SAP on SQL Server: General Update – January 2018

SAP and Microsoft are continuously adding new features and functionalities to the SAP on SQL Server platform. The key objective of the SAP on Windows SQL port is to deliver the best performance and availability at the lowest TCO and simplest operation. This blog includes updates, fixes, enhancements and best practice recommendations collated over recent months.

1. New Case Studies on SAP on SQL Server

Malaysia Airlines migrated their entire datacenter from on-premises to Azure. More than 100 applications were moved to Azure including a large SAP landscape. The project was executed by Tata Consulting Services. TCS SAP team demonstrated an outstanding skillset and capability during the entire project. SAP applications were migrated from DB2 to SQL Server 2016 with datafiles running on blob storage. Local High Availability is achieved by using AlwaysOn. SQL Server AlwaysOn is also used to replicate the databases to Hong Kong. A full case study can be found:

https://customers.microsoft.com/en-us/story/malaysia-airlines-berhad

https://partner.microsoft.com/it-it/case-studies/tata

Several other customers based in Malaysia in the Agricultural industry and shipping industry have also moved their SAP landscapes to Azure as well.

A useful blog discussing a large Australian Energy customer can be found here

2. Security Recommendations for Windows Servers

It is recommended to implement a few simple security settings on Windows servers. This will greatly increase the security of a SAP landscape running on Windows servers. An additional benefit is that it may not be required to implement Windows patches as frequently.

Recommendation #1: Disable SMB 1.0

SAP Note 2476242 – Disable windows SMBv1 describes how to disable legacy networking. SMB 1.0 is a protocol required for Windows NT 4.0 and should be disabled in all cases for SAP systems. There is no valid reason why SMB 1.0 should be running on any SAP server.

More information can be found here

Recommendation #2: Remove Internet Explorer

Open a command prompt with Administrative rights are run this command

dism /online /Disable-Feature /FeatureName:Internet-Explorer-Optional-amd64

On previous versions of Windows Server Windows Update may try to update earlier versions of IE to IE 11. This utility can prevent Windows Update from updating browser versions. Updating the browser is likely to require a restart of the operating system and should be avoided https://www.microsoft.com/en-us/download/details.aspx?id=40722

Additional useful information for Security & Networking can be found in these SAP OSS Notes

2532012 – SSL Security error while installing database instance on SQL Server

1570930 – SQL Server network encryption with SAP

2356977 – Error during connection of JDBC Driver to SQL Server

2385898 – SSL connection to SQL Server fails with: Could not generate secret

1702456 – Errors with Microsoft JDBC drivers connecting with SSL

1428134 – sqljdbc driver fails to establish secure connection

2559590 – SQL Server connection fails after TLS 1.2 has been enabled

Detailed SAP on Windows Security Whitepaper

3. Uninstall Internet Explorer from Windows Servers? – What about the new SAPInst?

SWPM 1.0 SP20 now has a Fiori based interface that is run from a Web Browser. It is a specific recommendation to remove Internet Explorer, third party browsers and any unnecessary software from all SAP servers including non-production servers. Fortunately there are several ways to run the new SWPM on a server where no browser is installed.

This SAP blog discusses several options

Option #1: Run SAPInst with the following command line option to load the previous gui

Sapinst.exe SAPINST_SLP_MODE=false

Option #2: Connect to SAPinst remotely from a Management Server with a browser

Run sapinst -nogui

Ensure the Windows Firewall has port 4237 open

From a dedicated Management Server open a browser and connect to https://<sap_server_hostname or_IP>:4237/JfIVyDkxlsXSBFYi/docs/index.html

(Note: the exact URL can be found in the logs of the SAPInst program starter)


The username and password are the OS level user and password on the server where SAPInst was started (eg. DOMAIN\sapadmin)

Hint: If there are problems running SWPM add the SAP Server hostname and/or IP to the Trusted Sites

4. SQL Server 2017 for SAP NetWeaver Systems

Microsoft has released SQL Server 2017. SQL Server 2017 has many new features

In general the required SAP Support Packs for SQL Server 2017 are the same as SQL Server 2016. Details can be found in 2492596 – Release planning for Microsoft SQL Server 2017

SAP and Microsoft plan to complete testing and make SQL Server 2017 generally available in January 2017 or shortly after

5. Power Options – Set for Maximum Performance

It is recommended to set SQL Server and SAP application server Power Plan to Maximum Performance.

SAP has released SAP Note 2497079 – Poor performance in SAP NetWeaver and/or MS SQL Server due to power settings

It is important to set the power settings to maximum performance at all layers of an infrastructure, for example the server BIOS, Hypervisor and Windows Operating system.

6. Business Suite 7 Maintenance, SAP NetWeaver Java Systems, Windows & SQL – End of Life & JDBC Drivers

SAP has documented the end of life of SAP Business Suite in SAP Note 1648480 – Maintenance for SAP Business Suite 7 Software.  The note states that the current generation of SAP applications running on “AnyDB” installed in over 200,000 customers worldwide will be out of support after 31st December 2025.

Many SAP customers have decided to migrate their SAP applications to Windows 2016, SQL Server 2016/2017 and upgraded to SAP versions that remain in support until 31st December 2025. Some of these customers plan to implement S4/HANA and wish to upgrade to a supported platform “stack” in the meantime. SAP NetWeaver 7.5 components, Windows 2016 and SQL 2016/2017 will remain in support until 2025. This means a customer can move to Windows 2016 and SQL Server 2016/2017 on Azure and never need to upgrade the OS, Database or Hardware until the end of life of the application.

