernel profiler is inactive. Note: Only SAP development support has the technical expertise required to interpret the information collected by the performance trace and the kernel profiler.
Figure 284: The Administration Editor – Trace Configuration Tab
Exercise 11: Monitoring SAP HANA using Administration Console Tools Exercise Objectives After completing this exercise, you will be able to: • Check the system status • Check statuses of the services • Check alerts and error logs • Check system information • Check volume configuration
Business Example As a system administrator, monitoring of the SAP HANA database and landscape is an important task. The Administration Console provides many tools to help you do this.
Task 1: Review the overall status of the SAP HANA landscape, database, and services. 1.
Check the system status
2.
Determine the Peak Memory Allocation amount for your SAP HANA database.
3.
Check the status of each of the services.
4.
Find the top 5 tables in the SAP HANA database in terms of disk size.
5.
Monitor key performance indicators, such as CPU usage, column store, and memory consumption.
Task 2: Use SAP HANA studio tools to trace SQL Statements.
2015
1.
Configure and activate a SQL Trace for user SYSTEM, with a table filter on "SAP_HANA_DEMO"."EPM.PO.Item_Part".
Solution 11: Monitoring SAP HANA using Administration Console Tools Task 1: Review the overall status of the SAP HANA landscape, database, and services. 1.
2.
3.
Check the system status a)
Navigate to the system connection for user SYSTEM.
b)
From the context menu, select Configuration and Monitoring → Open Administration. (Alternatively, click the Administration icon.)
c)
From the Overview tab, review operational status, database used memory, resident memory, CPU usage and disk usage.
d)
Check for alerts.
Determine the Peak Memory Allocation amount for your SAP HANA database. a)
Navigate to the system connection for user SYSTEM.
b)
From the context menu, select Properties.
c)
Click License.
d)
System Measurement → Peak Memory Allocation.
Check the status of each of the services. a)
Navigate to the system connection for user SYSTEM.
b)
From the context menu, select Configuration and Monitoring → Open Administration. (Alternatively, click the Administration icon.)
c)
From the Landscape tab, choose the Services tab.
d)
Check the status of each of the services.
e)
Add columns for CPU Process (%) and CPU Total.
f)
Find and select the Configure Viewer icon on the top right of the Landscape screen. In the Table Viewer, choose CPU Process (%) and CPU Total (%) on the right column. Press the left arrow to add these columns to the Visible Columns list on the left.
Lesson Summary You should now be able to: • Know which administrative tasks need to be performed initially, regularly and on demand • Check the SAP HANA system status • Check the status of services • Check the alerts and error logs • Perform backups • Check the performance • Check the volume configuration • Check the system information • Check diagnosis files • Work with traces • Know, how SAP HANA Studio and SAP HANA Cockpit actively support you in this tasks
Lesson: Transporting Changes Lesson Overview This lesson provides an overview of the transporting possibilities.
Lesson Objectives After completing this lesson, you will be able to: • • • • • • •
Understand the Application Lifecycle Management of SAP HANA Know what Delivery Units and Packages are in the context of Software Lifecycle Management Name different transport scenarios and suitable transport management tools Describe the functionality of the SAP HANA Application Lifecycle Manager Understand how the Enhanced Change and Transport System (CTS+) is integrated with SAP HANA Know about the possibility to use SAP HANA Transport Containers Export and import SAP HANA content manually
Business Example SAP HANA lifecycle management covers two aspects: platform lifecycle management for customizing and updating your SAP HANA platform and application lifecycle management for managing SAP HANA content products and transports. While using SAP HANA Lifecycle Manager has already been covered in a previous lesson, now managing SAP HANA content. This includes modelling, change recording, transports and installation.
SAP HANA Application Lifecycle Management – Overview Application lifecycle management includes all the activities that you need to plan and perform to ensure that the software components you develop for SAP HANA are not only produced and shipped in a regulated way but also meet the requirements laid out for the SAP HANA platform. In SAP HANA several objects can be developed to build standalone applications or integrate with other products such as SAP systems:
Figure 287: Design Time and Rune Time Objects – SAP HANA Repository
For ensuring consistency when transporting objects it is important to ship objects that belong together at the same time. In the repository SAP HANA objects belonging together are comprised in packages and packages can be assigned to a delivery unit.
All content delivered as part of the application you develop for SAP HANA is stored in packages in the SAP HANA repository. The packages are arranged in a hierarchy that you define to help make the process of maintaining the packages transparent and logical. Packages enable you to group together the artifacts you create and maintain for your applications. You must also be aware of the privileges the application developers require to access (and perform operations on) the packages.
Figure 289: Context: Delivery Units
A delivery unit is a collection of packages that are to be transported together. You assign all the packages belonging to your application to the same delivery unit to ensure that they are transported consistently together within your system landscape. Each delivery unit has a unique identity. The identity of a delivery unit consists of two parts: a vendor name and a delivery-unit name. The combined ID ensures that delivery units from different vendors are easy to distinguish and follows a pattern that SAP uses for all kinds of software components. To create and manage delivery units you first need to maintain the identity of the vendor, with whom the delivery units are associated, and in whose namespace the packages that make up the delivery unit are stored. Delivery Units are associated with a product instance. A product corresponds to an application – which could be an SAP-delivered application, a partner application, or customer application developed on a project basis.
For transporting SAP HANA content multiple options exist. Which one is suitable depends on the use case and integration scenario: •
Native SAP HANA Content: SAP HANA Application Lifecycle Manager can be used to transport native SAP HANA content. Since this is an SAP HANA standalone transport management tool, it is suitable for customers without an ABAP-footprint. It is a lightweight and easy-to-use transport tool.
•
Native SAP HANA Content or as Part of a Solution: Using the Enhanced Change and Transport System (CTS+) SAP HANA content can be transported like any other non-ABAP content with integration in the existing CTS transport landscape and integration in SAP process tools (ChaRM, QGM).
•
SAP HANA Content Exclusively Used by ABAP: An alternative for transporting SAP HANA content that is exclusively used by ABAP (ABAP for SAP HANA) is using SAP HANA Transport Containers. With that, SAP HANA artifacts can be transported with standard ABAP transport. Integration in the existing CTS transport landscape and in SAP process tools is ensured as well.
•
Content That Needs to be Transferred Quickly Without Transport Management System: Such content can be quickly transferred from one SAP HANA system to another using the export and import functionality. This allows moving objects with little effort. However, in many cases using a transport management solution would be advantageous over this manual approach.
Figure 292: Transporting SAP HANA Content: Available Options
Transporting Native SAP HANA Content Using SAP HANA Application Lifecycle Manager (HALM) The SAP HANA Application Lifecycle Manager enables you to create your product, delivery unit, package, and basic application components. Additionally, the SAP HANA Application Lifecycle Manager enables administrators to set up the transport of delivery unitsb and Changes, start and monitor transports, and upload or download delivery unit archives.
Figure 293: SAP HANA Application Lifecycle Manager – Use Cases and Constraints
Figure 294: SAP HANA Application Lifecycle Manager – Capabilities
As an administrator you can use the SAP HANA Application Lifecycle Manager as a single point of access to perform the following tasks: • • •
Assign the appropriate delivery units or changes to the transport route Execute exports and imports (uploads and downloads) Monitor the transport processes Note: The SAP HANA Application Lifecycle Manager tool is available on the SAP HANA XS Web server.
Figure 295: SAP HANA Application Lifecycle Manager – Transport Process
Figure 296: SAP HANA Lifecycle Manager – Web Application
The responsibility for common application-lifecycle management performed with the SAP HANA Application Lifecycle Manager is shared between the various lifecycle management roles, which must be assigned to the SAP HANA users who start the SAP HANA Application Lifecycle Manager. For example, the Administrator role enables access to all options and tools in the SAP HANA Application Lifecycle Manager. To start a transport operation based on a defined route, you only need the privileges assigned with the user role ExecuteTransport. The Display role enables a user to view details of the delivery units, routes, and transports, but cannot make any changes.
Full Deliver Unit / Product (without Change Recording) Full Released Delivery Unit / Product (with Change Recording enabled) Change (with Change Recording enabled)
Change Recording in SAP HANA: Change recording is the infrastructure to record changes during development. Change recording provides: • • •
Automatic recording and grouping of object changes Decoupling of activation and transport Predecessor calculation of changes
Change Recording can be enabled as global system setting in your development environment Transporting without change recording: • •
Delivery Unit transport contains all active objects in the packages of that particular DU If an object is ready to be transported, its Delivery Unit must be activated
Transporting with change recording: • •
• •
364
Automatic recording of object changes to a change list when an object is activated Team Development: Allows a developer (or team) to work on a development artifact and release the “change” only when the artifact is ready to promote to the test system. For developers not contributing to this change the objects are locked Release in two steps: contributors have to approve first before a change can be released Transport: Delivery Unit transport contains only objects where their change has been released
Using the Enhanced Change and Transport System (CTS+) for Transporting SAP HANA Content The Change and Transport System (CTS) of ABAP has been enhanced so that it can also be used for transporting non-ABAP objects – known as CTS+ or enhanced CTS. If you already use CTS, for example to manage non-ABAP transports for applications like the SAP Enterprise Portal or to transport your BW ABAP objects, you might be interested in using the same tool to transport the SAP HANA objects as well. With the integration of SAP HANA into CTS, this is now possible. You can model your landscape for your SAP HANA systems in Transport Management System (TMS) in the same way as any other non-ABAP application supported by CTS. To be able to use SAP HANA with CTS as described in this lesson, your systems have to fulfill the following prerequisites
Figure 301: Using CTS+ with HANA – Prerequisites
The following figure shows the systems that are involved in the scenario. The figure shows as an example a three system landscape consisting of a development, a test and a production system. This is a basic example. You can set up much bigger or even simpler landscapes in CTS. All the options that you might know from TMS are available for SAP HANA systems as well. You can for example have several systems in a row or more than one target system at once. In addition, you need a system where CTS is configured. For the set-up, you have to use an SAP Solution Manager or SAP NetWeaver where the CTS Plug-In contained in Software Logistics (SL) Toolset is installed. The set-up is described in detail in the HowTo-Guide on : http://scn.sap.com/docs/DOC-8576. In this lesson, we will refer to this system as ‘CTS system’.
The figure above illustrates the process of exporting and importing objects with SAP HANA. The front-end is the SAP HANA Studio or (starting with SPS08) the SAP HANA Application Lifecycle Management (HALM). As of SAP HANA studio SPS05, you are no longer required to export the SAP HANA content to the file system and attach it manually to a CTS transport request. It is now possible to export SAP HANA content and attach it to a transport request in one step (referred to as “Close Coupling”). You can start the export from within the SAP HANA Developer Studio or SAP HANA Application Lifecycle Management. You should not use the option of exporting content to a file system and attaching manually to a transport request, any more. The next step is to release the transport request. Depending on your configuration, this is either done automatically or you can do so via the Transport Organizer Web UI. You can then start the import. This is done on the CTS system. Note: As of SAP HANA studio SP05, you are no longer required to export the SAP HANA content to the file system and attach it manually to a CTS transport request. It is now possible to export SAP HANA content and attach it to a transport request in one step (referred to as “Close Coupling”). This is now the preferred way of exporting SAP HANA content to a transport request. Before you can use CTS with SAP HANA, you have to configure your CTS system and the SAP HANA development system (Remember: You have to install the CTS plug-in).
On the CTS system, there are several elements which require configuration: • •
The Deploy Web Service is needed to start the deployment on the target systems The Transport Organizer is used to manage transport requests for non-ABAP applications.
After performing these two steps, the systems and the transport route in CTS are ready. As a last configuration step, you have to configure the connection from your SAP HANA development (source) system to the CTS system. This configuration is done in SAP HANA Application Lifecycle Management (HALM). If CTS is enabled, you have two options for transports: • •
transport full Delivery Units (DU) based on the active state of the contained objects transport only the changed objects per Delivery Unit based on released changes (as of SAP HANA SPS08, if Change Recording is enabled) .
You can either use SAP HANA Application Lifecycle Management (more details are provided in HowTo-Guide on : http://scn.sap.com/docs/DOC-8576.) or the SAP HANA studio (more details are provided in HowTo-Guide on : http://scn.sap.com/docs/DOC-8576.) for exporting.
Figure 303: Using CTS+ with HANA – Export Process in SAP HANA Studio
Figure 304: Using CTS+ with HANA – Import Process in TMS
Hint: For more detailed information, please see also: http://scn.sap.com/docs/DOC-8576 and https://scn.sap.com/docs/DOC45659
Leveraging SAP HANA Transport Containers for ABAP for SAP HANA Content Starting with SAP NetWeaver 7.4 numerous SAP HANA related optimizations are provided that help developing ABAP applications for HANA. The development of ABAP coding and HANA artifacts that belong together leads to the requirement to also transport them together consistently through the system landscape. For this the SAP HANA Transport Container (HTC) can be used.
Figure 305: SAP HANA Transport Container (HTC) – Overview
Figure 306: SAP HANA Transport Container (HTC) – Landscape
HTC is an ABAP development object which is required to integrate HANA repository content into the standard Change and Transport System (CTS). As of AS ABAP 7.4, HTC is seamlessly integrated into the Transport Organizer of AS ABAP and so integrating the HANA repository content into CTS. It ensures an efficient delivery process of applications built out of ABAP and HANA content by means of the proven ABAP transport mechanism. SAP HANA Transport Container (HTC) transports full Delivery Units (DU) based on the active state of the contained objects. Note: This means, ABAP for HANA applications are transported as normal as any classic ABAP-based application.
Figure 307: SAP HANA Transport Container (HTC) – Procedure Overview
Hint: For more information please see also: http://scn.sap.com/docs/DOC43035
Exporting and Importing SAP HANA Content Manually As alternative to using a transport management solution for a quick test transfer, the export and import functionality of SAP HANA can be used. Exporting and importing is possible as client-side and server-side.
You can export all catalog objects to a file system and then import them back into an another database. For example, you want to move data from a test system to a production system, clone your system, or provide the data to SAP Support so they can replicate a scenario.
Figure 309: Using Client Export/Import for Models
Note: If you want to specify a different directory in the server's file system, it must already exist and the database must be authorized to access it.
Figure 310: Export / Import of Tables – Considerations
Note: You can prevent the export of content by means of authorization. For additional information please look up the developer guide. Hint: For the export of small tables or catalog-only exports, a CSV export to the client file system is appropriate. However, keep the maximum file size of your operating system in mind. A binary export on the server is recommended for large exports (for example, exports over 2 GB).
Exercise 12: Transporting Changes Exercise Objectives After completing this exercise, you will be able to: • Export and import a table in HANA Studio
Business Example In this scenario we want to try out the export and import functionality of SAP HANA. Since there is only one HANA server, it is not possible to move the change to a different HANA server using export/import method. Hence, a schema is created and a table is created under the schema. Afterwards the table is deleted and then imported using the files exported.
Task: 1.
2015
Create a schema and a table under the schema. Schema that you will create
TRAIN## (where the number is provided by the instructor)
Table you will create under TRAIN## where ##='01' or '02' ) provided by the instructor
PRODUCTS which will be same as sap.hana.democontent.epm.data::EPM.MD.Products table from SAP_HANA_DEMO schema
Create a schema and a table under the schema. Schema that you will create
TRAIN## (where the number is provided by the instructor)
Table you will create under TRAIN## where ##='01' or '02' ) provided by the instructor
PRODUCTS which will be same as sap.hana.democontent.epm.data::EPM.MD.Products table from SAP_HANA_DEMO schema
a)
Open HANA Studio
b)
Right click on the HANA system which uses ‘SYSTEM’ user for connection and select SQL Console
c)
Enter the sql command below to create a schema and execute by clicking on a little white arrow in a green circle (F8 – Execute) create schema TRAIN##;
:
The message of the result is displayed at the bottom and the schema is now created and can be seen in the left panel of the screen. d)
Enter the sql command to create a table and execute. create column table “TRAIN##”. “PRODUCTS” like “SAP_HANA_DEMO”. “sap.hana.democontent.epm.data::EPM.MD.Products” with data; The message of the result is displayed at the bottom and the table is now created and can be seen in the left panel of the screen after refreshing the screen by right click on your schema and select refresh.
2.
Export the table. a)
Open HANA Studio
b)
Right click on the table under TRAIN## schema you just created and select Export to export the table.
c)
The table is selected. Click on Next
d)
Select Binary for format, select Including data and Including dependencies, use the Default Directory which will create the export file under work directory of the HANA server then click on Finish.
Lesson Summary You should now be able to: • Understand the Application Lifecycle Management of SAP HANA • Know what Delivery Units and Packages are in the context of Software Lifecycle Management • Name different transport scenarios and suitable transport management tools • Describe the functionality of the SAP HANA Application Lifecycle Manager • Understand how the Enhanced Change and Transport System (CTS+) is integrated with SAP HANA • Know about the possibility to use SAP HANA Transport Containers • Export and import SAP HANA content manually
Unit Summary You should now be able to: • Start and stop SAP HANA using SAP HANA Studio • Start and stop SAP HANA using command line • Start and stop distributed SAP HANA systems • Restart individual database services • Configure the SAP HANA studio • Configure the SAP HANA database • Organize SAP HANA systems in folders • Know where configuration files are stored • Use the filter function in the Configuration tab of the SAP HANA Studio • Apply changes to database parameters • Decide when to use column-based and row-based storage • Create tables using SQL commands • Create tables using SAP HANA Studio • Display table definition and content • Describe the advantages of table partitioning • Know which specifications for single-level partitioning exist in SAP HANA • Use the Table Distribution Editor in SAP HANA Studio • Partition tables • Check partitioning consistency • Replicate tables to multiple hosts • Load and unload column store tables manually • Trigger delta merge operations manually • Export and import tables and other catalog objects • Know which administrative tasks need to be performed initially, regularly and on demand • Check the SAP HANA system status • Check the status of services • Check the alerts and error logs • Perform backups • Check the performance • Check the volume configuration • Check the system information • Check diagnosis files • Work with traces • Know, how SAP HANA Studio and SAP HANA Cockpit actively support you in this tasks
Understand the Application Lifecycle Management of SAP HANA Know what Delivery Units and Packages are in the context of Software Lifecycle Management Name different transport scenarios and suitable transport management tools Describe the functionality of the SAP HANA Application Lifecycle Manager Understand how the Enhanced Change and Transport System (CTS+) is integrated with SAP HANA Know about the possibility to use SAP HANA Transport Containers Export and import SAP HANA content manually
Unit 8 Backup and Recovery Unit Overview This unit discusses the following topics: • • • • • •
Concept of backup and recovery Data area backup Log area backup Backup catalog Database recovery Scenarios for database copy
Unit Objectives After completing this unit, you will be able to: • • • • • • • • •
Explain the concept of backup and recovery Perform a data area backup Estimate the size of a backup Configure a log area backup Use the backup catalog to get Information about backups Perform backups using scripts Perform a database recovery Explain the concept of backup and recovery using a storage snapshot Explain the scenarios for a database copy
Unit Contents Lesson: Concept of Backup and Recovery..................................382 Lesson: Data Area Backup ....................................................390 Lesson: Log Area Backup .....................................................400 Lesson: Additional Backup Topics ............................................408 Lesson: Recovery...............................................................417 Exercise 13: Backup and Recovery......................................425 Lesson: Backup and Recovery using Storage Snapshot ..................433 Lesson: Database Copy .......................................................438
Lesson: Concept of Backup and Recovery Lesson Overview Lesson Objectives After completing this lesson, you will be able to: •
Explain the concept of backup and recovery
Business Example You have to perform backups for the SAP HANA database. Therefore, you need to know the backup and recovery concept of the SAP HANA database. To ensure optimal performance, the SAP HANA database holds the bulk of its data in memory. However, it still uses persistent storage to provide a fallback in case of failure.
Figure 311: SAP HANA Persistence
During normal database operation, data is automatically saved from memory to disk at regular savepoints. Additionally, all data changes are recorded in the redo log. The redo log is saved from memory to disk with each committed database transaction. After a power failure, the database can be restarted like any disk-based database, and it returns to its last consistent state by replaying the redo log since the last savepoint.
While savepoints and log writing protect your data against power failures, savepoints do not help if the persistent storage itself is damaged. To protect against data loss due to disk failures, backups are required. Backups save the payload (the actual data) of the data area and log area to different locations. Unused space in the database is not backed up. The data backup includes all the data structures that are required to restore the database. This includes user data, information models, topology information, and the secure storage file system (SSFS). A data backup does not include customer-specific configuration. Backups are performed while the database is running. The impact of backups on system performance is negligible, and users can continue to work normally while the backup is running.
Figure 312: Overview of Backup and Recovery
The properties of an SAP HANA system are defined in the parameters of its configuration files. These files are not backed up as part of the database backup. If you want to back up configuration files that contain customer-specific changes, you can do so manually. In a recovery situation, this can be helpful to more easily identify and restore the customer-specific changes. The configuration files are not essential to perform a recovery. If you want to use a customer-specific configuration, you need to reconfigure the recovered system using the SAP HANA studio. More information on the configuration file backup see SAP Note 1651055 Scheduling SAP HANA Database Backups in Linux
Data backups save the content of the data area to a different location in the file system. Depending on the usage scenario, this includes the replicated business data from ERP and all the modeling data.
You can specify whether data and log backups are written to the file system (see SAP Note 1820529) or using third-party backup tools (see SAP Note 1730932) . The Backint for SAP HANA interface performs all the actions needed to write the backup data to external storage. The backup tools communicate directly with the SAP HANA database through the Backint for SAP HANA interface.
“Backint for SAP HANA” is an API that can be implemented by a 3rd party backup agent. • • • • •
Provides functions for backup, recovery, query, and delete. 3rd party backup agent runs on the SAP HANA server and communicates with the 3rd party backup server. Backups are transferred through pipes. Full integration with SAP HANA studio (configuration and execution of backups to Backint). Backint can be configured both for data backups and for log backups. Note: SAP certification is required for “Backint for SAP HANA” implementations by 3rd party vendors.
The default configuration is defined when a third-party backup tool is installed. After a backup tool has been installed, you can back up and recover the SAP HANA database without making any further changes. Below is an overview of important information to consider when planning your backup and recovery strategy with SAP HANA database. You can find more information on the individual points in the subsequent sections . • • • • • • • • •
•
• •
2015
Data and logs can only be backed up when the SAP HANA database is online (when all configured services are running). Only the database payload is backed up. Until an initial data backup has been completed, the logs are written in overwrite mode. During data and log backup, the system is available as usual. Backup supports on the one hand files as backup media and on the other hand it is possible to use Backint for SAP HANA. The configuration path for data and log backup must be valid throughout the whole system, and not only for specific hosts. Backup and recovery always applies to the whole database. It is not possible to backup and recover individual database objects. To recover the database, you need at least one data backup. At the beginning of a recovery, all the data and log backups to be used must be either accessible in the file system or available through the third-party backup tool. To recover the SAP HANA database, the database needs to be shut down. For this reason, during recovery, the database cannot be accessed by end users or applications. If a recovery fails, the complete recovery must be repeated. Shared storage must be used for file-based backups. This is to ensure that the nameserver process can access the backup files at the time of recovery.
The SAP HANA database software version used during the recovery must always be the same or higher than the version of the software used to create the backup.
Privileges for backup and recovery To perform operations related to backup and recovery, the following authorizations are required: Task
Required authorizations
Backup
● BACKUP ADMIN or BACKUP OPERATOR ● CATALOG READ This privilege is required in order to collect the information needed by the backup wizard
Recover
The recovery process is executed as the operating system user (adm).You must therefore have the logon credentials of this user.
Open the Backup editor
●BACKUP ADMIN ● CATALOG READ
Delete data and log backups from the backup catalog and physically from the backup location
BACKUP ADMIN
BACKUP ADMIN versus BACKUP OPERATOR – what is the difference between the two The system privileges BACKUP ADMIN and BACKUP OPERATOR exist so you can implement a finer-grained separation of duties if this is necessary in your organization. A user with the system privilege BACKUP ADMIN can perform all backup-related operations, including backup deletion and configuration. A user with the system privilege BACKUP OPERATOR can only perform backups. For example, if you have automated the regular performance of backups using Cron, it is more secure to use a user with the privilege BACKUP OPERATOR to avoid the malicious deletion of backups.
Lesson Summary You should now be able to: • Explain the concept of backup and recovery
Related Information SAP HANA documentation SAP Help Portal: http://help.sap.com/hana_appliance • •
SAP HANA Administration Guide, chapter: “Backing Up and Recovering the SAP HANA Database” SAP HANA Technical Operations Manual
SAP Notes • • • •
1642148: FAQ: SAP HANA database backup and recovery 1730932: Using backup tools with Backint 1812980: Changes to the backup catalog as of revision 45 For further notes on backup/recovery, see BC-DB-HDB-BAC
The data backup files are written to the location specified by the parameter basepath_databackup in the persistence section of the global.ini configuration file. By default, the location for data backup files is $(DIR_INSTANCE)/backup/data. To use a different location, you can specify a different path when you perform the backup. If you need to, you can specify a different path for each backup. Alternatively, you can change the value of basepath_databackup. Go to the Configuration tab in the SAP HANA studio and choose global.ini → persistence. If you change the backup location in basepath_databackup, the change takes effect immediately. For improved data safety, we recommend that you specify a path to an external backup location. The backup location should never be on the same file system as the data or log areas. Note: All the files for a particular data backup are written to the same location. The files belonging to the same data backup cannot be written to multiple locations. Different data backups can be written to different locations, but all the files belonging to one particular data backup are written to the same location. We recommend that you create the directory structures before the backup is started. Note: The default backup destination can only be changed for file-based backups. Backups made using third-party tools always use the destination /usr/sap//SYS/global/hdb/backint. For this reason, it is not possible to change the backup destination for third-party tools.
Each backup file name comprises the following elements: <>. The and are optional. If no complete path is specified, the default backup location is used. You can specify a prefix for the backup file name, or you can use the prefix proposed by the system. The system adds a unique suffix to each backup file name. Because this is done for each service that is included in the backup, you only need to specify one file name prefix for all the backups on the different hosts. The suffix that is appended to a file name prefix is only unique for each service. Consequently, the next time you back up a service, the system assigns the same backup suffix to the backup file for that service. If you do not change the file name, the existing backup file for that service will be overwritten by the new backup. During the backup process, a backup file for each service is created in the backup location. The example shows a set of backup files from one data backup created with SAP HANA studio. The files can have different names. In is example, COMPLETE_DATA_BACKUP is the file name prefix; databackup_0_1 is the suffix. We therefore recommend that you copy a data backup to a new location as soon as it is created. Alternatively, specify a different file prefix or location when starting the next backup. The configuration of backup settings (for example, third-party backup tool integration, backup destination paths, log backup settings) is available in the Backup Editor. To open the Backup Editor, double-click Backup in the navigator of SAP HANA studio.
In large SAP HANA systems, data backup files might be larger than the maximum file size that can be stored on the respective file system. The configuration options allow you to specify the maximum file size for backup files. If a backup exceeds this size, it gets split up in several files.
The Administrator has to ensure that sufficient free space for the backup files is available. The amount of free space that will be needed in the backup directory needs to be calculated. To estimate the size of a backup, you can use the system table M_CONVERTER_STATISTICS in the SQL Editor in the SAP HANA studio. This system table contains information about the used blocks. To estimate the size of the next complete data backup, you can use either of the following commands: •
•
select sum(allocated_page_size) from M_CONVERTER_STATISTICS The result is a single value that gives the sum of the sizes of all services in bytes. The size may differ between SELECT statement and DATA BACKUP execution. For this reason, it is advisable to include a reserve of free space. select volume_id, sum(allocated_page_size) from M_CONVERTER_STATISTICS Group by volume_id This displays a list of the volumes (index server, name server, statistics server), with the size of each volume in bytes. Hint: The more difficult part is the sizing for log Backups, because this depends on the amount of data changes that occur in the database, which in turn is a unique quantity for each system and timeframe. When loading data the experiences shows that the disk size of log entries is typically at least twice of the loaded data after compression in SAP HANA.,
If a backup is started the backup wizard also shows the estimated backup size. See the figure below.
Figure 324: Performing Backups Using SAP HANA Studio
Performing a Data Backup Using SAP HANA Studio To create a data backup, perform the following steps: • • •
•
In the Navigator view, select the system for which you want to start a backup. From the context menu, choose Back Up. Specify the location (directory) and the backup file prefix to use and choose Next. The default location shows the path specified in global.ini under the backup parameter basepath_databackup. When all the settings are correct, choose Finish. The backup then starts. The progress of the backup is shown for all types of services (for example, the name server, and index servers). When all the volumes have been backed up, a confirmation message is displayed. Note: A data backup performed with the SAP HANA studio only saves the payload of the data volumes of the database. The database configuration files (and .ini files) are not backed up. Configuration files (.ini files) that contain customer-specific changes can be backed up manually in order to more easily identify and restore customer-specific changes in a recovery situation.
The Backup section in SAP HANA studio offers an overview of running backups , and an overview of configuration options for data backup, log backup and Backint.
A running data backup could be canceled in the Backup Wizard or in the Backup section.
Figure 325: Overview of Backup Operations
To open the Backup section, double-click Backup in the navigator of the SAP HANA studio. Performing a Data Backup Using SQL Commands You can enter SQL commands either by using the SQL editor in SAP HANA studio, or by using the hdbsql program on the command line.
Note: Backups using SQL commands are only recommended for batch mode (see section “Backup and Recovery” of the administration guide). DBA Planning Calendar:
Figure 327: Scheduling Backups Using the DBA Cockpit
DBA Planning Calendar: • • • •
2015
Can be used to schedule, execute, and check almost all regular database administration actions Data backup and Consistency check The scheduled actions are executed automatically Displays actions that are scheduled to run in the background To start the DBA Cockpit, use transaction code DBACOCKPIT
Open DBA Planning Calendar In the DBA Cockpit, choose: Jobs → DBA Planning Calendar To create a new action, you can do either of the following: – – – –
•
Double-click a calendar row. Select a calendar cell and choose Add. Drag and drop an action from the Action Pad to a calendar cell in the future. You can also drag and drop actions to reschedule them. To copy an action, hold down the CTRL key while dragging.
Specify the action details: – – –
Planned Start – Specify the start date and time of the action. Action Parameters – If different from the default, specify the location and prefix for the file. Recurrence – Specify when the action will be repeated or whether it will be executed only once.
