By Diego García, Partner Solutions Architect Manager at AWS
By Emanuele Cuoccio, Solutions Architect at AWS
By Guillermo Torres, Product Developer Lead at Linke

Linke-Logo-1
Linke-APN-Badge-1
Connect with Linke-1

A top priority for the more than 5,000 active customers running SAP workloads on Amazon Web Services (AWS) is to regularly back up their databases to recover them in case of failure.

Regarding where to ship the backups, Amazon Simple Storage Service (Amazon S3) is a cost-effective, highly durable, and reliable storage service. This makes it the preferred storage service for storing database backups, both in general and for SAP in particular.

Customers can follow different approaches—like one-step or two-steps shipping—and leverage different tools, both AWS-native and built from AWS Partners, for shipping the backups from the SAP database to Amazon S3.

The traditional two-step approach of performing backups implies a first step, where backups are copied from the database to disk—like Amazon Elastic Block Store (Amazon EBS) staging volumes or Amazon Elastic File System (Amazon EFS)—and a second step, where data is moved from staging volumes to an S3 bucket.

As an “agile” alternative to this traditional approach, one-step backup shipping can be adopted. Database backups can be copied directly to S3 (with no need for staging EBS volumes), either by using the native AWS Backint Agent for SAP HANA, or by using one of the SAP-certified third-party backup tools that implement the SAP Backint interface.

In this post, we will dive deep on one of the SAP-certified third-party backup solutions: Emory Cloud Backup, developed by Linke. Emory Cloud Backup allows you to manage and store SAP databases backups—like SAP HANA, Oracle, and SAP ASE (Sybase)—directly on S3.

Linke is AWS Premier Consulting Partner with the SAP Competency. Linke is also an SAP Gold Partner and member of the AWS Well-Architected Partner Program.

Getting Started with Emory Cloud Backup

Emory Cloud Backup is a software package that’s installed alongside your SAP database, in the same server. It can be delivered as a standard Linux RPM package with a simple command line operation, or unattended from your preferred automation tool like AWS Systems Manager or AWS OpsWorks.

Once configured, you operate backups through standard SAP administration tools like SAP HANA Studio, DB13, or DBACOCKPIT transactions within your SAP applications.

Key benefits and features of Emory Cloud Backup include:

  • Support for single and multi-node (scale-out) SAP HANA deployments on AWS.
  • In-transit and at-rest encryption via AWS Key Management Service (KMS).
  • Multi-thread and multi-part data transfer.
  • Full, incremental, differential, and log backups.
  • Extensive Linux support for SAP ASE.
  • Full compatibility with SAP databases on-premises.

Prerequisites

In this section, we’ll prepare the Linke Console account and the additional required resources in the AWS account to work with Emory Cloud Backup.

We assume you’re already running an SAP HANA system on your AWS account. If you want more details on how to quickly and automatically deploy an SAP HANA system on AWS, leverage the AWS Launch Wizard for SAP or the SAP HANA on AWS Quick Start.

Set Up a Linke Console Account

To download and install Emory Cloud Backup agent on the SAP HANA server, you’ll need to create an account in the Linke Portal and have a full active license subscription or a trial one. If you haven’t any already, create a full or a trial subscription at https://console.linkeit.com.

Linke-SAP-Backups-1

Set Up an Amazon S3 Bucket

Given that you already have an active AWS account, you need an S3 bucket to store your backups. If you don’t have it already, create a new S3 bucket following the steps below.

You can also read the relative section of the Amazon S3 User Guide.

  • Go to Amazon S3 from the AWS Management Console.
  • Select Create bucket.
  • Prompt a unique bucket name (not containing spaces or uppercase letters).
  • Select the Region (for example, EU (Ireland) eu-west-1).
  • Leave all the rest of the settings as default.
  • Select Create bucket.

Additionally, we can set up S3 Object Lock feature on the S3 bucket to prevent accidental object deletion and enforce compliance.

