1. • On AMD64/Intel 64, boot from the installation media. From the boot menu, select Installation.

   • On POWER, follow the instructions in the SUSE Linux Enterprise Server documentation, see Deployment Guide, Part “Installation Preparation”, Chapter “Installation on IBM POWER” (https://documentation.suse.com/sles-15).

   

   Figure 3.1: Installation media boot menu #

     

   While the initial operating system is starting, you can view boot messages by pressing Esc. When this process has completed, the graphical installation workflow will start. As the first step, the installation workflow will check for updates for itself. After that, it will be ready to start the installation.

2. Select the default system language under Language.

   

   Figure 3.2: Language, keyboard and product selection #

     

3. Select the appropriate keyboard layout under Keyboard Layout. To test whether the selected layout matches your physical keyboard, use the text box Keyboard Test.

4. SLE 15 SP2 provides a single installation ISO for the entire product line. Therefore, you need to select the product to install on this page.

   Under Product to install, choose SUSE Linux Enterprise Server for SAP Applications 15 SP2.

5. Read the license agreement. If you agree, select I Agree to the License Terms. Proceed with Next.

   Otherwise, cancel the installation with Abort › Abort Installation.

6. (Optional) If automatic network configuration via DHCP fails, the screen Network Settings will open.

   If instead the screen Registration appears, your network connection works. To change network settings anyway, click Network Configuration.

   When you are finished configuring networking, proceed with Next.

   

   Important: Configure networking as recommended by SAP

   Make sure to configure the network connection as recommended in the documentation provided to you by SAP.

   For information about configuring networking, see Administration Guide, Chapter “Basic Networking”, Section “Configuring a Network Connection with YaST” (https://documentation.suse.com/sles-15).

7. On the screen Registration, enter your E-mail Address and Registration Code. Successful registration is a prerequisite for receiving product updates and the entitlement to technical support.

   Proceed with Next.

   

   Important: Register at this step

   Make sure to register your system at this step in the installation. Otherwise, you can only install a minimal SLE system and will not receive updates.

   To install a full (but not updated) SLES for SAP system without network access during the installation, use the SLE 15 SP2 Packages ISO image from https://download.suse.com. You can then choose Skip registration on this page and select the SLE 15 SP2 Packages ISO image as an add-on product on the next page.

   

   Figure 3.3: Registration #

     

8. When asked whether to enable update repositories, choose Yes.

9. After the system is successfully registered, YaST lists available modules for SUSE Linux Enterprise Server for SAP Applications from the SUSE Customer Center. The default selection covers the most common cases. To enable an additional module, activate its entry.

   

   Note: Release notes

   From this point on, the Release Notes can be viewed from any screen during the installation process by selecting Release Notes.

   Proceed with Next.

10. (Optional) The Add On Product dialog allows you to add additional software sources (so-called “repositories”) to SUSE Linux Enterprise Server for SAP Applications, that are not provided by the SUSE Customer Center. Such add-on products may include third-party products, drivers, or additional software for your system.

11. Choose the System Role. System roles are predefined use cases which tailor the system for the selected scenario. For SUSE Linux Enterprise Server for SAP Applications, you can choose between:

    • SLES for SAP Applications: Default, recommended for most situations. This system role contains the following properties:

      • Supports the installation wizard for SUSE Linux Enterprise Server for SAP Applications.

      • Enables RDP access (Remote Desktop Protocol).

      • Provides special partitioning recommendations.

    • SLES with GNOME: Can be necessary in specific cases. This installation path is not covered in this document. For more information about this installation path, see Installation Quick Start, Section “Installing SUSE Linux Enterprise Server” (https://documentation.suse.com/sles-15).

    Additional system roles are available for specific use cases (High Availability, text mode, minimal, and KVM/XEN virtualization hosts).

    Proceed with Next.

    

    Figure 3.4: System role #

      

1. Choose whether to enable the following options:

   • To install an SAP Application along with the system, activate Launch the SAP Installation Wizard right after the operating system is installed.

   • To enable RDP access (Remote Desktop Protocol) to this machine, activate Enable RDP service and open port in firewall.

     For more information about connecting via RDP, see Chapter 13, Connecting via RDP.

2. Review the proposed partition setup for the volumes /dev/system/root and /dev/system/swap. The volume /dev/system/data will be created later, as described in Section 2.7, “Partitioning”.

   Suitable values are preselected. However, if necessary, change the partition layout. You have the following options:

   Guided setup

   Create a new partitioning suggestion based on your input.

