Automate and Simplify SAP HANA Backups with AWS Backup

Introduction
SAP HANA Workloads running on Amazon Web Services (AWS) are often at the core of an Enterprise, responsible for critical business processes including finance, procurement and payroll. A reliable backup and restore approach is essential to ensure that the data within these systems is protected, and there is a recovery option for scenarios in which disaster recovery needs to be invoked. Automation and simplification of backup management processes are key aspects for consistent and efficient backup operations.

Since the first deployment of an SAP HANA database on AWS in 2012, we have been looking for ways to improve the backup experience for customers. The first step was the release of the AWS Backint Agent for SAP HANA, which allowed customers to back up directly to Amazon Simple Storage Service (Amazon S3), removing the requirement for a “two-step” approach and optimizing the backup performance. Last month, we took that a step further, and announced the general availability of AWS Backup for SAP HANA on Amazon Elastic Compute Cloud (Amazon EC2).

AWS Backup for SAP HANA provides centralized, console-based backup management with a consistent experience across all supported AWS resources. Features include improved security using IAM policies, dedicated backup vaults, access to standardized AWS monitoring and reporting features, and intelligence for optimizing continuous backups for a point-in-time restore. It is also the first use case to utilize AWS Systems Manager for SAP which allows for discovery and registration of SAP HANA databases as a platform for future operational activities.

About AWS Backup:
AWS Backup is a cost-effective, fully managed, policy-based service that simplifies data protection at scale for a variety of AWS resources. The following are the AWS Backup features of interest for SAP HANA:

1. Centralized Backup Management: You can centrally manage backup operations such as scheduling the database backups, enable continuous backup and point in time restore (PITR), and recovery. You can manage SAP HANA database resources along with other AWS resources from AWS Backup console, providing a coherent experience to IT users.
2. Integration with multiple AWS services: AWS Backup console is integrated with multiple AWS monitoring services which makes it easy to monitor and take actions based on backup status. Using Amazon CloudWatch, AWS Backup provides metrics for completed or failed backup, copy, and restore jobs. AWS CloudTrail can be used to monitor AWS backup API calls. AWS CloudTrail captures all API calls for AWS Backup as events. By using Amazon Simple Notification Service (Amazon SNS), you can configure notifications based on backup status such as when the backup is successful or a restore is triggered/completed. You may also use Amazon EventBridge to monitor AWS Backup events. AWS Backup triggers events to EventBridge for every 5 minutes with best effort-based policy.
3. Interface VPC end points with AWS PrivateLink:
   AWS Backup supports AWS PrivateLink. AWS PrivateLink allows you to establish a private connection between your Amazon Virtual Private Cloud (“VPC”) and AWS Backup endpoints by creating an interface VPC endpoint. AWS Backup for SAP HANA and AWS PrivateLink enable you to privately access AWS Backup for SAP HANA operations in a secure and scalable manner, while keeping all the network traffic within the AWS global network.
4. Encryption of your AWS Backup Vault: In AWS Backup, a backup vault is a container that stores and organizes your backups. SAP HANA database backups are stored in the AWS backup vaults which are encrypted by using AWS Key Management Services (AWS KMS).
5. AWS Backup Vault Lock: AWS Backup Vault Lock is a feature that helps prevent changes to backup lifecycle as well as prevent manual deletion of backups, helping you meet your compliance requirements. AWS Backup Vault Lock implements safeguards that verifies you are storing your backups using a Write-Once-Read-Many (WORM) model.

Getting started with AWS Backup for SAP HANA:
Before you can start scheduling SAP HANA backups in AWS Backup, there are a number of prerequisites. These are covered in detail in the AWS Backup for SAP HANA on EC2 documentation and include configuring an Amazon IAM policy for the Amazon EC2 instance, Registering SAP HANA database with AWS Systems Manager for SAP, installation and configuration of the AWS Backint Agent and optionally, setup of an interface VPC end point. All these activities will only need to be performed once and can be automated.

        Figure -1. Pre-requisites for SAP HANA backups

Backup Plans and Resource Assignments:
Backup plans are used to define the schedule, frequency and retention of backups against a collection of resources. These resources include SAP HANA on Amazon EC2, and may also be combined with critical Amazon EC2,   resources to enable a consistent approach to the backup of database and non-database resources.

The continuous backup is used for selected resources in AWS Backup. You can enable continuous backup and point in time restore (PITR) in backup plans with an SAP HANA resource allocated. This action directs AWS Backup to manage the full, differential and log backups required for an SAP HANA restore. AWS backup does this in a cost-effective way, using differential backups if appropriate while considering recovery time based on the date of the last full backup and the rate of change.

Figure – 2. Resource Assignments

AWS Backup pricing:
Pricing for AWS Backup for SAP HANA on Amazon EC2 is structured in pay as you go model . As an example, In the US-EAST-1 (N.Virginia) region,A SAP HANA Backup will cost $0.06 per GB-Month and $0.01 per GB-Month for backups transitioned to cold storage. You can refer to the pricing documentation page for more details on pricing.

Restrictions:
Please refer to the release notes to check the list of features that are currently not supported.

Recommended Implementation Approach:
The implementation or modification of a backup strategy requires careful planning and testing. We suggest gaining familiarity with AWS Backup in a sandbox or development environment prior to configuring it for your production workloads. The Reliability and Operations pillars of the provide good general guidance for using backups to protect your SAP Data. In particular refer to

• Best Practice 10.3 – Define an approach to help ensure the availability of critical SAP data
• Design Principle 12 – Plan for data recovery

Conclusion:
AWS Backup for SAP HANA makes it easy to perform backup and restore operations for your SAP HANA databases on AWS. AWS customers can now centrally manage and automate data protection activities, including backup,restore and system copy. Customers will benefit from a native AWS experience which can be scaled to simplify the administration across multiple AWS resources and accounts. AWS resources and accounts. To get started, we recommend that you review the documentation and blog below.

•   SAP HANA databases on Amazon EC2 instances backup
•  Centrally managed SAP HANA database backup using AWS Backup console

To learn why thousands of customers trust AWS to migrate, modernize, and innovate with their SAP workloads, visit the SAP on AWS  page.

Credits:

We would like to thank the following members for their expertise, support and guidance.

Sabari Radhakrishnan, Balaji Krishna, Adam Hill,Nerys Olver, Parisudh Marupurolu, Marcos Perez Seoane, Spencer Martenson.