Set Up an IAM Role/Instance Profile

After creating an S3 bucket (or ensuring to have one ready to use) to store the database backups, we need to set up an AWS Identity and Access Management (IAM) role—this is actually an instance profile.

Through the assumption of this role, the Amazon EC2-based HANA server would acquire the permissions to call other AWS services. As an example of permissions, the instance can have visibility on all S3 buckets in the selected AWS Region, or access the S3 bucket for read/write operations, or encrypt and decrypt the backups stored in S3 through AWS KMS.

These permissions will be defined in a policy attached to the Instance Profile (role) and then associated to the EC2 instance of the HANA server. To create the policy, follow the steps below. Further details are also explained in the relative section of the AWS IAM User Guide.

  • Go to AWS IAM from the AWS console.
  • Under Policies, choose Create Policy.
  • Select JSON tab.
  • Replace the existing code with the following code-snippet.

Remember to replace <YOUR_BUCKET_NAME> with the name of the S3 bucket created to store the database backups, <YOUR_AWS_REGION> with the endpoint name of the selected AWS region for this deployment (such as eu-west-1 if the AWS Region is Ireland), <YOUR_AWS_ACCOUNT> with your 12-digit AWS account ID), and <KEY_NAME> and <ALIAS_NAME> with the KMS key and alias names respectively.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:HeadBucket", "ec2:DescribeRegions", "ec2:DescribeInstances", "kms:ListKeys", "kms:ListAliases" ], "Resource": "*" }, { "Effect": "Allow", "Action": "s3:*", "Resource": [ "arn:aws:s3:::<YOUR_BUCKET_NAME>", "arn:aws:s3::: <YOUR_BUCKET_NAME>/*" ] }, { "Effect": "Allow", "Action": ["kms:GetPublicKey","kms:Decrypt", "kms:Encrypt", "kms:GetKeyPolicy", "kms:GenerateDataKey", "kms:DescribeKey", "kms:Verify"], "Resource": [ "arn:aws:kms:<YOUR_AWS_REGION>:<YOUR_AWS_ACCOUNT>:key/<KEY_NAME>", "arn:aws:kms:<YOUR_AWS_REGION>:<YOUR_AWS_ACCOUNT>:key/<ALIAS_NAME>" ] } ]
}

  • Next, select Review Policy.
  • Choose a name for the policy (such as “emory_ec2”).
  • Choose Create Policy.
  • Go back to AWS IAM from the AWS console.
  • Under Roles, choose Create Role.
  • Choose AWS service.
  • Choose EC2 under Common use cases, and then click Next.
  • Select the previously created policy through the relative radio button and then click Next two times.
  • Choose a role name (such as “emory_ec2_role”).
  • Click to Create Role.

Attach the IAM Policy to the EC2 Instance

Now that we have the role (instance profile) set up, we need to attach it to the HANA server instance. In order to attach the role to the instance, follow the steps below.

  • Open the EC2 dashboard, and then go to Instances.
  • Choose the instance you want to attach an IAM role to (HANA server instance) by checking the related radio button.
  • Choose Actions, and then Security, and finally Modify IAM role.
  • On the Modify IAM Role panel, under IAM role, choose the instance profile you want to attach from the drop-down list and then select Save.

Install the Emory Agent

The next step is to install the backint agent.

  • Download the Installation Package from the Resources section in Linke’s portal.
  • SSH into the HANA server (or connect via AWS Systems Manager Sessions Manager) and launch the following commands:
    • Install the package (execute the command as a root user):rpm -ivh https://s3-eu-west-1.amazonaws.com/repo.linkeit.com/emory/emory-1.0-latest.x86_64.rpm
    • Check the package has been properly installed (as a root user):rpm -qa | grep emory

Output will show the installed version of the product.

Configure the Emory Agent

Now, we can configure the agent with interactive mode through the command line interface (CLI).

