# SAP BusinessObjects Business Intelligence Platform on AWS Deployment and Operations Guide for Linux SAP BOBI Platform on AWS Deployment and Operations Guide for Linux *SAP specialists, Amazon Web Services* * [Last updated](bobi-linux-document-revisions.md#bobi-linux-document-revisions.title): January 2023* The purpose of this guide is to provide an overview of how to implement and operate SAP BusinessObjects (BO) Business Intelligence (BI) Platform (also referred in this document as SAP BOBI Platform) on Amazon Elastic Compute Cloud (Amazon EC2). This guide is not intended to replace the standard SAP BOBI Platform installation and administration guides, operating system, or relational database management system (RDBMS) documentation. ## Overview This guide is part of a content series that provides detailed information about hosting, configuring, and using SAP technologies in the Amazon Web Services Cloud. For the other guides in the series, ranging from overviews to advanced topics, see [SAP on AWS Technical Documentation](https://aws.amazon.com/sap/docs/). The purpose of this guide is to provide an overview of how to implement and operate SAP BusinessObjects (BO) Business Intelligence (BI) Platform (also referred in this document as SAP BOBI Platform) on Amazon Elastic Compute Cloud (Amazon EC2). This guide covers common AWS services and features that are relevant for SAP BusinessObjects BI platform. This guide is not an exhaustive list of all possible configuration options. It covers solutions common to typical deployment scenarios. This guide is not intended to replace the standard SAP BOBI Platform installation and administration guides, operating system, or relational database management system (RDBMS) documentation. # Prerequisites Before you start implementing your SAP BOBI Platform systems, we recommend that you review these prerequisites to ensure there are minimal interruptions and delays. ## General AWS Knowledge Before you follow the configuration instructions in this guide, we recommend that you become familiar with the following AWS services. (If you are new to AWS, see [Getting Started with AWS](https://aws.amazon.com/getting-started/).) + [Amazon ECS](https://aws.amazon.com/documentation/ec2/) + [Amazon VPC](https://aws.amazon.com/documentation/vpc/) + [AWS Identity and Access Management](https://aws.amazon.com/iam/) + [Amazon EBS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html) + [Amazon S3](https://aws.amazon.com/s3/) + [AWS Systems Manager](https://aws.amazon.com/systems-manager/) + [AWS CloudFormation](https://aws.amazon.com/documentation/cloudformation/) + [Amazon FSx for NetApp ONTAP](https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/what-is-fsx-ontap.html) ## Recommended Reading We also recommend you first read some key overview and best practice guides: + [SAP on AWS Overview and Planning Guide](https://docs.aws.amazon.com/sap/latest/general/sap-on-aws-overview.html) + [Getting Started with Architecting SAP on the AWS Cloud](https://aws.amazon.com/blogs/awsforsap/getting-started-with-architecting-sap-on-the-aws-cloud/) + [Best Practices for Linux on Amazon EC2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-best-practices.html) ### SAP Notes The SAP notes listed in Table 1 have useful information regarding SAP BOBI deployment in AWS. **Table 1: SAP Notes for SAP BOBI deployment on AWS** | SAP Note | Description | | --- | --- | | [1588667](https://me.sap.com/notes/1588667) | SAP on AWS: Overview of related SAP notes and web links | | [1656099](https://me.sap.com/notes/1656099) | SAP on AWS: Supported products, platforms, and landscapes | | [2442979 ](https://me.sap.com/notes/2442979) | Amazon S3 recommendations for SAP BusinessObjects Business Intelligence Platform | | [2438592](https://me.sap.com/notes/2438592) | BI Platform 4.2 Cloud Support | ## Technical Requirements + Ensure that any services you will use for your SAP BOBI Platform deployment are not constrained by default AWS service limits. You can find the details at [Service endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html). You can increase soft limits by submitting a support ticket to AWS. + Make sure that the following information is available in relevance to your existing AWS resources. You will need this information while executing AWS Command Line Interface (AWS CLI) commands to create your Amazon EC2 and Amazon Elastic Block Store (Amazon EBS) resources: [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/sap/latest/sap-businessobjects/bobi-linux-prerequisites.html) + Ensure that you have a key pair that you can use to launch your Amazon EC2 instances. See [Amazon EC2 Key Pairs for Linux Instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) if you need to create a key. + Ensure that you have the network details like VPC ID, Subnet ID, and so on, of the VPC where you plan to launch your Amazon EC2 instances to host your SAP BOBI Platform applications. + Ensure that the required ports are open on the security group attached to your Amazon EC2 instance to allow log in to the operating system. + For distributed or high availability (HA) installations, ensure that the security group attached to each application servers allows communication over the required ports between them. The easiest way to do this is to create a rule that references a security group as its own source and allow traffic on the required ports for that rule. + If you intend to use the AWS CLI to launch your instances, then ensure that you have installed and configured AWS CLI with the appropriate credentials. See [Configuring the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) for more details. + If you intend to use the AWS Management Console to launch your instances, then ensure that your IAM user has permission to launch and configure Amazon EC2, Amazon EBS, and so on. See the [IAM documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html) for more details. + Ensure that you have the required SAP software available either via an Amazon Simple Storage Service (Amazon S3) bucket or on a file share accessible from an Amazon EC2 instance. If you use Amazon S3, make sure to assign appropriate IAM role permissions to the EC2 instance to allow S3 access. + All enterprise customers use DNS service. You can create a hosted zone in Amazon Route 53. You can optionally use AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD. This service lets your directory-aware workloads and AWS resources use managed Active Directory in the AWS Cloud. For more details on this service, see [AWS Directory Service](https://aws.amazon.com/directoryservice/) and [Create Your AWS Managed Microsoft AD directory](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_getting_started_create_directory.html). # Planning The following topics are important for planning the SAP BOBI Platform in AWS Cloud. **Topics** + [ # Choosing a Region ](bobi-linux-choosing-a-region.md) + [ # Choosing an Availability Zone ](bobi-linux-choosing-an-availability-zone.md) + [ # Architecture Options ](bobi-linux-architecture-options.md) + [ # Sizing ](bobi-linux-sizing.md) + [ # High Availability (HA) and Disaster Recovery (DR) ](bobi-linux-high-availability-ha-and-disaster-recovery-dr.md) + [ # Security & Compliance ](bobi-linux-security-compliance.md) + [ # Operating System ](bobi-linux-operating-system.md) + [ # Compute ](bobi-linux-compute.md) + [ # Network ](bobi-linux-network.md) + [ # Storage ](bobi-linux-storage.md) # Choosing a Region When choosing which AWS Region to deploy your SAP environment in you should consider the following topics: + Proximity to your on-premises data centers, systems, and end users to minimize network latency. + Data residency and compliance requirements. + Whether the AWS products and services you plan to use are available in the Region. For a detailed list of AWS products and services by Region, see the [Region Table](https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/) page on the AWS website. + The Amazon EC2 instances types you plan to use are available in the region. To view AWS Region availability for a specific instance type, see the [Amazon EC2 Instance Types for SAP](https://aws.amazon.com/sap/instance-types/) page. # Choosing an Availability Zone No special considerations are required when choosing an Availability Zone for your SAP deployment on AWS. If high availability (HA) is a requirement, use multiple Availability Zones. For more information about HA, see the [SAP BusinessObjects BI Platform on AWS: HA/DR Guide for Linux](https://docs.aws.amazon.com/sap/latest/sap-businessobjects/sap-bobj-ha-dr-linux.html). For more information about AWS Regions and Availability Zones, see [AWS Global Infrastructure](https://aws.amazon.com/about-aws/global-infrastructure/). # Architecture Options The server-side architecture of SAP BOBI Platform consists of five tiers: web, management, storage, processing, and data. (For details, see the administrator’s guide on the [SAP BusinessObjects Business Intelligence Platform](https://help.sap.com/viewer/product/SAP_BUSINESSOBJECTS_BUSINESS_INTELLIGENCE_PLATFORM/) website). The following list provides high-level details. + **Management tier:** Includes the CMS servers, event servers, and associated services. + **Storage tier:** Includes input and output file repository servers. The file system used by these servers to store files, such as documents, reports, and universes, must be on a shared file system. + **Web tier and processing tier:** Performs functions like receiving and processing user requests. + **Data tier:** Consists of the CMS system database and the auditing data store. You can have following example architecture designs for the above tiers: + Install all tiers on the same EC2 instance. + Install the application and database tiers on two separate EC2 instances. + Install different tiers on multiple EC2 instances grouped based on customer-specific requirements. The architecture choice depends on multiple factors like complexity, cost, sizing, and technical restrictions. For example, if you use [Amazon RDS](https://aws.amazon.com/rds/) as the database, application tiers cannot be installed with database. ## CMS and Audit Database Architecture Options You have the choice of deploying the SAP BOBI Platform application on a standard SAP supported database like SAP HANA, SAP ASE, IBM DB2, Microsoft SQL Server, or [Amazon Relational Database Service (Amazon RDS)](https://aws.amazon.com/rds/). For supported [Amazon RDS](https://aws.amazon.com/rds/) database types, see [SAP Note 1656099 SAP on AWS: Supported SAP](https://me.sap.com/notes/1656099). [Amazon RDS](https://aws.amazon.com/rds/) is a service that makes it easier to set up, operate, and scale a relational database in the AWS Cloud. Amazon RDS takes over many of the difficult or tedious management tasks such as backups, software patching, automatic failure detection, and recovery. You can read more about this service in [Amazon RDS documentation](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html). Figure 1 shows an example large scale architecture of SAP BOBI with multi-AZ and multi-instance architecture. Web, Management, Processing, and Data tiers are all distributed on different EC2 instances. [Amazon RDS](https://aws.amazon.com/rds/) MySQL is used for CMS database. **Figure 1: SAP BOBI with multi-AZ and multi-instance architecture** ![\[SAP BOBI with multi-AZ and multi-instance architecture\]](http://docs.aws.amazon.com/sap/latest/sap-businessobjects/images/bobi-multi-az-instance-arch.png) # Sizing At a high level, BOBI platform sizing is a two-step process. The first step is to get SAPS through the SAP Sizing tool [Quick Sizer](https://www.sap.com/about/benchmark/measuring.html). The second step is to map the output to appropriate Amazon EC2 instance types. See the SAP BOBI sizing guide available from the [SAP BusinessObjects Business Intelligence Platform help documentation](https://help.sap.com/bobi). Follow the standard SAP Quick Sizer to determine the right SAPS requirements for your workload. Once you have identified the SAPS numbers, you can use any of the AWS [SAP certified instances](https://aws.amazon.com/sap/instance-types/) for your SAP BOBI Platform instances. Make sure to read the SAP BusinessObjects Business Intelligence section of the note carefully to ensure that you meet the version, EC2 resource, operating system, and database requirements for AWS. For sizing your storage requirements for the database and app tier, AWS provides various volume types, such as general purpose SSDs (gp3) and provisioned IOPS SSD (io2). You can read more about the differences at [Amazon EBS Volume Types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html). As general guidance, we recommend that you consider the gp3 volume type as a starting point to see if it satisfies your throughput and IOPS requirement of your workload, and consider io2 volume types if you have a need for sustained IOPS. It is easy to add capacity to your existing SAP BOBI deployment in AWS. Therefore, for migrating your existing deployment to AWS, you may not need the same degree of over-provisioning as is typical for on-premises environments. # High Availability (HA) and Disaster Recovery (DR) If you require a highly available BOBI environment, then it critical to design the HA and DR environment that can support the recovery time objective (RTO) and recovery point objective (RPO) that your business teams have established. For more information, see the [SAP BusinessObjects BI Platform on AWS: HA/DR Guide for Linux](https://docs.aws.amazon.com/sap/latest/sap-businessobjects/sap-bobj-ha-dr-linux.html). # Security & Compliance The following AWS security resources help you achieve the level of security you require for your SAP NetWeaver environment on AWS: + [AWS Cloud Security](https://aws.amazon.com/security/) + [CIS AWS Foundations Benchmark](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-cis.html) + [Introduction to AWS Security](https://docs.aws.amazon.com/whitepapers/latest/introduction-aws-security/welcome.html) + [Best Practices for Security, Identity, & Compliance](https://aws.amazon.com/architecture/security-identity-compliance/) + [AWS Well-Architected Framework Security Pillar](https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/welcome.html) + [Network and security features for Linux and Amazon EC2](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_Network_and_Security.html) ## OS Hardening You may want to lock down the OS configuration further, for example, to avoid providing a NetWeaver administrator with root credentials when logging into an instance. We provide guidance on how to best secure your Linux EC2 instances: + Read our general [best practices guide for securing EC2 instances](https://aws.amazon.com/answers/security/aws-securing-ec2-instances/) + Use [Amazon Inspector](https://aws.amazon.com/inspector/faqs/), an automated security assessment service that helps you test the network accessibility of your Amazon EC2 instances and the security state of your applications running on the instances. ## Encryption Security is a priority on AWS. A core aspect of securing your workloads is encrypting your data, both at rest and in transit. When you create an [encrypted EBS volume](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) and attach it to a supported instance type, the following types of data are encrypted: + Data at rest inside the volume + All data in transit between the volume and the instance + All snapshots created from the volume + All volumes created from those snapshots Encryption operations occur on the servers that host EC2 instances, ensuring the security of both data at rest and data in transit between an instance and its attached EBS storage. You can expect the same IOPS performance on encrypted volumes as on unencrypted volumes, with a minimal effect on latency. Encryption and decryption are handled transparently and they require no additional action from you or your applications. Amazon EFS supports two forms of encryption for file systems: encryption of data in transit and encryption of data at rest. You can enable encryption of data at rest when creating an Amazon EFS file system. You can enable encryption of data in transit when you mount the file system to protect data at rest by using either server-side encryption or client-side encryption. You can find more information about encryption from the specific service documentation: + [Encrypting Amazon EFS Data at Rest and Data in Transit](https://docs.aws.amazon.com/efs/latest/ug/encryption.html) + [Protecting Amazon S3 Data Using Encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html) + [Amazon EBS Encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) ## Security Groups/Network ACLs A [security group](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html) acts as a virtual firewall for your instance to control inbound and outbound traffic. Security groups act at the instance level, not the subnet level. Customers often separate the SAP system into multiple subnets, with the database in a separate subnet to the application servers, and other components such as a Web Dispatcher in another subnet, possibly with external access. If you scale workloads horizontally or require high availability, you may choose to include multiple, functionally similar, EC2 instances in the same security group. In this case, you’ll need to add a rule to your security groups. If you use Linux, some configuration changes may be necessary in the security groups, route tables, and network ACLs. You can refer to the operating system product documentation, or other sources such as the [Security Group Rules Reference](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html) in the Amazon Elastic Compute Cloud (Amazon EC2) documentation, for more information. A [network access control list (ACL)](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets (they’re stateless firewalls at the subnet level). You may set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC. ## API Call Logging [AWS CloudTrail](https://aws.amazon.com/cloudtrail/) is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service. With AWS CloudTrail, you can get a history of AWS API calls for your account, including API calls made via the AWS Management Console, AWS SDKs, command line tools, and higher-level AWS services (such as AWS CloudFormation). The AWS API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing. ## Notifications on Access You can use Amazon Simple Notification Service (Amazon SNS) or third-party applications to set up notifications on SSH login to your email address or mobile phone. # Operating System Customers can choose to bring their license subscriptions or use AWS Marketplace to purchase licenses. Operating systems such as [SUSE Linux Enterprise Server for SAP](https://www.suse.com/products/sles-for-sap/) and [Red Hat Enterprise Linux for SAP with HA and Update Services](https://aws.amazon.com/blogs/awsforsap/now-available-new-rhel-for-sap-with-ha-and-us-in-aws-marketplace/) are optimized for running SAP and come with high availability solution for SAP NetWeaver and SAP HANA database. For supported operating systems, see [SAP Note 1656099.](https://me.sap.com/notes/1656099) ## SLES If you plan to use Bring Your Own Subscription (BYOS) images provided by SUSE, ensure that you have the registration code required to register your instance with SUSE to access repositories for software updates. For details, see [SUSE Linux Enterprise Server on Amazon EC2 - FAQs](https://aws.amazon.com/partners/suse/faqs/). ## RHEL If you plan to use the BYOS model with RHEL and the Red Hat Cloud Access Gold Images, ensure your subscription has access to the [Red Hat Cloud Access](https://access.redhat.com/articles/3490141) program. For details, see [Red Hat Enterprise Linux on Amazon EC2 - FAQs](https://aws.amazon.com/partners/redhat/faqs/) and [Red Hat Cloud Access](https://www.redhat.com/en/technologies/cloud-computing/cloud-access). ## Amazon Machine Image (AMI) A base AMI is required to launch an Amazon EC2 instance. Depending on your choice of operating system, ensure that you have access to the appropriate AMI in your target Region for the deployment. If you are using AWS CLI, you must provide the AMI ID when you launch the instance. # Compute AWS has certified multiple instance families with different sizes to run SAP workloads. The details of the latest list of EC2 instance types certified are all specified in our webpage [Amazon EC2 Instance Types for SAP](https://aws.amazon.com/sap/instance-types/). Select the appropriate EC2 instance type based on your requirements as per the sizing section. AWS recommends you use the latest generation of your selected instance family where possible (assuming it is SAP certified and therefore listed in the above webpage). # Network Ensure that you have your network constructs set up to deploy resources related to your SAP workload. If you haven’t already set up network components like Amazon Virtual Private Cloud (Amazon VPC), subnets, route tables and so on., you can use the [AWS Quick Start for Modular and Scalable VPC Architecture](https://aws.amazon.com/quickstart/architecture/vpc/) to easily deploy scalable VPC architecture in minutes. Refer to the deployment guide for more details, then set up your EC2 instances for the SAP workload within this VPC. You will also need to set up a secured network connection between the corporate datacenter and the VPC, along with appropriate route table configuration, if this is not already configured. # Storage The SAP BOBI Platform uses the following AWS storage services: + [Amazon Elastic Block Store (Amazon EBS)](https://aws.amazon.com/ebs/) is used for block storage requirements of SAP BOBI Platform application servers and databases (when the database is installed on EC2). Figure 2 shows an example use of EBS volumes for application and database. In this example, EBS volumes are used for root volumes, SAP BOBI Platform installation directory, operating system swap volume, and database data and log volumes. The CMS database is typically a small database that stores information like users, SAP BOBI Platform