Migrating SAP HANA-based systems using AWS Migration Hub Orchestrator
Why use AWS Migration Hub Orchestrator service
Thousands of customers worldwide trust AWS to run their mission-critical SAP applications. For SAP applications that are still on-premises, many customers are looking for an easier way to migrate to AWS while following AWS and SAP best practices. AWS Migration Hub Orchestrator for SAP reduces the time and effort required to migrate to AWS by removing many of the manual tasks, managing dependencies between the different tools involved during the migration, and providing visibility into migration progress from one central place.
In this blog, we will walk you through how AWS Migration Hub Orchestrator works, its architecture, supported migration patterns, prerequisites, and the overall migration process.
AWS Solution Summary
AWS Migration Hub Orchestrator simplifies and automates the migration of servers and enterprise application to AWS. It provides a centralized location to manage and track migrations.
With Migration Hub Orchestrator, you can migrate HANA-based SAP NetWeaver-based applications, such as S/4HANA, BW/4HANA, and ECC on HANA to AWS. You can also re-host SAP applications using AnyDB to Amazon EC2. Migration Hub Orchestrator offers predefined workflow templates, which are based on the proven SAP migration best practices. Additionally, you can customize the migration workflows by adding, reordering, or removing steps according to your specific migration requirements.
Migration Hub Orchestrator Supported Features:
- Template driven SAP NetWeaver on HANA-based application migrations from on-premises to AWS
- Migration methodology and tooling results in minimal technical downtime and pre/post manual tasks
- Workflow customization allows customers to add steps to perform customer specific migration tasks
- Supports multiple architecture patterns for migration between source and target systems
- Allows sizing of target system/components of the SAP system as needed to meet application performance and availability requirements
- Supports change in operating system version or Linux distributions
- E.g., SUSE to RHEL, SLES 12 SP4 to SLES 15 SP1
- Supports upgrading to a newer minor HANA version during migration
- E.g., HANA 2.0 SPS01 to HANA 2.0 SPS05
- Supported SAP application architectures for source and target systems:
- Single-Node – SAP application and/or HANA database deployed on single node
- Multi-Node – SAP application and/or HANA database deployed on different nodes
- High Availability – SAP application and/or HANA database deployed on multi-node in High Availability mode
SAP Migration Architecture using AWS Migration Hub Orchestrator:
AWS Migration Hub Orchestrator migrates SAP HANA based SAP NetWeaver systems to AWS by setting up data replication between source and target HANA systems leveraging SAP’s native HANA System Replication mechanism. During the migration it also guides you to setup target environment in AWS to host your SAP NetWeaver application using AWS Launch Wizard for SAP.
AWS Migration Hub Orchestrator currently supports the following source/ target patterns for HANA databases and SAP applications:
|Source System Configuration (HANA Only)||Target System Configuration (HANA Only)|
|HANA scale-up/single node||HANA scale-up/single node|
|HANA scale-up/single node HANA||HANA with High Availability|
|HANA scale-out/multi-node||HANA scale-out/multi-node|
|HANA with High Availability||HANA with High Availability|
|Source System Configuration (SAP Application and HANA DB)||Target System Configuration (SAP Application and HANA DB)|
|SAP central system||SAP central system|
|SAP central system||SAP distributed system|
|SAP central system||SAP application with High Availability|
|SAP distributed system||SAP distributed system|
|SAP distributed system||SAP applications with High Availability|
|SAP applications with High Availability||SAP applications with High Availability|
Fig: Example architecture of a Single node HANA to Single node HANA migration using Migration Hub Orchestrator
Pre-Migration Setup and Prerequisites:
Customers must ensure the general settings and one-time setup activities are completed before starting the SAP application migration:
- AWS Direct Connect or AWS VPN to allow network-level communication between on-premises and AWS Virtual Private Cloud (VPC) and account
Prerequisites for SAP HANA System Replication:
- The source and target systems are both installed and configured. You have verified that both are independently up and running.
- The target system must have the same SAP system ID and instance number as the primary system
- The HANA database version of the secondary HANA DB must be equal to or higher than the primary server version
Please refer SAP documentation for more information on SAP HANA System Replication prerequisites.
- Source and target SAP Elastic Compute Cloud (EC2) instance must allow communication over SSH port 22 from the plugin server
- The plugin server needs a connection to the internet using HTTPS inbound & outbound TCP 443 ports to communicate to the AWS Migration Hub Orchestrator service through API calls
One-time Setup Activities:
- To access the Migration Hub Orchestrator console, you must have AWS Identity and Access Management (IAM) permissions. These permissions must allow you to list and view details about the Migration Hub Orchestrator resources in your AWS account. User must complete the IAM prerequisites
- The Migration Hub Orchestrator plugin is a virtual appliance that you can install in your on-premises VMware vCenter environment(setup). The plugin orchestrates migration activities on the source SAP systems during the migration process
Once deployed, please check, and verify that the plugin status is active in the Plugins section on AWS console.