  • Run the following command:Emory --settings
  • In the menu below, choose Storage Providers profiles to define the access to the remote storage destination (S3 bucket) as well as its properties. We’ll use this providers profiles to store or retrieve our backups:
    ? Emory Cloud Backup: [Use arrows to move, type to filter]
    > Storage Providers profiles Data storage providers for backups & restores License Software Logging settings Linke Backups Dashboard Backups Lifecycle Exit

  • Add a new provider name for the Providers profile (such as “development”):
    ? Select action to perform: Add
    ? Enter provider profile name: development

  • Select Amazon Web Services as the provider type:
    ? Select provider type: [Use arrows to move, type to filter]
    > Amazon Web Services Microsoft Azure

  • For AWS as a provider, you need to specify the following list of parameters:
    • AWS Profile: Select AWS CLI profile, or leave it empty to use the EC2 instance profile.
    • AssumeRole: Enter Assume Role ARN if you want to access to S3 buckets in other AWS Accounts (useful for big organizations).
    • S3 Bucket: Select the S3 bucket to use as a destination repository for the backups.
    • Encryption type: Choose AES256 (default), aws:kms, or None.
    • S3 storage class: Choose S3 Standard, S3 Standard-IA, S3 One Zone-IA, S3 Reduced Redundancy, or S3 Intelligent-Tiering.
    • Tag S3 Objects with backup information: It will append some tags to your S3 objects;
    • S3 Downloader/Uploader MemoryBuffer: Multi-part upload chunk size.
    • S3 Downloader/Uploader Concurrency: Maximum concurrent requests.
      .
  • Go back to the main menu and choose Data Storage providers for backups & restores to define the storage provider profile to use for the following backup/restore actions:
    ? Emory Cloud Backup: [Use arrows to move, type to filter] Storage Providers profiles
    > Data storage providers for backups & restores License Software Logging settings Linke Backups Dashboard Backups Lifecycle Exit

  • Choose the following options:
    • Provider profile to store backups: Select a Storage Provider Profile to store your backups.
    • [DR Scenarios] Provider profile to restore backups: Select a Storage Provider Profile to retrieve backups from. If not defined, the tool will use the previously selected profile;
    • [System Copy] Provider profile to restore backups from different SID System Copy method: HANA-specific option; useful to perform system copies from other HANA systems. If not defined, it will use the same profile as point b.
      ? Select : [Use arrows to move, type to filter]
      > Provider profile to store backups [accountA] [DR scenarios] Provider profile to restore backups [developers] [System Copy] Provider profile to restore backups from different SID System Copy method [accountB] Return

Register the License in the Interactive Menu

You now have to register the license in the interactive menu, as explained in the steps below.

  • Go back to the main menu and choose License Software to register your license:
    ? Emory Cloud Backup: [Use arrows to move, type to filter] Storage Providers profiles Data storage providers for backups & restores
    > License Software Logging settings Linke Backups Dashboard Backups Lifecycle Exit

  • Select the [Online] Register license option from the menu below to register the license:
    ? Select action to perfom: [Use arrows to move, type to filter]
    > [Online] Register license [Online] Unregister license [Online] Check license [Offline] Generate request file [Offline] Insert license [Offline] Delete license file [Offline] Check license Reset license (delete license files and recreate client UUID) Check Emory license Return

  • Enter your Linke Account credentials to register your database:
    ? UserName: [email protected]
    ? Password: ************

  • If the registration is successful, a message like the one below will be displayed:Client has been correctly licensed. Client associated to license id: <1234-1412414-141424-141414>

Configure a Lifecycle Rule for your Backups

Let’s now configure a lifecycle rule for the backups.