Lesson: Log Area Backup Lesson Overview This lesson gives you an overview of the configuration and the different log modes.
Lesson Objectives After completing this lesson, you will be able to: •
Configure a log area backup
Business Example You have to define a backup strategy for your SAP HANA database. In addition to performing data area backups, you have to configure a log area backup.
Overwrite mode: log_mode = overwrite. Log segments are freed by savepoints and no log backup is performed. This can be useful, for example, for test installations that do not need to be backed up or recovered. Caution: log_mode = overwrite is not recommended for production systems.
With log_mode = overwrite, no point-in-time recovery is possible. For recovery, only data backups are used; the logs are not used. Only the following recovery option can be selected: Recover the database to a specific data backup Normal mode: log_mode = normal (default). • • • • • •
Keeps log segments until backup Automatic log backup available (time-based or when segment is full) Log backup directory configured with parameter basepath_logbackup Backup catalog maintenance Restoring of any available data backup with log replay to the last committed state Restoring of any available backup without log replay Caution: As of SAP HANA SPS 07 log mode LEGACY (log_mode = legacy ) is deactivated. Log mode legacy mode was the default setting for SAP HANA SPS 02 but it has not been recommended since SAP HANA SPS 03. If a system is still running in log mode LEGACY, an upgrade to SAP HANA SPS 7 will fail with the error message that the log mode first needs to be set to either NORMAL or OVERWRITE.
For productive systems, we recommend log mode NORMAL because it provides the highest security with regard to the restoration of data for a recovery of the SAP HANA database. In NORMAL log mode, the system automatically creates log backups that can be used for a recovery in addition to the data backups. However, more backup space is required in this log mode due to the log backups. Therefore, an operational concept for administrating data and log backups is a prerequisite for using log mode NORMAL. After changing the log mode parameters, you must restart the database system to activate the changes. We also recommend that you create a full data backup of the database.
The system can perform regular log backups to allow the reuse of log segments. During a log backup, the payload of the log segments is copied from the log area to service-specific log backup files. A log segment is backed up in the following situations: • • •
The log segment is full. The log segment is closed after exceeding the configured time threshold. The database is started.
If you do not regularly move the log backup files to an external destination, you run the risk of the file system to become full. Log segments can only be overwritten by the system after they have been backed up. Caution: Do not ever delete log segments on operating system level, as the log area will become unusable and the database may stop working immediately. Note: If backups go to the file system, you must also regularly archive the log BACKUPS to avoid the log BACKUP DESTINATION from becoming full.
Location of the log backup files by using destination type FILE The log backup files are written to the location specified by the parameter basepath_logbackup in the persistence section of the global.ini configuration file. By default, the location for log backup files is $(DIR_INSTANCE)/backup/log. To use a different location, change the value of basepath_logbackup. Go to the Configuration tab in the SAP HANA studio, choose global.ini → persistence. If you change the backup location in basepath_logbackup, the change takes effect immediately.
enable_auto_log_backup Automatic log backup can be enabled or disabled using parameter enable_auto_log_backup. Default: enable_auto_log_backup = yes Note: In the default log_mode normal, if automatic log backup is disabled, the log area grows until the file system is full. At that stage, the database will freeze. log_backup_timeout_s This parameter forces log backups at a fixed time interval, specified in seconds. Log backups triggered by log_backup_timeout_s are performed in addition to the log backups that are performed when a log segment becomes full. Recommended: Specify a time interval. For example, 900s. (0 = Log backups are only made when a log segment is full and when services are restarted.)
Specifying an appropriate time interval for log backups enables you to recover an SAP HANA database with minimum data loss. For example, if you need to recover the database in a situation where the log area is unusable, and only the data and log backups are available. Note: The log_backup_timeout_s parameter only takes effect if enable_auto_log_backup is set. For log_mode = normal, these parameters must have the following values: enable_auto_log_backup = yes log_backup_timeout_s > 0 Automatic log backups need to be enabled in production systems in order to provide full point-in-time recoverability. As of SPS09 anew alert notifies administrators when automatic log backups have been disabled Note: Improvements for log backups when using backint: In some cases 3rd party backup tools have encountered deadlocks when two SAP HANA database services requested log backups from the same tape (no concurrent access possible to the tape). SAP HANA’s internal recovery handling has been adapted in order to avoid deadlock situations when retrieving log backups from a 3rd party backup tool that uses tapes. In some scenarios the start of a 3rd party backup agent for a log backup may take longer than the actual log backup itself. During times of high load, this may lead to many pending log backups and in the worst case to “log full” situations (log segments are only released for overwrite after a successful log backup). SAP HANA now uses a single backup call to the 3rd party agent for all log segments of a service that are ready for backup.
Lesson: Additional Backup Topics Lesson Overview This lesson explains how the backup catalog provides information about the backups you have performed.
Lesson Objectives After completing this lesson, you will be able to: • •
Use the backup catalog to get Information about backups Perform backups using scripts
Business Example You have to define a backup strategy for your SAP HANA database. Therefore, you have to define a strategy to backup the configuration files of your database. After you have defined a strategy for the data area and the log area backup, you need information about the execution of backups and their history.
Backup of Configuration Files The properties of an SAP HANA system are defined in the parameters of its configuration files.
The nameserver.ini file contains global information for each installation. The landscape section contains the system-specific landscape ID and assignments of hosts to roles MASTER, WORKER, and STANDBY. If the system landscape is changed, for example, hosts are added or removed, the landscape section of the nameserver.ini is also changed. Caution: The sapprofile.ini contains information that is specific to each host. For this reason, in a recovery situation, the sapprofile.ini file must not be copied manually to a different host, as it will not be compatible with a new landscape. The configuration files (.ini files) contain the SAP HANA database configuration settings. The configuration files are not backed up as part of the database backup. Configuration files that contain customer-specific changes can be backed up manually in order to more easily identify and restore customer-specific changes in a recovery situation. The configuration files are not essential to perform a recovery. If you want to use the customer-specific configuration, you need to reconfigure the system using the SAP HANA studio. To display the configuration values, go to the Configuration tab in SAP HANA studio. The configuration files (.ini files) are located by default in the following directories: Example Directory Paths •
•
For global configuration settings: $(DIR_INSTANCE)/../SYS/global/hdb/ custom/config Example Configuration Files: global.ini, indexserver.ini, nameserver.ini For host-specific configuration settings: $(SAP_RETRIEVAL_PATH) Example Configuration Files: daemon.ini
Configuration files are only created in these directories if customer-specific changes are made to them after installation. If no customer-specific changes have been made, these directories may be empty.
Binary Configuration File In addition to the configuration files, all customer-specific changes are also saved in one separate (binary) configuration file. This file is created when SAP HANA is installed and is stored in the same directory as the configuration files. The binary configuration file is versioned. When the file is changed, a new version is created and the previous version is renamed sequentially. All the file versions are stored in the same directory.
If you want to back up customer-specific configuration changes, you should back up all the versions of the binary configuration file manually together with the other configuration files. In a recovery scenario, if you wish to restore customer-specific settings, you can use both the configuration files (.ini files) and the binary configuration file. To restore customer-specific configuration settings from the binary file, use the command line tool hdbparam. If you do not want to restore the most recent version of the binary file, use hdbparam to check the individual parameter values and decide which version of the binary file to restore.
Backup Catalog
Figure 336: Monitoring Backups
The backup.log file records information about the data and log backups. Open backup.log and choose Diagnosis Files from the SAP HANA studio. The backup catalog provides information about the execution of backups and their history. It enables the system to do the following: • • •
410
Determine whether a recovery is possible Choose which data and log backup is used use to recover the database Determine which backup files are no longer needed
The backup catalog includes the following information: • • • • • • • • • •
Backups performed for a database The start and finish times of the backups Whether a backup is still running Whether a backup was successful or not Volumes that were backed up Log backups and what part of the log they contain Backup destinations and their sizes Whether the redo log history was interrupted The destination type An external backup ID
Figure 337: Backup Catalog
You can also monitor the backup catalog directly in the Backup editor on the Backup Catalog tab. The Backup Catalog tab displays a list of past backups. This list allows you to see the status of each catalog entry, as well as its key information, at a glance. To see the full details of a particular entry, select it in the list. Detailed information appears in the Backup Details area. This includes, for example, backup start and completion times, duration, size, throughput time, and a breakdown for each service. By default, only data backups are displayed. To see log backups, select the Show Log Backups checkbox.
The backup catalog is backed up and versioned after every completed backup operation. The backup catalog is written as a separate backup to the location where the log backups are stored. This allows the backup catalog to be accessed during a recovery. Even in situations such as when log_mode = overwrite is set, where logs are not written, the backup catalog is still backed up. The backup catalog is assigned a name in the following format:log_backup_0_0_0_0. In earlier versions, a backup of the backup catalog was written after each individual log backup of each service. Since there is only one backup catalog (service-independent), this could lead to a lot of pending backup requests for the backup catalog and thus block the release of log segments, e.g. in scale-out scenarios under heavy load. As of SPS09 SAP HANA only writes one backup of the backup catalog for concurrent log backups of different services by default. This means that the backup of the backup catalog covers all log backups that were written since the last backup of the backup catalog. The new behavior is enabled by default. To disable it, set the following database configuration parameter to “false”: global.ini → backup → enable_accumulated_catalog_backup.
Consistency check for data and log backups SAP HANA can check data and log backups for integrity using the hdbbackupcheck command line tool.
It is recommended to check backups, for example, after transfer to a different storage medium. Both backups to the file system and backups to a 3rd party backup tool via the Backint interface can be checked using hdbbackupcheck. hdbbackupcheck reads in the specified part of the backup, checks its meta data for correctness and consistency, and checks the content for any later changes. For more information see SAP Note 1869119 - Checking backups using hdbbackupcheck.
Performing Backups Using Scripts In addition to performing backup and recovery operations using the SAP HANA studio, you can also use SQL statements. The syntax for these statements is described in the SAP HANA Administration Guide. Theses SQL statements could be used to define scripts that trigger a database backup using SAP HANA backup functionality. An example of such a backup script is presented in SAP Note 1651055.
Hostname (the local host name of the database server. Do not use 'localhost'. Do not use the fully qualified (.) name.
SIDPATH **
/usr/sap/${SID}
The directory into which the binaries of the SAP HANA database system have been installed
INSTPATH **
${SIDPATH}/HDB${INSTANCE}
The directory containing the instance data of the SAP HANA database
(*) means that the parameter must be adjusted to your particular installation, (**) means that typically this parameter refers to a default setting of the SAP HANA database that is very unlikely to be changed in any database installation. Parameters must be specified as follows: • • • • •
= No space on either side of the ‘=’ operator The name of parameters must not be changed Case-sensitive Use ${} for parameters that reference other parameters
The backup script offers the following command line options: Command Line Options Name
414
Description
-h
Display usage information and exit (regardless of any other command line parameters given)
-t
Test mode: Do not create or delete backup files, that is, do not create data backup, do not create configuration file backup. Writes log messages into file ${SCRIPT_LOG}.
-q
Suppress wait time and information output (recommended in batch mode)
-d
Only create a data backup. Do not back up configuration files.
Only back up configuration files. Do not run a database backup.
-p
Add script parameterization and command line switches to the script log file
-Create backup files that do not contain the weekday as part of suffix= the name, but instead. Note: There must not be any white space on either side of the ‘=’ sign.
Backup Lifecycle Management Backup lifecycle management provides a framework to delete old data and log backups from the backup catalog only, or from the backup catalog and physically from the backup location. Backups can be deleted from the file system or from a connected 3rd party backup server via the Backint interface. This allows you to manage your backup storage space or to fulfill regulatory deletion requirements. The deletion functionality is available both in SAP HANA studio and on the command line using SQL commands.
Figure 340: Backup Lifecycle Management
There is an audit event that you can enable to create an entry in the audit trail whenever a backup is deleted using this function.
Lesson: Recovery Lesson Overview This lesson explains when it is necessary to recover SAP HANA und how you can do this.
Lesson Objectives After completing this lesson, you will be able to: •
Perform a database recovery
Business Example Due to a hardware error, the database cannot be started any more. After solving the hardware problem, you must perform a recovery of the database.
Recovery of a SAP HANA Database
Figure 341: Overview
Recovery Scenarios The steps to recover the database depend on the recovery scenario and the reason for the recovery. This section descibes some recovery scenarios. Data Area is Unusable
If the data area is unusable, and all the data changes after the last complete data backup are still available in the log backups and log area, the data from committed transactions that was in memory at the time of failure can be recovered. No commited data is lost. For recovery, the data backups, the log backups, and the log area are used. When the data backup has been successfully restored, the log entries from the log backups and the log area are automatically replayed. It is also possible to recover the database using an older data backup and log backups. All relevant log backups made after the data backup are needed for the recovery. More information: SAP Note 1705945 (Determining the files needed for a recovery) Log Area is Unusable If the log area is unusable, it is only possible to replay the log backups. As a consequence, any changes that were made after the most recent log backup will be lost. In addition, all the transactions that were open during the log backup will be rolled back. It is still possible to recover the database to a point in time within the existing log backups. For recovery, the data backups and the log backups are used. When the data backup has been successfully restored, the log entries from the log backups are automatically replayed. In the Recovery Wizard, you must specify the option Initialize log area to prevent the recovery of entries from the unusable log area. Logical Error – Point in Time Recovery To reset the database to a particular point in time, you need a data backup from before the point in time to recover to, the subsequent log backups, and the log area. All changes made after the recovery time will be lost. If you need to perform this recovery, consider recovering the database to a different system.
The following recovery types are available: (A) Recover the database to its most recent state: This option recovers the database to as close as possible to the current time. This recovery option uses the following data: • • •
The most recent data backup Log backups made since the most recent data backup Log area
(B) Recover the database to s specific point in time This recovery option uses the following data: • • •
The last data backup available before the specified point in time Log backups made since the data backup to be used Log area
(C) Recover the database to a specific data backup
The specified data backup Note: Log entries are not replayed, neither from the log backups nor from the log area. All log entries that still exist in the log area are deleted. Note: To recover the SAP HANA database, the database needs to be shut down. For this reason, during recovery, the database cannot be accessed by end users or applications.
To perform a SAP HANA database recovery, the following requirements must be met: •
The SAP HANA database software must be installed, so that an initial database exists. In a recovery situation, you can use the SAP HANA studio to restore customer-specific changes to this initial database. Note: If you want to restore customer-specific configuration settings, you can do this either before you restore the database and the log backups or at the end of the recovery.
•
•
• •
Ensure that the target system and the source system have identical configurations. The number and types of services (for example, index server) on each host must be identical for both system landscapes. At the beginning of a recovery, all the data and log backups to be used must be either accessible in the file system or available through the third-party backup tool. At least one data backup must be available before the recovery is started. To restore the database to a particular point in time, a data backup and all the log backups up to the point in time for recovery are needed (including the log backups made after the desired point in time of the recovery).
Constraints • •
2015
Recovery to a lower system release is not possible. If an error occurs during a recovery, the complete recovery must be repeated.
To recover a SAP HANA database perform the following steps: • •
Confirm that the system can be shut down Choose the recovery type
• • •
– Recover the database to its most recent state – Recover the database to a specified point in time – To a specified log position – To a specified data backup Specify the data and log backup directories Specify the relevant data backup The database is restarted automatically after the recovery
Recovery features Automatic checks for file system backups at the start of a recovery In addition to checking for missing backups at the start of a recovery, SAP HANA also automatically checks file system backups for corruption.
If a corruption is detected, for example size or backup ID do not match with the information that is recorded in the backup catalog, the recovery is not started and details are displayed in the recovery wizard and written to the backup log file. Note: The extended checks are executed for file system backups only. If a 3rd party backup tool is used, only the existence of the backups on the 3rd party backup server is verified. Progress reporting for a recovery shows the recovery process in detail After the initial collection of system information for the recovery, the recovery wizard shows the following phases (progress per service) •
Phase 1: Data recovery using data backup or snapshot
•
Phase 2: Log recovery using log backups and/or log that is still available in the log area
•
Phase 3: Restart
Check whether recovery can be executed with the available backups An option to check whether you can reach a specified recovery target with the available backups has been added to the hdbbackupdiag command line tool. Checks that can be performed using hdbbackupdiag: • •
All necessary backups are available and can be accessed For file system backups: – – – –
•
File exists at the original location or at a location that has been specified The current operating system user has read privileges for the file File size matches the size information from the file header The backup ID in the file matches with the backup ID recorded in the backup catalog For backups written to a 3rd party backup tool: –
Backup is available in the 3rd party backup tool Note: hdbbackupdiag does not check the backup content for consistency (use hdbbackupcheck).
For more information see SAP Note 1873247: Checking recoverability with hdbbackupdiag --check.
Performing Recovery using the Command Line Tool SQL statements for recovery cannot be executed using the normal SQL clients such as hdbsql and cannot be executed when the database is online. For this reason, the Python script recoverSys.py is used to pass SQL statements to SAP HANA. Performing Recovery using the Command Line Tool 1. 2. 3.
424
The administrator calls the script with the required parameters, thus specifying recovery target time, recovery type and further options The script stops the SAP HANA database, prepares and executes the recovery After the master name server of the SAP HANA database started successfully, the script terminates.Note: At this point, the recovery is not complete yet. We recommend to call the script using the --wait option, which will ensure that the script waits until the recovery has finished.
Exercise 13: Backup and Recovery Exercise Objectives After completing this exercise, you will be able to: • Check the backup parameters • Estimate the size of a backup • Perform a regular backup • Configure the parameters for a log backup • Recover the database after a file system crash
Business Example Task 1: Check the location of the directory for the data backups and the log backups. Ensure that sufficient free space for the backup files is available. Therefore, estimate the amount of free space that will be needed in the backup directory. 1.
Check the location of the directory for the data backups.
2.
Perform an estimation of the size of a backup.
Task 2: The next step is to check the parameter settings which control the log backup behavior (log_mode and enable_auto_log_backup). 1.
Check the parameter settings which control the log backup behavior.
Task 3: After the preparation steps, perform a data backup of your HANA database and check the size of the backup in the file system. 1.
Task 4: Open the backup.log file to retrieve information about the data and the log backups. Information about the execution of backups and their history is provided by the backup catalog. You could use the monitoring views M_BACKUP_CATALOG and M_BACKUP_CATALOG_FILES to display information about the backup catalog. This information is also provided by the Backup Console. Find out the backup_id of your complete data backup and determine the names of the backup files and their size. 1.
Open the backup.log file to retrieve information about the data and the log backups.
2.
Find out the backup_id of your complete data backup.
3.
Determine the names of the backup files and their size.
Task 5: Simulate a file system crash and recover the database to its most recent state.
426
1.
Simulate a file system crash by deleting one of the data volumes. For this, you can delete the content of the directory /hana/data/SHS/mnt00001/hdb00003.
2.
Recover the database to its most recent state. When the recovery is complete, the system is online.
Solution 13: Backup and Recovery Task 1: Check the location of the directory for the data backups and the log backups. Ensure that sufficient free space for the backup files is available. Therefore, estimate the amount of free space that will be needed in the backup directory. 1.
Check the location of the directory for the data backups. a)
Open the Administration View in SAP HANA studio.
b)
Select the Configuration Tab.
c)
The data backup files are written to the location specified by the parameter basepath_databackup in the persistence section of the global.ini configuration file. By default, the location for data backup files is $(DIR_INSTANCE)/backup/data.
d)
The log backup files are written to the location specified by the parameter basepath_logbackup in the persistence section of the global.ini configuration file. By default, the location for log backup files is $(DIR_INSTANCE)/backup/log.
e)
As an alternative, you can use the Backup Console to get this information. Open the tree for user SYSTEM in the Navigator view and double-click the Backup folder. Select the Configuration tab in the Backup Console.
2.
Perform an estimation of the size of a backup. a)
Perform an estimation of the size of a backup.
b)
Open the SQL Editor in SAP HANA studio.
c)
To estimate the size of the next complete data backup, you can use the following command: select sum(allocated_page_size) from M_CONVERTER_STATISTICS
d)
The result is a single value that gives the sum of the sizes of all services in bytes. The size may differ between the SELECT statement and DATA BACKUP execution. For this reason, it is advisable to include a reserve of free space.
Task 2: The next step is to check the parameter settings which control the log backup behavior (log_mode and enable_auto_log_backup). 1.
Check the parameter settings which control the log backup behavior. a)
Open the Administration view in SAP HANA studio. Select the Configuration tab.
b)
The parameters that control the log backup behavior are located in the persistence section of the global.ini configuration file. The correct parameter settings to perform log backups are: log_mode = normal and enable_auto_log_backup = yes
c)
These parameter settings manage that log backups are created on a continuous basis.
d)
As an alternative, you can use the Backup Console to get this information. Open the tree for user SYSTEM in the Navigator view and double-click the Backup folder. Select the Configuration tab in the Backup Console.
Task 3: After the preparation steps, perform a data backup of your HANA database and check the size of the backup in the file system. 1.
Perform a data backup of your HANA database. a)
In the Navigator view of in SAP HANA studio, select the database (database user SYSTEM) for which you want to start a backup.
b)
From the context menu, choose Backup and Recovery → Back Up System.
c)
Then you could specify the location (directory) and the backup file prefix to use. (Use the default settings.)
d)
When all the settings are correct, choose Next and Finish. The backup then starts.
e)
The progress of the backup is shown for all types of services (for example, the statistics server, name server, and index servers).
f)
When all the volumes have been backed up, a confirmation message is displayed.
Check that the backup has finished successfully. a)
Choose Open log file in the view Backup Execution Summary.
b)
Now you can close the view Backup Execution Summary.
c)
Then, the log file is displayed in the SAP HANA studio. In the log file, check that the backup has finished successfully.
Check the size of the backup in the file system a)
Log on to the HANA system on OS-level using telnet.
b)
Open a telnet session: Start → Programs → Putty → putty.exe.
c)
If you get a security alert, confirm with Yes.
d)
Enter the password of the OS-User shsadm.
e)
Navigate to the backup directory: cd /usr/sap/SHS/HDB00/backup/data.
f)
Determine the size of the backup files and the backup directory using the command: ls -lh.
g)
Compare this result with the estimation you performed in the first task, second step.
Task 4: Open the backup.log file to retrieve information about the data and the log backups. Information about the execution of backups and their history is provided by the backup catalog. You could use the monitoring views M_BACKUP_CATALOG and M_BACKUP_CATALOG_FILES to display information about the backup catalog. This information is also provided by the Backup Console. Find out the backup_id of your complete data backup and determine the names of the backup files and their size. 1.
Open the backup.log file to retrieve information about the data and the log backups. a)
Find out the backup_id of your complete data backup. a)
Open the SQL Editor in SAP HANA studio.
b)
To find the backup_id of your complete data backup, query the monitoring view M_BACKUP_CATALOG: select * from M_BACKUP_CATALOG
c) 3.
Identify your backup according to the starting time in the field SYS_START_TIME.
Determine the names of the backup files and their size. a)
Open the SQL Editor in SAP HANA studio.
b)
To find the names of the backup files and their size, query the monitoring view M_BACKUP_CATALOG_FILES: select * from M_BACKUP_CATALOG_FILES where BACKUP_ID =’’
c)
You find the information about the names of the backup files and their size in the fields BACKUP_SIZE and DESTINATION_PATH.
d)
As an alternative, you can use the Backup Console to get this information. Open the tree for user SYSTEM in the Navigator view and double-click the Backup folder. Select the Backup Catalog in the Backup Console.
Task 5: Simulate a file system crash and recover the database to its most recent state. 1.
Simulate a file system crash by deleting one of the data volumes. For this, you can delete the content of the directory /hana/data/SHS/mnt00001/hdb00003. a)
Log on to the HANA system on OS-level using telnet.
b)
Open a telnet session: Start → Programs → Putty → putty.exe.
c)
If you get a security alert, confirm with Yes.
d)
Enter the password of the OS-User shsadm.
e)
Navigate to the directory containing the data volumes: cd /hana/data/SHS/mnt00001
f)
Display the content of this directory: ls –lh.
g)
The data volumes are located in the subdirectories hdb0000X.
h)
Delete the subdirectory hdb00003: rm –rf hdb00003. Continued on next page
Recover the database to its most recent state. When the recovery is complete, the system is online. a)
In the Navigator view in SAP HANA Studio, select the database (database user SYSTEM) for which you want to start a recovery. Open the context menu and choose Backup and Recovery → Recover System.
b)
A dialog box is displayed, requesting that you confirm that the system can be shut down for the recovery. Confirm and choose OK.
c)
A dialog box is displayed, requesting you to enter user name and password for adm. Enter user shsadm and the respective password and choose Next.
d)
Specify the recovery type: “Recover the database to its most recent state”. Choose Next.
e)
Specify the locations of the data and log backup files if they are not in the default location. Choose Next. The next screen gives an overview of data backups that where recorded in the backup catalog as successful. Select your backup and choose Next.
f)
A dialog box “Other Settings” is displayed, requesting you to install a new license. This is only needed when you recover from a different system. Keep the default settings and choose Next.
g)
A summary of the selected recovery options is displayed.
h)
If the settings are correct, choose Finish.
i)
The recovery is then started. The progress of the recovery is displayed in the Recovery Progress Information screen. When the recovery is complete, the system is online.
Lesson: Backup and Recovery using Storage Snapshot
Lesson: Backup and Recovery using Storage Snapshot Lesson Overview This lesson gives a short overview on performing backup and recovery using a storage snapshot.
Lesson Objectives After completing this lesson, you will be able to: •
Explain the concept of backup and recovery using a storage snapshot
Business Example You have to perform backups for the SAP HANA database. Therefore, you need to know how storage snapshots are integrated in the backup concept.
Storage Snapshots Storage snapshots created by tools provided from the storage hardware vendor offer an additional option to safeguard the SAP HANA data area. A storage snapshot captures the content of the SAP HANA data area at a particular point in time, and has a consistent database state. Note: A database snapshot is used to create a storage snapshot. A database snapshot provides a read-only view of the database with a consistent state at the point in time that the snapshot was created. The consistent database state is ensured for both single-disk and multiple-disk systems. As with the data backup types supported by SAP HANA (File or Backint), a storage snapshot is created while the SAP HANA database is running. Whereas a data backup is written to a separate storage location, a storage snapshot needs to be manually stored in a location that is physically separate from the SAP HANA data area. Note: When a storage snapshot is created, the integrity of the data is not checked. For this reason, it is strongly recommended to combine your use of storage snapshots with data backups (File or Backint), for which the data integrity is checked automatically.
A SAP HANA database can be recovered in a single procedure, either using a storage snapshot, or using a storage snapshot in combination with log backups. Log backups can be replayed after the database has been recovered with a storage snapshot.
Creation of Storage Snapshots SAP HANA supports the creation of storage snapshots, which can later be used for SAP HANA recovery. There is a loose coupling between SAP HANA and the storage tool: storage snapshots are recorded in the SAP HANA backup catalog.
Figure 345: Creating a Storage Snapshot
Creating a snapshot: 1. 2. 3.
Using SAP HANA studio, prepare the database for the storage snapshot. Technically, this creates an internal data snapshot. Using the storage tool, create a storage snapshot of the SAP HANA data area In SAP HANA studio, confirm the storage snapshot as successful. An entry including the external backup ID is written to the backup catalog
The SAP HANA database automatically deletes the internal snapshot from SAP HANA data area after it has been either confirmed or abandoned.
Lesson: Backup and Recovery using Storage Snapshot
Figure 346: Creating a Storage Snapshot in SAP HANA Studio
Alternatively, you can use the SQL commands to create a storage snapshot and to confirm the successful storage snapshot and enter the external snapshot ID : BACKUP DATA CREATE SNAPSHOT COMMENT snapshot_test’
BACKUP DATA CLOSE SNAPSHOT BACKUP_ID 3456789 SUCCESSFUL 'storage_i Details on creating storage snapshots using SQL commands are covered in the SAP HANA Administration Guide. Prepared storage snapshots should only exist for a short time (until the storage snapshot was executed using the storage tool). When a storage snapshot was prepared but not confirmed for a longer period of time an alert occurs (for details see SAP Note 1991615).
Recovery using a Storage Snapshot Recovery using a snapshot: 1. 2.
Using the storage tool, transfer the storage snapshot to the data area of the SAP HANA database Using SAP HANA studio, recover the database using the storage snapshot as basis (available in the recovery wizard) Note: Note: All recovery options are available, including point-in-time recovery using log backups/log from the log area. Note: Note: You can also call up the recovery wizard before transferring the storage snapshot to the data area of SAP HANA. In that case, the recovery wizard will show all storage snapshots recorded in the SAP HANA backup catalog, and you can decide which one to transfer to the data area of SAP HANA.
After the recovery, SAP HANA automatically deletes the internal data snapshot from the data area (which was contained in the transferred storage snapshot).
Lesson: Database Copy Lesson Overview This lesson describes how you can clone the database.
Lesson Objectives After completing this lesson, you will be able to: •
Explain the scenarios for a database copy
Business Example To set up a three-system landscape you have to clone your SAP HANA database.
Backup Based Database Copy You can create a homogenous copy of a database by recovering an existing source database backup to a different but compatible target database. The source database backup consists of data backup files and the log backup files. A homogenous database copy is a quick way to set up cloned systems for training, testing, and development. For this reason, it can significantly reduce total cost of delivery (TCD). You can copy a database in two ways: •
The first one you can using both the data backups or storage snapshots and the log backups of the source system. This allows you to restore the database to a point in time after the data backup or storage snapshot was created. > This allows you to restore the database to a point in time after the data backup or
•
Using only data backups or storage snapshots. This restores the content exactly as of the point in time at which a data backup or storage snapshot was. > This restores the content exactly as of the point in time of the data backup or storage snapshot
A database copy is possible using file-based backups and with SPS09 also for database copies using a 3rd party backup tool. A database backup of the source system is available. The version of the target system is the same or higher than the source system. The target system has sufficient disk space and memory. The target system configuration is usable for the recovery of the source system. Customer-specific changes can be manually applied to the target system. Ensure that a license key file is available for the target database.
Procedure • • •
Create the target database (new installation). Copy the required backups to the target database backup folder (using operating system commands). Recover the target database to the desired point in time.