   Expert partitioner

   Open the Expert Partitioner described in Deployment Guide, Chapter “Advanced Disk Setup”, Section “Using the YaST Partitioner” (https://documentation.suse.com/sles-15).

   For partitioning advice specific to SUSE Linux Enterprise Server for SAP Applications, see Section 2.7, “Partitioning”.

   To accept the proposed setup without changes, proceed with Next.

   

   Figure 3.5: Suggested partitioning #

     

3. Select the clock and time zone to use on your system. To manually adjust the time or to configure an NTP server for time synchronization, choose Other Settings. For detailed information, see Deployment Guide, Chapter “Installation with YaST”, Section “Clock and Time Zone” (https://documentation.suse.com/sles-15).

   Proceed with Next.

4. Type a password for the system administrator account (called root) and repeat the password under Confirm Password. You can use the text box Test Keyboard Layout to make sure that all special characters appear correctly.

   In case you would like to enable password-less authentication via SSH login, you can import a key via Import Public SSH Key. If you want to completely disable root login via password, upload a key only and do not provide a root password. A login as system administrator will only be possible via SSH using the respective key in this case.

   For more information, see Deployment Guide, Chapter “Installation with YaST”, Section “Password for the System Administrator root” (https://documentation.suse.com/sles-15).

   Proceed with Next.

   

   Important: Do not forget the root password

   The user root has the permission to carry out all administrative tasks. Without this password, you cannot log in to the system as root. The password entered here cannot be retrieved later.

5. On the screen Installation Settings, you can review and, if necessary, change several proposed installation settings. Each setting is shown alongside its current configuration. To change parts of the configuration, click the appropriate headline or other underlined items.

   

   Important: Firewall configuration

   The software firewall of SLES for SAP is enabled by default. However, often, the ports your SAP product requires to be open are not opened automatically. This means that there may be network issues until you open the required ports manually.

   For details, see Section 11.1, “Configuring firewalld”.

   

   Figure 3.6: Installation settings #

     

6. When you are satisfied with the system configuration, click Install.

   Depending on your software selection, you may need to agree to further license agreements before you are asked to confirm that you want to start the installation process.

   

   Warning: Deletion of data

   The installation process fully or partially overwrites existing data on the disk.

   In the installation confirmation box, click Install.

   When the installation of the operating system is finished, the system will reboot automatically:

   • If you chose to only prepare the system for installation, the system will boot to a desktop login screen.

   • If you chose to install an SAP application now, the installation will continue after a reboot. Continue with Chapter 4, Installing SAP applications.

1. Copy the content of the SUSE Linux Enterprise Server for SAP Applications installation media to a Web server (for example, example.com), to the directory /srv/www/htdocs/sap_repo.

2. Boot from an SLES installation medium.

3. Select one of the boot menu options using the keys ↓/↑. Then add to the command line. To do so, specify the parameters listed below:

   • To allow network usage, add ifcfg=*=dhcp (though this should be the default).

   • Add the parameter install=SERVER/DIRECTORY.

4. Follow the instructions in Section 3.1, “Using the installation workflow”.

1. Install the package migrate-sles-to-sles4sap.

2. Execute the following command:

   # Migrate_SLES_to_SLES-for-SAP.sh

3. When asked to confirm to continue the migration, press Y, then Enter.

4. When asked, type the e-mail address to use for registration, then press Enter.

5. When asked, type the registration key, then press Enter.

   Wait until the script is finished. Afterward, you are subscribed to the SUSE Linux Enterprise Server for SAP Applications software repositories and the package SLES-release is removed in favor of SLES_SAP-release.

1. When the system is booted, it displays the screen Welcome. Proceed with Next.

2. The screen Network Settings will now open. This gives you an opportunity to change the network settings.

   When you are finished configuring networking, proceed with Next.

   

   Important: Configure networking as recommended by SAP

   Make sure to configure the network connection according to the documentation of your SAP application.

   For information about configuring networking, see Administration Guide, Chapter “Basic Networking”, Section “Configuring a Network Connection with YaST” (https://documentation.suse.com/sles-15).

   (While the next screen loads, the Welcome screen may appear again for a few seconds.)

3. Choose one of the following options:

   Create SAP file systems and start SAP product installation

   Allows installing an SAP application and setting up the system as a server providing SAP installation routines to other systems.

   Continue with Section 4.3, “Using the SAP Installation Wizard”.

   Only create SAP HANA file systems, do not install SAP products now

   Create an SAP HANA file system on SAP BusinessOne-certified hardware.

