This is our first blog and in future we anticipate a long series of thematic blogs which covers different approaches used in automating SAP products on IBM Cloud™. This will help you to understand the architecture, design, and concepts of different methods of adopted automation as part of Infrastructure as a Service (IaaS) and Software as a service (SaaS). Also, the approaches and innovation that IBM brings to the entire SAP business along with technical and conceptual overview of SAP as a cloud service.
Basically, the purpose of this blog is to walk through our SAP automation model built with Ansible and Terraform for IBM Cloud Virtual Private Cloud (IBM Cloud VPC) and learn more about the benefits and functionality IBM platform offers to its potential customers.
Ansible : With Ansible model, manual SAP implementation or operational tasks that used to take days can be done in hours or even in minutes.
Terraform : With Hashicorp’s Terraform model, the infrastructure is provisioned and managed using Terraform code and software development techniques. This is one of the most popular infrastructures as code tools in the cloud business. Some of the techniques such as version control and continuous integration where the developers can interact programmatically with the infrastructure to provision, configure cloud resources, services, and compute instead of setting up manually and by saving days, weeks resources, and additional costs.
Implementing infrastructure for SAP is a long and difficult process that usually consumes time, resources, and money of both IBM and customer. Within the logically isolated, software-defined network of IBM Cloud VPC, customers can now choose various certified to run SAP workloads with your choice of SAP-specific operating systems varying from Linux, AIX to Windows servers.
Let’s take a brief tour of the important dates of IBM adoption on VPC platform with the enhancements and benefits along with SAP's journey to the cloud, then later we will learn how IBM helps you to drastically reduce all these business-critical elements.
First SAP adoption to the cloud
In 2012, SAP promoted aspects of cloud computing. In October 2012, SAP announced a platform as a service offering called the SAP Cloud Platform. In May 2013, a managed private cloud offering called the S/4HANA Enterprise Cloud service was announced.
IBM's first experiment in virtualization occurred in the 1960 with the development of the virtual machine on CP-40 and CP-67 operating systems. CP-67, a hypervisor used for software testing and development, enabled memory sharing across VMs while giving each user their own virtual memory space. On February 1990, IBM released 6000 rupees (which later became known as IBM Power Systems) based servers. The servers, in combination with the IBM mainframe, were built for complex and mission-critical virtualization. Power system servers include PowerVM hypervisors with live partition mobility and active memory sharing. But the modern era of IBM Cloud computing services started in 2007 when IBM announced the planned to build clouds for enterprise clients and provide services to fill the gaps in existing cloud environments. IBM claimed in April 2011, that 80% of Fortune 500 companies were using IBM Cloud and the software and services were used by more than 20 million end-user customers, with clients including American Airlines, Aviva, Carfax, Frito-Lay, IndiaFirst Life Insurance Company, and 7-Eleven.
On 4 June 2013, IBM announced the acquisition of SoftLayer to form an IBM Cloud Services Division.
IBM Cloud launched IBM Cloud VPC on 4 June 2019, provides an ability to manage virtual machine-based compute, storage, and networking resources. Pricing for IBM Cloud VPC is applied separately for internet data transfer, virtual server instances, and block storage used within IBM Cloud VPC.
IBM Cloud as SAP optimized platform
IBM Cloud helps you build a secure space in the public cloud with high production workloads on faster networking performance and deploy globally across multizone regions. IBM Cloud Virtual Server for VPC lets you provision virtual servers across an infrastructure with security of a private cloud and the agility of a public cloud. Your workloads and applications are logically isolated from other networks, and you can quickly provision resources with maximum scale and flexibility. IBM owns a wide variety of cloud infrastructure platforms.
SAP-certified IaaS options for IBM Cloud:
IBM Cloud® Bare Metal Servers
IBM Cloud Virtual Server for VPC
IBM® Power® infrastructure
IBM Power Systems Virtual Server
VMware SDDC infrastructure
IBM Cloud for VMware Solutions
In this article, we will focus on how IBM Cloud VPC is ready for SAP applications with its dedicated cloud services and functionalities, and how IBM is bringing this all together in the new era of IaaS and SaaS automation.
Agility, security, improved performance, availability, scalability, manageability, and cost reduction are some of the essential keywords when thinking about VPC as a cloud service offering. Like any other cloud service provider, IBM Cloud VPC promotes a secure and isolated virtual network that combines the security of a private cloud with the availability and scalability of the IBM public cloud. In this article, we will only review the IBM Cloud VPC infrastructure for SAP.
SAP Products architecture on IBM VPC cloud with automation
After VPC is set up, virtual server instances can be created in the VPC by using the IBM Cloud console command-line interface (CLI) with Infrastructure-as-code (IaC) tools like IBM Cloud Schematics by using Terraform. Alternatively, IBM Cloud VPC SAP automation model uses an "easy-to-use" deployment method where Terraform (Schematics) code is integrated with SAP ansible playbooks within the same code. The result of this is a better customer interaction (UI deployment model) with a simplified and interactive single code where all infrastructure and SAP solution phases are reduced to a single one.