Discovering SAP Source Servers:
- The first step of the migration is to discover the on-premises SAP servers’ information and then group the discovered servers into applications to be migrated and tracked. AWS Migration Hub supports application discovery using AWS discovery tools Discovery service.
- Follow the steps to choose the discovery method and complete the discovery of all the servers that are planned for migration.
- SAP source servers must be visible in the discovery tool by the end of the discovery process as shown in the picture below:
- The discovered SAP application and database servers are required to group under Applications. AWS Migration Hub Orchestrator uses “Application name” to identify and migrate the defined source systems to the target AWS landing zone.
Prepare for Application Migration Phase:
- Ensure source HANA database credentials and target system Key Pair are maintained in the AWS Secrets Manager. Please follow the prerequisites steps.
- The key pair name and secret name must be same.
- e.g., the keypair name “migrationhub-orchestrator-keyname123.”
- e.g., the secret name “migrationhub-orchestrator-keyname123.”
(Important: The Key Pair must begin with the prefix migrationhub-orchestrator- and must only be followed by an alphanumeric value.)
- Use AWS Launch Wizard for SAP to deploy the target SAP landscape in AWS and keep the deployment name handy. The migration process prompts for the target system deployment name during the migration process.
- The migration process leverages SAP HANA System Replication to migrate data from on-premises servers to AWS. The deployed target system fulfills HANA system replication prerequisites listed in “General Prerequisites for Configuring SAP HANA System Replication” please refer to the SAP reference link for the prerequisite info.
Migration of SAP Application Phase:
- Navigate to the Migration Hub console and select Orchestrator → Create Migration workflow
- Select the “Migrate SAP NetWeaver applications to AWS” template and click “Next.
- Provide workflow Name and Description.
- Application name: select the Application name created during the discovery phase pre-migration activities step.
- Select the migration type according to your requirement.
- Provide Source SAP application info:
- AWS ADS Server ID for SAP application server: select the source SAP application server
- SAP system ID: provide source SAP SID
- SAP application hostname: provide the hostname of source SAP application
- Provide SAP HANA database configuration
- Select the checkbox “I want to disable SSL encryption for database replication” if you want to disable the SSL for HSR or leave it unchecked if you want SSL for HSR
- SAP HANA replication mode: select Asynchronous or Synchronous based on your requirement
- HANA system ID (HANASID): source HANA SID
- Instance Number: source HANA instance number
- Database hostname: source HANA database hostname
- AWS ADS Server ID for SAP HANA database: hostname of source SAP HANA server
- Credentials: select the secret name created as part of the prerequisites
- Backup location: HANA database backup location, for example, /backup
Note that if you opt-in for SSL encryption for database replication, make sure the parameter enable_ssl under system_replication section of global.ini file on the target HANA system is set to ON before you click on the Next button at the bottom. If you want to opt-out of the SSL for database replication just select the checkbox “I want to disable SSL encryption for database replication” and no parameter adjustment is needed for this setting.
- Click Next to review and start the migration using the workflow.
- Review the workflow inputs and select Create.
- Select the newly created workflow, navigate to Actions-> Run option to kick off the migration process.
- Migration Hub Orchestrator automates the migration process by executing most of the workflow steps in automated manner. Some steps are manual due to requirement for additional inputs and user interactions. All the steps in the workflow must be executed to complete the workflow.
- An example of a completed workflow will have the status as shown in the picture below.
Troubleshooting most common problems and FAQs:
- Step “Verify HANA System Replication status task status” failed
- Login into source SAP and HANA systems and ping to target SAP and HANA systems.
- Verify both source and target SAP systems are reachable from plugin server.
- Validate AWS Security Groups and allow communication for port 22 from plugin server to both SAP source and target systems.
- Login as <hdbadm> and execute systemReplicationStatus.py, if replication is not happening and status is in “initialization” check if target system HANA DB is up, target HANA DB need to be up for replication to start.
- Login as <hdbadm> and execute HDBSettings.sh systemReplicationStatus.py if the status is “registration status of secondary host not available” then check /etc/hosts entries are updated in source and target systems.
- Plugin not able to login to Target HANA system
- Review the Key-pair name provided in Secret manager for Target System is in-sync with the name provided in step 2.d.
- Validate Security groups of Target SAP/HANA systems and allow port 22 from Plugin server
- How to retry a failed step?
- Click on the failed step status and select retry option
- Where to find the logs of the failed step related to source system?
- Failed step logs are located in an Amazon S3 bucket and the path of the bucket is indicated under the status message as shown below:
- Where are the logs of the failed step related to the target system?
- The log for a failed step related to the target system are logged in “Run Command” -> “Command History” of AWS Systems Manager as shown below:
In this blog, you learned how to simplify and automate the migration of SAP HANA based applications to AWS using Migration Hub Orchestrator. To learn more about AWS Migration Hub Orchestrator visit the AWS Migration Hub Page, or watch this short video.
This blog was co-authored by Pravin Yadav and Chandrasekhar Chittuluru