SAP and Microsoft are continuously adding new features and functionalities to the SAP on SQL Server platform. The key objective of the SAP on Windows SQL port is to deliver the best performance and availability at the lowest TCO and simplest operation. This blog includes updates, fixes, enhancements and best practice recommendations collated over recent months.
1. New Case Studies on SAP on SQL Server
Malaysia Airlines migrated their entire datacenter from on-premises to Azure. More than 100 applications were moved to Azure including a large SAP landscape. The project was executed by Tata Consulting Services. TCS SAP team demonstrated an outstanding skillset and capability during the entire project. SAP applications were migrated from DB2 to SQL Server 2016 with datafiles running on blob storage. Local High Availability is achieved by using AlwaysOn. SQL Server AlwaysOn is also used to replicate the databases to Hong Kong. A full case study can be found:
Several other customers based in Malaysia in the Agricultural industry and shipping industry have also moved their SAP landscapes to Azure as well.
A useful blog discussing a large Australian Energy customer can be found here
2. Security Recommendations for Windows Servers
It is recommended to implement a few simple security settings on Windows servers. This will greatly increase the security of a SAP landscape running on Windows servers. An additional benefit is that it may not be required to implement Windows patches as frequently.
Recommendation #1: Disable SMB 1.0
SAP Note 2476242 – Disable windows SMBv1 describes how to disable legacy networking. SMB 1.0 is a protocol required for Windows NT 4.0 and should be disabled in all cases for SAP systems. There is no valid reason why SMB 1.0 should be running on any SAP server.
More information can be found here
Recommendation #2: Remove Internet Explorer
Open a command prompt with Administrative rights are run this command
dism /online /Disable-Feature /FeatureName:Internet-Explorer-Optional-amd64
On previous versions of Windows Server Windows Update may try to update earlier versions of IE to IE 11. This utility can prevent Windows Update from updating browser versions. Updating the browser is likely to require a restart of the operating system and should be avoided https://www.microsoft.com/en-us/download/details.aspx?id=40722
Additional useful information for Security & Networking can be found in these SAP OSS Notes
Detailed SAP on Windows Security Whitepaper
3. Uninstall Internet Explorer from Windows Servers? – What about the new SAPInst?
SWPM 1.0 SP20 now has a Fiori based interface that is run from a Web Browser. It is a specific recommendation to remove Internet Explorer, third party browsers and any unnecessary software from all SAP servers including non-production servers. Fortunately there are several ways to run the new SWPM on a server where no browser is installed.
This SAP blog discusses several options
Option #1: Run SAPInst with the following command line option to load the previous gui
Option #2: Connect to SAPinst remotely from a Management Server with a browser
Run sapinst -nogui
Ensure the Windows Firewall has port 4237 open
From a dedicated Management Server open a browser and connect to https://<sap_server_hostname or_IP>:4237/JfIVyDkxlsXSBFYi/docs/index.html
(Note: the exact URL can be found in the logs of the SAPInst program starter)
The username and password are the OS level user and password on the server where SAPInst was started (eg. DOMAIN\sapadmin)
Hint: If there are problems running SWPM add the SAP Server hostname and/or IP to the Trusted Sites
5. SQL Server 2017 for SAP NetWeaver Systems
Microsoft has released SQL Server 2017. SQL Server 2017 has many new features
In general the required SAP Support Packs for SQL Server 2017 are the same as SQL Server 2016. Details can be found in 2492596 – Release planning for Microsoft SQL Server 2017
SAP and Microsoft plan to complete testing and make SQL Server 2017 generally available in January 2018 or shortly after
5. Power Options – Set for Maximum Performance
It is recommended to set SQL Server and SAP application server Power Plan to Maximum Performance.
It is important to set the power settings to maximum performance at all layers of an infrastructure, for example the server BIOS, Hypervisor and Windows Operating system.
6. Business Suite 7 Maintenance, SAP NetWeaver Java Systems, Windows & SQL – End of Life & JDBC Drivers
SAP has documented the end of life of SAP Business Suite in SAP Note 1648480 – Maintenance for SAP Business Suite 7 Software. The note states that the current generation of SAP applications running on “AnyDB” installed in over 200,000 customers worldwide will be out of support after 31st December 2025.
Many SAP customers have decided to migrate their SAP applications to Windows 2016, SQL Server 2016/2017 and upgraded to SAP versions that remain in support until 31st December 2025. Some of these customers plan to implement S4/HANA and wish to upgrade to a supported platform “stack” in the meantime. SAP NetWeaver 7.5 components, Windows 2016 and SQL 2016/2017 will remain in support until 2025. This means a customer can move to Windows 2016 and SQL Server 2016/2017 on Azure and never need to upgrade the OS, Database or Hardware until the end of life of the application.