   

   Important: Hardware requirements

   Make sure your machine fulfills the hardware requirements for SAP HANA detailed in Section 2.1, “Hardware requirements”. Otherwise, this option will not create a new file system and the installation workflow ends at this point.

   Finish wizard and proceed to OS login

   Do not install an SAP application and continue to the login screen of SUSE Linux Enterprise Server for SAP Applications.

   Proceed with Next.

1. In the screen SAP Installation Wizard, provide the Location of the SAP Installation Master (Figure 4.1, “Location of SAP installation master”). The location can either be a local, removable, or remote installation source.

   

   Figure 4.1: Location of SAP installation master #

     

   Select the appropriate option from the drop-down box. In the text box, specify the path to your source according to the format given in the following table.

   Table 4.1: Media source path #

     

   Option	Description	Format of Path
   Local Sources
   dir://	a local directory	/path/to/dir/
   Removable Sources
   device://	a locally connected hard disk	devicename/path/to/dir/on/device
   usb://	a USB mass storage device	/path/to/dir/on/USB
   cdrom://	a CD or DVD	//
   Remote Sources
   nfs://	an NFS share	server_name/path/to/dir/on/device
   smb://	an SMB share	[user_name:password@]server_name//path/to/dir/on/server[?workgroup=workgroup_name]

   

   Tip: Remote location specification

   To install from an NFS source, specify the name of the server and the complete path to the media data. For information about setting up a remote installation server, see Chapter 6, Setting up an installation server for SAP media sets.

   If you have installed an SAP application from an installation server before or set up your system to be an installation server, you can also directly choose that server as the provider of the Installation Master. To do so, use the drop-down box below Choose an installation master.

2. Under Advanced Options, choose from the following options:

   Collect installation profiles for SAP products but do not execute installation

   Use this option to set the installation parameters, but not perform the actual installation. With this option, the SAP Installer (SAPinst) will stop without performing the actual SAP product installation. However, the steps that follow fully apply.

   For more information, see Section 4.4, “Continuing an installation using an installation profile”.

   Serve all installation media (including master) to local network via NFS

   Set up this system as an installation server for other SUSE Linux Enterprise Server for SAP Applications systems. The media copied to this installation server will be offered through NFS and can be discovered via Service Location Protocol (SLP).

   Proceed with Next.

   The SAP Installation Wizard will now copy the Installation Master to your local disk. Depending on the type of Installation Master you selected, the installation will continue differently:

   • If you are installing an SAP HANA database, skip ahead to Step 8.

   • If you are installing an SAP NetWeaver application, continue with the next step.

3. On the screen SAP Installation Wizard, provide the location of additional Installation Media you want to install. This can include an SAP kernel, a database, and database exports.

   Copy a medium

   Specify a path to additional Installation Media. For more information about specifying the path, see Table 4.1, “Media source path”.

   Skip copying of medium

   Do not copy additional Installation Media. Choose this option if you do not need additional Installation Media or to install additional Installation Media directly from their source, for example CDs/DVDs or flash disks.

   When choosing this option despite your SAP product requiring additional Installation Media, you will later need to provide the SAP Installer (SAPinst) with the relevant paths.

   Proceed with Next.

   If you chose to copy Installation Media, the SAP Installation Wizard will copy the relevant files to your local hard disk.

   

   Figure 4.2: SAP Installation Wizard: additional Installation Media #

     

4. After copying the Installation Media, you will be asked whether you want to prepare additional Installation Media. To do so, click Yes. Then follow the instructions in Step 3.

   Otherwise, click No.

5. In the screen What Would You Like to Install, under The SAP product is, choose how you want to install the product:

   SAP standard system

   Install an SAP application including its database.

   SAP standalone engines

   Engines that add functionality to a standard product: SAP TREX, SAP Gateway, and Web Dispatcher.

   Distributed system

   An SAP application that is separated onto multiple servers.

   SAP high-availability system

   Installation of SAP NetWeaver in a high-availability setup.

   System rename

   Allows changing the various system properties such as the SAP system ID, database ID, instance number, or host name. This can be used to install the same product in a very similar configuration on different systems.

   

   Figure 4.3: SAP Installation Wizard: installation type and database #

     

6. If you selected SAP Standard System, Distributed System, or SAP High-Availability System, additionally choose a back-end database under Back-end Databases.

   Proceed with Next.

7. You will now see the screen Choose a Product. The products shown depend on the Media Set and Installation Master you received from SAP. From the list, select the product you want to install.

   Proceed with Next.