servers, folders, and other configurations. Therefore, it does not have the same storage performance requirements as other enterprise OLTP/OLAP databases. Follow the best practices of the database vendor for designing storage for the SAP BOBI Platform database. + [Amazon Elastic File System (Amazon EFS)](https://aws.amazon.com/efs/) is used for shared file system requirements of SAP BOBI Platform application servers installed on Linux EC2 instances. The FileStore in an SAP BOBI Environment requires a shared file system as it stores the content like reports, universes, and connections, which are used by all application servers of that system. + [Amazon Simple Storage Service (Amazon S3)](https://aws.amazon.com/s3/) is used for storing the backups of SAP BOBI Platform application servers. Figure 2 shows an example use of AWS storage services by an SAP BOBI Platform installation. In this example, two SAP applications servers and a database are installed on three separate EC2 instances with Linux operating system. EBS volumes are used for local file systems like root, install, swap, data, and log volumes. Amazon EFS is used for shared file system FileStore. **Note** For SAP BusinessObjects file storage, you can use Amazon FSx for NetApp ONTAP to store your content in a shared file system. You can also use FSx for ONTAP file system for your CMS database `data` and `log` volumes. For more information, see [Amazon FSx for NetApp ONTAP](https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/what-is-fsx-ontap.html). **Figure 2: AWS storage system use on SAP BOBI Platform installation** ![\[Storage system use on SAP BOBI Platform installation\]](http://docs.aws.amazon.com/sap/latest/sap-businessobjects/images/bobi-aws-storage-system.png) # Deployment In this deployment, we will provision an Amazon EC2 instance for installing the SAP application servers and the CMS database (if you are using database on EC2). When using Amazon RDS for CMS database, follow [Step 7. (Only for CMS Database on EC2 Instance) Installing CMS Database](#bobi-linux-step-7-only-for-cms-database-on-ec2-instance-installing-cms-database). In this deployment, we will provision an Amazon EC2 instance for installing a standalone Oracle database standard system. **Note** In this section, the syntax shown for the AWS CLI and Linux commands is specific to the scope of this document. Each command supports many additional options. For more information, use the AWS CLI `aws help` command or see the documentation. ## Step 1. Prepare Your AWS Account In this example we step through setting up a sample environment for the installation which includes a public subnet for RDP and SSH access via the internet. In our scenario, we are using [AWS Launch Wizard for SAP](https://docs.aws.amazon.com/launchwizard/latest/userguide/launch-wizard-sap.html) in a single-AZ deployment to create the VPC, subnets, security groups, and IAM roles. This is just an example setup and customers should follow their own network layout and comply with their own security standards. This may include: + using AWS Launch Wizard for SAP in for multi-AZ deployment of SAP HANA + using a landing zone solution like [AWS Control Tower](https://aws.amazon.com/controltower/) + work with their cloud team (for example a Cloud Center of Excellence or CCoE) to use existing standards 1. Check the region where you want to deploy your AWS resources: **Note** You’ll have picked the region you want to deploy in during your planning phase. 1. Display the AWS CLI configuration data: ``` $ aws configure list ``` In the command output, make sure that the default region that’s listed is the same as the target region where you want to deploy your AWS resources and install the SAP workload. ## Step 2. Create a JSON file for the Amazon EBS storage Create a JSON file that contains the storage requirements for SAP BOBI Platform server volumes. Below is an example JSON file with two EBS volumes for swap and SAP BOBI Platform installation directory. You can modify this file as per your requirements: ``` [ { "DeviceName": "/dev/sdh", "Ebs": { "VolumeSize": 32, "VolumeType": "gp32", "DeleteOnTermination": true } }, { "DeviceName": "/dev/sdg", "Ebs": { "VolumeSize": 50, "VolumeType": "gp32", "DeleteOnTermination": true } } ] ``` ## Step 3. Launch the Amazon EC2 Instance Launch the Amazon EC2 instance for the SAP BOBI Platform installation in your target region by using the information that you gathered in the preparation phase. You will also be creating the required storage volumes and attaching them to the Amazon EC2 instance for the SAP installation, based on the JSON file that you created in the previous step. ``` $ aws ec2 run-instances \ --image-id \ --count \ --instance-type \ --key-name= \ --security-group-ids \ --subnet-id \ --block-device-mappings file://C:\Users\.json \ --region ``` The JSON file is the storage file that you created in [Step 2. Create a JSON file for the Amazon EBS storage](#bobi-linux-step-2-create-a-json-file-for-the-amazon-ebs-storage). When using the command, make sure to place the command and its parameters on a single line. For example: ``` aws ec2 run-instances --image-id --count 1 \ --instance-type m5.large --key-name=my_key --security-group-ids \ --subnet-id \ --block-device-mappings file://C:\Users\.json ``` You can also launch EC2 instances using the AWS Management Console. For detailed steps, see [Launch Linux EC2 Instances using AWS Management Console](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html#ec2-launch-instance). ## Step 4. Prepare the EC2 Instances ### Update the Hostname Log in to your SAP Instance with Secure Shell (SSH) using the private key pair, and switch to root user to update the hostname along with the DNS name according to your requirements. For detailed steps, see the AWS Knowledge Center article for your operating system: + [Assign a static hostname to Amazon EC2 instance running SuSe Linux](https://aws.amazon.com/premiumsupport/knowledge-center/linux-static-hostname-suse/) + [Assign a static hostname to Amazon EC2 instance running on RHEL](https://aws.amazon.com/premiumsupport/knowledge-center/linux-static-hostname-rhel7-centos7/) Alternatively, you can edit the /etc/hosts file and manually add this entry. For SAP systems, the maximum length of the hostname should not exceed 13 characters. The name should comply with SAP standards. See [SAP OSS Note 611361](https://me.sap.com/notes/611361) for details (requires access to SAP Service Marketplace). ### Install Prerequisite Packages **Note** Your Amazon EC2 instance should have access to the internet to read and download required packages from the SUSE or Redhat repository. 1. As root user, use the following commands to install the Linux packages that are required for SAP installation. + SUSE syntax: To install a package: `zypper -n install package-name` To remove a package: `zypper remove package-name` + RHEL syntax: To install a package: `yum install package-name` To remove a package: `yum remove package-name` 1. Install `nfs-utils`, which is required for mounting the Amazon EFS mounts onto the Linux host. + SUSE command: ``` zypper install nfs-utils ``` + RHEL command: ``` yum install nfs-utils ``` 1. Install nvme-cli package to view the NVME device mapping of Amazon EBS volumes 1. Install SSM Agent by following the instructions in the [Systems Manager user guide](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-manual-agent-install.html#agent-install-sles). 