The procedure is described in detail in the SAP HANA Administration Guide. As of revision 28, SAP HANA supports database copies using backup and recovery. Here, the SAP HANA database must be recovered to a new installation with the same number of volumes or services or hosts. As of revision 40, a backup of a multiple-host system can be recovered to a single-host system.
As of SAP HANA SPS 06, you can copy a scale-out SAP HANA database with m nodes to SAP HANA database with n nodes (m > n). This functionality is needed, for example, when you want to use a copy of your production system for tests on a smaller QA system. Note: If the target system has less resources, for example, less CPU and RAM, performance cannot be expected to be the same as in the source system.
Figure 348: Database Copy from System with m Modes to a System with n Nodes
Steps to perform • •
•
Create a data backup of the source database. In the target database, configure (m-n) additional index servers to match the source system configuration (.ini file parameter). You can choose for yourself how you want to distribute these index servers across the available nodes. Recover the data backup of the source database into the target database. Note: Before the recovery is executed on the target system, SAP HANA will check whether it has been configured appropriately.
All steps above can be performed using SAP HANA studio. Current limitations: Copies from n nodes → m nodes not supported yet. Note: Further information see SAP-Note 1749467 – Copying SAP HANA From a Multiple- to a Single-Host
The SAP HANA database provides the capability to clone an entire database while online. Cloning is done using the underlying storage system. For consistency, a database-wide snapshot of the data area is used, similar to the procedure for data backup. After the database has been cloned, the snapshot is removed from the source database. The snapshot in the cloned database is restored during the first restart. Prerequisite Source and target database both use storage systems Procedure • • • • •
During online operation of the source database, create an internal database snapshot. Using the storage system, copy the whole source database (data area including internal database snapshot, log area, database software). In the source database, remove the internal database snapshot. Rename the target database using an on-site configuration tool. Start the target database using the internal database snapshot.
While the source database is offline, create a filer snapshot of the database This leads to two databases with the same name. Rename the copy using the hdbrename utility (located in /usr/sap//SYS/global/hdb/install/bin/). The target database is automatically restarted. Restart the source database.
Unit Summary You should now be able to: • Explain the concept of backup and recovery • Perform a data area backup • Estimate the size of a backup • Configure a log area backup • Use the backup catalog to get Information about backups • Perform backups using scripts • Perform a database recovery • Explain the concept of backup and recovery using a storage snapshot • Explain the scenarios for a database copy
Unit 9 Monitoring and Troubleshooting Unit Overview This unit discusses the following topics: • • • • • • •
Detailed view of the functionality of the SAP HANA studio Debugging Important files Remote support SAP EarlyWatch Alert Working with diagnose files Configuring traces
Unit Objectives After completing this unit, you will be able to: • • • • • • • • • • • • •
Activate the trace function Check the trace files Open diagnosis files for analysis Delete/merge files Download files Collect and download diagnosis information Use the SQL console successfully Analyze SQL execution with the plan explanation Analyze SQL execution with the Plan Visualizer Analyze SQL execution with the SQL plan cache Know how SAP HANA is integrated in SAP Solution Manager Establish a remote service connection for SAP HANA Set up an EarlyWatch Alert for SAP HANA
Unit Contents Lesson: Configuring Traces ...................................................447
Various traces are available for obtaining detailed information about the actions of the database system. You can activate and configure traces on the Trace Configuration tab of the Administration editor. Different configuration options are available for each trace. Note: To be able to configure traces, you must have the system privilege TRACE ADMIN. To configure the kernel profiler, you must have the SAP_INTERNAL_HANA_SUPPORT standard role. •
Database trace (including user-specific and end-to-end database traces) The database trace records information about activity in the components of the SAP HANA database. You can use this information to analyze performance and to diagnose and debug errors. Each service of the SAP HANA database writes to its own trace file. By default, the database trace is active with default trace level ERROR.
•
SQL trace The SQL trace collects information about all executed SQL statements and saves it as an executable python program. This is good for recording a scenario. By default, the SQL trace is inactive.
•
Expensive statements trace Expensive statements are individual SQL queries whose execution time was above a configured threshold. The expensive statements trace records information about these statements for further analysis. By default, the expensive statements trace is inactive.
•
Performance trace The performance trace is a performance tracing tool built into the SAP HANA database. It records performance indicators for individual query processing steps in the database kernel. By default, the performance trace is inactive. Caution: The performance trace is a tool for experts. To interpret the information collected, you require a deep understanding of the system component being analyzed.
•
Plan trace With the Plan trace you can visualize and analyze the execution plans for every query that has been executed in the specified application.
The kernel profiler is a sampling profiler built into the SAP HANA database. It collects, for example, information about frequent and/or expensive paths during query processing. By default, the kernel profiler is inactive. Note: Only SAP development support has the technical expertise required to interpret the information collected by the performance trace and the kernel profiler. Table: Trace with default configuration status
In the JDBC trace, select Enable trace. Note: There is now a warning decorator and tooltip when the JDBC trace is activated. A message is also shown on the administration overview screen.
Figure 353: JDBC Trace Activation
Figure 354: Tracing Enhancements with SAP HANA SPS07
With SAP HANA SPS07 the trace configuration dialog was enhanced so that conflicts between different configuration layers are indicated.
Check Trace Files In case of problems with the database, log and trace files can be checked for errors. These diagnosis files are available in the studio on the tab page Diagnosis Files of the Administration editor. For more information, refer to the section Working with Diagnosis Files in this unit. To display a diagnosis file, choose Open in the context menu of the list or just double-click the entry of the respective log file.
Figure 355: Opening a Trace File
Note: Configuring Trace file Rotation Trace file rotation prevents trace files from growing indefinitely by limiting the size and number of trace files. You can configure trace file rotation globally for all services in the system and for individual services. For more information, refer to the SAP HANA Administration Guide.
Exercise 14: Configuring SAP HANA Traces Exercise Objectives After completing this exercise, you will be able to: • Activate and deactivate the SQL trace • Open the trace file for analysis • Trace and analyze expensive statements
Business Example As an SAP HANA system administrator, you have to activate the traces for issue analyses.
Task 1: Activate the SQL trace 1.
Open SAP HANA studio
2.
Go to Trace Configuration
3.
Activate SQL trace Note: For a specific DB user, enter the user name in the Database user. Hint: Execute a SQL statement to capture some trace information. Hint: Sample SQL: select * from “PUBLIC”.“M_CS_TABLES”
Solution 14: Configuring SAP HANA Traces Task 1: Activate the SQL trace 1.
2.
Open SAP HANA studio a)
From the WTS, click Start → All Programs → SAP HANA → SAP HANA Studio.
b)
Double-click the system from the left panel.
Go to Trace Configuration Select the Trace Configuration tab.
a) 3.
Activate SQL trace Note: For a specific DB user, enter the user name in the Database user. Hint: Execute a SQL statement to capture some trace information. Hint: Sample SQL: select * from “PUBLIC”.“M_CS_TABLES” a)
Execute expensive SQL statement and view the trace file. a)
Navigate to Administration Console, system connection for user SYSTEM.
b)
Find the SAP_HANA_DEMO schema in the Catalog folder.
c)
In the SAP_HANA_DEMO schema folder, find the folder Tables, and select Filters from the context menu.
d)
Enter the following in Filter for Column Views: Item_Part
3.
e)
From the context menu of table SAP_HANA_DEMO.EPM.PO.Item_Part, select Generate → Select Statement. The SQL Editor opens and the select statement is displayed
f)
In the SQL Editor choose Execute (F8).
g)
Close the SQL editor.
Analyze the expensive SQL statements trace. a)
Navigate to the database connection of user SYSTEM and in the context menu select Configuration and Monitoring → Open Administration → Performance → Expensive Statements Trace.
b)
In the Filter window enter Item_Part
2015
c)
Verify the SQL statement in the STATEMENT_STRING column.
d)
From the context menu of the first row, choose Visualize Plan.
e)
On the display, click the black arrow on the top right of the Column Search block. From the context menu in the Project area inside the Column Search block, choose Execute.
f)
In the Executed tab find the Most Dominant Operator.
g)
Return to Administration view of the user SYSTEM and select Trace Configuration → Expensive Statements Trace.
h)
Click the Edit Configuration icon to the right of Expensive Statements Trace. Set the trace status to Inactive.
Lesson: Working with Diagnosis Informations and Diagnosis Files
Lesson: Working with Diagnosis Informations and Diagnosis Files Lesson Overview This lesson shows how to deal with SAP HANA diagnosis files.
Lesson Objectives After completing this lesson, you will be able to: • • • •
Open diagnosis files for analysis Delete/merge files Download files Collect and download diagnosis information
Business Example When there is an issue in the system, you, as a HANA system administrator, need to analyze diagnosis files for issue resolution. When receiving support from SAP, you as a HANA administrator should be able to send the diagnosis files to SAP. The configuration files must be backed up periodically along with the database backup.
Working with Diagnosis Files in SAP HANA Studio Diagnosis files include log and trace files, as well as a mixture of other diagnosis, error, and information files. In the event of problems with the SAP HANA database, you can check these diagnosis files for errors. You can also filter, merge, delete, and download diagnosis files. You can access the diagnosis files on the Diagnosis Files tab of the Administration editor. They are stored by default in the following location: /usr/sap//HDB//trace To be able to view diagnosis files and delete trace files, you must have the system privilege TRACE ADMIN.
Lesson: Working with Diagnosis Informations and Diagnosis Files
To display a file in the list, right-click it and choose Open, or double-click the file. The Show Start of File and Show End of File buttons help you to navigate particularly large files more easily. You can specify how many lines you want to see when you filter the file in this way. Note: Depending on the type of data in the diagnosis file, the number of lines actually displayed may be less than or greater than specified. This is because the data in some diagnosis files is fetched in bytes and the number of bytes per line varies. Note: Crash dump files have a hyperlinked table of contents. To see the hyperlinks, press the CTRL key as you move your mouse over the entries.
The .gz (zipped) file is automatically downloaded to the local computer (SAP HANA studio workspace) The last 1000 lines are displayed by default. “Download File” in the Log File editor writes this local copy to another directory. The local copy is deleted automatically after closing the Log File editor.
You can merge the diagnosis files listed on the Diagnosis Files tab by choosing Choose Merge Files... Note: This feature is helpful during troubleshooting because it allows you to review multiple diagnosis files of different types at the same time. The merged file is created from the most recent diagnosis files. Once the file has been created, you can use the filtering options and timeframe slider to drill down and analyze further. Caution: Merging diagnosis files can take a long time depending on the size and number of files to be merged. Compress files If you need to download a diagnosis file (for example, to send it to SAP Support), you can compress it first on the server. This is useful for large diagnosis files and/or slow connections. To compress a file, right-click it and choose Compress. After compression, the file has the file format *.zip. You can select multiple files to compress.
Lesson: Working with Diagnosis Informations and Diagnosis Files
Figure 360: Compressing and Deleting Diagnosis Files
Delete files •
Delete log files and other non-trace files (for example, *.log, *.tpt, *.py) –
•
You can delete one or more individual files from the list by selecting the file(s) in question and in the context menu, choosing Delete. Delete trace files (*.trc)
–
You can delete trace files in the same way as other diagnosis files by right-clicking them and choosing Delete. Note: The file may not actually be deleted. If a running service is currently writing to the file, it cannot be deleted. If this is the case, the file disappears from the list in the SAP HANA studio and is hidden in the file system at operating system level. As long as a service is still writing to the file, it still exists and consumes disk space. Once the file reaches its maximum size, the system stops writing to it and creates a new trace file. When the file is physically deleted depends on how trace file rotation is configured.
–
You can batch delete trace files, for example all the trace files of a specific service, by choosing Delete Trace Files... and making the required selection. Note: If the trace files are open, it is not possible to delete the trace files. In this case, the contents of the files are cleared but the file still exists and its size is reduced.
Lesson: Working with Diagnosis Informations and Diagnosis Files
Collecting and Downloading Diagnosis Information Extended support information script To analyze and diagnose problems with the system, you can collect diagnosis information into a zip file, which you can then download and attach to a support message. The script was extended to • • •
Collect diagnosis information through the execution of a SQL procedure Collect diagnosis information through the execution of a Python script Download and delete collected diagnosis information
When you trigger the collection of diagnosis information, the system collects the relevant information by executing the Python script fullSystemInfoDump.py. You can execute this script either using an SQL procedure or directly if no SQL connection is available to the database. Even if an SQL connection is available, it may be desirable to execute the Python script directly if using the SQL procedure would overload the system.
Figure 363: Collecting Diagnosis Information Using SAP HANA Studio
Procedure for Collecting Diagnosis Information with SAP HANA Studio: • •
In the Administration Editor choose Diagnosis Files tab. Choose Diagnosis Information → Collect (Python Script) or Collect (SQL Procedure) Note: If there is no SQL connection, Collect (Python Script) is the only option available.
• •
Specify the scope of information to be collected (all diagnosis information for a specified number of days/runtime information dump file only) After having waited for the system to collect the relevant information, the zip file appears in the list with the other diagnosis files
Lesson: Working with Diagnosis Informations and Diagnosis Files
Figure 365: Set Diagnosis Period
Hint: The information collected varies slightly depending on whether you execute the Python script directly or the SQL procedure. Procedure for Collecting Diagnosis Information from the Command Line: The fullSystemInfoDump.py script is part of the server installation and can be run from the command line. It is located in the directory $DIR_INSTANCE/exe/python_support.
Figure 366: Collecting Diagnosis Information Using the Command Line
Start the script from its location with the command: python fullSystemInfoDump.py
Trace FIles Each of the following trace files is put into a file with the same name as the trace file. For storage reasons, only the trace files from the last 7 days are collected unabridged. From older trace files, only the most recent 10,000 lines are collected.
Figure 367: Trace Files
Configuration Files All configuration parameters are logically grouped and stored in an ini file.
Figure 368: Configuration Files
Database System Log Files The following backup log files are collected unabridged: • •
Lesson: Working with Diagnosis Informations and Diagnosis Files
For each index server, a runtime dump containing information about threads, stack contexts, and so on is created and stored in the file indexserver___runtimedump.trc. These files are stored unabridged. Additional Information Collected If SQL Connection Is Available All rows of the following system tables and Monitoring views are exported to a CSV file with the name of the table: • • • • • • • • • • • • • • • • •
SYS.M_INIFILE_CONNECTIONS with CONNECTION_ID > 0 SYS.M_DATABASE_HISTORY SYS.M_INIFILE_CONTENTS SYS.M_LANDSCAPE_HOST_CONFIGURATION SYS.M_SERVICE_STATISTICS SYS.M_SERVICE_THREADS SYS.M_SYSTEM_OVERVIEW SYS.M_TABLE_LOCATIONS SYS.M_TABLE_LOCKS SYS.M_TABLE_TRANSACTIONS _SYS_STATISTICS.STATISTICS_ALERT_INFORMATION _SYS_STATISTICS.STATISTICS_ALERT_LAST_CHECK_INFORMATION _SYS_STATISTICS.STATISTICS_ALERTS _SYS_STATISTICS.STATISTICS_INTERVAL_INFORMATION _SYS_STATISTICS.STATISTICS_LASTVALUES _SYS_STATISTICS.STATISTICS_STATE _SYS_STATISTICS.STATISTICS_VERSION Note: The first 2,000 rows of all remaining tables in schema _SYS_STATISTICS are exported ordered by column SNAPSHOT_ID.
Additional Information Collected If SQL Connection is not available All available topology information is exported to a file named topology.txt. It contains information about the host topology in a tree-like structure. The keys are grouped using brackets while the corresponding values are referenced by the symbol ==>. The following screen shows the content of the topology.txt file as an example.
Lesson: Working with Diagnosis Informations and Diagnosis Files
Figure 371: Information for Cancel Status
Canceling an idle session is currently not possible! CANCEL command can only affect running sessions, IDLE (CANCEL REQUESTED) is mostly to show the internal status of cancel requested by someone. When the next execution request arrives, that flag will be cleared.
Lesson: Working with Diagnosis Informations and Diagnosis Files
Exercise 15: Working with Diagnosis Files Exercise Objectives After completing this exercise, you will be able to: • Work with the Diagnosis Files tab in SAP HANA Studio • Use filter within diagnosis files • Download diagnosis files • Delete diagnosis files
Business Example You want to find and display the content of diagnosis files for issue analysis.
Task 1: Find the trace file of the SQL trace (last exercise) 1.
Lesson: Working with Diagnosis Informations and Diagnosis Files
Exercise 16: Collecting Diagnosis Information Exercise Objectives After completing this exercise, you will be able to: • Collect diagnosis information using SAP HANA studio • Collect diagnosis information using the command line
Business Example To analyze and resolve issues with the system, you want to collect diagnosis information into a zip file, which you can then download and attach to a support message.
Task: Collect diagnosis information using SAP HANA studio
2015
1.
Open the Administration Console of SAP HANA studio
2.
Navigate to the Diagnosis Files tab
3.
Trigger the collection of diagnosis information
4.
Verify data collection by displaying the list of diagnosis information
Lesson: Working with Diagnosis Informations and Diagnosis Files
Lesson Summary You should now be able to: • Open diagnosis files for analysis • Delete/merge files • Download files • Collect and download diagnosis information
Lesson: SQL Console Lesson Overview The lesson briefly describes the following topics: Executing SQL statements in the SAP HANA studio Query analysis features Plan Visualizer: graphical representation of the query
Lesson Objectives After completing this lesson, you will be able to: •
Use the SQL console successfully
Business Example
Figure 372: Executing SQL Statements in the SAP HANA Studio
Any SQL statement can be executed in the SQL editor. For SELECT statements, the explain plan can be generated, This option is available in the context menu. Multiple SQL statements can be entered – separated by the configured separator character – and are then executed one after the other. The connection of the SQL editor can be changed to a different system/user – thus providing the possibility to run the same statements on a different database. Of course, the used tables have to exist in that database as well.
Note: Execution time is given as a pair of values: “self” (the execution time of the node), and “Inclusive” (the execution time including the descendent nodes. If the query used the SAP HANA Column Engine, you can view the details of the various database operations by choosing Visualize Column Plan in the context menu. A detailed graphic is displayed. This graphic is a very powerful tool for studying performance of queries on SAP HANA databases. You can explore the graphic further, for example, you can expand, collapse, or rearrange nodes on the screen. You can also save the graphic as an image or XML file, for example, so you can submit it as part of a support query.
The view supports: display of various KPIs, e.g.: execution time, CPU time setting of filters along all the columns KPIs display of the number of operators within the filtered set (top left corner) immediate aggregated information (max, min, sum, ...)
In the Admin editor of SAP HANA Studio on tab Performance -> SQL Plan Cache the stored parameter set is used when you choose “Visualize Plan” or “Prepare in SQL Console” If a statement is evicted from the SQL plan cache, its parameter information will be removed from the M_SQL_PLAN_CACHE_PARAMETERS view too. Additionally monitoring view M_SQL_PLAN_CACHE_PARAMETERS_FOR_STATISTICSSERVER_RESET_ can be used to reset the parameter list and to get e.g. hourly statistics . In combination with M_SQL_PLAN_CACHE_STATISTICSERVER_RESET: . plan_cache_parameter_for_batch_enabled: currently, plan cache captures the first parameter set of batch execution to reduce performance drop. This configuration has to be turned on to capture all parameter sets of batch execution.
Lesson: Query Analysis Lesson Overview In this lesson, you will learn how to analyze queries using the functions in the SAP HANA studio.
Lesson Objectives After completing this lesson, you will be able to: • • •
Analyze SQL execution with the plan explanation Analyze SQL execution with the Plan Visualizer Analyze SQL execution with the SQL plan cache
Business Example There is a performance issue with an expensive SQL statement. You want to analyze the query with the SAP HANA studio. Analyzing SQL Execution with the Plan Explanation You can generate a plan explanation for any SQL statement in the SQL console. You can use this to evaluate the execution plan that the SAP HANA database follows to execute a SQL statement.
Figure 379: Generating an Explain Plan from SQL Console
Analyzing SQL Execution with the Plan Visualizer To help you understand and analyze the execution plan of a SQL statement, you can generate a graphical view of the execution plan. Visualize the explain plan of the SQL statement in one of the following ways: • •
486
Enter the statement in the SQL console and choose Visualize Plan in the context menu. On the SQL Plan Cache tab or the Expensive Statements Trace tab of the Performance tab, right-click the statement and choose Visualize Plan.
Analyzing SQL Execution with the SQL Plan Cache The SQL plan cache collects statistics on the preparation and execution of SQL statements. Hence, it is an important tool for understanding and analyzing SQL processing. You can access the SQL plan cache in the Administration editor on the Performance tab. The two monitoring views associated with the SQL plan cache are M_SQL_PLAN_CACHE and M_SQL_PLAN_CACHE_OVERVIEW in the _SYS_STATISTICS schema. Useful filtering columns
488
Column
Description
TOTAL_EXECUTION_TIME
The total time spent for all executions of a plan, This helps to identify which statements are dominant in terms of time.
AVG_EXECUTION_TIME
The average time it takes to execute a plan execution. This can help you identify long-running SQL statements.
The number of times a plan has been executed. This can help you identify SQL statements that are executed more frequently than expected.
TOTAL_LOCK_WAIT_COUNT
The total number of waiting locks. This can help you identify SQL statements with high lock contention.
USER_NAME
The name of the user who prepared the plan and therefore where the SQL orginated (ABAP/indexserver/statistics server)
Improved navigation for blocking situations to provide a meaningful and clear structure for analysis The Threads subtab shows a list of all currently active threads with the Group and Sort filter applied. The THREAD_STATE reveals the execution state of a thread, for example, if it is currently running, sleeping, or blocked. This is helpful to understand the current load on the database and can help to identify blocking situations. CPU_TIME_SELF and _CUMULATIVE shows the CPU time a thread spent for its current operation, _CUMULATIVE includes the CPU time of all subthreads. The current TRANSACTION_ID column shows the transaction id of the connection a thread is working for. However, this can be different from the transaction the thread is executing itself. The Blocked Transaction subtab displays the blocked threads and the corresponding user transaction in the blocking information popup window.
In distributed SAP HANA systems, tables and table partitions are located on multiple hosts. The execution of requests received from database clients may potentially have to be executed on multiple hosts, depending on where the requested data is located. •
•
Statement routing is not enabled – Requests from the database client are executed on the contacted index server (in this case the master index server) and the required data is fetched from the index server on the relevant host(s). Statement routing is enabled – Request execution is routed directly to the host on which the required data is located after initial query compilation.
Figure 384: Execution in a Distributed System
Note: Execution time should be better with statement routing enabled. Statement routing is controlled by the client_distribution_mode parameter in the indexserver.ini file. It is enabled by default (value = statement).
Exercise 17: Query Analysis Exercise Objectives After completing this exercise, you will be able to: • Use the SQL plan cache function for issue analysis • Visualize the plan of a query
Business Example When facing a performance issue in the system, especially SQL performance, it is necessary to use the SQL plan cache function for analysis.
Task 1:
Figure 385: Assistance for 3a Here you find the Configure viewer
Find the query in the current system that took the longest execution time. 1.
Lesson Summary You should now be able to: • Analyze SQL execution with the plan explanation • Analyze SQL execution with the Plan Visualizer • Analyze SQL execution with the SQL plan cache
Lesson: Monitoring with SAP Solution Manager Lesson Overview Lesson Objectives After completing this lesson, you will be able to: •
Know how SAP HANA is integrated in SAP Solution Manager
Business Example
Figure 387: Architecture: Logical Landscape View – Monitoring with SAP Solution Manager
Besides the landscape data that is normally sent from the technical systems to the SLD (Solution Landscape Directory) → LMDB, also Diagnostics agents are installed on each host. For now, the rule is that for each virtual host name one Diagnostics Agent needs to be installed. These agents are also used to fetch some landscape data but they send monitoring data, logs, and traces to SAP Solution Manager too.
The SAP Solution Manager Administration work center is embedded in the SAP Solution Manager work center framework. The work center overview can be opened in different ways: • •
• •
By calling transaction SOLMAN_WORKCENTER in the SAP GUI By opening transaction SM_WORKCENTER or the following URL in the SAP Solution Manager http://:/sap/bc/webdynpro/sap/ags_workcenter In the SAP Netweaver Business Client Separately in a browser by calling the URL http://:/sap/bc/webdynpro/sap/ags_workcenter?WORKCENTER=AGS_WORK_SM_ADMIN
Figure 390: Technical Monitoring: Alert Inbox – Monitoring with SAP Solution Manager
Figure 393: SAP HANA Requirements and Release Dependencies – Monitoring with SAP Solution Manager
With SAP Solution Manager 7.1 SP04, no SLT monitoring is available and no complete metrics for alerts via the DBAcockpit. With SAP Solution Manager 7.1 SP02/SP03, there is no DBAcockpit integration and no SLT monitoring.
Figure 394: SAP HANA integration with SAP Solution Manager – Monitoring with SAP Solution Manager
The following is a high level overview about the required steps to integrate SAP HANA to the SAP Solution Manager. Detailed step-by-step documentation, minimum required patch levels, and important SAP Notes are available in SAP
Note 1747682. One of the first steps is to correctly install the SAP HANA DB clients in the SAP Solution Manager. The PDF attachments to this SAP Note contain further documentation and the required steps for integration of SAP HANA in the SAP Solution Manager, including the Early Watch Alert setup. Furthermore, the corresponding master Notes for the SAP Solution Manager need to be applied, for example, SAP Note 1652693. These SAP Notes can also be applied by choosing SAP Solution Manager → Workcenter (SOLMAN_WORKCENTER transaction) → SAP Solution Manager: Configuration → System Preparation → Implement SAP Note. A dedicated exercise for this training will give you the chance to perform a relevant part of this integration procedure (SAP HANA monitoring setup in the SAP Solution Manager) by yourself. For this exercise, we will focus on the steps to be performed on the SAP Solution Manager side. However, for live situations, the following components and products need to be installed and configured in addition to SAP HANA: • • • •
SAP Solution Manager SAP Hostagent SMDAgent SLD
Figure 395: Setup for Host Agent and Diagnostics Agent – Monitoring with SAP Solution Manager
Check the SAP host agent version and confirm that it complies with the minimum requirements outlined before (7.20 SP 84 or higher). Execute the following command with root user credentials on the SAP HANA server: /usr/sap/hostctrl/exe/saphostexec -version
The required SAP HANA User with the Monitoring role mentioned above can be created with the SAP HANA Studio: •
Click your SAP HANA system from the Navigator panel on the left. Choose Catalog → Authorizations; right-click Users and choose New User. Follow the steps required by the tool.
Alternatively, you can use the SQL Editor in the SAP HANA studio to create this user using SQL syntax. The monitoring user will be used by the SAP Solution Manager for connecting to SAP HANA. You need to successfully connect to SAP HANA with this user at least once. Depending on the settings, the SAP HANA studio asks users to change their initial password after their first login. Therefore, in order to enable a first successful connection with this user to SAP HANA, you may be required to change the initial password.
Figure 396: Register SAP HANA in System Landscape Directory (SLD) – Monitoring with SAP Solution Manager
You need to ensure that the Lifecycle Management package is installed on the SAP HANA server: Check if the directory lm_structure (SLD data supplier) is available in /usr/sap/. The SAP unified installer installs this package with standard SAP HANA installations.
Figure 397: Configure SAP HANA as Managed System: Create System – Monitoring with SAP Solution Manager
The detailed steps for system creation and further configuration steps for SAP HANA integration in the SAP Solution Manager, as explained in the following, are mostly intuitive and semi-automatic. The SAP Solution Manager will ask you, among others, to enter your SAP HANA , Instance number, SAP HANA host name, product and software component versions, Diagnostic Agents, and so on. In many cases, you will be able to choose from different available options, which will be recognized automatically by the system. For example, since you previously registered SAP HANA in the SLD, the SAP Solution Manager will display your SAP HANA hostname (including correct IP address, etc.) on the list of hosts to choose from. In other cases, some entries will be filled in automatically by the system via Outside Discovery, such as the SAP HANA version. Otherwise, you can take a look at the help files for each field in order to enter the right information. If you are not sure about which information to enter, you can keep the defaults.
If some of the checks or steps for configuration fail, a yellow or red flag with an error message will be shown on the log area (bottom UI area). You can click on the Show link under the Details column and assess the criticality of the step. Depending on the criticality you may decide to ignore the error. In some cases solutions for errors will be suggested by the system, for example, the need to apply an SAP Note. If the SMD Agent was installed correctly, the Assign Diagnostic Agents step will automatically display the right Agent to be selected by the user. The right introscope server name, monitoring user, SAP HANA hostname, etc. will also be displayed by default for the Enter System Parameters step. You may want to change the user, for example, in case you assigned a new monitoring user.
Figure 400: Set up Technical Monitoring – Monitoring with SAP Solution Manager
Figure 401: Start Technical Monitoring – System Monitoring – Monitoring with SAP Solution Manager
Figure 402: Technical Monitoring Metrics up and Running – Monitoring with SAP Solution Manager
This step shows the results of the Technical Monitoring configuration for SAP HANA in the SAP Solution Manager. System, database and operating system monitoring metrics for SAP HANA will be displayed.
In addition to run the on-site configuration tool, we recommend that you establish a SAP Solution Manager connectivity and configure a remote service connection (via SAProuter) as part of the initial setup. •
As of SAP Solution Manager 7.1 SP04, the SAP HANA databases can be integrated into SAP Solution Manager. – – –
•
Performance Warehouse Alerting Infrastructure DBA Cockpit (also available in SAP BW systems as of SAP BW 7.30 SP05)
The remote service connection can be established through the SAProuter –
A new connection type allows SAP support to access customer databases via a local SAP HANA studio installation
Figure 404: Safe Remote Access via SAP Solution Manager – Remote Support
To offer secure remote access to the customer system we need (for BOE) the following remote connections: • • • • • •
508
R/3 Support HTTP Connect – URLAccess Windows Terminal Server EarlyWatch SAP Solution Manager SolMan Diagnostics
The SAP remote supportability website shows a clear roadmap, starting at the top and working down, for customers to follow when working towards better supportability of their SAP Business Objects products. We encourage all of our customers to work their way through these tools in order to provide them with increasingly sophisticated support opportunities.
Figure 405: Establishment of a Remote Connection to SAP Solution Manager
Set up a support connection as described in SAP Note 1634848 (SAP HANA database service connections).