   

   Figure 4.4: SAP Installation Wizard: choose a product #

     

8. You will be asked whether to copy Supplementary Media or Third-Party Media. To do so, click Yes and then follow the instructions in Step 3.

   Otherwise, click No.

   

   Note: Difference between Supplementary Media/Third-Party Media and additional software repositories

   Both types of delivery mechanisms allow installing software that is neither part of the SUSE Linux Enterprise Server for SAP Applications media nor part of your Media Set from SAP. However, the delivery mechanism is different:

   • Supplementary Media/Third-Party Media is installed using an AutoYaST file which allows creating an installation wizard and custom installation scripts.

   • Additional software repositories are RPM package repositories that you will remain subscribed to. This means you receive updates for Third-Party Media along with your regular system updates.

   For information on creating Supplementary Media, see Appendix C, Supplementary Media.

9. On the screen Additional software repositories for your SAP installation, you can add further software repositories. For example, for add-ons that are packaged as RPM. To do so, click Add new software repositories. For more information about adding repositories, see Deployment Guide, Chapter “Installing and Removing Software”, Section “Adding Software Repositories” (https://documentation.suse.com/sles-15).

   Proceed with Next.

   

   Note: Location of copied SAP media

   At this point, all data required for the SAP installation has been copied to /data/SAP_CDs (unless you chose to skip the process of copying). Each Installation Medium is copied to a separate directory. You might find the following directory structure, for example:

   > ls /data/SAP_CDs
   742-KERNEL-SAP-Kernel-742
   742-UKERNEL-SAP-Unicode-Kernel-742
   RDBMS-MAX-DB-LINUX_X86_64
   SAP-NetWeaver-740-SR2-Installation-Export-CD-1-3
   SAP-NetWeaver-740-SR2-Installation-Export-CD-2-3
   SAP-NetWeaver-740-SR2-Installation-Export-CD-3-3

   /data/SAP_CDs is the default directory as specified in the /etc/sysconfig/sap-installation-wizard configuration file.

10. Depending on the product you are installing, one or more dialogs will prompt you to supply values for several configuration parameters for the SAP application you are installing.

    Supply the values as described in the documentation provided to you by SAP. Help for the configuration parameters is also available on the left side of the dialog. For more information, see Section 2.6, “Required data for installing”.

    Fill out the form (or forms), then proceed with OK.

    

    Figure 4.5: Product parameters #

      

    When you are done, the SAP Installation Wizard will download additional software packages.

11. You will be asked whether to continue the installation or prepare another SAP product for installation. If you choose to prepare another SAP product, start from the beginning of this procedure.

12. (Optional) When installing SAP HANA on a system that is not certified for SAP HANA and does not meet the minimum hardware requirements for SAP HANA TDI (Tailored Datacenter Integration), you will be asked whether to continue. If you receive this message unexpectedly, check Section 2.1, “Hardware requirements” and the sizing guidelines from SAP at https://service.sap.com/sizing (you need your SAP ID to access the information).

    Otherwise, continue with Yes.

13. The following steps differ depending on the type of SAP application you are installing:

    • When installing an SAP HANA database, SAP HANA will now be installed without further question.

    • When installing an SAP NetWeaver application, the actual installation will be performed using the SAP Installer (SAPinst). After a few seconds, SAP Installer will open automatically.

      Follow the SAP Installer as described in the documentation provided by SAP. Most configuration parameters are correctly filled already.

    

    Figure 4.6: SAP Installer: defining parameters #

      
    

    Tip: Installation log files

    If the installation of the SAP application fails, refer to the installation log files. They are located in /var/adm/autoinstall. Failed installations are recorded in files with names ending in .err.

    For more information about log files, see Chapter 15, Important log files.

14. The final screen is Installation Completed.

    To create an AutoYaST file for this installation, activate Clone This System for AutoYaST. The AutoYaST file will be placed in /root/autoinst.xml.

    Click Finish.

1. In /etc/sysconfig/sap-installation-wizard, set the following:

   SAP_AUTO_INSTALL="yes"

2. In the case of an SAP HANA/SAP BusinessOne installation, the SAP Installation Wizard will later use the parameters documented in the AutoYaST files in /data/SAP_INST/number.

   If you need to change any parameters, make sure to adapt the AutoYaST files at this point.

3. Open the YaST control center and start SAP Installation Wizard.

4. You will be asked whether to continue the pending installation. Select Install.

5. All further interactions happen within the SAP Installer. Follow the steps of SAP Installer as described in the documentation provided to you by SAP.