  • In the main menu, choose Backups Lifecycle:
    ? Emory Cloud Backup: [Use arrows to move, type to filter] Storage Providers profiles Data storage providers for backups & restores License Software Logging settings Linke Backups Dashboard
    > Backups Lifecycle Exit

  • The backups lifecycle menu will appear as below:
    ? Emory Cloud Backup: Backups Lifecycle
    ? Select : [Use arrows to move, type to filter]
    > Configure Log Retention Configure Daily Retention Configure Weekly Retention Configure Monthly Retention Configure Yearly Retention Deactivate Lifecycle Return

You can define an expiration date for your backups. This can be achieved by defining different lifecycle policies.

The policies are defined by specifying two values for each retention type:

  • Retention Days is how many days will the backup remain accessible for recovering, starting from the day that it has been launched.
  • Starting Day is the day starting from which the lifecycle policy will be applied to the backups.

Database Setup

Configure the following database parameters for HANA Database, using either database SQL commands, HANA Studio configuration tab, or editing the global.ini file located at the following path: /hana/shared/$SAPSYSTEMNAME/global/hdb/custom/config/global.ini

[backup]
data_backup_parameter_file = /usr/sap/<SID>/SYS/global/hdb/opt/conf/emory.cfg
catalog_backup_parameter_file = /usr/sap/<SID>/SYS/global/hdb/opt/conf/emory.cfg
log_backup_parameter_file = /usr/sap/<SID>/SYS/global/hdb/opt/conf/emory.cfg
catalog_backup_using_backint = true
log_backup_using_backint = true [communication]
tcp_backlog = 2048 [persistence]
enable_auto_log_backup = yes

Backup and Restore for SAP HANA

Database Backup

From the HANA Studio console, execute the following tasks:

  • Connect to the HANA database server.
  • From the Systems panel, right-click on the database server and choose Backup and Recovery, and then Back Up Tenant Database…

Linke-SAP-Backups-2

  • Specify the tenant database to backup (HDB in this example).

Linke-SAP-Backups-3

  • Specify the backup settings by selecting Complete Data Backup as Backup Type and Backint as Destination Type.
    .
  • Review the backup settings and choose Finish.

Linke-SAP-Backups-4

  • Wait until the backup process finishes, and check out the newly stored backups in the S3 bucket chosen as destination.

Database Restore

Now that we have backed up the database HANA server, we can follow up with a demonstration of the restore process, using HANA Studio.

  • From the AWS console or CLI, stop the tenant database you want to restore the backup to.
  • From HANA Studio, start the recovery process for the tenant database by choosing Backup and Recovery and then Recover Tenant Database…

Linke-SAP-Backups-5

  • Select the tenant database where to recover the backups.
    .
  • Choose the option to Recover the database to a specific data backup, and then choose Next.
    .
  • When specifying the backup location, select Recover using the backup catalog, and then choose Search for the backup catalog in Backint only.
    .
  • Check the availability of the backup you want to restore.

Linke-SAP-Backups-6

  • Leave the Other Settings as default and choose Next to Review the Recovery Settings, and then select Finish to start the recovery process.
    .
  • Wait until recovery process finishes and the HANA tenant database is recovered.

Linke-SAP-Backups-7

Summary

Linke’s Emory Cloud Backup is designed to allow you to use all available network throughput, use multiple parallel processes, and use Amazon S3 multi-part upload feature to ensure backups and restore operations are executed as fast as it can be, at speeds up to 680MB/s.

When running on Amazon EC2, different instance types have different networking bandwidth and therefore have an impact on backup and restore operations to S3. It’s important to analyze your backup and restore requirements and align them with your EC2 instance type.

Emory Cloud Backup is offered as a subscription service through AWS Marketplace, including premium support from Linke’s engineering team to ensure proper setup, maintenance, and update of customer installations. Free trials are available.

.
Linke-APN-Blog-CTA-1
.


Linke – AWS Partner Spotlight

Linke is an AWS Premier Consulting Partner that specializes in SAP workloads on AWS and provides technology and services to help enterprises make the most out of AWS.

Contact Linke | Partner Overview | AWS Marketplace

*Already worked with Linke? Rate the Partner

*To review an AWS Partner, you must be a customer that has worked with them directly on a project.