# 3 – Understand how you will operate the workload
<a name="design-principle-3"></a>

 **How do you know that you are ready to support and operate a workload?** Evaluate the operational readiness of your [workload](https://docs.aws.amazon.com/wellarchitected/latest/userguide/workloads.html), processes and procedures, and personnel to understand the operational risks related to your [workload](https://docs.aws.amazon.com/wellarchitected/latest/userguide/workloads.html). Create runbooks for common operations, playbooks for issues and automate as many operations as possible to improve resilience and reduce errors. 

[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/wellarchitected/latest/sap-lens/design-principle-3.html)

 For more details, see the following links and information: 
+  AWS Whitepaper: [AWS Cloud Operating Model](https://docs.aws.amazon.com/whitepapers/latest/building-cloud-operating-model/building-cloud-operating-model.html) 
+  AWS Service: [AWS Cloud Adoption Framework (AWS CAF)](https://aws.amazon.com/professional-services/CAF/) 
+  AWS Service: [AWS Config](https://aws.amazon.com/config/) 
+  AWS Service: [AWS Systems Manager](https://aws.amazon.com/systems-manager/) 
+  AWS Documentation: [AWS Systems Manager Features](https://aws.amazon.com/systems-manager/features/) 
+  SAP on AWS Blog: [DevOps for SAP – Driving Innovation and Lowering Costs](https://aws.amazon.com/blogs/awsforsap/devops-for-sap-driving-innovation-and-lowering-costs/) 

# Best Practice 3.1 – Ensure personnel capability
<a name="best-practice-3-1"></a>

Have a mechanism to validate that you have the appropriate number of trained personnel to provide hands-on support for operational needs and that they have the appropriate SAP, AWS, or third-party certifications. Train personnel and adjust personnel capacity as necessary to maintain effective support.

 **Suggestion 3.1.1 - Assess the learning and certification needs of your SAP operations team** 

 According to your environment and dependencies, different certifications might apply. Assess the certification needs of your team to be able to support your technology stack: 
+  AWS Documentation: [AWS Training](https://aws.amazon.com/training/) 
+  AWS Documentation: [AWS Certifications](https://aws.amazon.com/certification/) 
+ SAP Documentation: [SAP Certifications](https://training.sap.com/certification/)
+ Operating System Certifications
  +  SUSE Documentation: [SUSE Enterprise Linux Certifications](https://training.suse.com/certification/) 
  +  Red Hat Documentation: [Red Hat Enterprise Linux Certifications](https://www.redhat.com/en/services/certifications) 
  +  Microsoft Documentation: [Microsoft Windows Certifications](https://docs.microsoft.com/en-us/learn/certifications/) 

# Best Practice 3.2 – Ensure your cloud operating model matches your operational aims
<a name="best-practice-3-2"></a>

Identify the appropriate cloud operating model for your SAP workloads such that it aligns with your identified business requirements for speed to deployment, security, operations, and responsibility of cloud platform support. An appropriate cloud operating model is critical for successful adoption of cloud and delivering greater business agility.

 **Suggestion 3.2.1 - Adopt the appropriate cloud operating model for your business aims** 

 According to your IT and business requirements, ensure that the appropriate cloud operating model is adopted. Decide which teams will build and operate your workload. Plan to move towards a model of shared ownership where the SAP Basis/Technology team and development team both build and run your SAP workload in a DevOps model. 
+  AWS Guidance: [AWS Cloud Adoption Framework (AWS CAF)](https://aws.amazon.com/professional-services/CAF/)
+  AWS Well-Architected Framework [Operational Excellence]: [Operating Models 2x2](https://docs.aws.amazon.com/wellarchitected/latest/operational-excellence-pillar/operating-model-2-by-2-representations.html)
+  AWS Well-Architected Framework [Operational Excellence]: [Organizational Culture](https://docs.aws.amazon.com/wellarchitected/latest/operational-excellence-pillar/organizational-culture.html)

# Best Practice 3.3 – Share design standards and educate new support personnel in procedures
<a name="best-practice-3-3"></a>

Share existing best practices, design standards, checklists, operating procedures, and governance requirements across teams. Ensure all teams are aware of support procedures across all components of your SAP workload.