   • In the case of an SAP NetWeaver installation, all parameters of the SAP Installer will be offered again for fine-tuning.

   • In the case of an SAP HANA/SAP BusinessOne installation, the installer will not be offer to make any changes to parameters.

Ensure passwordless SSH access between the two nodes (primary and secondary) for root. Keep in mind, some cloud service providers might not have set up SSH access for the root by default.

1. Install the yast2-hana-update package on both nodes:

   # zypper install yast2-hana-update

   After the installation, you can find the module SUSE HANA Cluster Update in the YaST Control Center.

2. On the secondary node, start the YaST Control Center and open the SUSE HANA Cluster Update module.

3. In the YaST module, review the prerequisites. Make sure to fulfill all of them before continuing with the next step. Keep in mind that the wizard supports only the HANA Scale-up Performance Optimized scenario.

4. To upgrade the SAP HANA system, select the secondary node.

5. Select the location of the installation medium.

   Point to the location where the SAP medium is located. If wanted, check Mount an update medium on all hosts and provide the NFS share and path.

   

   Important: Differences between SAP HANA version 1.0 and 2.0

   If you are upgrading from SAP HANA version 1.0 to version 2.0, make sure to check This is a HANA 1.0 to HANA 2.0 upgrade.

   The YaST module will copy the PKI SSFS keys from the former secondary node to the former primary node. More information is available through the Help button.

1. Review the update plan generated by the wizard.

   The wizard shows you two steps: automatic and manual. In this automatic step, the wizard puts cluster resources into maintenance mode before it starts with the automatic steps. The manual steps are SAP HANA specific and need to be executed by a SAP HANA administrator. For more information, see the official SAP HANA documentation.

2. Update the SAP HANA software.

   The wizard executes the automatic actions and waits until the SAP HANA administrator performs the SAP HANA upgrade.

3. Perform the SAP HANA upgrade.

4. Review the plan for the primary (remote) node.

   After the SAP HANA upgrade is done, the wizard shows the update plan. When you continue with this step, the wizard turns the primary node into a secondary node to make it ready for the upgrade.

   Keep in mind that this step can take some time.

1. Update the former primary node.

   Pay special attention to the --hdbupd_server_nostart option in this step.

2. Restore the previous state of the cluster.

   By default, the wizard registers the former master as now being secondary on the SAP HANA system replication. If you wish to revert the system replication to its original state, click the Reverse button.

3. Review the update summary.

   You can review the original and current SAP HANA versions and the cluster state.

   

   Note: Dealing with intermediate cluster state

   If the wizard is faster than the status update of the cluster resources, the summary shows an intermediate cluster state. The cluster state is UNDEFINED or DEMOTED.

   To overcome this, check the cluster status again with the command SAPHanaSR-showAttr and make sure the former secondary node is now in the state PROMOTED.

The following procedure needs to be executed on the primary node (also called the “master”). Before proceeding, make sure the prerequisites listed in Section 7.1, “Prerequisites” are fulfilled.

1. Open the YaST control center. In it, click HA Setup for SAP Products in the category High Availability.

2. If an SAP HANA instance has been detected, you can choose between the scale-up scenarios Performance-optimized, Cost-optimized, or Chained (multi-tier). For information about these scale-up scenarios, see Section 1.1.3, “Simplified SAP HANA system replication setup”.

   Continue with Next.

   

3. This step of the wizard presents a list of prerequisites for the chosen scale-up scenario. These prerequisites are the same as those presented in Section 7.1, “Prerequisites”.

   Continue with Next.

4. The next step lets you configure the communication layer of your cluster.

   • Provide a name for the cluster.

   • The default transport mode Unicast is usually appropriate.

   • Under Number of rings, a single communication ring usually suffices.

     For redundancy, it is often better to use network interface bonding instead of multiple communication rings. For more information, see Administration Guide, Part “Configuration and Administration”, Chapter “Network Device Bonding” at https://documentation.suse.com/sles-15.

   • From the list of communication rings, configure each enabled ring. To do so, click Edit selected, then select a network mask (IP address) and a port (Port number) to communicate over.

     Finish with OK.

   • Additionally, decide whether to enable the configuration synchronization service Csync2 and Corosync secure authentication using HMAC/SHA1.

     For more information about Csync2, see Administration Guide Part “Installation, Setup and Upgrade”, Chapter “Using the YaST Cluster Module”, Section “Transferring the Configuration to All Nodes” at https://documentation.suse.com/sles-15.