Virtual Private Cloud (VPC) from IBM Cloud contains one of the most secure and reliable cloud environments for SAP applications within your own VPC with its included Virtual Server Instance (VSI) represents an Infrastructure as a Service (IaaS) within IBM Cloud that offer all the benefits of isolated, secure, and flexible virtual cloud infrastructure from IBM. As a comparison with the IBM Cloud Virtual Server for Classic infrastructure offering where virtual instances use native and VLAN networking to communicate with each other within a data center but restricted in one pod working well using Subnet and VLAN networking having as a gap scale up of virtual resources should rely between the pods. What’s new with IBM Cloud VPC is a network orchestrator layer concept that eliminates the pod boundaries and restrictions, so this new concept handles all the networking for every virtual instance running within VPC across regions and zones.
Region in IBM Cloud VPC is a specific geographical location where you can deploy applications, services, and other IBM Cloud® resources. Regions consist of one or more zones, which are physical data centers that house the compute, network, and storage resources, with related cooling and power for host services and applications. Zones are isolated from each other, which ensures that no shared single point of failure within a region occurs.
Regions or Multizone regions (MZRs) are composed of three or more zones that are independent from each other to ensure that single failure events affect only a single zone. MZRs provide low latency (< 2-milliseconds latency) and high bandwidth (> 1000 Gbps) connectivity across zones.
The advantage of an MZR is to provide consistent cloud services across different zones, better resiliency, availability, higher interconnect speed between data centers for your resources. These features can be critical to your applications. Deploying an application in MZR rather than a different deployment location (data centers, either physical or logical) is to increase the availability from 99.9% to 99.99% when deployed over three zones.
IBM offers two types of multizone regions. The underlying infrastructure in both types provides the same SLA.
MZR offers the highest level of redundancy and availability by using three separate sites within a region.
Zones - A zone is an abstraction that refers to the physical data center that hosts the compute, network, and storage resources, as well as the related cooling and power, which provides services and applications. Zones are isolated from each other to create no shared single point of failure, improved fault tolerance, and reduced latency. Each zone is assigned a default address prefix, which specifies the address range in which subnets can be created. If the default address scheme does not suit your requirements, such as if you want to bring your own public IPv4 address range, you can customize the address prefixes.
Characteristics of subnets in the VPC:
• Each subnet consists of a specified IP address range (CIDR block).
• Subnets are bound to a single zone, and cannot span multiple zones or regions.
• Subnets in the same VPC are connected to each other.
You can keep IBM Cloud Virtual Private Cloud and workloads secure by controlling network traffic using security groups, network Access Control Lists (ACLs), or by using both types of control.
When creating subnets within a VPC, there is a choice to Bring Your Own IP (BYOIP) address, or IBM can suggest a subnet.
Determining your own address range means effectively extending any on-premises address standards into the cloud, making it simpler to connect on-premises networks to VPC networks.
Security Groups and ACLs provide ways to control the traffic across the subnets and instances in your IBM Cloud VPC, using rules that you specify. The way they were designed for SAP products on IBM Cloud VPC was to assure communication to only dedicated SAP and DB used port and IP’s and restrict public communication.
Security Groups and ACLs add security to your subnets and instances:
• Traffic to and from a subnet can be controlled by ACLs.
• Security Groups can control the traffic at the virtual server instance level.
• Allows you to set up a public gateway for subnet access to the internet, guarded by ACLs.
• Allows you to implement a Floating IP for virtual server instance access to the internet, guarded by Security Groups.
IBM Cloud Virtual Private Cloud network overview demonstrates the connectivity for the environment. Issues with network connectivity can cause delays for your project if you do not plan properly, regardless on how you plan to use your SAP system.
In general, IBM Cloud VPC is highly available, high-bandwidth network that is connected to every physical server, which serves the hypervisor. Each physical server (host) has a hypervisor that divides the network into Virtual Network Interface Cards (vNICs) that are attached to the virtual server.
Depending on the profile of your virtual server, the total available network bandwidth to the virtual server is in the range of 4 Gbps to 64 Gbps.It's important to consider that each vNIC has a maximum throughput of 16 Gbps, so to achieve maximum throughput, up to 4 additional vNICs must be attached to the virtual server (that is, a virtual server might have a maximum of 5 vNICs attached).
If you want to connect to your virtual server through the public internet (in other words, inbound to a virtual server), you can order a Floating IP (see diagram above) and attach to the virtual server's vNIC (i.e. One Floating IP per virtual server).
If you want to connect to the public internet from your virtual server (in other words, outbound from a virtual server), you need to attach a Public Gateway to the VPC. This gateway provides access to the internet for an entire subnet.
The following interconnectivity options available:
• VPC zone to zone
• VPC region to region
• VPC to VPC
• VPC to Classic Infrastructure
• VPC to IBM Power Systems Infrastructure
• VPC to on-premises data centers by using a VPC VPN Gateway
IBM Cloud offers wide continuously extending portfolio of SAP-certified infrastructure, ranging from the only SAP-certified VMware solution in the cloud, bare metal servers, virtual servers and (VPC) servers to Intel Xeon SP architecture and IBM Power Virtual Servers.
IBM is targeting to provide our enterprise customers with a wide range of offerings for different SAP workload scenarios, with a multitude of automated SAP workloads that will help solve today’s business challenges and accelerating their journey to hybrid cloud for the future.
In addition to all the cloud services and functionality outlined above, IBM aims to provide customers with a scalable variety of Secured Landing Zone (SLZ) infrastructure for SAP business, you can have every SAP product and database version to run on the IBM Cloud VPC via automatic deployment. In the series of upcoming blogs, we will explore different SAP products running on various database platforms, introducing you to IBM's automation offering and different deployment methods.
Reference links :