Windows Server 2016 is in mainstream support until 11th January 2022 and extended maintenance until 11th January 2027 as documented here on the Microsoft Product Lifecycle tool

https://support.microsoft.com/en-us/lifecycle/search?alpha=Windows%20Server%202016%20Datacenter

https://support.microsoft.com/en-us/lifecycle/search

SQL Server 2016 final service pack (currently only SP1 is released) will remain in support until 2026. It is possible another SQL 2016 Service Pack will be released that might further extend the support lifetime of SQL Server 2016. SQL Server 2017 is in support until October 2027

The Azure platform will automatically upgrade hardware, networking and storage transparently over time.

Moving the current SAP applications to a stack that is fully supported until the end of life of the applications has allowed many customers to focus resources into planning for S/4HANA implementation projects.

Notes:

Java systems for 7.5x will be in maintenance until 31st December 2024

Java 7.0 EHP0, EHP1, EHP2 and EHP3 are out of support as of 31st December 2017 (support for Java 4.1 is terminated)

7. SAP ASCS File Share vs. ASCS Shared Disk

SAP has released documentation and a new Windows Cluster DLL that enables the SAP ASCS to leverage a SMB UNC source as opposed to a Cluster Shared Disk.

The solution has been tested and documented by SAP for usage in non-productive systems and can be used in Azure Cloud. This feature is for SAP NetWeaver components 7.40 and higher.

This feature is now fully Generally Available to all customers (both on-premises and on Azure) and is documented here

File Server with SOFS and S2D as an Alternative to Cluster Shared Disk for Clustering of an SAP (A)SCS Instance in Azure is Generally Available

High Available ASCS for Windows on File Share – Shared Disk No Longer Required

8. ReFS, Cluster, Continuous Access File Share and Windows Update Patches

SAP fully supports 1869038 – SAP support for ReFs filesystem

Some Antivirus software or other software that intercepts the Windows IO subsystem require this patch

It is therefore required to apply this patch on all Windows 2016 systems running ReFS

Older versions of the SWPM prerequisite checker will still warn that it is required to Disable the Windows Continuous Availability feature.

SAP now fully support Continuous Availability as documented in Note 2287140 – Support of Failover Cluster Continuous Availability feature (CA)

https://blogs.sap.com/2017/07/21/how-to-create-a-high-available-sapmnt-share/

https://wiki.scn.sap.com/wiki/display/SI/Should+I+run+the+Web+Dispatcher+as+a+standalone+installation+or+as+part+of+an+ABAP+or+J2EE+system

It is generally recommended to always use the latest SWPM available from here

Recent releases of SWPM should not request to disable this feature.

It is generally recommended to apply these updates to Windows 2012 R2 upgrades to cluster systems

http://aka.ms/2012R2ClusterUpdates

http://aka.ms/AzureClusterThreshold

Windows Server 2016 Long Term Servicing Branch is the support release for SAP applications. Do not use the Semi-Annual Channel

https://blogs.technet.microsoft.com/windowsitpro/2017/07/27/waas-simplified-and-aligned/

9. Adding Secondary IP Address onto Cluster Core Resource & Read Only Cluster Admins

Customers installing Windows Geoclusters on-premises and on Azure will need to a second IP address to the Cluster Core Resource

This is because the Primary and DR cluster nodes are typically on different subnets. To add a second cluster core resource IP address follow this guide here

The key point in the blog is this PS command:

PS > Add-ClusterResource –Name NewIP –ResourceType “IP Address” –Group “Cluster Group”

Some outsourced or managed service customers sometimes want to delegate readonly access

Grant-ClusterAccess -User DOMAIN.com\<non-admin-user> -ReadOnly

https://docs.microsoft.com/en-us/powershell/module/failoverclusters/grant-clusteraccess?view=win10-ps

To block cluster access to specific users (even if admins) run Block-ClusterAccess https://docs.microsoft.com/en-us/powershell/module/failoverclusters/block-clusteraccess?view=win10-ps

10. SQL Server: Important Patch Level for SQL 2016

Customers running SQL Server 2016 are strongly recommended to upgrade to at least SQL Server 2016 SP1 CU6.

There are multiple features that are improved and several bugs resolved. Customers using TDE, Backup Compression, Datafiles direct on Azure blobstorage or any combination of these should upgrade to the latest available CU, but at least SP1 CU6.

The latest CU and SP is always available here

SQL Server 2017 customers will receive the same corrections in SQL Server 2017 CU3

4025628            FIX: Error 9004 when you try to restore a compressed backup from multiple files for a large TDE-encrypted database in SQL Server

Miscellaneous Topics & Interesting SAP OSS Notes

Setting up SAP applications using virtual hostnames 1564275 – Install SAP Systems Using Virtual Host Names on Windows

Updating SAP cluster resource DLL is explained here in SAP Note 1596496 – How to update SAP Resource Type DLLs for Cluster Resource Monitor

A useful note on memory analysis 2488097 – FAQ: Memory usage for the ABAP Server on Windows

AlwaysOn alerting and monitoring is discussed here

Azure Support plans for SAP on Azure customers are https://azure.microsoft.com/en-us/support/plans/

A new format option is available for NTFS that will alleviate sparse file errors during Check DB on very large databases. The syntax for Large FRS Format <Drive:> /FS:NTFS /L (-UseLargeFRS) https://blogs.technet.microsoft.com/askcore/2015/03/12/the-four-stages-of-ntfs-file-growth-part-2/
https://technet.microsoft.com/en-us/library/dn466522(v=ws.11).aspx

Content from third party websites, SAP and other sources reproduced in accordance with Fair Use criticism, comment, news reporting, teaching, scholarship, and research