     For more information about Corosync secure authentication, see Administration Guide, Part “Installation, Setup and Upgrade”, Chapter “Using the YaST Cluster Module”, Section “Defining Authentication Settings” at https://documentation.suse.com/sles-15.

   Proceed with Next.

   

5. The wizard will now check whether it can connect to the secondary machine using SSH. If it can, it will ask for the root password to the machine.

   Enter the root password.

   The next time the primary machine needs to connect to the secondary machine, it will connect using an SSH certificate instead of a password.

6. For both machines, set up the host names and IP address (for each ring).

   Host names chosen here are independent from the virtual host names chosen in SAP HANA. However, to avoid issues with SAP HANA, host names must not include hyphen characters (-).

   If this has not already been done before, such as during the initial installation of SAP HANA, host names of all cluster servers must now be added to the file /etc/hosts. For this purpose, activate Append to /etc/hosts.

   Proceed with Next.

7. If NTP is not yet set up, do so. This avoids the two machines from running into issues because of time differences.

   1. Click Reconfigure.

   2. On the tab General Settings, activate Now and on Boot.

   3. Add a time server by clicking Add. Click Server and Next. Then specify the IP address of a time server outside of the cluster. Test the connection to the server by clicking Test.

      To use a public time server, click Select › Public server and select a time server. Finish with OK.

      Proceed with OK.

   4. On the tab Security Settings, activate Open Port in Firewall.

   5. Proceed with Next.

8. In the next step, choose fencing options. The YaST wizard only supports the fencing mechanism SBD (STONITH block device). To avoid split-brain situations, SBD uses a disk device which stores cluster state.

   The chosen disk must be available from all machines in the cluster under the same path. Ideally, use either by-uuid or by-path for identification.

   The disk must not use host-based RAID, cLVM2 or reside on a DRBD instance. The device can have a small size, for example, 100 MB.

   

   Warning: Data on device will be lost

   All data on the chosen SBD device or devices will be deleted.

   To define a device to use, click Add, then choose an identification method such as by-uuid and select the appropriate device. Click OK.

   To define additional SBD command-line parameters, add them to SBD options.

   If your machines reboot particularly fast, activate Delay SBD start.

   For more information about fencing, see the Administration Guide at https://documentation.suse.com/sles-15.

   Proceed with Next.

9. The following page allows configuring watchdogs which protect against the failure of the SBD daemon itself and force a reboot of the machine in such a case.

   It also lists watchdogs already configured using YaST and watchdogs that are currently loaded (as detected by lsmod).

   To configure a watchdog, use Add. Then choose the correct watchdog for your hardware and leave the dialog with OK.

   For testing, you can use the watchdog softdog. However, we highly recommend using a hardware watchdog in production environments instead of softdog. For more information about selecting watchdogs, see Administration Guide, Part “Storage and Data Replication”, Chapter “Storage Protection”, Section “Conceptual Overview”, Section “Setting Up Storage-based Protection”, Section “Setting up the Watchdog” at https://documentation.suse.com/sles-15.

   Proceed with Next.

10. Set up the parameters for your SAP HANA installation or installations. If you have selected the cost-optimized scenario, additionally fill out details related to the non-production SAP HANA instance.

    Production SAP HANA instance

    • Make sure that the System ID and Instance number match those of your SAP HANA configuration.

    • Replication mode and Operation mode usually do not need to be changed.

      For more information about these parameters, see the HANA Administration Guide provided to you by SAP.

    • Under Virtual IP address, specify a virtual IP address for the primary SAP HANA instance. Under Virtual IP Mask, set the length of the subnetwork mask in CIDR format to be applied to the Virtual IP address.

    • Prefer site takeover defines whether the secondary instance should take over the job of the primary instance automatically (true). Alternatively, the cluster will restart SAP HANA on the primary machine.

    • Automatic registration determines whether primary and secondary machine should switch roles after a takeover.

    • Specify the site names for the production SAP HANA instance on the two nodes in Site name 1 and Site name 2.

    • Having a backup of the database is a precondition for setting up SAP HANA replication.

      If you have not previously created a backup, activate Create initial backup. Under Backup settings, configure the File name and the Secure store key for the backup. The key in the SAP HANA Secure User Store on the primary node must have been created before starting the wizard.

      For more information, see the documentation provided to you by SAP.

    • Cost-optimized scenario only: Within Production system constraints, configure how the production instance of SAP HANA should behave while inactive on the secondary node.

      Setting the Global allocation limit allows directly limiting memory usage. Activating Preload column tables will increase memory usage.