1. Install the [AWS Data Provider for SAP](https://docs.aws.amazon.com/sap/latest/general/data-provider-install.html). ``` cd /tmp wget https://s3.amazonaws.com/aws-data-provider/bin/aws-agent_install.sh chmod ugo+x aws-agent_install.sh sudo ./aws-agent_install.sh ``` ### Identify Amazon EBS Device from NVMe Block Devices On [Nitro-based](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances) instances, the device name specified in the block device mapping (Step 2) are renamed as `/dev/nvme[0-26]n`. Before you proceed with the next step, ensure that you are using the appropriate device name to create a file system. ### Format Block Devices for Mounting SAP File Systems To view the list of volumes attached to your instance and their device names, run the `lsblk` command as root user. The command displays the list of devices that are attached to your instance. ``` lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT nvme1n1 259:0 0 50G 0 disk nvme0n1 259:1 0 10G 0 disk └─nvme0n1p1 259:2 0 10G 0 part / nvme2n1 259:3 0 50G 0 disk ``` Format the block device for `/usr/sap`, swap and other file systems that are needed to install SAP. As root user, format the Amazon EBS volumes attached to your instance to store local SAP files. You need to create a label for the file system as well. This label will be used to mount the file system. ``` mkfs.xfs -f /dev/nvme1n1 -L USR_SAP ``` **Tip** NVME device ids associated with the volume could change during reboots. To avoid mount errors during instance reboots, you need to create a label for your file systems and mount it by label than the actual NVME ids. This will also help in situation where you need to change your instance type between Nitro-based and non Nitro-based instances. ### Create Directories and Mount the File System As root user, create the directories to mount the file systems required for SAP installation. Start with the `/usr/sap` mount, using the syntax `mkdir `: ``` mkdir /usr/sap ``` As root user, add entries to the `/etc/fstab` file and mount the file systems. Adding entries to `/etc/fstab` ensures that your file systems are mounted automatically when your Amazon EC2 instance is restarted. Add the entries for local SAP file systems to the `/etc/fstab` file by using the following commands: ``` echo "/dev/disk/by-label/USR_SAP /usr/sap xfs nobarrier,noatime,nodiratime,logbsize=256k 0 0" >> /etc/fstab ``` To mount the file system that has been added to `/etc/fstab`, use the syntax `mount -a`: ``` mount -a df -h Filesystem Size Used Avail Use% Mounted on devtmpfs 3.8G 8.0K 3.8G 1% /dev tmpfs 3.8G 0 3.8G 0% /dev/shm tmpfs 3.8G 9.5M 3.8G 1% /run /dev/nvme0n1p1 9.8G 1.4G 7.9G 15% / tmpfs 3.8G 0 3.8G 0% /sys/fs/cgroup tmpfs 769M 0 769M 0% /run/user/1000 /dev/nvme1n1 50G 33M 50G 1% /usr/sap ``` In the example code above, you can see that `/usr/sap` is mounted on device `/dev/nvme1n1`. ### Create Swap for SAP Installation Linux swap functionality can improve the overall performance of the system and is a mandatory prerequisite for SAP installation. To determine the value for swap, follow the recommendations in the [SAP Note 1597355](https://me.sap.com/notes/1597355). To allocate swap on device `/dev/nvme2n1`, use the following commands: ``` lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT nvme1n1 259:0 0 50G 0 disk /usr/sap nvme0n1 259:1 0 10G 0 disk └─nvme0n1p1 259:2 0 10G 0 part / nvme2n1 259:3 0 50G 0 disk mkswap -f /dev/nvme2n1 -L SWAP Setting up swapspace version 1, size = 50 GiB (53687087104 bytes) LABEL=SWAP, UUID=07291579-afb6-4e5f-8828-4c1441841f9b swapon -L SWAP swapon -s Filename Type Size Used Priority /dev/nvme2n1 partition 52428796 0 -1 ``` Device `/dev/nvme2n1` is now allocated to be used as swap by the SAP application that will be installed on this host. ## Step 5. Create Amazon EFS Mount for FileStore To create an Amazon EFS file system and mount it on the Amazon EC2 instance, do the following: 1. Create a security group for Amazon EFS. ``` $ aws ec2 create-security-group --group-name efs-sap-sg --description "Amazon EFS for SAP, SG for EFS " --vpc-id vpc-123456789abcdefgh ``` Make a note of the security group ID that is displayed in the output: ``` { "GroupId": "sg-abc12def " } ``` In this example, the security group ID is `sg-abc12def`. 1. Create an inbound rule for the security group: ``` $ aws ec2 authorize-security-group-ingress --group-id sg-abc12def --protocol tcp --port 2049 --cidr 0.0.0.0/0 ``` 1. Create an Amazon EFS file system: ``` $ aws efs create-file-system --creation-token efsforsap ``` The command should display the output: ``` { "SizeInBytes": { "Value": 0 }, "CreationToken": "efsforsap", "Encrypted": false, "CreationTime": 1523374253.0, "PerformanceMode": "generalPurpose", "FileSystemId": "fs-abc12def", "NumberOfMountTargets": 0, "LifeCycleState": "creating", "OwnerId": "xxxxxxxxxxxx" } ``` Make a note of the FileSystemId. In this example, the FileSystemId is `fs-abc12def`. 1. Create the tag for the FileSystemId: ``` $ aws efs create-tags --file-system-id --tags Key=,Value= ``` For example: ``` $ aws efs create-tags --file-system-id fs-abc12def --tags Key=filestore,Value=ECC ``` 1. Create the mount target: ``` $ aws efs create-mount-target --file-system-id fs-abc12def --subnet-id subnet-a98c8386 --security-group sg-abc12def ``` The command should display the following output: ``` { "MountTargetId": "fsmt-123abc45", "NetworkInterfaceId": "xxxxxxxxxx", "FileSystemId": "fs-abc12def ", "LifeCycleState": "creating", "SubnetId": "xxxxxxxxxxx", "OwnerId": "xxxxxxxxxxxx", "IpAddress": "x.x.x.x" } ``` Make a note of the LifeCycleState, which is `creating` in the example. 1. Wait for a few minutes, and then check the status of creation by using the following command: ``` $ aws efs describe-mount-targets --file-system-id fs-abc12def ``` The mount target `fsmt-061ab24e` is now available: ``` { "MountTargets": [ { "MountTargetId": "fsmt-061ab24e", "NetworkInterfaceId": " xxxxxxxxxx ", "FileSystemId": "fs-abc12def", "LifeCycleState": "available", "SubnetId": " xxxxxxxxxxx ", "OwnerId": " xxxxxxxxxxx", "IpAddress": "x.x.x.x" } ] } ``` 1. Mount EFS file system using DNS name or its IP address and create folders for mounting EFS. **Tip** The DNS name for your file system on Amazon EFS should use the following naming convention: ``` .efs..amazonaws.com ``` For example: ``` fs-abc12def.efs.us-east-1.amazonaws.com ``` Alternatively, you can also use the IpAddress from step 11. In this example, we use the IpAddress instead. ``` mkdir /test sudo mount -t nfs -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 :/ /test cd /test mkdir FileStore ls -ltr drwxr-xr-x 2 root root 6144 Apr 1 16:08 FileStore cd / umount /test ``` 1. Create the mount points for FileStore (used here as an example for the name of your FileStore mount point): ``` mkdir /prdbobi_fs ``` 1. Mount the Amazon EFS file system using DNS name of EFS. ``` sudo mount -t nfs -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 :/TRANS /usr/sap/trans ``` This IP address can be found in step 7. For example: ``` sudo mount -t nfs -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 x.x.x.x:/TRANS /usr/sap/trans sudo mount -t nfs -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 x.x.x.x:/TRANS /usr/sap/trans ``` ## Step 6. Prepare and Install the CMS Database (Only for RDS Database) This option is applicable only when Amazon RDS MySQL is used for the CMS database. You can create a separate database for the auditing database if it’s required. 