 **Suggestion 3.3.1 - Share existing best practices, design standards, checklists, operating procedures, and guidance and governance requirements across teams to reduce complexity and maximize the benefits from development efforts** 

 **Suggestion 3.3.2 - Ensure that procedures exist to request changes, additions, and exceptions to design standards to support continual improvement and innovation** 

 **Suggestion 3.3.3 - Ensure that teams are aware of published content so that they can limit rework and wasted effort** 

 **Suggestion 3.3.4 - Ensure that teams know how to log support calls for different components of your SAP workload** 

 Who provides support for your operating system, database, and SAP application? For example, understand whether AWS or your operating system vendor would provide support directly for clustering or patching issues. In the case of EC2-inclusive operating system licenses, AWS provides this support directly. 
+  AWS Documentation: [How to log a case with AWS Support](https://docs.aws.amazon.com/awssupport/latest/user/case-management.html) 
+  AWS Documentation: [AWS Support](https://aws.amazon.com/premiumsupport/) 
+  SAP Note: [1656250 - SAP on AWS: Support prerequisites](https://launchpad.support.sap.com/#/notes/1656250) [Requires SAP Portal Access] 

# Best Practice 3.4 – Use runbooks to perform SAP landscape operations
<a name="best-practice-3-4"></a>

 Runbooks are documented procedures to achieve specific outcomes. Enable consistent and prompt responses to well-understood events by documenting procedures in runbooks. Understand common SAP operations that are run and create specific, versioned documentation with a review cycle. 
+  AWS Well-Architected Framework [Operational Excellence]: [Operational Readiness](https://docs.aws.amazon.com/wellarchitected/latest/operational-excellence-pillar/operational-readiness.html) 
+  AWS Documentation: [Runbooks and automation using AWS Incident Manager](https://docs.aws.amazon.com/incident-manager/latest/userguide/runbooks.html) 

 **Suggestion 3.4.1 - Create specific runbooks for SAP security operations** 

 Consider creating runbooks for common SAP security operations: 
+ User provisioning and identity management
+ Firefighter access
+ Authorization changes
+ Security and authorization audits
+ Encryption key rotation
+ TLS certificate management

 **Suggestion 3.4.2 - Create specific runbooks for SAP scaling and performance operations** 

 Consider creating runbooks for common scaling and performance operations: 
+ Disk volume re-sizing
+ Horizontal and vertical scaling of SAP application servers
+ Re-sizing of database server
+ Addition or removal of servers from load balancing

 **Suggestion 3.4.3 - Create specific runbooks for SAP operations during faults** 

 Consider creating runbooks for operations during faults: 
+ System restarts and order of restarting systems
+ SAP backups and restores
+ Cluster failover
+ Storage failure
+ Critical interface restarts and replays
+ DNS and network routing changes
+ Ransomware recovery
+ SAP Lens [Reliability]: [Best Practice 10.3 – Define an approach to help ensure the availability of critical SAP data](best-practice-10-3.md)

 **Suggestion 3.4.4 - Create specific runbooks for SAP maintenance operations** 

 Consider creating runbooks for maintenance operations: 
+ Starting and stopping SAP
+ Refreshing / System Copy of SAP
+ Daily health checks
+ Error management / ABAP dumps
+ Patching SAP application, operating system, and database
+ Log rotation, clean up, and archival

 Consider database and application log and trace files cleanups for your SAP environment, for example, SAP Note: [2399996 - Automating SAP HANA Cleanup](https://launchpad.support.sap.com/#/notes/2399996) [Requires SAP Portal Access] 

# Best Practice 3.5 – Use playbooks to investigate issues
<a name="best-practice-3-5"></a>

Enable consistent and prompt responses to issues that are not well understood, by documenting the investigation process in playbooks. Validate and evolve these playbooks by using them regularly in operations but also in non-production environments and designated practice sessions like game days.