Figure 406: Remote Connection via SAP Router to SAP HANA Studio
Figure 407: Users for connection via Saprouter to SAP HANA Studio
Figure 408: Supportability for SAP Business Objects - Remote Support
SAP Business Objects Enterprise / BI Platform 4.0 can be connected toSAP Solution Manager 7.1 –>remote connection to SAP Solution Manager 7.1 to be established (note 962516) SAP Business Objects Central Management Console (CMC) to be connected via HTTP connect – URL access (note 592085)
SAP Backend system and SLT system can be connected to SAP Solution Manager 7.1 and shall also be remotely connected to SAP via SAP R/3 support (see notes 812732) and HTTP Connect
Figure 409: Remote Access to OS Level
Problem Analysis using hdbcons hdbcons is a command line tool with which commands can be executed against running processes using a separate communication channel. It is intended for problem analyses by the SAP HANA development support.
Caution: Incorrect usage of hdbcons commands can lead to crashes, deadlocks, or data corruptions. Only the SAP HANA development support has the required technical expertise to execute these commands. The hdbcons command can be executed directly in the Administration editor on the Console tab. However, it is not visible by default. You can enable the display of the Console tab in the preferences of the Administration Console under Global Settings. Note: To see a list of available commands and display the help for a command, enter the command help. SAP HANA Database Data Export In some cases, the SAP development support team may ask to export data from your HANA database. The data export can be done from the SQL console within HANA studio or by using the export option.
Lesson: SAP Early Watch Alert Lesson Overview This lesson shows how to use and configure the SAP Early Watch Alert.
Lesson Objectives After completing this lesson, you will be able to: •
Set up an EarlyWatch Alert for SAP HANA
Business Example SAP EarlyWatch Alert Setup for SAP HANA For the currently supported scenarios, monitoring for the SAP HANA database can be included into the EarlyWatch Alert (EWA) service for the SAP Business Suite application. Checks for SAP HANA are in the EarlyWatch Alert. A first version of SAP HANA-specific content in the EarlyWatch Alert is provided with ST-SER 701_2010_1 SP 06.
Figure 412: Data Collection
How to set up this SAP system (for example, an SAP ERP or SAP System Landscape Transformation system) so that HANA checks appear in the EarlyWatch Alert for this system is described in SAP Note 1543278.
If the SAP HANA database is not connected with an ABAP stack, then SAP Solution Manager itself should take on the role of the ABAP system. The SAP HANA checks then appear in the EarlyWatch Alert for SAP Solution Manager. The download mechanism has changed and it follows the standardized data collection using ST-PI. Import ST-PI 2008_7xx Support Package 6. Read SAP Note 1665364 and implement the latest version of SAP Note 1741541. The prerequisite for the collection of data is a functioning connection to the SAP HANA database of the ABAP system. The installation of this connection is described in SAP Note 1597627. If the Solution Manager collects the SAP HANA download data, you must install the connection to the SAP HANA system for it. If you have generated the EarlyWatch Alert (EWA) using the old solution, deschedule the batch job “MONITOR_BOBJ_STATUS*”.
Check the required RFC Destinations in Managed System Setup in SAP Solution Manager: READ Destination (from SAP Solution Manager to the Managed System) RFC Destination from the Managed System to SAP Solution Manager (to the Application Client)
•
Configuring and activating SDCCN: Configure Automatically‘→ Activate Services Transaction SDCCN on the Managed System: Go To → Settings → Task Specific → RFC Destinations: The SAP Solution Manager should be inserted.
• • • • •
Create logical component of the ABAP stack to which the SAP HANA DB is connected Assign logical component to a solution Scheduling SAP EWA download collection Checking SAP EWA Reports / See SAP EWA Reports With SAP Solution Manager 7.1 SP9 a central EarlyWatch Management Guided Procedure is introduced, which leads the user through the single steps of EWA setup.
Register SAP HANA System in SLD The provided functionality in HLM (HANA Lifecycle Management) knows the configuration of the connection parameters for the central System Landscape Directory (SLD) system. When an SAP HANA system is connected to SLD, it can report its status and provide details and information for the system itself. Install Solution Manager Diagnostics Agent (SMD) Solution Manager Diagnostics is another SAP application to monitor the SAP system and it communicates with an SMD agent that is installed on the local machine to be monitored. The installation of the SMD agent should be performed using the Software Provisioning Manager (SWPM), see SAP Note 1858920 Diagnostics Agent Installation with SWPM.
The EarlyWatch Alert covers several areas of SAP HANA: • • • • •
System information Parameter configuration Able size/drowth Performance (memory usage/CPU usage) Alerts (directly transferred from the Alert infrastructure of HANA – overview of the last week)
Figure 416: EWA Content for SAP HANA: Configuration
The configuration contains: • • • •
518
SAP HANA database version The host infrastructure (number of CPUs, physical memory available) Services available An Alert is raised when a service is not available
Volume files (separated by data/log/trace Files) Disk usage (separated by partitions) Data volume size (separated by files belonging to the services) Tables and indexes
Review the number of trace and log files (of the previous week). This indicates if SAP HANA behaves smoothly. (If several Ddump files are occurring, this might be critical.)
Figure 420: EWA content for SAP HANA: Alert Monitoring SAP Early Watch Alert
Unit Summary You should now be able to: • Activate the trace function • Check the trace files • Open diagnosis files for analysis • Delete/merge files • Download files • Collect and download diagnosis information • Use the SQL console successfully • Analyze SQL execution with the plan explanation • Analyze SQL execution with the Plan Visualizer • Analyze SQL execution with the SQL plan cache • Know how SAP HANA is integrated in SAP Solution Manager • Establish a remote service connection for SAP HANA • Set up an EarlyWatch Alert for SAP HANA
Unit 10 Security Unit Overview Unit Objectives After completing this unit, you will be able to: • • • • • •
Describe the security perspective in different implementation scenarios Outline the security functions in SAP HANA Explain the different authentication methods Explain the SSL connection encryption Explain the data volume encryption Explain the audit logging infrastructure
Unit Contents Lesson: Security Overview ....................................................526 Lesson: Authentication and Authorization ...................................533 Lesson: Encryption .............................................................542 Exercise 18: Configure Data Volume Encryption.......................551 Lesson: Auditing ................................................................554 Exercise 19: Enable Audit Policy .........................................567
Lesson: Security Overview Lesson Overview This lesson gives an overview of the security functions in SAP HANA.
Lesson Objectives After completing this lesson, you will be able to: • •
Describe the security perspective in different implementation scenarios Outline the security functions in SAP HANA
Business Example Depending on the implementation scenario, the SAP HANA database facilitates the integration of different security functions. Therefore, you need an overview of the supported security functions.
Security Perspective in different Implementation Scenarios How you implement SAP HANA determines what you need to consider from a security perspective.
Figure 421: Implementation Scenarios
For more information about the security-relevant information that applies to SAP HANA in the different scenarios, see the SAP HANA Security Guide.
In a data mart scenario, data is replicated from a source system, such as SAP Business Suite, into the SAP HANA database. Reporting is then carried out on the data in SAP HANA (for example, using read-only views, dashboards, and so on). Different architectures can be used in this scenario. • •
•
2015
The implemented architecture determines the extent to which security-related aspects are handled in SAP HANA. Usually, at least some end users have direct access to SAP HANA. This means that user and role management in SAP HANA is not only required for technical users and administrators, but also for the end users that access SAP HANA directly. For other security aspects, such as end user authorization for views, SAP HANA security features need to be used.
Figure 423: SAP HANA in a Classic 3-Tier Architecture
SAP HANA can be used as a relational database in a classic 3-tier architecture (client, application server, and database). Security-related features, such as authentication, authorization, encryption, and auditing, are located and enforced primarily in the application server layer. The database is used as a data store only. • • • •
528
The same security model for user access applies as with other databases. End users do not have direct access to either the database itself or the database server on which it is running. Security in the database layer is mainly focused on securing administrative access to the database. Specific SAP HANA security features are mainly needed to control access of administrators to the database.
SAP HANA includes SAP HANA Extended Application Services (SAP HANA XS). SAP HANA XS embeds a full-featured application server, web server, and development environment within SAP HANA itself. Applications can be deployed directly on SAP HANA XS, which exposes the applications to end users via a web interface. • •
The SAP HANA XS security model is directly integrated with the SAP HANA security model. Users of native SAP HANA applications have direct access to SAP HANA: Users must exist in SAP HANA. SAP HANA database privileges and additional application privileges must be assigned.
Security Functions in SAP HANA • •
•
2015
SAP HANA provides security-related features that enable you to implement different security policies and meet compliance requirements. Depending on the implementation scenario in which SAP HANA is used, only some of these features might actually be needed, others might be provided in other architecture layers. SAP HANA supports standard interfaces to enable integration with the customer security network and data center infrastructures.
Lesson Summary You should now be able to: • Describe the security perspective in different implementation scenarios • Outline the security functions in SAP HANA
Related Information SAP HANA Security Guide http://help.sap.com/hana/SAP_HANA_Security_Guide_en.pdf SAP HANA Master Guide http://help.sap.com/hana/SAP_HANA_Master_Guide_en.pdf SAP HANA Technical Operations Manual http://help.sap.com/hana/SAP_HANA_Technical_Operations_Manual_en.pdf SAP HANA Installation Guide http://help.sap.com/hana/SAP_HANA_Installation_Guide_en.pdf SAP HANA Administration Guide http://help.sap.com/hana/SAP_HANA_Administration_Guide_en.pdf SAP HANA Update and Configuration Guide http://help.sap.com/hana/SAP_HANA_Update_and_Configuration_Guide_en.pdf SAP NetWeaver Identity Management http://help.sap.com/nwidm
Lesson: Authentication and Authorization Lesson Overview This module gives an overview of the following topics: • •
Authentication Methods Authorization
Lesson Objectives After completing this lesson, you will be able to: •
Explain the different authentication methods
Business Example The SAP HANA database facilitates the integration of different authentication methods. To integrate the SAP HANA database in your environment, you need an overview of the supported authentication methods.
Figure 429: User Management and Security in SAP HANA
The following figure gives an overview of authentication methods for SQL and HTTP access.
Figure 430: Overview of Authentication Methods for SQL and HTTP Access
When using direct logon to the SAP HANA database with user name and password, the SAP HANA database authenticates the user. Note: For some administrative operations, such as database recovery, the credentials of the SAP operating system user (adm) are also required.
SAP HANA supports the Kerberos protocol for single sign-on. It has been tested with the Windows Active Directory Domain Kerberos implementation and MIT Kerberos network authentication protocol. The ODBC database client and the JDBC database client support Kerberos. To implement this, you need to install the MIT Kerberos client software on the host of the SAP HANA database. The users stored in the Microsoft Active Directory or the MIT Kerberos Key Distribution Center can be mapped to database users in the SAP HANA database. For this purpose, specify the user principal name (UPN) as the external ID when creating the database user. One Kerberos ID can only be assigned to one database user. Note: With SPS 7 SPNEGO (Kerberos with Simple and Protected GSSAPI Negotiation Mechanism) is available as an authentication option for SAP HANA XS.
SAML The SAP HANA database supports the login of users to the SAP HANA database using the Security Assertion Markup Language (SAML). SAML may be selected as a user authentication method when creating users in the SAP HANA studio.
SAML, Security Assertion Markup Language, is the XML-based standard for communicating identity information between organizations. The primary function of SAML is to provide Internet Single Sign-On (SSO) for organizations. SAML is used to securely connect Internet applications that exist both inside and outside the organization's firewall. SAML is a standard protocol for authentication. Generally speaking, Internet SSO is a secure connection that communicates identity and trust from one organization to another. For users, Internet SSO eliminates additional logins to external resources. For system administrators, it improves security and reduces costs. Requires a trusted 3rd party (identity provider) that can issue SAML assertions for clients (e.g. browser). Single sign-on in middleware/application server scenarios (Use Cases): Whenever the application server needs to connect to the SAP HANA database on behalf of a user, it requests an SAML assertion from the client. The SAML assertion is issued by the identity provider after the client was successfully authenticated there, and is then sent to the SAP HANA database. Restrictions: The SAP HANA database can only act as an SAML service provider. Assertions can be used for authentication only (no support for further properties).
The configuration page for SAML identity providers is located in the Security editor in SAP HANA studio Note: Formerly, this configuration page was available in the system properties.
Figure 433: SAML In SAP HANA Studio
•
•
•
The main purpose of SAML for SAP HANA is to support scenarios where clients are not directly connected to the SAP HANA database, but to a middle-tier application server (XS engine, for example). This middle-tier application server runs an HTTP server. Whenever the application server needs to connect to the database on behalf of the user, it requests an SAML assertion from the client. The assertion is issued by an identity provider after the client was successfully authenticated. The assertion is then forwarded to the SAP HANA database, which will grant access based on the previously established trust to the identity provider.
SAP HANA XS includes a Web-based administration tool that enables you to configure several security-related aspects of SAP HANA XS applications, including authentication (for example, enforced authentication mechanism, trust store configuration and management, and SAML configuration).
Figure 434: SAML Configuration in XS Administration
SAP Logon Ticket and SAP Assertion Ticket Users can be authenticated in SAP HANA by logon or assertion tickets issued to them when they log on to an SAP system configured to create tickets (for example, the SAP Web Application Server or Portal). If you want to integrate an SAP HANA system into a landscape that uses SAP logon or assertion tickets for user authentication, you must configure SAP HANA to accept logon/assertion tickets. SAP HANA validates incoming logon/assertion tickets against certificates signed by a trusted Certification Authority (CA) stored in a dedicated trust store. This trust store must contain all root certificate(s) used to validate logon/assertion tickets. The user named in an incoming SAP logon ticket must exist as a database user. The database user also must be configured for authentication using logon/assertion tickets. This can be done in the user editor of the SAP HANA studio. Note: Prior to SPS 7, SAP HANA implicitly selected both user name/password and SAP Logon Tickets as authentication methods for new users. Now you have to explicitly set authentication options for new users. To re-enable the old behavior for SAP Logon Tickets, a new configuration parameter has been introduced (Indexserver.ini -> authentication -> SapLogonTicketEnabledForNewUsers). See also SAP Note 1927949 For more information about using logon tickets, see the SAP NetWeaver Library on SAP Help Portal.
Authorization All access to data and execution of actions in the database requires authorization. Every user who wants to work directly with the SAP HANA database must have a database user with the necessary authorizations.
Figure 435: Authorization Framework
After successful logon, the user's authorization to perform the requested operations on the requested objects is verified. This is determined by the privileges that the user has been granted. The user must have both the privilege to perform the operation and the privilege to access the object (for example, a table) to which the operation applies. Privileges can be granted to database users either directly, or indirectly through roles. A role is a set of privileges. Roles are the standard mechanism of granting privileges as they allow you to implement both fine-grained and coarse-grained reusable authorization concepts that can be modeled on business roles. Several standard roles are also delivered with the SAP HANA database (for example, MODELING, MONITORING). You can use these as templates for creating your own roles.
Lesson: Encryption Lesson Overview This module covers the following topics: • •
SSL connection encryption Data volume encryption
Lesson Objectives After completing this lesson, you will be able to: • •
Explain the SSL connection encryption Explain the data volume encryption
Business Example In order to protect against security breaches or outside attacks, companies prefer to protect the data using encryption. The encryption can done on data transfers but also on the data stored on a system.
For the configuration of secure communication using SSL and the encryption of the persistence layer a cryptographic service provider is available on the server. SAP HANA supports the following cryptographic libraries: •
•
CommonCryptoLib (default) CommonCryptoLib (libsapcrypto.so) is installed by default as part of SAP HANA server installation at $DIR_EXECUTABLE. OpenSSL The OpenSSL library is installed by default as part of the operating system installation.
SAP CommonCryptoLib is the successor of SAPCRYPTOLIB and is the default cryptographic library for SAP HANA. CommonCryptoLib is installed as part of SAP HANA server installation at the default location for library lookup: /usr/sap//SYS/exe/hdb/libsapcrypto.so. Note: The OpenSSL library is also installed as part of the operating system installation. For most use cases it is also possible to use OpenSSL instead of CommonCryptoLib. However, there are already some features in SAP HANA that are only supported by CommonCryptoLib, and future features might also only be supported by CommonCryptoLib. For information see SAP Note 2093286.
Secure Communication The network communication channels used by SAP HANA can be categorized into those used for database clients connecting to SAP HANA and those used for internal database communication. We recommend that you use encrypted communication channels where possible. To support the different SAP HANA scenarios and setups, SAP HANA has different types of network communication channels. •
•
• • • • •
2015
Channels used for external access to SAP HANA functionality by end-user clients, administration clients, application servers, and for data provisioning through SQL or HTTP Channels used for SAP HANA internal communication within the database , between hosts in multiple-host systems, and between systems in system-replication scenarios Connections used for administrative purposes Connections used for data provisioning Connections from database clients that access the SQL interface of the SAP HANA database Connections from HTTP(S) clients Outgoing connections
You can see an example of what these connections look like in the diagram below. Network connections are depicted by dotted arrows. The direction of each arrow indicates which component is the initiator (start of arrow) and which component is the listener (end point of arrow). Administrative access to and from SAP HANA via the SAP HANA studio is depicted by the blue dotted arrows. Port numbers are shown with a pink background. The xx in the port numbers stands for the number of your SAP HANA instance. For the purposes of illustration, the diagram shows a single-host installation of SAP HANA. However, the connections shown apply equally to a distributed scenario.
Figure 438: Network Integration
In addition, the different components of SAP HANA, as well as the hosts in a distributed scenario, communicate with each other via the internal SAP HANA connections. These connections are also used in system replication scenarios for communication between a primary site and a secondary site to ensure high availability in the event of a data center failure. SAP HANA supports encrypted communication for network communication channels. We recommend using encrypted channels in all cases where network attacks such as eavesdropping are not protected by other network security measures, for example, access from end-user networks. Alternatively, virtual
private network (VPN) tunnels can be used for the transfer of encrypted information. The network communication can be secured using the secure sockets layer (SSL) protocol: • •
•
• • •
Communication between the SAP HANA database and clients that access the SQL interface of the database. Internal network communication between the individual components of an SAP HANA system on a single host and also between multiple hosts if the system is distributed. For Client Application Access, the SAP Web Dispatcher can be configured to use HTTPS (SSL) for incoming requests from UI front ends and applications, for example, SAP HANA applications. The requests are then forwarded to SAP HANA. Communication between the SAP HANA Software Update Manager and SAP HANA Studio, SAP Service Marketplace, and SAP Host Agent. Communication between SAP HANA Studio and sapstartsrv. Communication between SAP HANA Studio and SAP Host Agent.
Figure 439: Connection Encryption Configuration
1. 2. 3. 4.
In the SAP HANA studio, choose Add System... in the navigator tree. Enter your user credentials and select Connect using SSL. Select whether you want to validate the certificate and whether you want to also check the host name in the certificate. All connections from the SAP HANA studio to the database will now be encrypted.
The procedure of configuring SSL for these communication types is described in detail in the SAP HANA Security Guide.
Data Volume Encryption The SAP HANA database holds the bulk of its data in memory for maximum performance, but it still uses persistent disk storage to provide a fallback in case of failure. Data is automatically saved from memory to disk at regular savepoints. The data belonging to a savepoint represents a consistent state of the data on disk and remains so until the next savepoint operation has completed. After a power failure, the database can be restarted like any disk-based database and returns to its last consistent state. Data volume encryption ensures that anyone who can access the data volumes on disk using operating system commands cannot see the actual data. If data volumes are encrypted, all pages that reside in the data area on disk are encrypted using the AES-256-CBC algorithm. Pages are transparently decrypted as part of the load process into memory. When pages reside in memory, they are therefore not encrypted and there is no performance overhead for in-memory page accesses. When changes to data are persisted to disk, the relevant pages are automatically encrypted as part of the write operation. Pages are encrypted and decrypted using 256-bit persistence encryption page keys. Page keys are valid for a certain range of savepoints and can be changed by executing SQL statements. After persistence encryption has been enabled, an initial page key is automatically generated. Page keys are never readable in plain text, but are encrypted themselves using a dedicated persistence encryption root key. During start-up, administrator interaction is not required. The root key is stored using the SAP NetWeaver secure storage in the file system (SSFS) functionality and is automatically retrieved from there. SAP HANA uses SAP NetWeaver SSFS to protect the root encryption keys that are used to protect all encryption keys used in the SAP HANA system from unauthorized access.
The persistence encryption feature does not encrypt the following data: • Database redo log files If database redo log files need to be protected, we recommend that you use operating system facilities, such as encryption at the file system level. • Database backups In general, the contents of database backups are not encrypted. Only data that has been encrypted internally in the database (that is, independently of the persistence encryption feature) remains encrypted in backups. • Database traces For security reasons, we recommend that you do not run the system with extended tracing for more than short-term analysis since tracing might expose security-relevant data that would be encrypted in the persistence layer, but not in the trace. Therefore, you should not keep such trace files on disk beyond the respective analysis task. Note: If encryption of backups is required, we recommend that you use third-party solutions that integrate with the Backint for SAP HANA functionality for backups.
Configure Data Volume Encryption Data volume encryption on disk can be configured using SAP HANA studio or SQL commands. After activating encryption, new data that is saved to disk will be encrypted starting with the next savepoint. due to the shadow memory nature of SAP HANA persistence, outdated versions of pages may still remain unencrypted on disk. Caution: To achieve complete protection it is necessary to enable data volume encryption after re-installing the system. Only after this process has completed is all your data encrypted. This also ensures that a new root encryption key is generated. You can monitor the encryption progress in SAP HANA studio. Note: The root key for data volume encryption is automatically created during installation. If you have received SAP HANA as an appliance, we recommend to change this key after handover from the hardware vendor.
Figure 441: Configure Data Volume Encryption using SAP HANA studio
The page encryption key for the data volume encryption could also be changed using SAP HANA Studio. After a change of the page encryption key, you can choose whether you also want to re-encrypt existing encrypted data with the new key (this will happen in the background).
SSFS Encryption Key Change SAP HANA uses the SSFS to protect the root encryption keys used to protect all encryption keys used in an SAP HANA system from unauthorized access. These are the root encryption keys for • •
Data volume encryption Internal data protection API (DPAPI). Note: Note: DPAPI is used by the secure internal credential store, which is needed in some scenarios such as smart data access to securely store additional user credentials (e.g. for access to remote systems)
The keys stored in SSFS are themselves encrypted using the SSFS master key.
These keys are stored securely in the SSFS using a default encryption key. It is recommended that you change this master key, re-encrypt the secure storage with the new key, and save the key to a secure location. Prerequisites for changing the SSFS master key: • •
Credentials of the operating system user (adm user) that was created when the system was installed In a distributed SAP HANA system, every host must be able to access the key file location
An administrator can change the SSFS master key using the command line tool rsecssfx using the credentials of the operating system user adm. Therefore the SAP HANA system has to be stopped
Exercise 18: Configure Data Volume Encryption Exercise Objectives After completing this exercise, you will be able to: • Configure Data Volume Encryption
Business Example [
Task: Configure Data Volume Encryption using the Security editor in SAP HANA Studio.
2015
1.
Activate Data Volume Encryption
2.
Monitor the progress of the data volume encryption.
Solution 18: Configure Data Volume Encryption Task: Configure Data Volume Encryption using the Security editor in SAP HANA Studio. 1.
2.
Activate Data Volume Encryption a)
In the Systems view in SAP HANA studio, choose Security and open the Data Volume Encryption tab.
b)
Choose: Encrypt data volumes.
c)
Choose the Deploy button.
Monitor the progress of the data volume encryption. a)
Choose the Refresh button to monitor the status of the data volume encryption. During encryption the status “Encryption running ...” is displayed. The status “Encrypted” indicates that the data volumes are encrypted.
Lesson: Auditing Lesson Overview This lesson covers the audit logging infrastructure.
Lesson Objectives After completing this lesson, you will be able to: •
Explain the audit logging infrastructure
Business Example Many regulatory requirements require audit logging.
Auditing Overview The auditing feature of the SAP HANA database allows you to monitor and record selected actions performed in your system. In other words, it provides you with visibility on who did what (or tried to do what) and when.
According to a current survey, 28 percent of IT managers in North America have snooped, and 44 percent of those in Europe, the Middle East, and Africa have done so, too. Around 20 percent of respondents in North America and 31 percent in EMEA say one or more of their co-workers have used administrative privileges to reach confidential or sensitive information. See http://www.darkreading.com/insider-threat/167801100/security/clientsecurity/229401640/it-temptation-to-snoop-too-great.html The auditing feature of the SAP HANA database allows you to track actions performed in the database: who did what (or tried to do what), and when. SAP HANA provides audit actions for critical security events and for access to sensitive data. Both successful and unsuccessful events can be logged. In the case of logging of successful and unsuccessful events, one has to specify for each audit policy if successful and/or unsuccessful events will be audited. Audit logging is not enabled by default.
Figure 444: Audit Logging – Infrastructure
When an audit policy is triggered, an audit entry is created in the audit trail. The audit trail is written to Linux syslog or to an internal system table. •
Linux syslog –
2015
The logging system of the Linux operating system (syslog) is a secure storage location for the audit trail because not even the database administrator can access or change it. There are also numerous storage possibilities for the syslog, including storing it on other systems. In
addition, the syslog is the default log daemon in UNIX systems. The syslog therefore provides a high degree of flexibility and security, as well as integration into a larger system landscape. For more information about how to configure syslog, refer to the documentation of your operating system. Database table –
Using an SAP HANA database table as the target for the audit trail makes it possible to query and analyze auditing information quickly. It also provides a secure and tamper-proof storage location. Internal column store table in the _SYS_AUDIT schema of the SAP HANA database Audit entries are only accessible through the public system view AUDIT_LOG. Only SELECT operations can be performed on this view by users with system privilege AUDIT ADMIN or AUDIT OPERATOR To avoid the audit table growing too large, it is possible to delete old audit entries
– –
–
Note: For test purposes in non-production systems, you can also use a CSV text file as the audit trail. A separate CSV file is created for every service that executes SQL. Hint: As of SPS09 multiple audit trail targets could be configured for different audit levels and per audit policy.. •
•
•
556
System-wide default: Audit entries are written to the audit trail target(s) configured for the system if no other trail target has been configured per audit level Audit level (optional): Audit entries from audit policies with the audit level EMERGENCY, CRITICAL, or ALERT are written to the specified audit trail target(s). If no audit trail target is configured, entries are written to the audit trail target configured for the system. Audit policy (optional): Audit entries from a particular policy are written to the specified audit trail target(s). If no audit trail target is configured for an audit policy, entries are written to the audit trail target for the audit level if configured, or the audit trail target configured for the system. Several audit trail targets are configurable for each individual policy.
Create/drop user, create/drop role Grant/revoke role Grant/revoke SQL privilege, system privilege, analytical privilege Create/drop analytical privilege Create/drop and alter structured privilege
Authentication of users •
Connection attempts of users to the database
Changes to system configuration • • • •
Changes to system configuration, e.g. ini file Install license key Set system license/unset system license all Changes to the data volume encryption
As of SPS08 the previous values of parameters are written to the audit trail if audit logging for configuration changes is enabled. Access to or changing of sensitive data You can specify the following database objects to be audited: • • • •
Both write and read access to data can be recorded: • • • • •
SELECT INSERT UPDATE DELETE EXECUTE Note: Currently, only the statements that were executed are logged. Hint: Only actions that take place inside the database engine can be audited. If the database engine is not online when an action occurs, it cannot be detected and therefore cannot be audited. These actions are, for example, an upgrade of an SAP HANA database instance or direct changes to system configuration files using operating system commands.
Activation of Audit Policies Auditing is implemented through the creation and activation of audit polices. An audit policy defines the actions to be audited, as well as the conditions under which the action must be performed to be relevant for auditing. For example, actions in a particular policy are audited only when they are performed by a particular user on a particular object. When an action occurs, the audit policy is triggered and an audit event is written to the audit trail. The following slides give an overview how to configure and switch on audit logging.
An audit policy can specify any number of actions to be audited. Not all actions can be combined together in the same policy, therefore compatible audit actions have been grouped together. When you select an action, those actions that are not compatible with the selected action become unavailable for selection. If you need to two audit incompatible audit actions, you need to create two separate audit policies In addition to the actions to be audited, an audit policy specifies additional parameters that further narrow the number of events actually audited. •
Audited action status On successful execution On unsuccessful execution
•
On both successful and unsuccessful execution Target object(s) Tables Views
•
Procedures Audited user(s)
•
Individual users can be included/excluded from an audit policy Audit level EMERGENCY ALERT CRITICAL WARNING INFO
When an audit policy is triggered, that is, when an action in the policy occurs under the conditions defined in the policy, an audit entry is created in the audit trail. Firefighter logging logs all actions performed by a specific user. This covers not only all actions that can be audited individually, but also actions that cannot otherwise be audited. Such a policy is useful if you want to audit the actions of a particularly privileged user. Note: Some actions cannot be audited using database auditing even with a policy that includes all actions, in particular, system restart and system recovery. Caution: Firefighter logging may generate a lot of audit entries, so only enable it if required.
Audit entries written to the table are only accessible through the public system view AUDIT_LOG. Only SELECT operations can be performed on this view by users with the system privilege AUDIT OPERATOR or AUDIT ADMIN.
Figure 448: Viewing the audit trail
If the audit trail target is a database table, you can avoid the audit table growing indefinitely by deleting audit entries created up until a certain time and date. Caution: All information in the audit trail that is older will be immediately deleted. If auditing is active, certain actions are always audited and are therefore not available for inclusion in user-defined audit policies. In the audit trail, these action are labeled with the internal audit policy MandatoryAuditPolicy. Mandatory audit actions: • • •
Creation, modification, or deletion of audit policies Deletion of audit entries from the audit trail. This only applies if audit entries are written to column store database tables. Changes to auditing configuration, that is: – – –
2015
Enabling or disabling auditing Changing the audit trail target Changing the location of the audit trail target if it is a CSV text file
The following figure shows an example for setting up an audit policy using a SQL statement. It also shows what the audit logging output (audit trail written via Linux syslog) looks like.