      For information about the necessary global allocation limit, see documentation provided to you by SAP such as How to Perform System Replication for SAP HANA at https://archive.sap.com/documents/docs/DOC-47702.

    Cost-optimized scenario only: non-production SAP HANA instance

    • Make sure that the System ID and Instance number match those of your non-production SAP HANA instance.

      These parameters are needed to allow monitoring the status of the non-production SAP HANA instance using the SAPInstance resource agent.

    • Generate a hook script for stopping the non-production instance and starting the production instance and removing the constraints on the production system. The script is written in Python 2 and can be modified as necessary later.

      Click Hook script and then set up the correct user name and password for the database. Then click OK.

      You can now manually verify and change the details of the generated hook script. When you are done, click OK to save the hook script at /hana/shared/SID/srHook.

      

      Warning: Passwords stored in plain text

      By default, the hook script stores all credentials in plain text. To improve security, modify the script yourself.

    Proceed with Next.

    

    Figure 7.1: SAP HANA options (cost-optimized scenario) #

      

11. On the page High-Availability Configuration Overview, check that the setup is correct.

    To change any of the configuration details, return to the appropriate wizard page by clicking one of the underlined headlines.

    Proceed with Install.

12. When asked whether to install additional software, confirm with Install.

13. After the setup is done, there is a screen showing a log of the cluster setup.

    To close the dialog, click Finish.

14. Multi-tier/chain scenario only: Using the administrative user account for the production SAP HANA instance, register the out-of-cluster node for system replication:

    SIDadm > hdbnsutil -sr_register --remoteHost=SECONDARY_HOST_NAME \
    --remoteInstance=INSTANCE_NUMBER --replicationMode=async \
    --name=SITE_NAME

1. On the production machines with SAP HANA installed, create a configuration file by running the sap_ha YaST module.

2. On the last screen, click the Save configuration button.

3. Decide what you want to do:

   • To review the configuration, upload and validate the configuration on the primary SAP HANA machine and run:

     # yast2 sap_ha readconfig CONFIGURATION_FILE_PATH

     It is possible to start the installation on the review screen.

   • To start the installation based on the provided configuration file unattended, run:

     # yast2 sap_ha readconfig CONFIGURATION_FILE_PATH unattended

4. Import, validate, and install the cluster unattended, based on the provided configuration file:

   # yast2 sap_ha readconfig CONFIGURATION_FILE_PATH unattended

1. To tune a system, first find a tuning solution. To find the appropriate solution, use:

   > saptune solution list

   saptune recognizes the following tuning solutions (groups of SAP Notes):

   • BOBJ.  Solution for running SAP BusinessObjects.

   • HANA.  Solution for running an SAP HANA database.

   • MAXDB.  Solution for running an SAP MaxDB database.

   • NETWEAVER.  Solution for running SAP NetWeaver application servers.

   • S4HANA-APPSERVER.  Solution for running SAP S/4HANA application servers.

   • S4HANA-APP+DB.  Solution for running both SAP S/4HANA application servers and SAP HANA on the same host.

   • S4HANA-DBSERVER.  Solution for running the SAP HANA database of an SAP S/4HANA installation.

   • SAP-ASE.  Solution for running an SAP Adaptive Server Enterprise database.

   • NETWEAVER+HANA.  Solution for running both SAP application servers and SAP HANA on the same host.

   • NETWEAVER+MAXDB.  Solution for running both SAP application servers and MAXDB on the same host.

   Alternatively, you can tune the computer according to recommendations from specific SAP Notes. A list of notes that you can tune for is available via:

   # saptune note list

2. • To set up saptune with a preconfigured solution, use:

     # saptune solution apply SOLUTION

   • To set up saptune for the recommendations of a specific SAP Note, use:

     # saptune note apply NOTE

3. To start saptune and enable it at boot, make sure to run the following command:

   # saptune service enablestart

   To make sure that sapconf and tuned gets stopped and disabled too, run instead:

   # saptune service takeover

1. Stop the SAP system completely. The sapinit.service has to be stopped, but can stay enabled. All SAP processes have to be terminated.

2. Remove any changes made to SAP.slice, such as setting MemoryLow:

   # systemctl revert SAP.slice

3. (Optional) Remove the package sapwmp:

   # zypper remove sapwmp

   This step is optional. The package can stay on the system without having an influence.

4. (Optional) Remove systemd.unified_cgroup_hierarchy=true from GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub.

   This step is optional. You can keep cgroup2 without using WMP.