1. Create a DB subnet group for an RDS instance by following the instructions in [Create a DB Subnet Group](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Tutorials.WebServerDB.CreateVPC.html#CHAP_Tutorials.WebServerDB.CreateVPC.DBSubnetGroup). 1. In the [Amazon RDS console](https://console.aws.amazon.com/rds/), launch an Amazon RDS MySQL DB instance by following the instructions in the [Creating a DB Instance Running the MySQL Database Engine](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateInstance.html). 1. Choose a supported DB version based on [SAP Note 1656099 - SAP on AWS: Supported SAP](https://me.sap.com/notes/1656099), and select the instance type and storage based on your sizing output. 1. On the **Specify DB details** page, in the **Instance specifications** section, choose **Create replica in different zone**. 1. The **Choose use case** page asks if you are planning to use the DB instance you are creating for production. If you choose **Production - MySQL**, the Multi-AZ failover option is preselected. You can deselect this option if you are not installing a highly available system. 1. On the **Configure advanced settings** page, provide information about the infrastructure you already provisioned, such as settings for the VPC, DB subnet group, and security group. In addition, you can provide custom options for encryption, backup retention period, maintenance window, and so on. You will also create a user to administer this database. 1. For the database name, you can provide the name you want to use for the CMS database. You can also change the database port from the default value to your choice of port. 1. Choose **Create database**, and then wait for the DB instance status to change to **available** in the Amazon RDS console. 1. Choose the **Instances** view and note the **Endpoint** name. In case of failover to another Availability Zone, this endpoint enables an application to reconnect to a new primary database instance without having to change anything. 1. (Optional) Create a CNAME in Route 53 or other DNS server for the database cluster endpoint. Use this CNAME during the installation of SAP BOBI Platform nodes. ## Step 7. Install CMS Database (Only for CMS Database on EC2 Instance) Install the CMS database with an SAP supported database version of your choice. Refer to the database vendor specific documentation for instructions. You can also install Audit database if you plan to use auditing. The Auditing database can be installed at a later point in time as it is not required for SAP BOBI Platform functioning. ## Step 8. Install SAP BOBI Platform Nodes 1. Log in to each EC2 instance in the SAP BOBI Platform server and repeat the following step to install SAP BOBI platform on each instance. 1. See the [SAP BusinessObjects BI Platform installation guide](https://help.sap.com/viewer/product/SAP_BUSINESSOBJECTS_BUSINESS_INTELLIGENCE_PLATFORM/) and go to the SAP BOBI documentation specific to the version you want to install. Launch the installation as described: **Custom / Expand** > **Expand an existing SAP BusinessObjects BI platform deployment** > **Instances** > **Servers** > **Platform Services** 1. For the first server installation, choose **Start a new SAP BusinessObjects BI platform deployment**. Follow the instructions and enter inputs as required for example database connection information. Figure 3 shows example of adding database connection information when using RDS MySQL. 1. (Optional) This step is only required for multi-node installation. For all additional server installations, choose **Expand an existing SAP BusinessObjects BI platform deployment**. Follow the instructions and enter inputs as required for example database connection information and first CMS server connection information. Figure 3 is an example input for CMS database information for Linux installation. In this case, RDS MySQL database is used on default port 3306. **Figure 3: Example of adding database connection information when using RDS MySQL** ![\[Example input for CMS database information for Linux installation\]](http://docs.aws.amazon.com/sap/latest/sap-businessobjects/images/bobi-add-database-connection.png) This completes the installation of SAP BOBI Platform. ## Step 9. Configure End User Access for Multi-Node Deployment To distribute the user load evenly across the web tier servers, you can use a load balancer between the web users and the web servers. In this guide, we’ll discuss the use of [Elastic Load Balancing (ELB)](https://aws.amazon.com/elasticloadbalancing/) for this purpose. You can also install other load balancers on EC2 instances for end user access, refer to vendor specific documentation for such installation. An Application Load Balancer automatically scales its request handling capacity in response to incoming application traffic. Follow these steps to configure an Application Load Balancer for SAP BOBI Platform: 1. In the [Amazon EC2 console](https://console.aws.amazon.com/ec2/), [create an Application Load Balancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-application-load-balancer.html#configure-load-balancer) in the VPC where SAP BOBI Platform is running. Specify the Availability Zones and subnets of all the web tier servers. **Note** Application Load Balancer cannot route fields with special characters (such as, underscore) to targets. Disable the `routing.http.drop_invalid_header_fields` attribute to enable routing of fields with special characters. 1. [Configure a security group](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-application-load-balancer.html#configure-security-group) that allows users to connect to the Application Load Balancer on the SSL port. 1. [Create a target group](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-application-load-balancer.html#configure-target-group) to register web servers as the targets to the load balancer. For **Target type**, choose **ip** and specify the IP address and SSL port of the web servers to register as targets. 1. [Enable sticky sessions](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html#sticky-sessions). 1. Create or upload an existing SSL certificate in AWS Certificate Manager (ACM). 