Note: For creating and activating the audit policy you need root-authorization! Column header names are currently not written to the audit trail, they need to be added manually: An audid entry looks like this:;;;;;;;;;;;;;;;;;;;;;;;;;;;; More information: SAP HANA Security Guide at http://help.sap.com/hana
Enable/disable global auditing alter system alter configuration ('global.ini','SYSTEM') set ('auditing configuration','global_auditing_state') = 'true' with reconfigure; Alter system alter configuration ('global.ini','SYSTEM') set ('auditing configuration','global_auditing_state') = 'false' with reconfigure; Switch different audit trail types (on Microsoft Windows CSV files only!) → for testing purposes only, for Microsoft Windows alter system alter configuration ('global.ini','SYSTEM') set ('auditing configuration','default_audit_trail_type') = 'CSVTEXTFILE' with reconfigure; alter system alter configuration ('global.ini','SYSTEM') set ('auditing configuration','default_audit_trail_type') = 'SYSLOGPROTOCOL' with reconfigure; Audit trail target folder (only works for csv text files, ignored for syslog)(default is trace folder) Alter system alter configuration ('global.ini','SYSTEM') set ('auditing configuration','default_audit_trail_path') = 'c:\tmp\....' with reconfigure; System view for audit policies select & from “PUBLIC”.“AUDIT_POLICIES” Create audit policies CREATE AUDIT POLICY policyFullAccessControl AUDITING ALL GRANT ANY, REVOKE ANY LEVEL Critical; CREATE AUDIT POLICY policyAdministratePrincipals AUDITING ALL CREATE ROLE, DROP ROLE, CREATE USER, DROP USER LEVEL Critical; Enable audit policies ALTER AUDIT POLICY policyFullAccessControl ENABLE; ALTER AUDIT POLICY policyAdministratePrincipals ENABLE; Disable audit policies ALTER AUDIT POLICY policyFullAccessControl DISABLE; ALTER AUDIT POLICY policyAdministratePrincipals DISABLE; Drop audit policies DROP AUDIT POLICY policyFullAccessControl; DROP AUDIT POLICY policyAdministratePrincipals;
Monitor the Size of the Audit Trail Table In order to support administrators to monitor database growth, an alert has been implemented for the size of the audit trail table Using an SAP HANA database table as audit trail target makes it possible to query and analyze auditing information quickly. It provides a secure and tamper-proof storage location. Audit entries are only accessible through the public system view
AUDIT_LOG. This view is read-only, old entries can only be deleted from the underlying internal table via a dedicated command by a user with system privilege AUDIT OPERATOR. SAP HANA monitors the size of the audit table with respect to the overall memory allocation limit of the system and issues an alert when it reaches the following values (default): 5%, 7%, and 9% of the allocation limit Note: This alert only applies if database table was selected as audit trail target (not for syslog).
Exercise 19: Enable Audit Policy Exercise Objectives After completing this exercise, you will be able to: • Configuring Audit Logging • Enabling an Audit Policy
Business Example Task: Enable audit logging and activate an audit policy which records read access on table PRODUCTS and an audit policy which records system configuration changes. Use Database Table as audit trail target. Then perform a select on table PRODUCTS and check the resulting entry in the audit trail.
2015
1.
Enable audit logging and use Database Table as audit trail target.
2.
Activate an audit policy which records read access on table PRODUCTS.
3.
Activate an audit policy which records system configuration changes.
4.
Perform a select on table PRODUCTS and check the resulting entry in the audit trail.
Solution 19: Enable Audit Policy Task: Enable audit logging and activate an audit policy which records read access on table PRODUCTS and an audit policy which records system configuration changes. Use Database Table as audit trail target. Then perform a select on table PRODUCTS and check the resulting entry in the audit trail. 1.
2.
Enable audit logging and use Database Table as audit trail target. a)
In the Systems view in SAP HANA studio, choose Security and open the Auditing tab.
b)
Choose Enabled for the auditing status and Database Table for the audit trail target.
c)
Choose the Deploy button.
Activate an audit policy which records read access on table PRODUCTS. a)
In the Systems view in SAP HANA studio, choose Security and open the Auditing tab.
b)
Select the Audit Policies tab and click +.
c)
Enter a name for the audit Policy (for example: READ ACCESS) .
d)
Select the Audited Actions tab. Choose “....” button to open the Edit Actions ... dialog. Choose Data Query and Manipulation → SELECT for audited actions.
e)
Exclude user _SYS_REPO from the audit policy. Select the Users tab. Choose “....” button to open the Select Users dialog.
f)
Select user _SYS_REPO and choose Add. Choose “Exclude selected users from policy” and choose OK
g)
Select table PRODUCTS(TRAIN##) for auditing. Select the Target Object tab.
h)
Select table PRODUCTS(TRAIN##) and choose Add. Choose OK
Activate an audit policy which records system configuration changes. a)
In the Systems view in SAP HANA studio, choose Security and open the Auditing tab.
b)
Select the Audit Policies tab and click +.
c)
Enter a name for the audit Policy (for example: CONFIG CHANGES) .
d)
Select the Audited Actions tab. Choose “....” button to open the Edit Actions ... dialog. Choose Session Management and System Configuration → SYSTEM CONFIGURATION CHANGE for audited actions.
e) 4.
Choose the Deploy button.
Perform a select on table PRODUCTS and check the resulting entry in the audit trail. a)
Right click on the HANA system which uses ‘SYSTEM’ user for connection and select SQL Console
b)
Enter the sql command below to create a schema and execute by clicking on a little white arrow in a green circle (F8 – Execute) select * from “TRAIN##”. “PRODUCTS”
c)
To check the resulting entry in the audit trail (database table) enter the sql command below: select TIMESTAMP, USER_NAME, AUDIT_POLICY_NAME, STATEMENT_STRING from “PUBLIC”. “AUDIT_LOG”
Unit Summary You should now be able to: • Describe the security perspective in different implementation scenarios • Outline the security functions in SAP HANA • Explain the different authentication methods • Explain the SSL connection encryption • Explain the data volume encryption • Explain the audit logging infrastructure
Unit 11 Maintaining Users and Authorization Unit Overview In this unit, you get deeper knowledge about maintaining users and the concept of authorization.
Unit Objectives After completing this unit, you will be able to: • • • • • • • • • • • • • • • • • • • •
Explain how to handle user management and user provisioning Explain the user and role concept in SAP HANA Explain how to maintain users' roles Explain how to maintain SAP HANA privileges Explain the authorization concept Explain what a Object privilege is Explain what a SYSTEM privilege is Explain what a package privilege is Explain what an analytic privilege is Explain what an application privilege is Explain the purpose of the predelivered roles Explain what a template role is Explain the purpose of the support role Deactivate a user Reactivate a user Reset a locked user Manage the password policy List tables and views that support the user management Analyze which privileges a user has been granted Explain the concept of the Analytic Authorization Assistant
Unit Contents Lesson: User Management....................................................575
Lesson: Types of Privileges ...................................................585 Lesson: Roles ...................................................................600 Lesson: Administrative Tasks .................................................609 Lesson: Information Sources for Administrators............................621 Exercise 20: Maintaining Users and Authorization.....................625 Lesson: SAP HANA Live Authorization Assistant .........................642
Lesson: User Management Lesson Overview This module covers the following topics: • • • • •
User and role concept User and role creation Manage user or role Grant and revoke user or role Assign privilege to user or role
Lesson Objectives After completing this lesson, you will be able to: • • • •
Explain how to handle user management and user provisioning Explain the user and role concept in SAP HANA Explain how to maintain users' roles Explain how to maintain SAP HANA privileges
Business Example The users of the SAP HANA database require their own user with appropriate authorizations to log on. The administrator sets up a user ID in the system for each user.
Figure 451: User Management and Security in SAP HANA
Database administration should be restricted to skilled (and empowered) persons – Access to ERP tables must be restricted – Editing of SAP HANA data models should only be possible for “owners” of the model Not so trivial: user administration plays a big role in SAP HANA – –
•
Several front-end tools offer direct access into SAP HANA Object access as well as access to content of data model must be controlled within SAP HANA – Need to have named users in SAP HANA for Information Consumers Exceptions: no user management for Information Consumers required if – –
Access to data does not need to be controlled All data access occurs via BI Semantic Layer and Security implemented in BusinessObjects Enterprise
Figure 452: Relationships Between Entities
Privileges can be assigned to users directly or indirectly using roles. Privileges are required to model access control. Roles can be used to structure the access control scheme and model reusable business roles. It is recommended to manage authorization for users by using roles. Roles can be nested so that role hierarchies can be implemented. This makes them very flexible, allowing very fine- and coarse-grained authorization management for individual users.
All the privileges granted directly or indirectly to a user are combined. This means whenever a user tries to access an object, the system performs an authorization check using the user, the user's roles, and directly allocated privileges. It is not possible to explicitly deny privileges. This means that the system does not need to check all the users roles. As soon as all requested privileges have been found, the system aborts the check and grants access. Several predefined roles exist in the database. Some of them are templates that need to be customized; others can be used as they are. User management is configured using the SAP HANA studio. No replication of existing authorizations from source system.
Figure 453: User Administration Tools
By using SQL requests, for example, all the user management functions can also be executed from the command line. This is useful when using scripts for automated processing. SAP NetWeaver Identity Management provides additional support for user provisioning in the SAP HANA database.
The SAP NetWeaver Identity Management 7.2 SP 3 contains a connector to the SAP HANA database (IDM connector). With The SAP NetWeaver Identity Management, you can perform the following actions in the SAP HANA database: • • •
Creating and deleting user accounts Assigning roles Setting passwords for users
For more information about the SAP NetWeaver Identity Management and the IDM connector, see the SAP Community Network at http://www.sdn.sap.com → SAP NetWeaver Releases. The SAP HANA Web IDE contains a user editor and a catalog role editor for scenarios where only web-based tools are available.
Figure 454: Web-based Administration Tools
Hint: Role sap.hana.xs.ide.roles::SecurityAdmin role is required for the Web IDE scenario. For the SAP HANA Cockpit in addition the role sap.hana.admin.roles::Monitoring is required.
It is often necessary to specify different security policies for different types of users. In the SAP HANA database, we differentiate between the following user types: •
Database users that correspond to real people. The database administrator creates a database user for every person who needs to work in the SAP HANA database. Database users that correspond to real people are dropped when the person leaves the organization. This means that database objects that they own are also automatically dropped, and privileges that they granted are automatically revoked.
•
Technical database users. Technical database users do not correspond to real people. They are therefore not dropped if a person leaves the organization. This means that they should be used for administrative tasks such as creating objects and granting privileges for a particular application. Some technical users are available as standard, for example, the users SYS and _SYS_REPO. Other technical database users are application-specific. For example, an application server may log on to the SAP HANA database using a dedicated technical database user. Note: All user names can now contain Unicode characters
Figure 455: User Types
Technically, these user types are the same. The only difference between them is conceptual. Database users that correspond to real people can be grouped according to different tasks.
The user and role concept of the SAP HANA database allows for a fine granularity of access control based on the users' tasks, for example: • • •
Business end users reading reports using client tools, for example, Microsoft Excel. Modelers creating models and reports using the SAP HANA studio. Database administrators operating and maintaining the database and users using the SAP HANA studio.
Figure 457: User Provisioning
When accessing the SAP HANA database using a client interface (such as ODBC, JDBC, MDX), any access to data must be backed by corresponding privileges. Different schemes are implemented. On a higher level, this concept provides
authorization for the data contained in the database when it is accessed using client interfaces. In the SAP HANA database system, the regular SQL authorization concept is implemented. For each SQL statement type (for example, SELECT, UPDATE, and CALL), a corresponding privilege exists that the executing user needs to have. Additionally, objects in the database (such as tables, views, or stored procedures) have an owner who can access the objects and grant privileges for them. No user, besides the owner of an object and users that the owner has provided with a privilege, can access this particular object. This authorization functions on the object level, whereby the smallest entities that can be privileged are, for example, a table or a view. In addition, analytic privileges are used to provide row-level authorization on certain kinds of database objects, such as analytic views.
Figure 458: Managing Users and Roles
The process flow for user management is as follows: • •
• •
Define and create privileges Define and create roles Use the SAP HANA studio or run the following SQL statement: CREATE ROLE Assign privileges to roles Create users –
–
Choose authentication methods Define the initial password Or define the external User ID (e.g. Kerberos to set up SSO) Other user settings
Define default client This is used as an implicit filter value when reading from SAP HANA data models Assign roles to users Use the SAP HANA studio or run the following SQL statement: GRANT TO .
To revoke roles, you can use the following SQL statement: REVOKE FROM .
Figure 459: Standard Users Installation, Upgrade and Operation
For installing, upgrading, and operating the SAP HANA database, the following standard users are necessary: Database Users When you install the SAP HANA database, a database user, called SYSTEM, is created by default. The database user SYSTEM has irrevocable system privileges, such as the ability to create other database users, access system tables, and so on. Note: For security reasons, it is highly recommended that you do not use user SYSTEM for day-today activities. Use SYSTEM to create administration users with the minimum privilege set required for their duties, and use those users for day-to-day administrative activities. Several “internal database users” are also created, such as SYS and _SYS_STATISTICS. These users cannot log on to the SAP HANA database. Operating System User In addition to the SAP HANA database user SYSTEM, the installation process also creates an external operating system user adm,( for example, sp1adm or xyzadm). This operating system user, referred to here as the operating system administrator, simply exists to provide an operating system context. From the operating system perspective, the operating system administrator is the user that owns all SAP HANA files and all related operating system processes. Within the SAP HANA studio, the operating system administrators credentials are required, for example, to start or stop database processes or to execute a recovery. The operating system administrator is not an SAP HANA database user.
For installation and upgrade, the ROOT user is used. Do not use the Root user for day-to-day activities. Hint: A complete overview of the technical users of the SAP HANA database is given in the SAP HANA Security Guide.
Lesson Summary You should now be able to: • Explain how to handle user management and user provisioning • Explain the user and role concept in SAP HANA • Explain how to maintain users' roles • Explain how to maintain SAP HANA privileges
Lesson Objectives After completing this lesson, you will be able to: • • • • • •
Explain the authorization concept Explain what a Object privilege is Explain what a SYSTEM privilege is Explain what a package privilege is Explain what an analytic privilege is Explain what an application privilege is
Business Example The authorization concept is based on different types of privileges. To grant the users the right privileges, a sound understanding of the different types of privileges is necessary.
Privileges When accessing the SAP HANA database using a client interface (such as ODBC, JDBC, MDX), any access to data must be backed by corresponding privileges. Different schemes are implemented.
Authorize execution of administrative actions for the entire SAP HANA database System Privileges are assigned to users and roles.
Object Privileges: • •
• •
Authorize access to data and operations on database objects Used to restrict access to and modification of database objects, such as tables. Depending on the object type (for example, table, view), actions (for example, CREATE ANY, ALTER, DROP) can be authorized per object. For object privileges in the SAP HANA database, the SQL standard behavior is applied. Object privileges are assigned to users and roles.
Analytic Privileges: •
• •
586
Authorize read access to analytic, attribute and calculation views at runtime and provide row-level access control based on the dimensions of the relevant view Only applied at the processing time of the user query. Analytic Privileges need to be defined and activated before they can be granted to users and roles.
Authorize access in the repository (modelling environment) at design time Used to restrict the access to and the use of packages in the repository of the SAP HANA database. Packages contain design-time versions of various objects, such as Analytic, Attribute, and Calculation Views, as well as Analytic Privileges, and functions. To be able to work with packages, the respective Package Privileges must be granted.
Application Privileges: •
Authorize access to SAP HANA XS application functions
Privileges on Users: •
Privileges on users are SQL privileges that users can grant on their user A User can allow other users to debug SQLScript code (e.g. a procedure) that is being executed by him.
CREATE ANY This privilege allows the creation of all kinds of objects, in particular, tables, views, sequences, synonyms, SQL script functions or database procedures in a schema. This privilege can only be granted on a schema.
•
ALL PRIVILEGES This is a collection of all DDL and data manipulation language (DML) privileges that on the one hand, the grantor currently has and is allowed to grant and on the other hand, can be granted on this particular object. This collection is dynamically evaluated for the given grantor and object. ALL PRIVILEGES is not applicable to a schema, but only a table, view, or table type.
•
DROP and ALTER These are DDL privileges and authorize the DROP and ALTER SQL commands. While the DROP privilege is valid for all kinds of objects, the ALTER privilege is not valid for sequences and synonyms as their definitions cannot be changed after creation.
•
SELECT, INSERT, UPDATE, and DELETE These are DML privileges and authorize respective SQL commands. While SELECT is valid for all kinds of objects, except for functions and procedures, INSERT, UPDATE, and DELETE are only valid for schemas, tables, table types, and table views.
•
INDEX This special DDL privilege authorizes the creation, alteration or revocation of indexes for an object using the CREATE INDEX, ALTER INDEX, and DROP INDEX commands. This privilege can only be applied to a schema, table, and table type.
•
EXECUTE This special DML privilege authorizes the execution of an SQL script function or a database procedure using the CALLS or CALL command, respectively.
USER ADMIN This privilege authorizes the creation and changing of users using the CREATE USER, ALTER USER, and DROP USER SQL commands.
•
ROLE ADMIN This privilege authorizes the creation and deletion of roles using the CREATE ROLE and DROP ROLE SQL commands. It also authorizes the granting and revocation of roles using the GRANT and REVOKE SQL commands.
CREATE SCHEMA This privilege authorizes the creation of database schemas using the CREATE SCHEMA SQL command.
•
DATA ADMIN This privilege authorizes all users to have unfiltered read-only access to the full content of all system and monitoring views as well as to execute all data definition language (DDL) – and only DDL – commands in the SAP HANA database. Normally, the content of those views is filtered based on the privileges of the user.
•
CATALOG READ This privilege authorizes all users to have unfiltered read-only access to the full content of all system and monitoring views. Normally, the content of those views is filtered based on the privileges of the accessing user.
System Management •
These privileges authorize the various system activities that can be performed using the ALTER SYSTEM SQL commands. Because of the high level of impact on the system, these privileges are not designed for a normal database user. Caution must be taken when granting these privileges (for example, only grant them to a support user or role.)
Data Import and Export: The following System Privileges are available for the authorization of the data import and export in the database: •
IMPORT This privilege authorizes the import activity in the database using the IMPORT or LOAD TABLE SQL commands. Note that, besides this privilege, the user needs the INSERT privilege on the target tables to be imported.
•
EXPORT This privilege authorizes the export activity in the database via the EXPORT or LOAD TABLE SQL commands. Note that, besides this privilege, the user needs the SELECT privilege on the source tables to be exported.
Appendix: Privileges for Administrative Tasks This appendix is an overview of the privileges that database users require to perform particular database operations in the Administration Editor.
Figure 463: Appendix: Privileges for Administrative Tasks I
Figure 464: Appendix: Privileges for Administrative Tasks II
Note: If a user with system privilege CATALOG READ is also the owner of the table, they can also move the table without object privilege ALTER. Client-side export/import of catalog objects and data is now possible without the system privilege EXPORT/IMPORT.
To be able to export/import a database object on the client side, the relevant object privileges for that object are required: • •
For export, the SELECT privilege is required. For import, depending on the form of the import, INSERT/UPDATE, DROP, CREATE privileges are required. Hint: The EXPORT/IMPORT system privileges still exist. However, they are very powerful and should only be assigned to users who need to do exports/imports that involve the file system of the server on which the SAP HANA database is running.
Analytic Privilege
Figure 465: Analytic Privileges
Analytic privileges are used in the SAP HANA database to provide fine-grained control of what data particular users can see for Analytic use. They provide the ability for row-level authorization, based on the values in one or more columns. All Attribute Views, Analytic Views, and Calculation Views, which have been designed in the modeler and have been activated from the modeler of the HANA studio, are automatically supported by the Analytic Privilege mechanism. If you are already familiar with the authorization model of SAP NetWeaver Business Warehouse (SAP NetWeaver BW), you will see many similarities between the two models. The overall idea behind analytic privileges is the reuse of Analytic Views by different users. However, the different users may not be allowed to see the same data. For example, different regional sales managers, who are only allowed to see
sales data for their regions, could reuse the same Analytic View. They would get the analytic privilege to see only data for their region, and their queries on the same view would return the corresponding data. This is a major difference to the SAP NetWeaver BW model. While the concept itself is very similar, SAP NetWeaver BW would forward an error message if you executed a query that would return values you are not authorized to see. With the SAP HANA database, the query would be executed and, corresponding to your authorization, only values you are entitled to see returned. An analytic privilege consists of several restrictions. Three of these restrictions are always present and have the following special meanings: •
•
•
One restriction (cube restriction) determines for which column views (Attribute, Analytic, or Calculation Views) the privilege is used. This may involve a single view, a list of views or, by means of a wildcard, all applicable views. One restriction (activity restriction) determines the effected activity, for example, READ. This means that the activity READ is restricted and not available for use. One restriction (validity restriction) determines at what times the privilege is valid.
In addition to these three restrictions, many additional dimension restrictions are used. These are applied to the actual attributes of a view. Each dimension restriction is relevant for one dimension attribute, which can contain multiple value filters. Each value filter is a tuple of an operator and its operands, which is used to represent the logical filter condition. For example, a value filter (EQUAL 2006) can be defined for a dimension attribute YEAR in a dimension restriction to filter accessible data using the condition YEAR = '2006' for potential users. Only dimension attributes, and no measures or key figures, can be employed in dimension restrictions.
In general, the user has access to an individual, independent view (Attribute, Analytic, or Calculation View) if the following prerequisites are met: • •
The user was granted the SELECT privilege on the view or the containing schema. The user was granted an analytic privilege that is applicable to the view. An analytic privilege is applicable to a view if it contains the view in the Cube restriction and contains at least one filter on one attribute of this view.
No SELECT privilege on the underlying base tables or views of this view is required. Implement row-level security with analytic privileges •
Restrict access to a given data container to selected attribute values – – – – – –
594
Field from Attribute View Field from Attribute View used in Analytic View Private dimension of Analytic View Attribute field in Calculation View Combinations of the above Single value, range, IN-list
The Analytic Privilege mechanism is automatically enforced for all three kinds of views that can be defined using the information modeler, namely Attribute, Analytic, and calculation Views: •
•
•
Attribute Views These views are built on joins of existing column tables and views. Attribute Views cannot be nested in other Attribute Views. Analytic Views These views are multidimensional cubes with a fact table joined with multiple dimension tables. The information modeler allows Analytic Views to be associated with Attribute Views to reuse the specified join paths. However, it is not possible to use existing Attribute or Analytic Views as base views (join candidates) and use these as the basis for defining new Analytic Views. Calculation Views These views are defined using SQL script. A Calculation View is a column view defined on the output of a SQL script function. In this function, any existing views, including Attribute, Analytic, and Calculation Views, can be used, for example, in a SELECT statement. This introduces interdependencies between the views.
As of SPS 06, dynamic analytic privileges can be created in the SAP HANA studio (Modeling perspective). Repository/catalog procedures can be added to the filter list of analytic privileges. Dynamic analytical privileges provide a flexible approach for specifying user-specific filter conditions. The filter conditions are obtained by SAP HANA at runtime from a database procedure, which can contain complex logic. This makes it possible to reuse the same analytical privilege for many users.
Packages contain design-time versions of various objects, such as Analytic, Attribute, and Calculation Views, as well as Analytic Privileges, and functions. To be able to work with packages, the respective package Privileges must be granted. The SAP HANA database repository is structured hierarchically with packages assigned to other packages as subpackages. If you grant privileges to a user for a package, the user is automatically also authorized for all corresponding subpackages.
Application Privilege Developers of SAP HANA XS applications can create application privileges to authorize user and client access to their application. These privileges authorize user and client access to the application, for example to start the application or to perform administrative actions in the application. Application privileges are granted and revoked through the procedures GRANT_APPLICATION_PRIVILEGE and REVOKE_APPLICATION_PRIVILEGE procedure in the _SYS_REPO schema. Application privileges can be granted to users or roles in runtime in the SAP HANA studio. However, it is recommended that you grant application privileges to roles created in the repository. Application privileges can be granted/revoked in the SAP HANA studio.
Privileges on Users Privileges on users are SQL privileges that users can grant to other users. ATTACH DEBUGGER is the only privilege that can be granted on a user. For example, User A can grant User B the privilege ATTTACH DEBUGGER to allow User B debug SQLScript code in User A's session. User A is only user who can grant this privilege. Note: User B also needs the object privilege DEBUG on the relevant SQLScript procedure. It is not possible to grant the ATTACH DEBUGGER privilege on behalf of other users
Lesson Summary You should now be able to: • Explain the authorization concept • Explain what a Object privilege is • Explain what a SYSTEM privilege is • Explain what a package privilege is • Explain what an analytic privilege is • Explain what an application privilege is
Lesson: Roles Lesson Overview This module covers the following topics: • • •
Predelivered role Template role Support role
Lesson Objectives After completing this lesson, you will be able to: • • •
Explain the purpose of the predelivered roles Explain what a template role is Explain the purpose of the support role
Business Example For special tasks, standard roles are delivered. You need to know in which cases you can use these roles.
Overview A role is a collection of privileges that can be granted to either a user or another role in runtime. A role typically contains the privileges required for a particular function or task, for example: • • •
Business end users reading reports using client tools Modelers creating models and reports in the modeler of the SAP HANA studio Database administrators operating and maintaining the database and the users
Privileges can be granted directly to users of the SAP HANA database. However, roles are the standard mechanism of granting privileges because they allow you to implement complex, reusable authorization concepts that can be modeled on
business roles. Several standard roles are delivered with the SAP HANA database (for example, MODELING, MONITORING). You can use these as templates for creating your own roles. • • • •
•
System privileges for administrative tasks (for example, AUDIT ADMIN, BACKUP ADMIN, CATALOG READ) Object privileges on database objects (for example, SELECT, INSERT, UPDATE) Analytic privileges on SAP HANA information models Package privileges on repository packages (for example, REPO.READ, REPO.EDIT_NATIVE_OBJECTS, REPO.ACTIVATE_NATIVE_OBJECTS) Application privileges for enabling access to SAP HANA XS applications
Roles in the SAP HANA database can exist as runtime objects only, or as design-time objects in the repository of the SAP HANA database that become runtime objects on activation.
Figure 469: Types of Roles
We recommended that you model roles as design-time objects for the following reasons: Firstly, unlike roles created in runtime, roles created as design-time objects can be transported between systems. This is important for application development because it means that developers can model roles as part of their application's security concept and then ship these roles or role templates with the application. Being able to transport roles is also advantageous for modelers implementing
complex access control on analytic content. They can model roles in a test system and then transport them into a productive system. This avoids unnecessary duplication of effort. Secondly, roles created as design-time objects are not directly associated with a database user. They are created by the technical user _SYS_REPO and granted through the execution of stored procedures. Any user with access to these procedures can grant and revoke a role. Roles created in runtime are granted directly by the database user and can only be revoked by the same user. Additionally, if the database user is deleted, all roles that he or she granted are revoked. Because database users correspond to real people, this could impact the implementation of your authorization concept, for example, if an employee leaves the organization or is on vacation. Hint: The design-time version of a role in the repository and its activated runtime version should always contain the same privileges. In particular, additional privileges should not be granted to the activated runtime version of a role created in the repository. Although there is no mechanism of preventing a user from doing this, the next time the role is activated in the repository, any changes made to the role in runtime will be reverted. It is therefore important that the activated runtime version of a role is not changed in runtime.
Runtime Roles Runtime roles are created in the SAP HANA system. A role administrator creates the role in the runtime of the SAP HANA system. Runtime roles are granted directly by the database user and can only be revoked by the same user.
To create a runtime role open the role-editor by right-click on Security → Role in the SAP HANA Studio. Then select the roles and privileges that you want to include and save the role.
Design-time Roles Design-time roles are created in the development system. A developer/role designer creates the role in the repository of the development system and tests it. Therefore the following prerequisites have to be fulfiled. • • •
Authorization assigned: sap.hana.xs.ide.roles::EditorDeveloper role A shared project must exist with a suitable package for storing roles. Package privileges on the required packages
The role is transported to the production system, e.g. using HALM or CTS+ In the production system, a user administrator grants the role to end users.
Figure 472: Design-time Roles
To create a design-time role open the Editor of the Web IDE in your web browser: http://:<80instance_no>/sap/hana/xs/ide/editor Create the new role in the Content tree by right-click on the folder where you want to create the role. Then select the roles and privileges that you want to include and save the role.
Note: The role will be saved and activated in one step. If you want to only save the role, choose Settings and select Enable inactive save. An additional icon will be displayed in the toolbar: Save without Activating.
Predelivered Roles Several roles are delivered with the SAP HANA database. You can use these as templates for creating your own roles.
Figure 474: Predelivered Standard Role
PUBLIC: Contains privileges for filtered read-only access to the system views. Only objects for which the users have access rights are visible. By default, this role is assigned to each user.
Hint: Regard these roles as “templates”. Do not grant these roles, build your own roles instead. MONITORING Contains privileges for full read-only access to all meta data, the current system status in system and monitoring views, and the data of the statistics server. MODELING Contains all privileges required for using the information modeler in the SAP HANA studio. Contains the database authorization for a modeler to create all kinds of views and analytic privileges. Allows access to all data in activated views without any filter (_SYS_BI_CP_ALL Analytic Privilege). However, this is restricted by missing SQL privileges on those activated objects. Use this predefined role as a template CONTENT_ADMIN Contains the same privileges as the MODELING role, but with the extension that users allocated this role are allowed to grant these privileges to other users. In addition, it contains repository privileges for working with imported objects. Use this role as a template for what content administrators might need as privileges.
SAP_INTERNAL_HANA_SUPPORT This role contains privileges that allow access to certain low-level internal system views needed by SAP HANA development support in support situations, which otherwise would only be accessible to the SYSTEM user. All access is read only, and the role does not allow access to any customer data. The low-level internal system views are not part of the stable end-user interface and might change from revision to revision. To avoid users accidentally accessing these internal system views in applications or scripts, this role is subject to usage restrictions and should be granted only to SAP HANA development support users for their support activities. The SAP_INTERNAL_HANA_SUPPORT role can be granted to a configurable number of users. Hint: An alert notifies administrators when a user is granted the SAP_HANA_INTERNAL_SUPPORT role (see SAP Note 1991615).
Lesson Summary You should now be able to: • Explain the purpose of the predelivered roles • Explain what a template role is • Explain the purpose of the support role
Lesson: Administrative Tasks Lesson Overview This module covers the following topics: • • • • •
Create and copy users Deactivate/reactivate user Manage connection attempt Set initial password to user Managing the password policy
Lesson Objectives After completing this lesson, you will be able to: • • • •
Deactivate a user Reactivate a user Reset a locked user Manage the password policy
Business Example The user administrations includes tasks to deactivate and reactivate users and to manage the password policy. To enhance the logon security of your SAP HANA database, password rules can be configured by using specific parameters.
