Use the assessment service offered by Workload Manager to protect your SAP setups.
Following best practices is essential as companies move their SAP workloads to the cloud. In this blog article, they explore Google Cloud’s Workload Manager and demonstrate how its automated, rule-based analysis may proactively detect potential misconfigurations and deviations from best practices, thereby helping to protect your SAP workloads.
The function of best practices in preserving the integrity of the SAP workloads
Large-scale cloud deployment configuration and maintenance can be difficult, particularly when operating systems, applications, and infrastructure are all involved. Complicated setups, changing industry standards, and the possibility of human mistake associated with manual labour can all have a detrimental effect on your SAP workloads and ultimately your company.
In the past, misconfigurations were only found and fixed in reaction to a crisis, and frequently required laborious manual inspections. Workload Manager offers a SAP assessment service that can significantly enhance your Google Cloud SAP workloads management capabilities, enabling you to:
Minimise avoidable errors: Adhering to best practices would have prevented or lessened a great deal of problems and disruptions. Perform scans to proactively find possible problems before they become more serious ones.
Safeguard go-lives: To help boost go-live success rates and address problems that can be challenging to fix later, make sure new deployments are validated and configured in accordance with best practices.
Detect drift: Perform routine scans to find any changes or misconfigurations over time.
Minimise operational overhead: To help reduce time spent on laborious manual inspections, automate the validation process.
Workload Manager
An introduction of the Workload Manager evaluation service
The sophisticated rule-based validation service offered by Workload Manager’s evaluation service may automatically evaluate your SAP workloads in comparison to a comprehensive set of operating system, SAP, and Google Cloud best practices.
As new insights are gained and best practices change, the SAP rule catalogue is regularly updated. The supplied rules explore important facets of your SAP setup in the following categories, going beyond basic configuration checks:
SAP General: Guidelines that are applicable to all kinds of SAP workloads, like support requirements and VM setup settings
SAP High Availability: Analyzing cluster setups, failover procedures, and system architectures, these checks help maximize availability and reliability.
HANA & SAP NetWeaver: Logic that recognizes each resource’s role automatically and then verifies it against role-specific specifications including approved machine sizes, disc kinds, and other details
SAP HANA Insights: Perceptive analysis and optimizations for memory allocation, performance evaluations, compression, and other areas
SAP HANA Security Best Practices: Guidelines for assessing HANA’s security posture, covering known vulnerabilities, encryption settings, and access control, among other things
Following a scan, an assessment report summarizes the findings and enables you to go more into each rule to see which specific resources passed and failed.
Every rule comprises an explanation of the problem, an assessment of its gravity, and a suggestion along with links to the pertinent files to aid in fixing the issue. Additionally, you have the option to get alerts by email or Pub/Sub on specific triggers, like the discovery of a new issue.
How to use the Workload Manager assessment service
Install the SAP Google Cloud agent on each virtual machine within the scope.
The SAP agent for Google Cloud is a unified agent that handles several tasks associated with executing SAP workloads on Google Cloud. Every virtual machine (VM) running SAP workloads on Google Cloud must have the agent installed and operational (SAP Note 2456406 – SAP on Google Cloud Platform: Support Prerequisites).
The agent also offers optional features, such as the Workload Manager that gathers data for analysis. To ensure that the agent is installed and configured appropriately, consult the following checklist: Install Google Cloud’s SAP Agent.
An automated check to ensure that the agent is installed and configured correctly in every in-scope virtual machine is also included in the assessment report. Run an assessment as instructed below and look for the rule labelled “Verify that Google Cloud’s Agent for SAP is configured appropriately on all instances within the evaluation scope” in the results if you are not sure if you have already finished the aforementioned steps.
Prerequisites and first authorization
Make sure you have finished the following requirements before utilising the Sap Workload Manager assessment service:
- Turn on the API for Workload Manager.
- IAM Roles: To control access to the assessment service, specify the relevant IAM roles.
Please be aware that Workload Manager makes use of a Service Agent, and depending on the projects and configurations chosen during the following evaluation setup, this agent can require additional IAM rights. An administrator can find it useful to construct the initial assessment and provide any permissions that are missing when asked; this is a one-time requirement per project.
Make an assessment using Workload Manager
- Locate Workload Manager > Evaluation in the console by using the search bar at the top or by navigating to the location, which is nested under Compute in the left navigation pane.
- To get started, click the New Evaluation icon at the top.
- Give the evaluation a name and a description on the Evaluation details tab, then choose “SAP” from the Workload type selection option.
- You can choose the project or projects you want to assess and apply filters to further narrow the scope on the Evaluation Scope tab.
- You can choose which rules to include in the evaluation on the Evaluation rules tab. You can choose all of the rules if you are unclear which to choose because only those that are pertinent to each resource in scope will be assessed.
- Rules designated for SAP HANA, for instance, would not be compared to rules in the SAP NetWeaver category.
- Likewise, guidelines for High Availability (HA) wouldn’t be assessed for a system that doesn’t support HA.
- You can choose “Does not repeat” if you want to execute this particular evaluation on an as-needed basis, or you can choose how frequently to run it on the Scheduling page.
- You can still perform extra assessments as needed, even if you choose a repeating frequency; this won’t affect the planned scans.
- You can select to get notifications on the Notifications tab based on different triggers, including when a new issue is discovered, which is coupled with Notification Channels like Slack or email.
- Lastly, you can review your choices on the Review tab and click “Create” to close the deal. It could take you a few more minutes to complete the first evaluation you prepare for a project.
- When it’s done, you’ll receive a notification that will return you to the assessment dashboard.
Conduct an assessment and review the outcomes
Once a new evaluation has been created, it can be run by choosing it from the evaluation dashboard and clicking “Run,” or, if you have specified a repeating frequency, by waiting for the next scheduled run.
After everything is finished, SAP workloads Manager produces an extensive report that shows both areas of compliance and departures from best practices. After that, you can delve more into particular rules to find out exactly what needs to be fixed and which resources passed and failed each check.
Validation of best practices: Going beyond the fundamentals
SAP workloads Manager, together with its recently launched assessment service, is a potent tool for detecting misconfigurations and departures from recommended practices in SAP instances hosted on Google Cloud. Consult the official documentation for troubleshooting advice and answers to frequently asked problems, or contact Google Cloud customer service.