Windows Server 2016 is in mainstream support until 11th January 2022 and extended maintenance until 11th January 2027 as documented here on the Microsoft Product Lifecycle tool
SQL Server 2016 final service pack (currently only SP1 is released) will remain in support until 2026. It is possible another SQL 2016 Service Pack will be released that might further extend the support lifetime of SQL Server 2016. SQL Server 2017 is in support until October 2027
The Azure platform will automatically upgrade hardware, networking and storage transparently over time.
Moving the current SAP applications to a stack that is fully supported until the end of life of the applications has allowed many customers to focus resources into planning for S/4HANA implementation projects.
Java systems for 7.5x will be in maintenance until 31st December 2024
Java 7.0 EHP0, EHP1, EHP2 and EHP3 are out of support as of 31st December 2017 (support for Java 4.1 is terminated)
7. SAP ASCS File Share vs. ASCS Shared Disk
SAP has released documentation and a new Windows Cluster DLL that enables the SAP ASCS to leverage a SMB UNC source as opposed to a Cluster Shared Disk.
The solution has been tested and documented by SAP for usage in non-productive systems and can be used in Azure Cloud. This feature is for SAP NetWeaver components 7.40 and higher.
This feature is now fully Generally Available to all customers (both on-premises and on Azure) and is documented here
File Server with SOFS and S2D as an Alternative to Cluster Shared Disk for Clustering of an SAP (A)SCS Instance in Azure is Generally Available
8. ReFS, Cluster, Continuous Access File Share and Windows Update Patches
SAP fully supports 1869038 – SAP support for ReFs filesystem
Some Antivirus software or other software that intercepts the Windows IO subsystem require this patch
It is therefore required to apply this patch on all Windows 2016 systems running ReFS
Older versions of the SWPM prerequisite checker will still warn that it is required to Disable the Windows Continuous Availability feature.
SAP now fully support Continuous Availability as documented in Note 2287140 – Support of Failover Cluster Continuous Availability feature (CA)
It is generally recommended to always use the latest SWPM available from here
Recent releases of SWPM should not request to disable this feature.
It is generally recommended to apply these updates to Windows 2012 R2 upgrades to cluster systems
Windows Server 2016 Long Term Servicing Branch is the support release for SAP applications. Do not use the Semi-Annual Channel
9. Adding Secondary IP Address onto Cluster Core Resource & Read Only Cluster Admins
Customers installing Windows Geoclusters on-premises and on Azure will need to a second IP address to the Cluster Core Resource
This is because the Primary and DR cluster nodes are typically on different subnets. To add a second cluster core resource IP address follow this guide here
The key point in the blog is this PS command:
PS > Add-ClusterResource –Name NewIP –ResourceType “IP Address” –Group “Cluster Group”
Some outsourced or managed service customers sometimes want to delegate readonly access
Grant-ClusterAccess -User DOMAIN.com\<non-admin-user> -ReadOnly
To block cluster access to specific users (even if admins) run Block-ClusterAccess https://docs.microsoft.com/en-us/powershell/module/failoverclusters/block-clusteraccess?view=win10-ps
10. SQL Server: Important Patch Level for SQL 2016
Customers running SQL Server 2016 are strongly recommended to upgrade to at least SQL Server 2016 SP1 CU6.
There are multiple features that are improved and several bugs resolved. Customers using TDE, Backup Compression, Datafiles direct on Azure blobstorage or any combination of these should upgrade to the latest available CU, but at least SP1 CU6.
The latest CU and SP is always available here
SQL Server 2017 customers will receive the same corrections in SQL Server 2017 CU3
Miscellaneous Topics & Interesting SAP OSS Notes
Setting up SAP applications using virtual hostnames 1564275 – Install SAP Systems Using Virtual Host Names on Windows
Updating SAP cluster resource DLL is explained here in SAP Note 1596496 – How to update SAP Resource Type DLLs for Cluster Resource Monitor
A useful note on memory analysis 2488097 – FAQ: Memory usage for the ABAP Server on Windows
AlwaysOn alerting and monitoring is discussed here
Azure Support plans for SAP on Azure customers are https://azure.microsoft.com/en-us/support/plans/
A new format option is available for NTFS that will alleviate sparse file errors during Check DB on very large databases. The syntax for Large FRS Format <Drive:> /FS:NTFS /L (-UseLargeFRS) https://blogs.technet.microsoft.com/askcore/2015/03/12/the-four-stages-of-ntfs-file-growth-part-2/
Content from third party websites, SAP and other sources reproduced in accordance with Fair Use criticism, comment, news reporting, teaching, scholarship, and research