Creating Users When Creating a user you have to specify the following information: • • • • •
2015
User name Authentication method Validity period Session Client Authorization
Restricted user:: Hint: By default, new users created in SAP HANA can create objects within their own private schema and read public information. Restricted users initially have no privileges. Restricted users are intended for end users who access SAP HANA through applications. After creation they need to be granted the privileges/roles necessary to use the application. Restricted users initially • • •
Cannot create objects in the database (they are not authorized to create objects in their own database schema) Cannot view any data in the database (as they are not granted, and cannot be granted, the standard PUBLIC role) Can only connect via HTTP but not via ODBC or JDBC (to enable restricted users to connect via ODBC or JDBC, they need to be granted the standard roles RESTRICTED_USER_ODBC_ACCESS or RESTRICTED_USER_JDBC_ACCESS) Caution: A database user created as a restricted user cannot later be converted into a “normal” user.
User name/password authentication by specifying a user name and password Kerberos authentication (external) by specifying the user principal name (UPN) SAML authentication (external) by selecting the identity provider and then entering the user ID X.509 certificates by adding the user's public key certificate(s) SAP logon and assertion tickets
Validity period: You can specify a validity period for the user. For example, if you are creating a user for a new employee, you can enter their start date in the Valid From field. If you do not enter any values, the user is immediately and indefinitely valid. Session Client: When you create SAP HANA information models (attribute views, analytic views, and calculation views), it is possible to filter the data according to the client specified in table fields such as MANDT or CLIENT. You can specify the client relevant for the user here. Authorization: Authorization is given to the User by granting roles and privileges.
Copying Users If you are implementing user authorization through roles created in the SAP HANA repository, it is possible to create a new user by copying an existing user. The repository roles granted to the existing user are automatically granted to the new user. When copying users the user-specific information, that is, user name and authentication details are required. Additional roles and privileges could be granted to the new user.
Deactivation of Users Users can be explicitly deactivated in the SAP HANA studio. For example, if an employee temporarily leaves the company or if a security violation is detected. It is possible to deactivate and reactivate users in the SAP HANA studio. The system privilege, USER ADMIN, is required to deactivate or reactivate users in the SAP HANA studio. In the SAP HANA studio choose Security → Users. From the context menu of the user record, select Open. Reactivation of Users If the user has made too many invalid logon attempts, the administrator can use a SQL command to unlock the user account.
Additional User Parameters Additional core user parameters ( timezone, e-mail address, and locale) are available, which are needed across different scenarios and applications based on SAP HANA.
Default e-mail address Locale Priority Memory statement limit Time zone
To maintain these parameters, use the SAP HANA Studio or the following SQL statement: ALTER USER USER1 SET PARAMETER LOCALE = 'en_US.UTF-8', TIME ZONE = 'Europe/Berlin', EMAIL ADDRESS = '[email protected]' Prerequisites: • •
Users can change their own parameters (exception: validity period). To change the parameters of other users, the system privilege USER ADMIN is required.
To view the current values, you can use the USERS and USER_PARAMETERS system views. The content of these system views will be filtered according to your privileges.
Managing Password Policy If the user's password has expired, the user has to change the password to a new value. Passwords for the user name/password authentication of database users are subject to certain rules, or password policy. You can change the default password policy in line with your organization’s security requirements. You cannot deactivate the password policy. • •
Password quality (length, complexity) Blacklist of forbidden terms
The password quality is defined by several parameters, which are described in detail in the SAP HANA Security Guide. The password blacklist is a list of words that are not allowed as passwords or parts of passwords. SAP HANA checks this blacklist whenever a password is created or changed. You can specify whether the words in the blacklist are case-sensitive and whether the check applies to whole words or parts of words. The password blacklist in SAP HANA is implemented with the table _SYS_PASSWORD_BLACKLIST (_SYS_SECURITY). This table is empty when you create a new instance. The _SYS_SECURITY schema and the _SYS_PASSWORD_BLACKLIST table are owned by the SYSTEM user. It is recommended that during the initial system setup, the SYSTEM user grants change privileges for this table to a dedicated administrator user. Caution: For security reasons, even the privilege to select should be handled very carefully to prevent users from being able to view sensitive information such as a password. The password blacklist can be configured in the Security editor of the SAP HANA studio.
To change the parameter values in the “Password policy” section of the indexserver.ini, you have the following options: •
Using the Configuration tab of the SAP HANA studio; follow these steps:
•
– Open the “Administration editor” and go to the Configuration tab. – Expand the indexserver.ini section. – In the “Password policy” section, change the required parameters. Using the Security editor of the SAP HANA studio; follow these steps: –
•
Open the “Security editor” and go to the Password Policy tab.
Using a SQL statement – –
Alter system alter configuration (indexserver.ini, SYSTEM) set (password policy, ) = with reconfigure
Figure 480: Password Policy Parameters
Note: The actual parameters are contained in the password_policy section of the indexserver.ini system properties file. Although it is recommended to configure the password policy using the Security editor of the SAP HANA studio, you can also do so by editing the indexserver.ini directly. If a parameter is set to a value outside the value range, either the minimum value or the maximum value of the value range, whichever is appropriate, is used instead.
Note: The User Lock Settings (parameter password_lock_time) define the duration for which a user is locked after the maximum number of failed logon attempts. Selecting the Lock indefinitely checkbox locks a user indefinitely. This corresponds to the parameter value -1. The value 0 unlocks the user immediately. Prerequisites for changing parameters:: • •
System privilege INIFILE ADMIN (For blacklist) INSERT and DELETE privileges for either the _SYS_PASSWORD_BLACKLIST table or the _SYS_SECURITY schema
To view the contents of the INI file, use the M_INIFILE_CONTENTS view. The password policy parameters can be found in the M_PASSWORD_POLICY view. For more information about the parameter values, see the password policy parameters in the SAP HANA Security Guide.
For connectivity purpose, a technical user might be created. This technical user should never change the password. The mandatory periodic password change can now be re-enabled using SQL commands: ALTER USER DISABLE PASSWORD LIFETIME ALTER USER ENABLE PASSWORD LIFETIME
Managing SYSTEM User As the most powerful database user, SYSTEM is not intended for use in production systems. Use it to create lesser privileged users for particular purposes. •
Deactivating the SYSTEM User ALTER USER SYSTEM DEACTIVATE USER NOW
•
Resetting the SYSTEM User's Password see SAP HANA System Administration Guide
Deactivating the SYSTEM User SYSTEM is the database superuser. It has irrevocable system privileges, such as the ability to create other database users, access system tables, and so on. It is highly recommended that you do not use SYSTEM for day-to-day activities in production systems. Instead, use it to create database users with the minimum privilege set required for their duties (for example, user administration, system administration). Then deactivate SYSTEM. Execute the following statement, for example, in the SQL console of the SAP HANA studio: ALTER USER SYSTEM DEACTIVATE USER NOW The SYSTEM user is deactivated and can no longer connect to the SAP HANA database. You can verify that this is the case in the USERS system view. For user SYSTEM, check the values in the columns USER_DEACTIVATED, DEACTIVATION_TIME, and LAST_SUCCESSFUL_CONNECT. Note: You can still use the SYSTEM user as an emergency user even if it has been deactivated. Any user with the system privilege USER ADMIN can reactivate SYSTEM with the statement ALTER USER SYSTEM ACTIVATE USER NOW. To ensure that an administrator does not do this secretly, it is recommended that you create an audit policy monitoring ALTER USER statements.
Resetting the SYSTEM User's Password If the SYSTEM user's password is lost, you can reset it using the index server in emergency mode and the credentials of the operating system user. The following command resets the password: hdbindexserver -resetUserSystem.The complete procedure is described in detail in the SAP HANA System Administration Guide.
After performing this procedure the password for the SYSTEM user is reset. As you are logged on as the SYSTEM user in this console, you do not have to change this new password the next time you log on with this user regardless of your password policy configuration.
The system view M_CONNECTIONS now contains additional information about the authentication method: SELECT USER_NAME, AUTHENTICATION_METHOD FROM M_CONNECTIONS. Per default, users can only query information about themselves. Since privileges can both be assigned directly or be inherited via roles, it is often difficult to see at first glance which privileges a user has been granted. To provide better support, the view EFFECTIVE_PRIVILEGES was created.
Figure 485: Display Privileges Granted to a User
It should be mentioned that when selecting from EFFECTIVE_PRIVILEGES, you always need the condition USER_NAME = 'something' in the WHERE clause, otherwise the query will return with an error. The system view EFFECTIVE_ROLES displays the roles of the currently logged-on user. It shows both roles that were granted directly to the user, and roles that were inherited from other roles. This system view complements the system view EFFECTIVE_PRIVILEGES.
Dependency Viewer The authorization dependency viewer helps you to identify where there are invalid authorization dependencies in your object’s structure. This is particularly useful for objects with large and complex dependency structures. The authorization dependency viewer in the SAP HANA studio visualizes the object dependency structure of stored procedures and views together with the SQL authorization status of the object owner along the dependency paths. You can use the authorization dependency viewer as a first step in troubleshooting the following authorization errors for column views and procedures: • • •
NOT AUTHORIZED (258) INVALIDATED VIEW (391) INVALIDATED PROCEDURE (430)
When do authorization or invalid object errors occur?
If the object owner does not have all the required privileges on all underlying objects on which the object depends. The object owner must have both the appropriate SQL object privilege (for example, EXECUTE, SELECT) and the authorization to grant the object privilege to others (that is, WITH GRANT OPTION is set). Hint: Recommendation: Use the authorization dependency viewer only with procedures with security mode DEFINER. Procedures with security mode INVOKER are not validated correctly.
Exercise 20: Maintaining Users and Authorization Exercise Objectives After completing this exercise, you will be able to: • Create roles • Assign privileges to a role • Create a user • Assign roles to a user • Create an analytic privilege
Business Example Task 1: Create a role “ROLE_ANALYTIC_##”, where ## is your group ID and assign the following roles and privileges to your new role. Add the Object Privileges _SYS_BI and _SYS_BIC with privilege SELECT to your role. Add the Object Privilege REPOSITORY_REST with privilege EXECUTE. Add a Package Privilege to give access to repository package sap.hana.democontent.epm.models and assign authorization REPO.READ. Then deploy the role and confirm that the role has been created. Perform this task with SYSTEM user. 1.
Create a role “ROLE_ANALYTIC_##” where ## is your group ID.
2.
Add the Object Privileges _SYS_BI and _SYS_BIC with privilege SELECT to your role.
3.
Add the Object privilege REPOSITORY_REST with privilege EXECUTE to your role.
4.
Add a Package Privilege to give access to repository package sap.hana.democontent.epm.models and assign authorization REPO.READ.
5.
Deploy the role and confirm that the role has been created.
Task 2: Create a user named USER##, where ## is your group ID. Assign the role you have just created to this user. Then confirm that your user has been created. After you have created the user successfully, you can log on and add the user to the Navigator View of the HANA studio. Then confirm that your user’s schema has been created under Catalog. 1.
Create a user named USER##, where ## is your group ID.
2.
Assign the role ROLE_ANALYTIC_##, where ## is your group ID to this user.
3.
Confirm that your user has been created.
4.
Add the user to the Navigator View of the HANA studio.
Task 3: Check if the user USER## is authorized to access the Analytic View AP_PURCHASE_OVERVIEW_DE. 1.
Check if the user USER## is authorized to access the Analytic View AN_PURCHASE_OVERVIEW.
Task 4: Create a new analytic privilege, AP_PURCHASE_OVERVIEW_DE, in the package sap.hana.democontent.epm.models using the user SYSTEM.. This analytic privilege should give access to the Analytic View sap.hana.democontent.epm.models.AN_PURCHASE_OVERVIEW with restriction to the attribute SUPPLIER_COUNTRY = DE. 1.
Navigate to the Modeler Perspective and create a new analytic privilege AP_PURCHASE_OVERVIEW_DE, in the Package sap.hana.democontent.epm.models.
Task 5: Add the new analytic privilege to your role ROLE_ANALYTIC_## using the user USER##. Then test the authorizations of user USER## by selecting the Analytic View AN_PURCHASE_OVERVIEW. 1.
Add the new analytic privileges to your role ROLE_ANALYTIC_##.
2.
Select the Analytic View AN_PURCHASE_OVERVIEW to test the authorizations.
Task 6: (OPTIONAL) You need a user with authorizations for database administration. This database administrator should perform the following tasks: - all actions that any DB administrator will expect they are allowed to do and that are not specific to data schemas or repository packages. - all backup-related tasks. - create new database schemas and to Import and Export catalog objects. Create the roles which allow to perform these administrative tasks. 1.
Create a new role BASIC_ADMIN. This role collects all actions that any DB administrator will expect they are allowed to do and that are not specific to data schemas or repository packages. Therefore the following privileges should be granted: Privilege
What does it do?
System privilege CATALOG READ Read access to all metadata of the database catalog. Among other things, required to enter into the administration editor of SAP HANA studio System privilege SERVICE ADMIN
Start and stop individual services (processes) of the database
System privilege INIFILE ADMIN
Modify the database configuration
System privilege TRACE ADMIN
Start and stop database traces, change the trace levels of the kernel trace
System privilege SESSION ADMIN Kill sessions
2.
System privilege VERSION ADMIN
Trigger garbage collection of the database’s version history (part of MVCC implementation)
This role allows all backup-related tasks, such as creating a database backup or managing the backup catalog or deleting backups from disk. Therefore the following privileges should be granted: Privilege
What does it do?
System privilege CATALOG READ Read access to all metadata of the database catalog System privilege BACKUP ADMIN Access to all backup functionalities except for restore (which requires OS user credentials) 3.
Create a new role DATA_ADMIN. This role defines a user who can create new database schemas directly in the catalog and import and export catalog objects. Therefore the following privileges should be granted: Privilege
What does it do?
System privilege CREATE SCHEMA
Create new schemas directly in the database catalog
System privilege EXPORT
Export catalog objects to the DB server (csv/binary) or to the client machine
System privilege IMPORT
Import catalog objects from the DB server (csv/binary) or from the client machine
Task 7: (OPTIONAL) Create a user named ADMIN##, where ## is your group ID. Assign the database administration roles you have just created to this user. Then confirm that your user has been created. After you have created the user successfully, you can log on and add the user to the Navigator View of the HANA studio. Then confirm that your user’s schema has been created under Catalog. 1.
Create a user named ADMIN##, where ## is your group ID.
2.
Assign the roles BASIC_ADMIN, BACKUP_ADMIN, and DATA_ADMIN to this user.
3.
Confirm that your user has been created. Continued on next page
Solution 20: Maintaining Users and Authorization Task 1: Create a role “ROLE_ANALYTIC_##”, where ## is your group ID and assign the following roles and privileges to your new role. Add the Object Privileges _SYS_BI and _SYS_BIC with privilege SELECT to your role. Add the Object Privilege REPOSITORY_REST with privilege EXECUTE. Add a Package Privilege to give access to repository package sap.hana.democontent.epm.models and assign authorization REPO.READ. Then deploy the role and confirm that the role has been created. Perform this task with SYSTEM user. 1.
2.
Create a role “ROLE_ANALYTIC_##” where ## is your group ID. a)
Add the Object privilege REPOSITORY_REST with privilege EXECUTE to your role. a)
Select the Object Privileges tab and click +.
b)
Search for object REPOSITORY_REST, highlight it, and click OK
c)
Select the object that has just been added.
d)
Scroll to the right, and assign the privilege EXECUTE to object REPOSITORY_REST.
e)
Your role should now contain 3 Object privileges.
Add a Package Privilege to give access to repository package sap.hana.democontent.epm.models and assign authorization REPO.READ. a)
On the Package Privileges tab, add repository package sap.hana.democontent.epm.models.
b)
Highlight the added package privilege and select REPO.READ on the right pane. Note: These Package Privileges will allow read access to content objects in Package sap.hana.democontent.epm.models.
5.
Deploy the role and confirm that the role has been created. a)
Deploy the newly created Role by clicking the Deploy button, or click F8.
b)
Confirm the successful deploy on the role view.
c)
Also, confirm it is in the Role Catalog: Expand the content of the SAP HANA system → Security → Roles.
Task 2: Create a user named USER##, where ## is your group ID. Assign the role you have just created to this user. Then confirm that your user has been created. After you have created the user successfully, you can log on and add the user to the Navigator View of the HANA studio. Then confirm that your user’s schema has been created under Catalog. 1.
Create a user named USER##, where ## is your group ID. a)
Expand the content of the SAP HANA system → Security → Users.
b)
Right-click Users → New User.
c)
Give the user a name, USER## and internal password (e.g. Abcd1234) and confirm the password. Continued on next page
Assign the role ROLE_ANALYTIC_##, where ## is your group ID to this user. a)
Select the Granted Roles tab and click +.
b)
Search for the role you have created, ROLE_ANALYTIC_##. Select the role, then click OK.
c)
Confirm that the role has been added.
d)
Click Deploy or F8.
Confirm that your user has been created. a)
Confirm the Deploy on the tab USER##. Note: PUBLIC role has been automatically assigned.
4.
b)
Confirm your user under Users Security Catalog.
c)
Now, you can log in as the user created.
Add the user to the Navigator View of the HANA studio. a)
To add the new user USER##, open the context menu of the system node and choose Add System with Different User …
b)
Enter user Id and password and choose Finish. When prompted for a new password, enter Abcd12345, for example.
c)
Confirm your new user’s schema under Catalog.
Task 3: Check if the user USER## is authorized to access the Analytic View AP_PURCHASE_OVERVIEW_DE. 1.
Check if the user USER## is authorized to access the Analytic View AN_PURCHASE_OVERVIEW. a)
Change to the Modeler Perspective: Window → Open Perspective → Other, then select Modeler and OK. In the Navigator Pane, open the tree for user USER## to view the available packages.
b)
Under the tree for user USER## open Content → sap → hana → democontent → epm → models→ Analytic Views.
c)
Right-click Analytic View AN_PURCHASE_OVERVIEW and choose Data Preview.
d)
Choose the Raw Data tab. An error message indicating that the user is not authorized appears. Continued on next page
Task 4: Create a new analytic privilege, AP_PURCHASE_OVERVIEW_DE, in the package sap.hana.democontent.epm.models using the user SYSTEM.. This analytic privilege should give access to the Analytic View sap.hana.democontent.epm.models.AN_PURCHASE_OVERVIEW with restriction to the attribute SUPPLIER_COUNTRY = DE. 1.
Navigate to the Modeler Perspective and create a new analytic privilege AP_PURCHASE_OVERVIEW_DE, in the Package sap.hana.democontent.epm.models. a)
Right-click the package sap.hana.democontent.epm.models and choose New → Analytic Privilege …
b)
Enter name and description AP_PURCHASE_OVERVIEW_DE.
Task 5: Add the new analytic privilege to your role ROLE_ANALYTIC_## using the user USER##. Then test the authorizations of user USER## by selecting the Analytic View AN_PURCHASE_OVERVIEW. 1.
2.
Add the new analytic privileges to your role ROLE_ANALYTIC_##. a)
Navigate to the role, right-click and choose Open.
b)
Select the Analytic Privileges tab.
c)
Choose + to add new analytic privileges.
d)
Select your analytic privilege sap.hana.democontent.epm.models.AN_PURCHASE_OVERVIEW and click OK.
e)
Deploy the changes.
Select the Analytic View AN_PURCHASE_OVERVIEW to test the authorizations. a)
Under the tree for user USER## open Content → sap → hana → democontent → epm → models→ Analytic Views.
b)
Right-click AN_PURCHASE_OVERVIEW (actual data) and choose Data Preview.
c)
In the Available Objects pane, drag the field SUPPLIER_COUNTRY and drop it in the Label Axis pane.
d)
In the Available Objects pane, drag the field PRODUCTID and drop it in the Values Axis pane.
e)
In the Output pane, select the Table tab.
f)
Check the result and only values for SUPPLIER_COUNTRY DE are available.
Task 6: (OPTIONAL) You need a user with authorizations for database administration. This database administrator should perform the following tasks: - all actions that any DB administrator will expect they are allowed to do and that are not specific to data schemas or repository packages. - all backup-related tasks. - create new database schemas and to Import and Export catalog objects.
Create the roles which allow to perform these administrative tasks. 1.
Create a new role BASIC_ADMIN. This role collects all actions that any DB administrator will expect they are allowed to do and that are not specific to data schemas or repository packages. Therefore the following privileges should be granted: Privilege
What does it do?
System privilege CATALOG READ Read access to all metadata of the database catalog. Among other things, required to enter into the administration editor of SAP HANA studio System privilege SERVICE ADMIN
Start and stop individual services (processes) of the database
System privilege INIFILE ADMIN
Modify the database configuration
System privilege TRACE ADMIN
Start and stop database traces, change the trace levels of the kernel trace
System privilege SESSION ADMIN Kill sessions System privilege VERSION ADMIN
Trigger garbage collection of the database’s version history (part of MVCC implementation)
Repeat the same steps for the System Privileges SERVICE ADMIN, INIFILE ADMIN, TRACE ADMIN, SESSION ADMIN, VERSION ADMIN, LICENSE ADMIN.
i)
Select theObject Privileges tab and click +.
j)
Search for Object Privilege _SYS_STATISTICS, highlight it, and click OK.
k)
Select the object that has just been added.
l)
Scroll to the right, and assign the privilege SELECT to object _SYS_STATISTICS.
m)
2.
n)
Deploy the newly created Role by clicking the Deploy button, or click F8.
o)
Confirm the successful deploy on the role view.
p)
Also, confirm it is in the Role Catalog: Expand the content of the SAP HANA system → Security → Roles.
Create a new role BACKUP_ADMIN. This role allows all backup-related tasks, such as creating a database backup or managing the backup catalog or deleting backups from disk. Therefore the following privileges should be granted: Privilege
What does it do?
System privilege CATALOG READ Read access to all metadata of the database catalog System privilege BACKUP ADMIN Access to all backup functionalities except for restore (which requires OS user credentials) a)
Search for System Privilege CATALOG READ, highlight it, and click OK.
h)
Repeat the same steps for the System Privilege BACKUP ADMIN.
i)
Deploy the newly created Role by clicking the Deploy button, or click F8.
j)
Confirm the successful deploy on the role view.
k)
Also, confirm it is in the Role Catalog: Expand the content of the SAP HANA system → Security → Roles.
Create a new role DATA_ADMIN. This role defines a user who can create new database schemas directly in the catalog and import and export catalog objects. Therefore the following privileges should be granted: Privilege
What does it do?
System privilege CREATE SCHEMA
Create new schemas directly in the database catalog
System privilege EXPORT
Export catalog objects to the DB server (csv/binary) or to the client machine
System privilege IMPORT
Import catalog objects from the DB server (csv/binary) or from the client machine
Also, confirm it is in the Role Catalog: Expand the content of the SAP HANA system → Security → Roles.
k)
Task 7: (OPTIONAL) Create a user named ADMIN##, where ## is your group ID. Assign the database administration roles you have just created to this user. Then confirm that your user has been created. After you have created the user successfully, you can log on and add the user to the Navigator View of the HANA studio. Then confirm that your user’s schema has been created under Catalog. 1.
2.
3.
Create a user named ADMIN##, where ## is your group ID. a)
Expand the content of the SAP HANA system → Security → Users.
b)
Right-click Users → New User.
c)
Give the user a name, ADMIN## and internal password (e.g. Abcd1234) and confirm the password.
Assign the roles BASIC_ADMIN, BACKUP_ADMIN, and DATA_ADMIN to this user. a)
Select the Granted Roles tab and click +.
b)
Search for the role you have created, BASIC_ADMIN Select the role, then click OK.
c)
Repeat the same steps for the roles BACKUP_ADMIN and DATA_ADMIN..
d)
Click Deploy or F8.
Confirm that your user has been created. a)
Confirm the Deploy on the tab ADMIN##. Note: PUBLIC role has been automatically assigned.
Add the user to the Navigator View of the HANA studio. a)
To add the new user ADMIN##, open the context menu of the system node and choose Add System with Different User …
b)
Enter user Id and password and choose Finish. When prompted for a new password, enter Abcd12345, for example.
c)
Confirm your new user’s schema under Catalog.
Task 8: (OPTIONAL) Check the authorizations of the user ADMIN##. 1.
Check if the user ADMIN## is authorized to export table TRAIN##.PRODUCTS a)
At first you have to add the object privilege for schema TRAIN## Right click on the table under TRAIN## schema you just created and select Export to export the table.
b)
The table is selected. Click on Next
c) Hint: If you want or have to export the file twice , please tick option "Replace existing export in specified directory". Otherwise you would get an error message . Select Binary for format, select IIncluding data and Including dependencies, use the Default Directory which will create the export file under work directory of the HANA server then click on Finish. The directory structure index//PR/
under work directory is created and the exported files are located under this directory structure.
Check if the user ADMIN## is authorized to perform a backup a)
In the Navigator view of in SAP HANA studio, select the database (database user ADMIN##) for which you want to start a backup.
b)
From the context menu, choose Backup and Recovery → Back Up System.
c)
Then you could specify the location (directory) and the backup file prefix to use.
d)
When all the settings are correct, choose Next and Finish. The backup then starts.
3.
e)
The progress of the backup is shown for all types of services (for example, the statistics server, name server, and index servers).
f)
When all the volumes have been backed up, a confirmation message is displayed.
Check if the user ADMIN## is authorized to change configuration Parameters a)
Open the Administration Editor with the permissions of the SYSTEM user. Double-click the HANA system entry that is using the ADMIN## user for connection.
b)
Click the Configuration tab.
c)
To search for the parameter content_vendor, type a few characters (like Content) in the field Filter. Then it will search all the parameters according to what you are typing.
d)
Double-click the parameter content_vendor. The parameter is located in the file indexserver.ini in the repository section. You are not authorized to perform this action.
Lesson: SAP HANA Live Authorization Assistant Lesson Overview This lesson gives a brief overview of the Analytic Authorization Assistant in SAP HANA Live
Lesson Objectives After completing this lesson, you will be able to: •
Explain the concept of the Analytic Authorization Assistant
Business Example Introduction The applications for SAP HANA Live for SAP Business Suite are a Web-based front-end HTML5 and UI development toolkit for HTML5 (SAPUI5) on top of SAP HANA Extended Application Services (SAP HANA XS). The underlying database is SAP HANA. The following diagram provide an overview of the technical system landscape for SAP HANA Live for SAP Business Suite.
Figure 488: SAP HANA Live Scenarios
SAP HANA Live for SAP Business Suite uses the user management and authentication mechanisms provided with the SAP HANA appliance software. Therefore, the security recommendations and guidelines for user administration and authentication as described in the SAP HANA Security Guide apply.
The user interfaces of SAP HANA Live for SAP Business Suite rely on the access control mechanisms of the underlying SAP HANA database. As a prerequisite, it is assumed that every business user (any user accessing SAP HANA Live content in the SAP HANA database) is created as a named SAP HANA database user. To control the business user’s access to SAP HANA Live application content and displayed data, the relevant authorization settings have to be configured within the SAP HANA database. SAP does not deliver any predefined privileges or roles for SAP HANA Live for SAP Business Suite business users. Instead, read access privileges for SAP HANA Live business users have to be configured on the customer side in conformity with the customer’s authorization requirements.
Analytic Authorization Assistant With the SAP HANA Live Authorization Assistant, you can provide users authorizations in the SAP HANA system that is required to access business data displayed by the virtual data model of SAP HANA Live. For this, SAP HANA Live Authorization Assistant take those permissions into account that the same users already have in ABAP-based Business Suite application. SAP HANA Live Authorization Assistant is used to manage both the analytical privileges that are restricting access to specific business data, and the object privileges that are controlling the database views the user uses to report. Authorization profiles are defined and managed using transactions in ABAP — based application systems. In a scenario that is supported by SAP HANA Live Authorization Assistant, access to business data is primarily defined using PFCG
on the ABAP-based system, and then using the Authorization Assistant converted to respective permissions in the HANA system. For this automatic conversion, SAP delivers metadata for all the relevant views of the virtual data model, which defines the mapping between the authorization fields of authorization objects and the respective attributes of views. For a selected SAP NetWeaver ABAP user, SAP HANA Live Authorization Assistant generates the analytic privileges based on his/her assigned PFCG authorizations and collects them with the request SELECT object privileges in a role. Then, you can make the follow-up assignments of the role inside SAP HANA Studio. SAP HANA Live Authorization Assistant is integrated into the SAP HANA Studio but can be installed as a separate plug-in too.
Generating Analytic Privileges With the SAP HANA Live Authorization Assistant, you can convert existing ABAP PFCG authorizations for a user to respective permissions in the HANA system. In particular, the tool generates analytic privileges and roles, which combine the analytic privileges with the required SELECT object privilege for query views to control the data that users can access.
Transformation of User’s ABAP Authorizations into Analytic Privileges for SAP HANA The analytic privileges in SAP HANA are created according to view-specific mapping rules that exist between authorization objects and view attributes, based on the logic below from the users’ authorization data stored in ABAP systems: • • • •
Multiple values for the same authorization field of the same authorization object are combined with logical OR. Different authorization fields of the same authorization object are combined with logical AND. Different authorization objects are combined with logical OR. Interval values for authorizations maintained using the FROM and TO fields and the asterisk wildcard are taken into account while generating the analytic privileges for users.
Metadata to Generate Analytic Privileges The conversion of users’ ABAP PFCG authorizations into HANA permissions are based on view specific metadata. This metadata defines the mapping between the authorization fields of authorization objects and respective attributes of views. SAP delivers the required metadata for all the relevant query views of the virtual data model. For customer created views, the metadata is defined with the view as specific properties.
Unit Summary You should now be able to: • Explain how to handle user management and user provisioning • Explain the user and role concept in SAP HANA • Explain how to maintain users' roles • Explain how to maintain SAP HANA privileges • Explain the authorization concept • Explain what a Object privilege is • Explain what a SYSTEM privilege is • Explain what a package privilege is • Explain what an analytic privilege is • Explain what an application privilege is • Explain the purpose of the predelivered roles • Explain what a template role is • Explain the purpose of the support role • Deactivate a user • Reactivate a user • Reset a locked user • Manage the password policy • List tables and views that support the user management • Analyze which privileges a user has been granted • Explain the concept of the Analytic Authorization Assistant
Unit 12 High Availability and Disaster Tolerance Unit Overview This unit will discuss how you can reach high availability and disaster tolerance in your system.