 **Suggestion 3.5.1 - Create problem playbooks for use in incident response** 

 Understand the frequently occurring problems and troubleshooting steps used for each of the identified problems and create specific, versioned documentation with a review cycle. Suggested playbooks should include: 
+ Performance Issue Investigation
+ Capacity Issue Investigation
+ Authentication and Sign On Issue Investigation
+ Security Incident Investigation
+ Connectivity and Networking Investigation
+ Ransomware and Virus Investigation
+ Interface Error Investigation
+ Batch Job Error Investigation
+ Deployment or Transport Error investigation

Ensure that your playbooks include integration and communication steps with related support functions and teams. Common communications steps include notification and progress updates to a critical incident desk, a security incident team and/or a change management team.

 **Suggestion 3.5.2 - Run regular SAP game days to test operational procedures and validate playbooks** 

 Consider running SAP game days regularly for your operational team. A game day simulates a failure or event to test systems, processes, and team responses. The purpose is to actually perform the actions the team would perform as if an exceptional event happened. These should be conducted regularly so that your team builds "muscle memory" on how to respond. Your game days should cover the areas of operations, security, reliability, performance, and cost. Using a dedicated experimentation environment, simulate real world scenarios in order to validate and practice operational procedures and recovery processes. 

# Best Practice 3.6 – Use automation to perform SAP landscape operations
<a name="best-practice-3-6"></a>

Create automation pipelines for your SAP environment builds and landscape operations. Automation using Infrastructure as Code techniques (for example, CloudFormation, Launch Wizard for SAP) allows repeatable and agile environment creation or extension. Automated pipelines and landscape operations reduce errors caused by manual processes, reduce the effort to deploy changes and improves speed to react to your business needs.

Create automated SAP landscape operational pipelines that allow you to perform common environment tasks in an automated fashion (for example, System Copy, Start SAP, Stop SAP, Scale SAP). Invoke these pipelines in response to operational events such as time-based system shutdown or automatic scaling due to user load.

 **Suggestion 3.6.1- Implement infrastructure as code techniques to create repeatable and code-driven build pipelines for your SAP landscape** 

 Use tools such as AWS CloudFormation, AWS Cloud Development Kit (AWS CDK) or AWS Launch Wizard for SAP to create repeatable, controlled and quick environment deployments. 
+  SAP on AWS Blog: [Infrastructure as Code Example: Terraform and SAP on AWS](https://aws.amazon.com/blogs/awsforsap/terraform-your-sap-infrastructure-on-aws/) 
+  AWS Documentation: [AWS Launch Wizard for SAP](https://aws.amazon.com/launchwizard/) 

 **Suggestion 3.6.2 - Implement common SAP landscape operations with automation** 

Use orchestration and infrastructure as code (IaC) tools in combination to perform your common SAP landscape operations in an automated fashion. Tools such as AWS CloudFormation, AWS Systems Manager – Run Automations, SAP Landscape Management (LaMa) and AWS Lambda can be orchestrated to perform common SAP landscape operations in deployment pipelines.

Consider third-party automation tools where complex or deep integration between tools is required (For example: Terraform, Ansible, Chef).

 Consider using automated operations as responses to SAP workload events to allow a self-healing and self-maintaining landscape. 
+  SAP Note: [2574820 - SAP Landscape Management Cloud Manager for Amazon Web Services (AWS)](https://launchpad.support.sap.com/#/notes/2574820) [Requires SAP Portal Access] 
+  AWS Documentation: [AWS Launch Wizard for SAP](https://aws.amazon.com/launchwizard/) 
+  AWS Documentation: [AWS Systems Manager Automation](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-automation.html) 
+  AWS Marketplace: [Products and Tools for DevOps](https://aws.amazon.com/marketplace/search/results?page=1&searchTerms=sap&category=45c68cc2-ccd6-426b-94bd-92a791004dc2)