1. Enable Secure Sockets Layer (SSL) communications for SAP BOBI Platform by following the instructions in the [Business Intelligence Platform Administrator Guide](https://help.sap.com/http.svc/rc/ec7df5236fdb101497906a7cb0e91070/4.2.6/en-US/sbo42sp6_bip_admin_en.pdf). See also: [Enabling SSL in BI Platform 4.2 SP05](https://community.sap.com/t5/technology-blog-posts-by-sap/enabling-ssl-in-bi-platform-4-2-sp05/ba-p/13322029) on the SAP Blog. 1. (Optional) Create a `CNAME` in Amazon Route 53 for the Application Load Balancer DNS name. Use this `CNAME` to access SAP BOBI Platform. # Operations ## Tagging AWS Resources A tag is a label that you assign to an AWS resource. Each tag consists of a *key* and an optional *value*, both of which you define. Adding tags to the various AWS resources will not only make managing your SAP environment much easier but can also be used to quickly search for resources. Many Amazon EC2 API calls can be used in conjunction with a special tag filter. See [AWS Tagging Strategies](https://aws.amazon.com/answers/account-management/aws-tagging-strategies/) and use it as a starting point to define the tags you need for your resources. Below are the examples on how you can use tags for operational needs: + You can tag your EBS volumes to identify their environment (for example Environment= DEV/QAS/PRD etc.) and use these tags to create backup policies for EBS volumes + You can use similar tags as in above example with EC2 instances and use them for patching your operating systems or running scripts to stop/start application or EC2 instances. ## Monitoring AWS provides multiple native services to monitor and manage your SAP environment. You can use services like [Amazon CloudWatch](https://aws.amazon.com/cloudwatch/) and [AWS CloudTrail](https://aws.amazon.com/cloudtrail/) to monitor your underlying infrastructure and APIs, respectively. CloudWatch provides ready-to-use KPIs for CPU and disk utilization, and also allows you to create custom metrics if your specific KPIs that you would like to monitor. CloudTrail allows you to log the API calls made to your AWS infrastructure components. ## Operating System Maintenance In general, operating system maintenance across large estates of EC2 instances can be managed by: + tools specific to each operating system (such as SUSE Manager or Red Hat CloudForms) + third-party products such as those available on AWS Marketplace + using AWS Systems Manager Here we outline some key operating system maintenance tasks. ### Patching You can follow SAP recommended patching processes to update your landscape on AWS. For operating system patching, with [AWS Systems Manager Patch Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-patch.html) you can roll out OS patches as per your corporate policies. There are multiple key features like: + scheduling based on tags + auto-approving patches with lists of approved and rejected patches + defining patch baselines AWS Systems Manager Patch Manager integrates with AWS Identity and Access Management (IAM), AWS CloudTrail, and Amazon CloudWatch Events to provide a secure patching experience that includes event notifications and the ability to audit usage. For details about the process, see [How Patch Manager Operations Work](https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-how-it-works.html). If AWS Systems Manager Patch Manager does not fulfill your requirements, there are third-party products available as well. Some of these are available via the [AWS Marketplace](https://aws.amazon.com/marketplace). ### Maintenance Window [AWS Systems Manager Maintenance Windows](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-maintenance.html) let you define a schedule for when to perform potentially disruptive actions on your instances such as patching an operating system, updating drivers, or installing software or patches. ### Administrator Access You can access the backend SAP systems for administration purposes in a number of ways: + AWS Systems Manager Session Manager + SSH ## Backup and Restore ### Snapshots and AMIs A common approach for backing up your SAP NetWeaver application servers is using snapshots and AMIs. All your data is stored on Amazon EBS volumes attached to the SAP NetWeaver application servers. You can back up the data on these volumes to Amazon S3 by taking point-in-time snapshots. Snapshots are incremental backups of Amazon EBS volumes, which means that only the blocks on the device that have changed after your most recent snapshot are saved. For more details on this, see [Creating an Amazon EBS Snapshot.](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-creating-snapshot.html) An Amazon Machine Image (AMI) provides the information required to launch an instance along with a block device mapping of all EBS volumes attached to it. Amazon EC2 powers down the instance before creating the AMI to ensure that everything on the instance is stopped and in a consistent state during the creation process. If you’re confident that your instance is in a consistent state appropriate for AMI creation, you can select the **No Reboot** option. You can use the AWS Systems Manager Run Command to take [application-consistent snapshots of all EBS volumes](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/application-consistent-snapshots.html) attached to your instance. You can use [AWS Backup](https://aws.amazon.com/backup/) to centrally configure backup policies and monitor backup activity for these snapshots. Once you have completed the SAP installation and post installation steps, you should create an image of the instance. AWS provides a very simple and quick way to copy an SAP system. You can use the AWS Management Console or the AWS CLI to create a new AMI of an existing SAP system. The new AMI contains a complete copy of the operating system and its configuration, software configurations, and all EBS volumes that are attached to the instance. From the new AMI you can launch exact copies of the original system. For more information, see [Amazon AMIs.](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html) Syntax: ``` aws ec2 create-image --instance-id i-1234567890abcdef0 --name "My server" --description "An AMI for my server" ``` ### File Backup to S3 You can perform traditional file-based backups to Amazon S3 from your EBS volumes. One way to do this is by using the AWS CLI and trigger this using AWS Systems Manager Run Command so that you can centrally manage these. ### Third-Party Options There are many third-party backup products for AWS services, including a number that have been certified by SAP. For more information, see [AWS SAP Partner Solutions](https://aws.amazon.com/sap/partner-solutions/). ### Amazon EFS Backup Using AWS Backup, you can centrally configure backup policies and monitor backup activity for AWS resources including Amazon EFS file systems. Alternatively, you can perform a file-level backup of your EFS filesystem to Amazon S3. You can do this by running a file-level copy to Amazon S3 from any Amazon EC2 instance running in the same region. This can then be automated and scheduled using AWS Systems Manager Run Command in combination with Amazon CloudWatch Events. ### Backing up SAP BOBI Platform Backup of SAP BOBI should protect the following components. The backup of CMS database and FileStore should be taken at the same time to maintain consistency. + CMS Database (Amazon RDS or Database on EC2) + FileStore (Amazon EFS for multi-node install or Amazon EBS for standalone install) + SAP BOBI installation directory You can choose from following options for backup. + When using Amazon RDS for CMS database and Linux operating system for application, you can use [AWS Backup](https://aws.amazon.com/backup/) as a central tool for backups. AWS Backup is a fully managed backup service that makes it easy to centralize and automate the back up of data across AWS services in the cloud. You can configure backup policies based on tags from a central backup console, simplifying backup management and making it easy to ensure that your application data is backed up and protected. You can put database, FileStore, and installation directory resources in same policy to ensure consistency. + You can use supported third-party backup tools that provides database and file system agents for backup and recovery of all SAP BOBI platform component. + If the preceding AWS services and tools do not meet your requirements, you can also use standard database backup tools and scripts to create database