Unit Objectives After completing this unit, you will be able to: • • • • •
Explain the continuous availability scenarios for SAP HANA Explain the high availability scenarios for SAP HANA Understand the basics of SAP HANA scale out Understand the possibilities for configuration of a distributed system Understand the scenarios for disaster recovery support
Unit Contents Lesson: Continuous Availability ...............................................648 Lesson: High Availability .......................................................651 Lesson: SAP HANA Scale Out................................................655 Exercise 21: Installing a SAP HANA Scale Out System ..............669 Lesson: Disaster Recovery ....................................................681
Lesson: High Availability Lesson Overview The objective of this lesson is to clarify how you can reach a high availability of SAP HANA.
Lesson Objectives After completing this lesson, you will be able to: •
Explain the high availability scenarios for SAP HANA
Business Example Overview about High Availability for SAP HANA SAP HANA is fully designed for high availability. It supports recovery measures ranging from faults and software errors, to disasters that decommission an entire data center. High availability is the name given to a set of techniques, engineering practices, and design principles that support the goal of business continuity. High availability is achieved by eliminating single points of failure (fault tolerance), and providing the ability to rapidly resume operations after a system outage with minimal business loss (fault resilience). Fault recovery is the process of recovering and resuming operations after an outage due to a fault. Disaster recovery is the process of recovering operations after an outage due to a prolonged data center or site failure. Preparing for disasters may require backing up data across longer distances, and may thus be more complex and costly.
The key to achieving high availability is redundancy, including hardware redundancy, network redundancy, and data center redundancy. SAP HANA provides several levels of defense against failure-related outages: 1.
2.
3.
4.
Hardware Redundancy – SAP HANA appliance vendors offer multiple layers of redundant hardware, software, and network components, such as redundant power supplies and fans, enterprise grade error-correcting memories, fully redundant network switches and routers, and uninterrupted power supplies (UPS). Disk storage systems use batteries to guarantee writing even with a power failure, and use striping and mirroring to provide redundancy for automatic recovery from disk failures. Generally speaking, all these redundancy solutions are transparent to SAP HANA's operation, but they form part of the defense against system outage due to single component failures. Software – SAP HANA is based on SUSE Linux Enterprise 11 for SAP and includes security preconfigurations (for example, minimal network services). Additionally, the SAP HANA system software also includes a watchdog function, which automatically restarts configured services (index server, name server, and so on), in case of detected stoppage (killed or crashed). Persistence – SAP HANA persists transaction logs, savepoints and snapshots to support system restart and recovery from host failures, with minimal delay and without loss of data. Standby and Failover – Separate, dedicated standby hosts are used for failover, in case of failure of the primary, active hosts. This improves the availability by significantly reducing the recovery time from an outage.
As an in-memory database, SAP HANA is not only concerned with maintaining the reliability of its data in the event of failures, but also with resuming operations with most of that data loaded back in memory as quickly as possible. SAP HANA supports the following recovery measures from failures: •
Disaster recovery support: Backups: Periodic saving of database copies in safe place Storage replication: Continuous replication (mirroring) between primary storage and backup storage over a network (may be synchronous)
•
System replication: Continuous update of secondary system by primary system, including in-memory table loading Fault recovery support: Service auto-restart: Automatic restart of stopped services on host (watchdog) Host auto-failover: Automatic failover from crashed host to standby host in the same system
Lesson: SAP HANA Scale Out Lesson Overview This lesson describe how you can expand your SAP HANA system.
Lesson Objectives After completing this lesson, you will be able to: • •
Understand the basics of SAP HANA scale out Understand the possibilities for configuration of a distributed system
Business Example Scaling SAP HANA There are two general approaches you can take to scale your SAP HANA system: •
•
2015
Scale up This means increasing the size of one physical machine by increasing the amount of RAM available for processing. Scale out This means combining multiple independent computers into one system. The main reason for distributing a system across multiple hosts (that is, scaling out) is to overcome the hardware limitations of a single physical server. This means that an SAP HANA system can distribute the load between multiple servers. In a distributed system, each index server is usually assigned to its own host to achieve maximum performance. It is possible to assign different tables to different hosts (partitioning the database), as well as to split a single table between hosts (partitioning of tables).
One technique you can use to deal with planned data growth is to purchase more physical RAM than is initially required, to set the allocation limit according to your needs, and then to increase it over time to adapt to your data. Once you have reached the physical limits of a single server, you can scale out over multiple machines to create a distributed SAP HANA system. You can do this by distributing different schemas and tables to different servers (complete data and user separation). However, this is not always possible, for example, when a single fact table is larger than the server's RAM size. The most important strategy for scaling your data is data partitioning. Partitioning supports the creation of very large tables (billions of rows) by breaking them into smaller chunks that can be placed on different machines. Partitioning is transparent for most SQL queries and other data manipulations.
Scale Out: Database Landscape You can generally consider using an SAP HANA scale-out architecture to deal with larger amounts of data or for higher availability. If you need to use more memory or more CPU power beyond the limitation of a single physical hardware box, you can use a distributed landscape consisting of multiple hosts. A host is the server or blade on which you create an individual node of a system.
An installed SAP HANA system is identified by a system id (SID). It is perceived as one unit from the perspective of the administrator, who can install, update, start up, shut down, or back up the system as a whole. The different components of the system see the same metadata and requests from client applications, which can be transparently dispatched to different servers in the system.
Figure 493: Distributed SAP HANA System
A distributed SAP HANA system is a system that is installed on more than one host. Otherwise, it is a single-host system. A host is a machine (comprised of CPU, memory, storage, network, and operating system) that runs parts of the SAP HANA system. An SAP HANA instance is the set of components of a distributed system that are installed on one host. The figure above shows a distributed system that runs on three hosts. In this example, each instance has an index server, a preprocessor server, and a name server. The instance on host 1 also contains the statistics server, which exists only once per system. The index server contains all the database and processing components. Each index server is a separate operating system process and also has its own disk volumes. When processing database operations, index servers may need to forward the execution of some operations to other servers that own data involved in the operation. In each SAP HANA system, there is one master index server. It stores the metadata and contains the master transaction manager that coordinates distributed transactions involving multiple index servers. Database clients may send their requests to any index server. If the contacted index server does not own all data involved, it will delegate the execution of some operations to other index servers, collect the result, and return it to the database client.
In a distributed system, a central component is required that knows the topology and how data is distributed. This component is the name server. The name server knows which tables, table replicas, or partitions of tables are located on which index server. When processing a query, the index servers ask the name server about the locations of the involved data. To prevent a negative impact on performance, the topology and distribution information is replicated and cached on each host. In each SAP HANA system, there is one master name server that owns the topology and distribution data. This data is replicated to all other name servers, called slave name servers. The slave name servers write the replicated data to a cache in shared memory from where the index servers of the same instance can read it. The master name server has its own persistence where it stores name server data (topology, distribution data). The slave name servers have no persistence because they are only holding replicated data. For testing and debugging, it is possible to copy a scale-out landscape to a single node!
Figure 494: SAP HANA Scale Out – Test and Simulation
Configuring Scale Out SAP HANA is offered in two ways – in the form of an appliance, delivered in a number of different configurations and "sizes" by certified hardware partners, or as part of a cloud-based service. This creates different system design options with respect to scale-up and scale-out variations. To maximize performance and throughput, SAP recommends that you scale up as far as possible (acquire
the configuration with the highest processor and memory specification for the application workload), before scaling out (for deployments with even greater data volume requirements). Note: The SAP HANA hardware partners have different building blocks for their scale-out implementations. Therefore, you should always consult your hardware partner when planning your scale-out strategy. As part of setting up a distributed system, you need to configure the network parameters. Make sure you do this before you add additional hosts because one server needs to be available so that you can connect to the SAP HANA studio. You map hostnames to IP addresses by editing the section internal_hostname_resolution in the global.ini file.
Figure 495: Monitoring Landscape Overview from SAP HANA Studio
Figure 496: File System for a Distributed Installation (1)
During installation, directories for data (default is /usr/sap//global/hdb/data) and log area (default is /usr/sap//global/hdb/log) are defined. The next directory level is mnt00001, mnt00002 and so on, where each worker host uses exactly one directory. Installing Master and Slave Servers of multiple storages mounted at mnt00..., because the number of directories does not change when new services are added. The next level is the actual volume hdb00001, hdb00002, with one directory per service. Note: There is no storage volume assigned to the Standby server.
Figure 497: File System for a distributed Installation (2)
Parameter System Default Value Lowest free instance number available on the Instance number host /usr/sap Note: You can only accept this default value during the installation if you install a single-host system. You must change this default path if you plan to create a distributed system. Installation path Home directory /usr/sap//home. Number with value x+1where x is the highest existing ID of the user ID on the current host Group ID.
Up to 3 master name-servers can be defined. During startup one server gets elected as active master. The active master assigns a volume to each starting index server or no volume in case of standby servers. • • •
• • • •
Hosts can be added and removed out of a living Scale-out setup. If a host is to be removed, data sitting on this host has to be redistributed to other hosts in the scale-out setup. The remaining hosts of the scale-out arrangement must be able to cope with the data amount according to the sizing rules for SAP HANA (max. 50% occupation with persistent data). After the data is redistributed, the host can be extracted. This process can be supported within the SAP HANA studio: Landscape → Configuration (context menu of hostname). Be careful to start a new Backup History after doing such a kind of topology changes. For more information, refer to the SAP HANA Administration Guide. Note: To ensure that you can recover your system to a point in time after you added the host, we recommend that you stop productive operations until you have added the host and performed a new, complete data backup. Note: After you remove a host from your system, you must perform a data backup to ensure that you can recover the database to a point in time after you removed the host.
Data Distribution SAP HANA supports different ways of distributing data between multiple index servers in a single system: • •
Different tables can be assigned to different index servers, which normally run on different hosts (database partitioning). A table can be split in a way that different rows of the table are stored on different index servers (table partitioning).
When a non-partitioned table is created in a distributed system, it must be assigned to one index server. By default, new tables are distributed across available index servers using a round-robin approach. For example, if there are three available index servers A, B, and C (including the master), the first table created will be located on server A, the next one on server B, the next on server C, and so on. In addition, it is also possible to specify explicitly that a table or a partition be created on a specific index server.
Scale-out requirements for BW and the Business Suite are different due to load and data structures: BW: OLAP load with few to many concurrent users • • •
Read: typically rather long-running queries, reading many data ... Write: batch-inserts Many joins/views according to star schema
Business Suite: OLTP load with many concurrent users • • •
Read: many single records ... Write: many single records ... Rather few joins/views
Consequences •
•
Cross-node joins are critical for both the Business Suite and BW, but common data structures (star schema, master data) make static optimization (without analysis of actual load) in BW easier Partitioning is easier in BW due to common data structures (e.g. partition objects by time)
Data Distribution using SAP BW on HANA: • •
• • •
Tables are partitioned and the partitions distributed over the different nodes This distribution works well in a rather static environment (Fact, DataStore Object (DSO), and Persistent Staging Area (PSA) tables in BW), but not within the Business Suite OLAP load benefits from parallel processing of queries Sizing of SAP HANA for SAP BW offers detailed information about the size of row and columnar store, including its expected temporal development HW setups are defined with these BW requirements (SAP Note 1637145)
Data Distribution using SAP Business Suite on HANA: Scale-out scenarios with multiple worker nodes to scale memory are not yet released for Suite on HANA. It is recommended to scale up memory by using a hardware configuration that maximizes the available database memory. Suite on HANA plans to offer an own specific definition of data distribution. Regarding the availability of multi-node scenarios (scale out) for Suite on HANA, refer to SAP note 1825774. Redistribution of data tables is available. • • •
664
Necessary if additional hosts are added to an existing scale-out cluster This process can be supported from within the SAP HANA studio: Landscape → Redistribution For more information, refer to the SAP HANA Administration Guide
Scale Out and High Availability High-availability enables the failover of a node within one distributed SAP HANA appliance. Failover uses a cold standby node and gets triggered automatically.
Figure 501: Introduction to High Availability
Master name-server failure: In case of a master name-server failure, another of the remaining name-servers will become active master. Index-server failure: The master name-server detects an index-server failure and executes the failover. During the failover, the master name-server assigns the volume of the failed index-server to the standby server.
Host auto-failover is a local “N+m” (m is often 1) fault recovery solution that can be used in addition or as an alternative measure to system replication. One (or more) standby hosts are added to an SAP HANA system, and configured to work in standby mode. As long as they are in standby mode, the databases on these hosts do not contain any data and do not accept requests or queries. This means they cannot be used for other purposes such as quality or test systems. When an active (worker) host fails, a standby host automatically takes its place. Since the standby host may take over operation from any of the primary hosts, it needs shared access to all the database volumes. This can be accomplished by a shared, networked storage server, by using a distributed file system, or with vendor-specific solutions that use a SAP HANA programmatic interface to dynamically detach and attach (mount) networked storage upon failover.
Figure 503: Scale Out: High Availability Implementation
In support of host auto-failover, database clients can be configured with the connection information of multiple hosts, optionally including the standby host. SAP HANA clients that were configured to reach the original host need to be sent to the standby host after host auto-failover. One approach is a network-based (IP or DNS) approach. Alternatively, SQL/MDX database clients can be configured with the connection information of multiple hosts, optionally including the standby host (a multi-host list is provided in the connection string). The client connection code (ODBC, JDBC, and so on) will try to connect to one of these (using a “round-robin” approach), and upon successful connection receives the updated connection configurations. This ensures that clients can continue to reach the SAP HANA database, even after failover.
High availability scenarios in a multi-node cluster with a standby-node are released for the SAP Business Suite on HANA, but are restricted to the simplest case of two servers (one worker, one standby) only, since scale-out in general is not yet supported for Suite on HANA. Note: Some use cases (for example, SAP BW powered by HANA) might have different requirements or recommendations for minimal setups (for example, BW has a defined setup for SAP HANA Scale-Out – SAP Note 1637145). Note: In case of any problems during installation. e.g. when you have cancel the installation please have an look on SAP note 1780484HANA upgrade fails with 'ERR: Cannot open install registry'
Exercise 21: Installing a SAP HANA Scale Out System Exercise Objectives After completing this exercise, you will be able to: • Work with PuTTY • Connect to the Linux desktop using the Remote Desktop Connection • Install a SAP HANA Scale Out System.
Business Example The results from the hardware sizing project, conducted with the SAP Quicksizer Tool and the knowledge of the SAP Hardware Partner, show that the SAP HANA production system should be a Scale Out system. It’s your task to install the SAP HANA Scale Out system. Caution: The SAP HANA Scale Out system will be installed on the wdflbmt7194 and wdflbmt7195. This means that you have to work together with your colleague administrator on the other server. The system landscape for the Scale Out installation is shown in the graphic below.
Task 1: Login to the SAP HANA host using PuTTY Use PuTTY to verify that the nfs connection between hosts wdflbmt7194 and wdflbmt7195 is setup. You can use the username and password as provides in the below. Username : ha200root Password : ha200_KPS$ 1.
Check that the directory hanaDist is shared between the servers wdflbmt7194 and wdflbmt7195.
Task 2: If the check of task 1 was negative please go on with this Task otherwise with TASK 3 A shared directory is needed, which is mounted on both hosts. 1.
Please create the directory /hanaDist/shared.
2.
Now you have to mount the directory /hanaDist . Please enter the following command .
Task 3: login to the SAP HANA Server using Remote Desktop (RDP) The SAP HANA Scale Out installation will be performed using the installation tool hdblcmgui. To be able to use the graphical installer you need to login to the SUSE Enterprise desktop on your SAP HANA host. 1.
Use the Microsoft Remote Desktop (RDP) tool to connect once to the SUSE Enterprise desktop on the host wdflbmt7194 with the username and password provided in the previous task.
2.
On host wdflbmt7194 you can use the following username and password. Username : ha200root Password : ha200_KPS$
Task 4: Use hdblcmgui to install the SAP HANA Scale Out System Start the SAP HANA Scale Out System installation the using the graphical installation tool hdblcmgui. 1.
Install the SAP HANA Scale Out System using the properties specified below:
Task 5: Checking the SAP HANA Scale Out file system after installation After the installation you want to check if everything was installed in the correct locations. 1.
Use PuTTY or Remote Desktop to check the following directories Directory
Solution 21: Installing a SAP HANA Scale Out System Task 1: Login to the SAP HANA host using PuTTY Use PuTTY to verify that the nfs connection between hosts wdflbmt7194 and wdflbmt7195 is setup. You can use the username and password as provides in the below. Username : ha200root Password : ha200_KPS$ 1.
Check that the directory hanaDist is shared between the servers wdflbmt7194 and wdflbmt7195. a)
Use PuTTY to login on the host wdflbmt7195 and execute the command: df -h | grep /hanaDist The result is shown in the screenshot below.
Figure 506: Check nfs setup
If not please continue with TASK 2 otherwise with TASK 3
Task 2: If the check of task 1 was negative please go on with this Task otherwise with TASK 3 A shared directory is needed, which is mounted on both hosts. 1.
Now you have to mount the directory /hanaDist . Please enter the following command . a)
mount -a Please check that /hanaDist is now mounted correctly by executing the command. df -h or more sophisticated df -h | grep /hanaDist As result you should get more detailed information about this directory like you see in the upper figure.
Task 3: login to the SAP HANA Server using Remote Desktop (RDP) The SAP HANA Scale Out installation will be performed using the installation tool hdblcmgui. To be able to use the graphical installer you need to login to the SUSE Enterprise desktop on your SAP HANA host. 1.
Use the Microsoft Remote Desktop (RDP) tool to connect once to the SUSE Enterprise desktop on the host wdflbmt7194 with the username and password provided in the previous task. a)
In the Citrix session start Remote Desktop Connection using the Windows Start Menu → Remote Desktop Connection
Figure 507: Linux RDP Login
2.
On host wdflbmt7194 you can use the following username and password. Username : ha200root
When presented the SUSE Linux Enterprise Desktop login screen enter the username/password provided above.
Figure 508: Login on the SUSE Linux Enterprise Desktop
Task 4: Use hdblcmgui to install the SAP HANA Scale Out System Start the SAP HANA Scale Out System installation the using the graphical installation tool hdblcmgui. 1.
Install the SAP HANA Scale Out System using the properties specified below:
a)
Parameter
Value
SAP HANA System ID
MHS
Instance number
10
System Type
Multi-Host System
host wdflbmt7194
Master
host wdflbmt7195
Standby
To install the SAP HANA Multi-Host System MHS follow the screenshot instructions below.
Figure 513: Enter password, check summary and installation logs
Task 5: Checking the SAP HANA Scale Out file system after installation After the installation you want to check if everything was installed in the correct locations. 1.
Use PuTTY or Remote Desktop to check the following directories
/hanaDist /usr/sap /hanaDist/data /hanaDist/shared a)
Change to the directories in the table below with the command: cd and display the content with the command: ls -l. When listing the directories you should see at least the following content Directory
Task 6: Checking the SAP HANA services You want to check if all the SAP HANA service are running on the SAP HANA host. 1.
Using PuTTY and the mhsadm user to on the command line to check the SAP HANA services. a)
Use the already opened PuTTY session and change to the shsadm user with the command: su - mhsadm To see if all the SAP HANA service are running execute the command: HDB info The screenshot below show the output of the HDB info command.
Lesson Summary You should now be able to: • Understand the basics of SAP HANA scale out • Understand the possibilities for configuration of a distributed system
Lesson: Disaster Recovery Lesson Overview This lesson describes the techniques available for disaster recovery support.
Lesson Objectives After completing this lesson, you will be able to: •
Understand the scenarios for disaster recovery support
Business Example Hardware errors may be the course of data loss. To prevent your system from such a data loss, you plan to realize a scenario for disaster recovery support.
Overview SAP HANA offers three levels of disaster recovery: support backups, storage replication, and system replication. Backups SAP HANA uses in-memory technology, but of course it fully persists any transaction that changes the data, such as row insertions, deletions, and updates, so it can resume from a power outage without loss of data. SAP HANA persists two types of data to storage: transaction redo logs and data changes in the form of savepoints. A transaction redo log is used to record a change. To make a transaction durable, it is not required to persist the complete data when the transaction is committed. Instead, it is sufficient to persist the redo log. Upon an outage, the most recent consistent state of the database can be restored by replaying the changes recorded in the log, redoing completed transactions and rolling back incomplete ones. A savepoint is a periodic point in time, when all the changed data is written to storage, in the form of pages. One goal of performing savepoints is to speed up the restart: When starting up the system, logs need not be processed from the beginning, but only from the last savepoint position. Savepoints are coordinated across all processes (called SAP HANA services) and instances of the database to ensure transaction consistency. By default, savepoints are performed every five minutes, but this can be configured. Savepoints normally overwrite older savepoints, but it is possible to freeze a savepoint for future use; this is called a snapshot. Snapshots can be replicated in the form of full data backups, which can be used to restore a database to a specific
point in time. This can be useful in the event of data corruption, for instance. In addition to data backups, smaller periodic log backups ensure the ability to recover from fatal storage faults with minimal loss of data. Savepoints can be saved to local storage, and the additional backups can be additionally saved to backup storage. Local recovery from the crash uses the latest savepoint, and then replays the last logs, to recover the database without any data loss. If the local storage was corrupted by the crash, it is still possible to recover the database from the data and log backups, possibly with loss of some data. Regular shipping backups to a remote location over a network or via couriers can be a simple and relatively inexpensive way to prepare for a disaster. Depending on the frequency and shipping method, this approach may have a recovery time ranging from hours to days. Storage Replication One drawback of backups is the potential loss of data between the time of the last backup and the time of the failure. Terefore, a preferred solution is to provide continuous replication of all persisted data. Several SAP HANA hardware partners offer a storage-level replication solution, which delivers a backup of the volumes or file system to a remote, networked storage system. In some of these vendor-specific solutions, which are certified by SAP, the SAP HANA transaction only completes when the locally persisted transaction log has been replicated remotely. This is called synchronous storage replication. Synchronous storage replication can be used only where the distance between the primary and backup site is relatively short (typically 100 kilometers or less), allowing for submillisecond round-trip latencies. Due to its continuous nature, storage replication (sometimes also called remote storage mirroring) can be a more attractive option than backups, as it reduces the amount of time between the last backup and a failure. Another advantage of storage replication is that it also enables a much shorter recovery time. This solution requires a reliable, high bandwidth and low latency connection between the primary site and the secondary site. See SAP Note 1755396 Released DT solutions for SAP HANA with disk System Replication. System Replication System replication employs an “N+N” approach, with a secondary standby system that is configured as an exact copy of the active, primary system. Each service instance of the primary SAP HANA system communicates with a counterpart in the secondary system. The secondary system can be located near the primary system to serve as a rapid failover solution for planned downtime, or to handle storage corruption or other local faults, or, it can be installed in a remote site to be used in a disaster recovery scenario. Like storage replication, this disaster recovery option requires a reliable link between the primary and secondary sites. The instances in the secondary system operate in recovery mode. In this
mode, all secondary system services constantly communicate with their primary counterparts, replicate and persist data and logs, and load data to memory. The main difference is that the secondary system does not accept requests or queries.
Figure 515: Replication Technologies
Storage Replication The mirroring is offered on the storage system level. It will be offered together with the appliance as a special offering by our partners. The hardware partner will define how this concept is finally realized with his operation possibilities. Performance impact is to be expected on data changing operations as soon as the synchronous mirroring is activated. The impact depends strongly on various external factors like distance, connection between data centers, etc. The synchronous writing of the log with the concluding COMMITs is the crucial part here. In case of an emergency, the primary data center is not available any more and a process for the take-over must be initiated. So far a lot of customers have wished to have a manual process here, but an automated process is also able to be implemented. This take-over process then would end the mirroring officially, will mount the disks to the already installed HANA software and instances, and start up the secondary database side of the cluster. If the hostnames and instance names on both sides of the cluster are identical, no further steps with hdbrename are necessary.
It would be possible to run a development and/or QA instance of the three-tier installation on this secondary cluster hardware, simply to utilize it until the take-over is executed. The take-over then would stop these Dev. and/or QA instances and mount the production disks to the hosts. It would require an additional set of disks for the Dev. and QA instance. To offer this additional option of active-active operation is planned by several hardware partners. The same applies to asynchronous mirroring solutions for distant data centers (>100km). Some hardware partners have concepts available to offer this asynchronous Storage Replication, SAP note 1755396
Figure 517: Storage Replication with QA and Dev. System on 2nd Site
Figure 518: Certified HANA Hardware
System Replication With SAP HANA System Replication, available since HANA SPS5, we transport delta data and log continuously on the database level and do not need features on the storage level. It offers a lot of management and setup options. The big advantage are the faster take-over times because the data is already mostly loaded
on a secondary system. The same applies to synchronous transfer. This is first of all the easier case and the asynchronous case will follow beginning of next year. With the latter, longer time distances can be implemented. SAP HANA System Replication will be extended over the next SPSs. Next year, one goal is to transport data only once during initialization of the secondary system and afterwards only log is transferred synchronously or asynchronously. Fast take-over times are expected because all transactions are replayed immediately on secondary site as soon as the transaction is committed on primary system. This will also ensure that the data is completely loaded on secondary site through the transactional operations. With an asynchronous solution, longer time distances between primary and secondary site (hours to days) is planned to be offered as well.
Figure 519: System Replication – Overview
A cluster across data centers with DB controlled transfer is realized by System Replication. Advantages: • • • •
686
Memory is continuously loaded on a secondary site as a preparation for the possible take-over and occupies resources. Switch over faster than with storage replication/mirroring (2-5 min.). During the take-over to the secondary site, only a roll.forward since the latest synchronization point is necessary. Very short performance ramp (only minutes not hours without preparation).
The hardware (Memory & CPU) is actively used on the secondary site for the standby/shadow processes.
SAP HANA System Replication is SAP’s shadow database solution with SAP HANA. The technology is similar to other shadow technologies on the database market. SAP plans to extend this solution over the next SPSs with new features (async, near zero downtime maintenance, secondary backups, multiple Secondaries (1:n) etc.) and optimize the transfer process. This longer process is planned to mostly accomplished next year with the extension to drive the shadow transfer process completely on log replication (of course an initial data transfer is always needed). Today SAP HANA System Replication still needs a certain delta data transfer which is planned to be reduced in this optimization process. On the other hand, HANA can already offer a decent shadow database solution for this kind of requirements. Log shipping by recovering log backup files on a secondary system depends on the same technology. Both concepts need some changes in the management of the SAP HANA database internally, which has to be implemented first. Both ideas are on the agenda of HANA’s future, probably by the end of next year. There are also plans to offer the secondary site for active operation for applications like read-only reporting. This would offer a real active/active setup (from the application perspective) with the option to withdraw reporting load away from the primary HANA system to the shadow HANA system.
Figure 520: System Replication with QA and Dev. System on 2nd Site
The shadow HANA instance on Secondary needs about 50 to 100 GB of main memory to receive the log and data packages and transfer this to the local persistence. Take care to keep this memory free by limiting the resource requirements on the other QA or DEV systems. Define the max. memory usage of the other HANA instance with the database parameter global_allocation_limit so that the sum of all instances fit and keep about 100 GB free for the shadow instance. Use secondary servers for non-productive systems under the following conditions: • • • • •
Turn off column preload (preload_column_tables=false) in primary and secondary. Non-productive systems must have their own disk infrastructure. Non-Productive systems have to be turned off with takeover of the productive system. Keep some memory free for shadow database instances on the secondary hardware. Of course, with running QA/DEV and using the resources of the secondary HW, the secondary shadow HANA instance can not be prepared for the take-over (preload of table structures) and the performance ramp will be considerably longer.
Advantages: • • • • •
QA/Dev. operated on secondary site (mixed cost calculation) Synchronous and asynchronous (SPS6) solution available Impact of synchronous solution on Primary is at about 10% (in contrast to about 25% with storage replication) Transfer process from Primary to Secondary is optimized and lesser transfer amount necessary compared to Storage Replication. During the take-over to the secondary site, only a roll forward since the latest data synchronization point is necessary.
Disadvantages: • • • • •
Table and column data cannot continuously be loaded into memory on the secondary site. Hardware (memory & CPU) is actively used for QA/Dev. and partly for the standby/shadow processes. Take-over similar to storage mirroring (20 to 30 min. at best). Performance Ramp is similar to storage mirroring (1-3 hours). QA and Dev. need their own disk infrastructure carefully separated to not face influencing effects on each other.
The minimal setup for System Replication in one data center for fast takeovers is shown in the following figure.
Replication Modes When the secondary system is started in recovery mode, each service component establishes a connection with its counterpart, and requests a snapshot of the data in the primary system. From then on, all logged changes in the primary system are replicated. Whenever logs are persisted in the primary system, they are also sent to the secondary system. A transaction in the primary system is not committed until the logs are replicated. What this means in detail can be configured by choosing one of the log replication modes.
The primary system is informed to enable System Replication. The secondary database has to be stopped. Content will be wiped out during initial load with full data backup later during initial start of replication. The secondary system is advised to connect to the primary system and informs about the attempt to start the System Replication standby process. • • • •
•
2015
This process is secured with certificates, and so on. One comment does it all: hdbnsutil Both sides have to have the same number of active and standby hosts with the same sizing (memory, CPU). SAP HANA itself handles the relationships of, for example, scale-out setups on both sides (primary to secondary) and how communication is established with which counterpart. Communication takes place internally between sites on TREXnet.
The primary system is creating an internal data package similar to a full data backup and transfers this initially to the secondary site. The transport happens asynchronously. Log information is started to be transferred in parallel to the initial data transfer. The log is transported asynchronously until the commit of the finished transaction occurs. With the commit, also all other not yet transferred or written log information and the final commit have to be written synchronously before the primary productively used database is allowed to continue transactional work. All load and unload operations of main indexes/table columns are monitored and offered with the incremental data transfer to the secondary system. These main indexes/table columns are then loaded or unloaded equivalently to memory to be prepared for the takeover.
Incremental transport: 1.
2.