5. Rewrite the GRUB2 configuration:

   # grub2-mkconfig -o /boot/grub2/grub.cfg

   After the next boot, the system is switched back to the hybrid cgroup hierarchy.

6. Remove the line to call sapwmp-capture from each SAP instance profile (usually located in /usr/sap/SID/SYS/profile/):

   Execute_20 = local /usr/lib/sapwmp/sapwmp-capture -a

   

   Important: Backup is necessary

   Before editing an instance profile, create a backup! Errors in a profile can prevent an SAP system from starting!

   

   Important: About editing profiles directly

   Edit the instance profiles directly only if you have not imported the profiles into the database to manage them via the SAP GUI (transaction RZ11). If you have imported them, use the SAP GUI to add the lines. Profile files located in the file system are overwritten, and any manual changes will be lost!

7. Reboot the system and verify that your SAP system has been started successfully.

1. Make sure the SAP HANA databases for which you want to configure the firewall are correctly installed.

2. To open the appropriate YaST module, select Applications › YaST, Security and Users › SAP HANA Firewall.

3. Under Global Options, activate Enable Firewall. Additionally, decide whether to Allow Remote Shell Access (SSH).

4. Choose a network interface under Allowed Services on Network Interface.

5. Allow network services by selecting them in the list box on the left and clicking →. Remove services by selecting them in the list box on the right and clicking ←.

   To add services other than the preconfigured ones, use the following notation:

   SERVICE_NAME:CIDR_NOTATION

   For more information about the CIDR notation, see https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing. To find out which services are available on your system, use getent services.

   

6. Repeat from Step 4 for all network interfaces.

7. When you are done, click OK.

   The firewall rules from HANA-Firewall will now be compiled and applied. Then, the service hana-firewall will be restarted.

8. Finally, check whether HANA-Firewall was enabled correctly:

   # hana-firewall status
   HANA firewall is active. Everything is OK.

1. On the application host, install the packages for ClamAV and ClamSAP. To do so, use the command:

   > sudo zypper install clamav clamsap

2. Before you can enable the daemon clamd, initialize the malware database:

   > sudo freshclam

3. Start the service clamd:

   > sudo systemctl start clamd

4. Check the status of the service clamd with:

   > systemctl status clamd
   ● clamd.service - ClamAV Antivirus Daemon
   Loaded: loaded (/usr/lib/systemd/system/clamd.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2017-04-11 10:33:03 UTC; 24h ago
   [...]

1. Log in to the SAP NetWeaver installation through the GUI. Do not log in as a DDIC or SAP* user, because the virus scanner needs to be configured cross-client.

2. Create a Virus Scanner Group using the transaction VSCANGROUP.

   

3. To switch from view mode to change mode, click the button Change View ().

   Confirm the message This table is cross-client by clicking the check mark. The table is now editable.

4. Select the first empty row. In the text box Scanner Group, specify CLAMSAPVSI. Under Group Text, specify CLAMSAP.

   Make sure that Business Add-in is not checked.

   

5. To save the form, click the button Save ().

1. In the SAP NetWeaver GUI, call the transaction VSCAN.

2. To switch from view mode to change mode, click the button Change View ().

   Confirm the message This table is cross-client by clicking the check mark. The table is now editable.

3. Click New entries.

4. Fill in the form accordingly:

   • Provider Type: Adapter (Virus Scan Adapter)

   • Provider Name: VSA_HOSTNAME (for example: VSA_SAPSERVER)

   • Scanner Group: The name of the scanner group that you set up in Section 12.2, “Creating a virus scanner group in SAP NetWeaver” (for example: CLAMSAPVSI)

   • Server: HOSTNAME_SID_INSTANCE_NUMBER (for example: SAPSERVER_P04_00)

   • Adapter Path: libclamdsap.so

   

5. To save the form, click the button .

1. Log in to the SAP NetWeaver installation through the GUI. Do not log in as a DDIC or SAP* user, because the virus scanner needs to be configured cross-client.

2. Select the CLAMSAPVSI group.

3. In the left navigation pane, click Configuration Parameters.

4. To switch from view mode to change mode, click the button Change View ().

   Confirm the message This table is cross-client by clicking the check mark. The table is now editable.

   

   Figure 12.1: #

     

5. Click New Entries and select INITDRIVERDIRECTORY.

   

   Figure 12.2: #

     

6. Enter the path to a different virus scanner location.

7. To save the form, click the button Save ().

1. Build the root file system:

   # kiwi -p SLES4SAP --root fsroot

2. Build the VMX image:

   # kiwi --create fsroot --type vmx -d build