backups, file system backups and EBS snapshots. Database and file system backups can be stored on an EBS volume attached to your database and application EC2 instances. For better durability and agility, we recommend that you move your backups to Amazon S3. Based on your business continuity and compliance requirements, you can choose to move your backups to Amazon S3 Glacier and use Amazon S3 Lifecycle policies. For details, see [How Do I Create a Lifecycle Policy for an S3 Bucket?](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/create-lifecycle.html). Amazon S3 Lifecycle policies also let you delete older backups based on your backup retention requirements. + If you use SAP HANA as the database for CMS, you can use AWS Backint Agent for SAP HANA to backup your data to Amazon S3. For more information, see [AWS Backint Agent for SAP HANA](https://docs.aws.amazon.com/sap/latest/sap-hana/aws-backint-agent-sap-hana.html). ### Recovering the SAP BOBI Platform The backups that you choose for the restore of CMS database and FileStore should have been created at the same time to maintain consistency. You can recover a database to a point-in-time using log files, but Amazon EFS (used for FileStore) does not have similar capabilities. In this case, recovering a database to most recent state but FileStore to an older state may cause inconsistencies between the two. Based on the backup strategy, the following are options for restore. + When you restore a backup in AWS Backup, a new resource is created based on the backup that you are restoring. Depending on the component that you restore, you can point you SAP BOBI Platform installation to the new resource or copy data to the original resource. For example, you can restore Amazon EFS and Amazon EBS on a different file system or EBS volume. After you have the new resource available, you can either copy a subset of the data or replace your original resource with the new one. See [Restoring a Backup](https://docs.aws.amazon.com/aws-backup/latest/devguide/restoring-a-backup.html) for details. + When restoring using third-party software, refer to vendor- and application-specific documentation. + If you are restoring from Amazon S3 using custom scripts, you will have to restore the backup to an EBS volume, and then use either database specific tools or native operating system features to restore your data back to SAP BOBI Platform installation. ## Compute EBS volumes are exposed as NVMe block devices on [Nitro-based instances](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/instance-types.html#ec2-nitro-instances). When changing EC2 instance types from a previous generation to a Nitro generation, NVMe device IDs associated with the volume could change. To avoid mount errors during changes of instance type or instance reboots, you need to create a label for your file systems and mount it by label than the actual NVME ids. Aside from operating system maintenance, there is also maintenance you can consider for EC2 instances themselves. This can be driven via AWS Systems Manager Automation documents. Some examples of this are: + Use the ** AWS-StopEC2InstanceWithApproval** document to request that one or more IAM users approve the instance stop action. After the approval is received, Automation stops the instance. + Use the ** AWS-StopEC2Instance** document to automatically stop instances on a schedule by using Amazon CloudWatch Events or by using a Maintenance Window task. For example, you can configure an Automation workflow to stop instances every Friday evening, and then restart them every Monday morning. + Use the ** AWS-UpdateCloudFormationStackWithApproval** document to update resources that were deployed by using AWS CloudFormation template. The update applies a new template. You can configure the Automation to request approval by one or more IAM users before the update begins. Finally, use the [AWS Instance Scheduler](https://aws.amazon.com/solutions/instance-scheduler/) Solution to easily configure custom start and stop schedules for their Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Relational Database Service (Amazon RDS) instances. ## Cost Optimization Just as with right sizing, we recommend customers make cost optimization an ongoing process. This is an extensive topic with many Use the ** ` AWS-StopEC2InstanceWithApproval` ** document services that help with budgeting, cost control and proactive cost optimization recommendations. For more details, see the [Cost Optimization Pillar](https://docs.aws.amazon.com/wellarchitected/latest/cost-optimization-pillar/welcome.html) of the AWS Well-Architected Framework and the [SAP on AWS Pricing and Optimization Guide](https://docs.aws.amazon.com/sap/latest/general/sap-on-aws-pricing-guide.html). ## Automation ### Automation using Infrastructure as Code with AWS CloudFormation We recommend following the principle of Infrastructure as code (IaC) in automating and maintaining your workloads on AWS. [AWS CloudFormation](https://aws.amazon.com/cloudformation/) provides a common language for you to describe and provision all the infrastructure resources in your cloud environment in a repeatable and automated manner, and thus follow the principle of IaC. ### Automation using Documents [AWS Systems Manager Automation](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-automation.html) simplifies common maintenance and deployment tasks of Amazon EC2 instances and other AWS resources. Automation enables you to do the following: + Build Automation workflows to configure and manage instances and AWS resources. + Create custom workflows or use pre-defined workflows maintained by AWS. + Receive notifications about Automation tasks and workflows by using Amazon CloudWatch Events. + Monitor Automation progress and execution details by using the Amazon EC2 or the AWS Systems Manager console. There are many AWS-provided documents specific to Linux already available. ## Integration with AWS Big Data Services The SAP BOBI Platform product can use multiple AWS Big Data services as data sources for reporting purposes. When using SAP BOBI version 4.2, you can connect to the following AWS data sources: **Table 2: AWS Big Data services support for SAP BusinessObjects Business Intelligence 4.2** | Use Case | Amazon Product | SAP BOBI 4.2 Supported | | --- | --- | --- | | Data source | Amazon RDS Oracle | Yes | | Data source | Amazon Redshift | Yes | | Data source | Amazon EMR Hive (Hive1) | Yes | | Data source | Amazon EMR Hive (Hive2) | Yes | | Data source | Amazon EMR Hive 5.6 (Hive2) | Yes | See the [SAP Product Availability Matrix (PAM)](https://support.sap.com/pam) for the complete list of SAP BOBI Platform supported data sources specific to your version. # Support To get help from SAP, SAP and AWS requires a business support agreement on AWS. [AWS Business Support](https://aws.amazon.com/premiumsupport/business-support/) provides resources and technical support for customers running SAP workloads on AWS. If you have any technical issues around AWS, you can open up a case with SAP or AWS and it will be routed to the appropriate team. AWS also offers [AWS Enterprise Support](https://aws.amazon.com/premiumsupport/enterprise-support/) for customers running mission critical production workloads on AWS. # Document Revisions | Date | Change | | --- | --- | | January 2023 | Updates throughout the guide | | October 2019 | Initial publication |