Small incremental backups with the help of the shadow memory concept operation of SAP HANA are started to transfer delta data package regularly every 10 minutes (default parameter setting is 600 seconds) to the secondary site. With this delta data information, also information of the loaded main indexes into SAP HANA on the primary site are transferred to the secondary site to prepare the main memory there with these main indexes on the secondary site too.
System replication between two SAP HANA database systems can be set up using the SAPHANA studio or hdbnsutil. The configuration tasks on the primary and secondary systems to set up system replication using the SAP HANA studio are shown in the following figures. With this configuration, you have the possibility to recover from a data center outage by switching to a secondary site. Configure the Primary System using SAP HANA studio.
After setting up the secondary system for system replication, you can monitor the status of the replication in SAP HANA studio. The Administration Editor of the primary system shows the general status and detailed information of the system replication.
Figure 526: Check and Monitor System Replication
Performing a Takeover If a disaster occurs where the primary data center is no longer available, a failover to the secondary data center takes place. In case of a takeove,r the secondary site can find the latest savepoint in place on the data disk area. This is the starting point like in case of the usual database restart, but a lot of huge data packages (main indexes) are already preloaded in
memory like on primary before takeover. This supports the restart dramatically. Based on this initial savepoint on secondary, the log replay can start and roll the database forward to the latest point in time. •
•
In a synchronous state, no committed transaction is lost. The open transaction will have to be restarted and clients will reconnect for this to SAP HANA. Synchronous setups are meant for distances up to 50-100 km. In case of an asynchronous setup (planned for SAP HANA SPS6), there probably will be some loss. This depends on the time period where the secondary site was not reachable or the line was to weak to cope with the data transfer fast enough. These setups are usually used for longer distances between data centers of 100 km and more, but are also possible if the impact of the standby process is not allowed to feedback into daily operation (change performance).
Figure 527: System Replication: Takeover
The takeover can be performed using the SAP HANA studio or sending a takeover command using hdbnsutil.
An additional script is provided with SAP HANA that helps you decide when a takeover should be carried out. This script called landscapeHostConfiguration.py is provided so that SAP HANA itself can communicate its status: • • •
SAP HANA is OK. SAP HANA will be OK after a host auto-failover, for example. Or not enough instances are started and a takeover would be useful.
A takeover is only recommended when the return code from the script is 1 (error).
Zero Downtime Maintenance HANA SPS7 offers Zero Downtime Maintenance together with SAP HANA System Replication. System Replication can be used to upgrade your SAP HANA systems because the secondary system can run with a higher software version than the primary system. As a prerequisite, System Replication is configured and active between two identical SAP HANA systems. If System Replication is active, you can first upgrade the secondary system to a new revision and have it take over the role of the primary system. The takeover takes few minutes only and committed transactions or data are not lost. You can then do an upgrade on the primary system, which is now in the role of secondary.
The secondary system can be initially installed with the new software version or upgraded to the new software version when replication has already been configured. After the secondary has been upgraded, all data has to be replicated to the secondary system (having already the new software version). When the secondary system is ACTIVE (all services have synced), a takeover has to be executed on the secondary system. This step makes the secondary system productive with the new software version.
Unit Summary You should now be able to: • Explain the continuous availability scenarios for SAP HANA • Explain the high availability scenarios for SAP HANA • Understand the basics of SAP HANA scale out • Understand the possibilities for configuration of a distributed system • Understand the scenarios for disaster recovery support
Unit 13 Multitenant Database Containers Unit Overview This unit will introduce multitenant database containers. It gives a short overview about the architecture and the changes in administration tasks when using multitenant database containers.
Unit Objectives After completing this unit, you will be able to: • • • • • • •
Explain the architecture of multitenant database containers. distinguish between global administration tasks and administration tasks for a tenant database manage and control the memory and CPU usage of a tenenat database describe security aspects when using multitenant database containers explain the backup concept for multitenant database containers. perform a backup of the system database perform a backup a tenant database
Unit Contents Lesson: Architecture and Technology ........................................702 Lesson: Administration of Multitenant Database Containers..............707 Lesson: Backup and Recovery of Multitenant Database Containers ....718
Lesson: Architecture and Technology Lesson Overview This lesson gives a brief overview of the architecture of multitenant database containers.
Lesson Objectives After completing this lesson, you will be able to: •
Explain the architecture of multitenant database containers.
Business Example Overview In a multiple-container system, only the system database runs the name server. The name server contains landscape information about the system as a whole, including which tenant databases exist. It also provides indexserver functionality for the system database. Unlike the name server in a single-container system, the name server of the system database in a multiple-container system does not own topology information, that is, information about the location of tables and table partitions in databases. Database-related topology information is stored in the relevant tenant database catalog. Tenant databases require only an own index server. Servers that do not persist data, such as the compile server and the preprocessor server, run on the system database and serve all databases. The XS server runs embedded in the (master) index server of the tenant database by default, although it can be added as a separate service if necessary. The SAP Web Dispatcher, which runs as a separate database service on the system database, is used to route incoming HTTP requests from clients to the correct XS server based on virtual host names. This is part of network configuration. A SAP HANA multitenant database containers system has one SID and one HANA software version: • • •
702
Shared installation of database system software Tenant databases are identified by name or port Additive sizing for all tenant database
Strong isolation features, each tenant database has its own: • •
Database admin and end users, database catalog, repository, persistence, backups, traces and logs Tenants memory sizing and CPU consumption can be configured independently
Integration with SAP HANA data center operation procedures, housekeeping, backups, etc.
The system database is created during installation of a multiple-container system. It contains information about the system as a whole and all tenant databases. It is used for central system administration. A multiple-container system has exactly one system database. It is created during system installation or migration from a single-container system. It contains the data and users for system administration. System administration tools, such as the SAP HANA studio, can connect to this database. The system database stores overall system landscape information, including knowledge of the tenant databases that exist in the system. However, it doesn't own database-related topology information, that is, information about the location of tables and table partitions in databases. Database-related topology information is stored in the relevant tenant database catalog
Administration tasks performed in the system database apply to the system as a whole and all of its databases (for example, system-level configuration settings), or can target specific tenant databases (for example, backup of a tenant database).
Scale-Out-Scenario A system with multitenant database containers can be distributed across several hosts. To ensure availability, an instance of the system database runs on all hosts (worker and standby) in a single master and multiple workers configuration. Tenant databases can be created on worker hosts and existing databases can be scaled out through the addition of services. If a host fails, the standby instance will fail over all active databases and their services. The following figure shows a scale-out-scenario for a multiple-container system with 3 tenant databases distributed across 4 hosts (3 worker and 1 standby). If host 2 goes down, the standby host becomes active. The tenant DBs normally running on host 2 will become active on the standby host.
Migration of a Single Database to a Multitenant Database System SAP HANA single database system can be migrated to a multitenant database system. This step is irrevocable. • • • •
System database will be generated Single DB will be converted into a tenant DB automatically No changes to application/customer data Migration does not occur automatically with SPS09 upgrade Must be explicitly triggered Single DB is SPS09 default, MDC is optional
Lesson Summary You should now be able to: • Explain the architecture of multitenant database containers.
Related Information •
706
[Enter an optional reference using the URL tag to additional information that learner may find useful. Examples include websites or whitepapers. Delete if not used.]
Lesson: Administration of Multitenant Database Containers
Lesson: Administration of Multitenant Database Containers Lesson Overview This lesson gives you an overview on the administration tasks when using multitenant database containers.
Lesson Objectives After completing this lesson, you will be able to: • • •
distinguish between global administration tasks and administration tasks for a tenant database manage and control the memory and CPU usage of a tenenat database describe security aspects when using multitenant database containers
Business Example Administration Tasks Overview In SAP HANA systems that support multitenant database containers, there is a distinction between administration tasks performed at system level and those performed at database level. Unlike a single-container system in which system and database are perceived as a single unit and are therefore administered as one, multiple-container systems have two levels of administration.
Some administration tasks are performed in the system database and apply globally to the system and all its databases. They include for example: • • • •
Starting and stopping the whole system Monitoring the system Configuring parameters in configuration (*ini) files at system level Setting up and configuring tenant databases, for example: – – –
• •
Creating and dropping tenant databases Disabling features on tenant databases Configuring system- and database-specific parameters in configuration (*ini) files – Scaling out tenant databases by adding services – Backing up individual databases Backing up the whole system, including all tenant databases Recovering the whole system, including all tenant databases
Some administration tasks are performed in the database and apply only to that database. They include for example: • • • • •
Monitoring the database Provisioning database users Creating and deleting schemas, tables, and indexes in the database Backing up the database Configuring database-specific parameters in configuration (*ini) files
Start and Stop As a system administrator, you can start or stop tenant databases either individually, or all at once by starting the whole system. Starting and Stopping of a SAP HANA system containing multitenant database containers affects the system database and all tenant databases. Note: If you stop a tenant database individually, you can subsequently only start it again individually. It will not be started with a full system (re)start. A tenant database could be started
Lesson: Administration of Multitenant Database Containers
A tenant database could be stopped and started individually from the system database using the SQL statement ALTER SYSTEM START | STOP DATABASE. • •
ALTER SYSTEM START DATABASE ALTER SYSTEM STOP DATABASE Note: If you stopped the database, it is a hard stop. The database is stopped immediately even if users are connected. Open transactions are aborted and rolled back; no savepoint operation is forced. It is not possible to back up a stopped database.
Setting Parameters and Managing Ressources The configuration (*.ini ) files of the SAP HANA system contain properties for configuring the system as a whole and individual tenant databases, hosts, and services. In multiple-container systems, system configuration files have an additional layer database to facilitate the configuration of properties for individual databases. Database-specific properties can be configured at both the system and database level. Those configured at the system level apply to all databases, while those configured at the database level apply to a specific database. It is possible to configure database-specific properties at the system level only from the system database. Database-specific properties can be configured at both the database level from the system database or from the relevant database. For properties that can be configured at the system, host, and database level, the value configured at database level takes precedence. If properties are configured at database level, a database-specific configuration file is stored at the following location on the server: /hana/shared/$SID/global/hdb/custom/config/DB_
Configuration change blacklist To ensure the stability and performance of the overall system or for security reasons, it may be necessary to prevent certain system properties from being changed by tenant database administrators, for example, properties related to resource management. A configuration change blacklist (multidb.ini) is available for this purpose. This blacklist contains several critical properties by default. You can customize the default configuration as well as add further properties by editing the file in the SAP HANA studio
Note: Properties in the blacklist can still be configured at all levels in the system database. Tenant database administrators cannot change the properties in the configuration change blacklist. If they try, they will get the error message: Change not allowed for tenant database.
Resource Management of Multitenant Database Containers It is possible to manage and control the memory and CPU usage of your multiple-container system by configuring limits for individual tenant databases. Several system properties allow you to influence the allocation of memory and CPU resources in SAP HANA systems. System properties (INI) files have a database layer to facilitate the configuration of properties for individual tenant databases. The following properties are particularly useful for influencing the resource consumption of tenant databases. •
Memory Limits the maximum amount of memory that can be allocated to all processes of a given tenant DB.
•
CPU Limits the number of concurrently running threads used by the SAP HANA job executer
Lesson: Administration of Multitenant Database Containers
The parameter memorymanager.allocationlimit – in file indexserver.ini of each tenant DB limits the maximum amount of memory that can be allocated to all processes of a given tenant DB. The current allocation limit can be viewed by selecting ALLOCATION_LIMIT from M_SERVICE_MEMORY Example (From within the SYSTEMDB): ALTER SYSTEM ALTER CONFIGURATION ('indexserver.ini', 'DATABASE', 'MYDB') SET ('memorymanager', 'allocationlimit') = '8192' WITH RECONFIGURE Note: Stop and start is not required if ‘WITH RECONFIGURE’ is included. The parameter execution.max_concurrency - in file indexserver.ini of each tenant DB directly influences the maximum number of CPU cores that can be utilized per tenant DB This parameter limits the number of concurrently running threads used by the SAP HANA job executer the current runtime value can be viewed by select ' MAX_CONCURRENCY' from the 'M_JOBEXECUTORS' view Example (From within the SYSTEMDB): ALTER SYSTEM ALTER CONFIGURATION ('indexserver.ini', 'DATABASE', 'MYDB') SET ('execution', 'max_concurrency') = '4' WITH RECONFIGURE Note: Stop and start is not required if ‘WITH RECONFIGURE’ is included.
System Views and Diagnosis Files in Multiple-Container Systems The SYS schema containing SAP HANA system views is available in the system database and all tenant databases. Several views contain specific information for monitoring multitenant database containers. System views are located in the SYS schema. In a system with multitenant database containers, every database has an SYS schema with system views that contain information about that database only. In addition, the system database has a further schema, SYS_DATABASES, which contains views for monitoring the system as a whole. The views in the SYS_DATABASES schema provide aggregated information from a sub-set of the views available in the SYS schema of all tenant databases in the system. These union views have the additional column DATABASE_NAME to allow you to identify to which database the information refers. To be able to view information in these views, you need the system privilege DATABASE ADMIN. In a system with multitenant database containers, the trace files of the system database are stored at the default location: /usr/sap//HDB//trace.
Trace files of tenant databases are stored in a sub-directory named DB_.
Security Administration Unlike a single database system in which system and database are a single unit and administered as one, additional security aspects have to be considered in a MDC system. Security Aspects of Multitenant Database Containers: • • • •
Clients connect via dedicated ports to individual databases Security-relevant features are configurable per database Only controlled access between databases Tenant databases are created and managed from the system database Note: No direct access to tenant database table content from the system database
Figure 534: Security Functions Overview
• • • •
712
Separate user administration for the system database and all tenant databases. Individual auditing for every database. Individual data volume encryption for tenant databases . Separate encryption for the external and internal communication channels of individual tenant databases.
Lesson: Administration of Multitenant Database Containers
Users and Authorizations In a system with multitenant database containers each tenant database has its own database admin and end users. The system database and all tenant databases each have their own SYSTEM user. The SYSTEM user of the system database has additional privileges for managing tenant databases, for example, creating and dropping databases, changing configuration (*.ini) files of databases, and performing database-specific data backups. In a multiple-container system, system privileges granted to users in a particular multitenant database container authorize operations in that database only. The only exception is the system privilege DATABASE ADMIN. This system privilege can only be granted to users of the system database. It authorizes the execution of operations on individual tenant databases. For example, a user with DATABASE ADMIN can create and drop tenant databases, change the database-specific properties in configuration (*.ini) files, and perform database-specific backups.
Figure 535: Overview: User Administration
In a multiple-container system, privileges granted to users in a particular database authorize access to and modification of database objects in that database only. That is, unless cross-database access has been enabled for the user. This is made possible through the association of the requesting user with a remote identity on the remote database. Cross-Tenant Database Access
There are use cases where queries should run across tenant databases. In multiple-container systems, read-only queries across database containers are supported but not enabled by default. Read-only queries between multitenant database containers are possible through the association of the requesting user with a remote identity on the remote database(s). Cross-database queries (federation) are supported in SQL engine and Calculation engine. Every tenant database in a multiple-container system is self-contained with its own isolated set of database users and isolated database catalog. However, to support in particular cross-application reporting, cross-database SELECT queries are possible. This means that database objects such as tables and views can be local to one database but be read by users from other databases in the same system. A user in one database can run a query that references objects in another database if the user is associated with a sufficiently privileged user in the remote database. This associated user is called a remote identity. This is the user who executes the query (or part of the query) in the remote database and therefore the user whose authorization is checked. Cross-database access is not enabled by default and must be configured before such user mappings can be set up.
Figure 536: Cross Database Queries between Multitenant Database Containers
By default cross database access between tenants is inactive. To be able to run queries spanning multiple tenant databases the global cross database access switch has to be turned on. And a whitelist of databases that are allowed to communicate with each other has to be set up.
Lesson: Administration of Multitenant Database Containers
Activation of cross-tenant database access: • • •
Turn on cross-tenant database communication (run this from SYSTEM database only). Whitelisting a cross-tenant database communication channel (from SYSTEM database only). Add a remote identity to the requesting user on the remote database Hint: Communication channels are uni-directional by default (i.e. “one way street”). They can be made bi-directional by explicitly defining the configuration in reverse.
If enabled, a user from one tenant database can execute queries in another tenant database if this user is mapped to a user with “remote identity” there. • • •
A user in the target database can only be associated with one user in the source database The association is unidirectional Only the SELECT privileges of the user in the target database are considered during a cross-database query, all other privileges of the remote user are ignored.
Auditing Auditing can be enabled individually for every database in a multiple-container system. For tenant databases, the relevant system property ([auditing configuration] global_auditing_state) is set in the database's own global.ini file. For the system database, it is set in the nameserver.ini file. Tenant database administrators cannot configure audit trail targets independently for their database. The default target for all audit trails in tenant databases is internal database table. The system administrator may change the default audit trail targets for tenant databases by changing the relevant property ([auditing configuration] *_audit_trail_type) in the global.ini file.
Encryption in Multitenant Database Containers Data volume encryption can be enabled individually for tenant databases in a multiple-container system. Ideally, you enable encryption immediately after installation or upgrade of SAP HANA. This also applies to systems installed in multiple-container mode. Any subsequently created tenant databases will then automatically have encryption enabled. If a particular tenant database does not require encryption, the tenant database administrator can switch it off independently of the system in the Security editor of the SAP HANA studio.
If encryption is not enabled after system installation, you can enable it retroactively in the Security editor either for all tenant databases together by making the setting in the system database, or for individual tenant databases by making the setting in the relevant tenant database. Caution: Enabling data volume encryption after a tenant database has been created and is already in operation does not provide complete protection. Due to the shadow memory nature of SAP HANA persistence, outdated versions of pages may still remain unencrypted on disk. To attain complete protection, you need to perform a data backup, drop the tenant database, clean the disk space, create the tenant database again, enable encryption, and then perform a data recovery. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) can be configured separately for the external and internal communication channels of individual tenant DBs. Therefore separate key store and trust stores must be available and configured for each tenant DB
Lesson: Administration of Multitenant Database Containers
Lesson Summary You should now be able to: • distinguish between global administration tasks and administration tasks for a tenant database • manage and control the memory and CPU usage of a tenenat database • describe security aspects when using multitenant database containers
Lesson: Backup and Recovery of Multitenant Database Containers Lesson Overview This lesson explain the backup concept for multitenant database containers.
Lesson Objectives After completing this lesson, you will be able to: • • •
explain the backup concept for multitenant database containers. perform a backup of the system database perform a backup a tenant database
Business Example Backup of Multitenant Database Containers Multitenant database containers follow the usual SAP HANA backup/recovery principles: • • • • • • •
718
Data backups are initiated manually or scheduled via scripts/tools such as DBA Cockpit Log backups are carried out automatically if the log mode is set to NORMAL (recommended for production) Backup information is stored in the backup catalog Different backup destinations are supported: backups to the file system, backups to 3rd party backup tools Database copies using backup/recovery are supported for individual databases Recovery options: point-in-time recovery, recovery to a specific data backup Tool support: SAP HANA Studio, DBA Cockpit, command line (SQL statements)
Lesson: Backup and Recovery of Multitenant Database Containers
Figure 537: Overview: Backup of Multitenant Database Containers
Specific properties of multitenant database container backup/recovery: •
• • •
The system database plays a central role. It can initiate both backups of the system database itself and of individual tenant databases. Recoveries are always initiated by the system database Tenant databases can carry out their own backups unless this has been prohibited in the system configuration System database and tenant databases have their own backup catalogs. Snapshots are currently not supported
Multitenant database containers: Backing up the system database Data backups of the system database are needed on a regularly basis. The system database contains information about the system as a whole and all tenant databases and is used for central system administration.
Figure 538: Multitenant database containers: Backing up the system database
A data backup of the system database could be performed using SAP HANA studio. Therefore right-click on the system database in the Systems view and choose Backup and Recovery → Backup Up System Database .... Then specify your backup settings and start the backup.
Multitenant database containers: Backing up a tenant database Since data backups of the system database only contain information about the system as a whole, also data backups of the tenant databases are needed on a regularly basis. The tenant databases contain the business data. They have their own index servers.
Lesson: Backup and Recovery of Multitenant Database Containers
Figure 539: Multitenant database containers: Backing up a tenant database
A data backup of a tenant database could be performed using SAP HANA studio. Therefore right-click on the system database in the Systems view and choose Backup and Recovery → Backup Up Tenant Database .... Then select the tenant database to be backed up and specify your backup settings and start the backup. Note: Depending on the system configuration, it may also be possible to initiate a data backup directly from a tenant database.
Viewing backup information Backup information is contained in the backup catalog. With SAP HANA multi-tenant database containers, the system database and each tenant database have their own backup catalog. It is possible to display the backup information for all databases or for a specific tenant database. For housekeeping purposes it is possible to delete old backups from the backup catolag only, or also from the file system/3rd party backup tool.
Recovery of Multitenant Database Containers For SAP HANA multi-tenant database containers, you can recover the system database. You can also recover a tenant database via the relevant system database. System database and tenant database/s can be recovered one by one in the same
system (recovery) or in a different system (system copy) of the type SAP HANA multi-tenant database containers. For a recovery, source database and target database must have identical configurations. A recovery of the system database may be be needed, for example, if there are physical errors in the system database’s volumes. • • • • •
The whole system will be shut down, including all tenant databases. Specify your recovery type and further recovery settings and start the recovery. The system database will be recovered and restarted. Restart the tenant databases. The tenant databases’ content is not affected by the system database recovery.
A recovery of a tenant database may be required, for example, if a logical error occurred in the tenant database • • • •
722
Recovery of tenant databases can only be initiated from the system database. The system database and other tenant databases are not affected. Select the tenant database to be recovered Specify your recovery type and further recovery settings and start the recovery.
Lesson: Backup and Recovery of Multitenant Database Containers
Lesson Summary You should now be able to: • explain the backup concept for multitenant database containers. • perform a backup of the system database • perform a backup a tenant database
Unit Summary You should now be able to: • Explain the architecture of multitenant database containers. • distinguish between global administration tasks and administration tasks for a tenant database • manage and control the memory and CPU usage of a tenenat database • describe security aspects when using multitenant database containers • explain the backup concept for multitenant database containers. • perform a backup of the system database • perform a backup a tenant database
Appendix 1 Deep Diving into Memory Management and Persistence
Page Attribute Access and SAP HANA smart data access Paged Attribute Access Starting with SAP HANA SPS 06 (Revision 60) it is possible to activate paged attributes for a column-store table. By doing so, SAP HANA can read attribute structures from disk based on pages, which reduces the overhead of keeping data in memory that is not required.
Appendix 1: Deep Diving into Memory Management and Persistence
HA200
Figure 541: Paged Attribute Access – Activation
Figure 542: Paged Attribute Access – Things to be Considered
Hybrid LOBs Since it potentially consumes lots of memory, storing LOBs (BLOB, CLOB, NCLOB) inside of row and column store tables is not reasonable in many cases. Starting with SAP HANA SPS 06 LOBs can be stored in virtual files inside of HANA.
Appendix 1: Deep Diving into Memory Management and Persistence
HA200
Figure 545: Hybrid LOBs – Details on the Migration
Hint: Syntax details and additional options can also be found in the SAP HANA SQL and System Views Reference. Smart Data Access SAP HANA smart data access enables remote data to be accessed as if they are local tables in SAP HANA, without copying the data into SAP HANA.
Appendix 1: Deep Diving into Memory Management and Persistence
Figure 546: SAP HANA Smart Data Access – Overview
Not only does this capability provide operational and cost benefits, but most importantly it supports the development and deployment of the next generation of analytical applications which require the ability to access, synthesize and integrate data from multiple systems in real-time regardless of where the data is located or what systems are generating it.
Figure 547: SAP HANA Smart Data Access – Features
In SAP HANA virtual tables can be created which point to remote tables in different data sources. Customers can write SQL queries in SAP HANA, which could operate on virtual tables. The SAP HANA query processor optimizes these queries, and executes the relevant part of the query in the target database, returns the results of the query to SAP HANA, and completes the operation.
Appendix 1: Deep Diving into Memory Management and Persistence
HA200
The supported remote data sources are the following: • • • •
Teradata Database: version 13.0 SAP Sybase IQ: version 15.4 ESD#3 and 16.0 SAP Sybase Adaptive Service Enterprise: version 15.7 ESD#4 Intel Distribution for Apache Hadoop: version 2.3 (This includes Apache Hadoop version 1.0.3 and Apache Hive 0.9.0.)
Figure 548: New or Improved Smart Data Access Features in SAP HANA SPS 07
Smart data access has first been released with SAP HANA SPS 06. With SPS 07 of SAP HANA certain features were added and enhanced: •
Expanded Remote Source Systems Support: With SAP HANA SPS 07 smart data access supports new data sources such as Oracle 12c, Microsoft SQL Server ver11 and Hadoop Hortonworks HDP 1.3
•
Extended DML Support on Virtual Tables: Smart data access supports inserting, updating and deleting data in virtual tables. The inserted data is transferred to the remote database on-the-fly. It is also updated transactionally on-the-fly and deleted on-the-fly transactionally from the remote database. Insert/Update/Delete support is provided for the supported datasources. Note: Limitation: There is no support of inserts, updates and deletes for BLOB/CLOB and no support of correlated queries.
Appendix 1: Deep Diving into Memory Management and Persistence
When creating a calculation view, it is possible to add virtual tables as data sources. Optimizations such as push down of filters are also supported in these scenarios. Note: Limitations: no support of aggregate / group by / order by function push down •
Generic Adapter Framework: Add support for new ODBC data sources by providing connectivity configuration files.
•
Remote Caching for Hadoop Sources: When SAP HANA dispatches a federated query to HIVE, it involves series of ‘map’ and ‘reduce’ job execution. This could take few minutes to hours to complete a query depending on the data size in Hadoop and the current cluster capacity. In most cases, the data in Hadoop cluster is not frequently updated and successive execution of map/reduce jobs might result in same tuples. As of SPS 07, HANA allows this result view to be materialized in the remote system thus avoiding the repetitive execution of the same query. This behavior can be controlled by hinting the optimizer to use remote caching.
•
Configuration Validation Utility – hdbsdautil: The utility checks drivers and dependency files of a given data source type. It can also connect to remote database with given credential information and run queries with/without result set display. Hint: Details on how to add remote data sources and create virtual tables can be found in the SAP HANA Administration Guide.
The dynamic tiering option allows to move cooler, or large-volume data, out of SAP HANA tables and into extended tables.
Figure 549: Key Aspects of Dynamic Tiering
The SAP HANA dynamic tiering option is a native big data solution for SAP HANA. The dynamic tiering option adds smart, disk-based extended storage to your SAP HANA database. Dynamic tiering enhances SAP HANA with large volume, warm data management capability. The dynamic tiering option adds the extended storage service to your SAP HANA system. You use the extended storage service to create the extended storage store and extended tables. Extended tables behave like all other HANA tables, but their data resides in the disk-based extended storage store.
Your application automatically determines which tier to save data to: the SAP HANA in-memory store (the hot store), or extended storage (the warm store). When you use dynamic tiering to place hot data in SAP HANA in-memory tables, and warm data in extended tables, highest value data remains in memory, and cooler less-valuable data is saved to the extended store. This can reduce the size of your in-memory database.
Appendix 3 Transaction Management and Concurrency Control
Multi Version Concurrency Control If someone is reading from a database at the same time as someone else is writing to it, it is possible that the reader will see half-written or inconsistent pieces of data. There are several ways of solving this problem, known as concurrency control methods. The simplest way is to make all readers wait until the writer is done, which is known as a lock. This can be very slow, so SAP HANA takes a different approach with Multi Version Concurrency Control (MVCC): each user connected to the database sees a snapshot of the database at a particular instant in time. Any changes made by a writer will not be seen by other users of the database until the changes have been completed (or, in database terms: until the transaction has been committed). MVCC enables long-running read transactions without blocking update transactions and a high level of parallelization using insert only data records. SAP HANA supports transactional consistency which guarantees that the current job is either completely applied to the system or disposed.
Appendix 3: Transaction Management and Concurrency Control
HA200
Figure 551: Different Status of Reading and History Files
When SAP HANA needs to update an item of data, it will not overwrite the old data with new data, but instead mark the old data as obsolete and add the newer version elsewhere (see also graphic above). Thus, there are multiple versions stored, but only one is the latest. This allows readers to access the data that was there when they began reading, even if it was modified or deleted part way through by someone else. It also allows the database to avoid the overhead of filling in holes in memory or disk structures but requires (generally) the system to periodically sweep through and delete the old, obsolete data objects.
Appendix 3: Transaction Management and Concurrency Control
Depending on the transaction isolation level, different transaction may see different versions of data even if they read it at the same time. The graphic above shows an example.
Transaction Isolation Levels MVCC can be used to implement different transaction isolation levels. SAP HANA supports both transaction level snapshot isolation and statement level snapshot isolation. With transaction level snapshot isolation, all statements of a transaction see the same snapshot of the database. This snapshot contains all changes that were committed at the time the transaction started, plus the changes made by the transaction itself. Transaction level snapshot isolation roughly corresponds to SQL isolation level “repeatable read”. With statement level snapshot isolation, different statements in a transaction may see different snapshots of the database. Each statement sees the changes that were committed when the execution of the statement started. This isolation level corresponds to SQL transaction isolation level“read committed”. Note: If required, it is also possible to lock a table exclusively. This needs to be triggered by the application respectively database user. The graphic below depicts transaction level snapshot isolation in detail. In the timeline there are five transactions and two versions of data item D: • • •
•
2015
The initial version V1 of the data item is created by transaction T1 and committed. Version V1 is updated by transaction T3 (new version V2 created). Following the principle of transaction level snapshot isolation, since T2 and T4 have started before T3 committed the changes, they still see version V1 even if they read after T3 is committed. Since transaction T5 starts when the change performed by T3 is already committed, T5 reads the new version V2.
SAP NetWeaver SAP's integrated technology computing platform
744
Sapadm
SAP Host Agent Administrator contains all required elements for centrally monitoring any host.
SCM
Supply Chain Management
Solution Manager
It provides central access to tools methods and preconfigured content that you can use during the evaluation, implementation, and productive operation of your systems.
SQLDBC
SQL Database Connectivity is a runtime library that enables applications to execute SQL statements in the database.
Feedback SAP SE has made every effort in the preparation of this course to ensure the accuracy and completeness of the materials. If you have any corrections or suggestions for improvement, please record them in the appropriate place in the course evaluation.