SAP Kernel Upgrade Automation Using Azure Center for SAP Solutions
If your SAP workloads operate on Azure, this automation can significantly reduce the efforts involved in kernel upgrades. It's important to note that this article aims to demonstrate performing kernel upgrades using ACSS features and other Azure services. Exercise caution when using the provided scripts and logic to prevent any potential impact on the SAP system. 1. Azure Services The following Azure services will be utilized to accomplish this kernel upgrade automation: 1.1. Azure Center for SAP Solutions Azure Centre for SAP Solutions incorporates features for storing SAP system metadata. This metadata will be utilized by the automation to identify and execute pertinent actions during kernel upgrade operations. Additional details about this offering can be accessed here. 1.2. Automation Runbook The Automation Runbook will serve as the primary executor for this process. All subordinate executions will occur from here, calling functions through HTTP. Further details about the Automation Runbook can be found here. 1.3. Storage Container An Azure Storage Container will store the new SAP Kernel binaries. These binaries will be utilized by the automation to execute the kernel upgrade on the SAP Systems. Additional details about the Storage Container can be found here. 1.4. Function App Within the Function App, Python code will execute tasks within the SAP VMs. You can deploy the code into Function Apps using VSCode or alternative methods. Additional details about the Function App can be found here. 2. Architectural Flow and Overview The Azure Automation Runbook, powered by PowerShell, utilizes the Az.Workloads module to retrieve inventory specifics from Azure Centre for SAP Solutions. This data includes deployment type, IP address, hostname, instance number, credentials, and more. Utilizing this data, the runbook generates a payload and executes HTTP POST calls to various function apps, aligning with the steps involved in the Kernel upgrade process. The Function App comprises distinct functions that the Automation Runbook calls for specific actions: SapKerUpgBackupExe – Archives the current SAP System Kernel for potential future reference or rollback. SapKerUpgUploadExe – Downloads necessary SAP Kernel upgrade components (e.g., SAPCAR, SAPEXE, SAPEXEDB, etc.) from the storage account and uploads them to the SAP System. SapKerUpgSAPOPs – Manages the start and stop of SAP Services on the associated SAP VMs running ASCS and DIA instances. SapKerUpgMain – Executes the Kernel switch by extracting SAR files to the Kernel directory using the SAPCAR utility. SapKerUpgPostSteps – Performs post-upgrade actions such as saproot.sh, sapcpe, and others as required. The actual start and stop of SAP instances are facilitated via Azure Centre SAP Solution's PowerShell module (Az.Workloads) by the Automation Runbook, utilizing internal API calls directed to the SAP Systems accordingly. 3. Prerequisite, Deployment and Configuration (Automated Method) 3.1. Creation of Template Specs The ARM Template is set up to create all necessary resources in an automated manner. You can access the JSON file directly through the import feature in Template Specs. You can find the JSON file here. 3.2. Deployment of the resources Access the imported template specs from the previous step and initiate resource deployment by selecting the Deploy option: Once you've selected "Deploy," ensure to provide the following details: Subscription: Choose the desired subscription where the resources will be created. Resource Group: Opt for either a new or existing resource group, preferably a new one dedicated solely to these resources. Region: Select the region for resource deployment. Resource Prefix: This text will serve as a prefix for all resource names. Managed Identity Name: Specify the name for the Managed Service Identity (MSI) to be created. By default, it's <prefix>-msi. Assign Role to MSI: Grant 'Automation Operator' and 'Reader and Data Access' roles to the MSI within the Resource Group. Sap Media Storage Account Name: Name of the Storage Account containing the media for SAP Kernel. Sap Media Container Name: Storage Container name from which Media for SAP Kernel will be retrieved. Automation Account Name: Specify the name for the Automation Account. By default, it's <prefix>-aa. Subnet Id: Provide the ID of the subnet for the function app integration. Ensure this subnet has complete access to the SAP System VMs and is delegated exclusively to 'Microsoft.Web/serverFarms’. Function App Name: Name of the Function App which will be created, by default <prefix>app will be created. Proceed with the deployment by selecting "Review + create." 3.3. Updating Function URL The Function URL generates a unique code with each deployment, requiring manual updates to the Function URL. To do this, navigate to the Functions section within the Function App: Paste the Function URL into the Automation runbook named 'sapkernelupgrade', which was created as part of the ARM template deployment. Repeat these actions for all the functions listed within the function app. After making the changes, ensure to save and publish the Runbook. 3.4. Setup Authorization for Managed Identity Grant the appropriate access permissions to the Managed Identity as specified. 3.5. Registration to ACSS Since the Automation runbook will leverage ACSS features, the key prerequisite is to have the SAP system registered with ACSS. This can be achieved by either installing the SAP system with ACSS or by registering an existing SAP System. 3.5.1. Create Systems using ACSS Utilize ACSS to create a new SAP System with the necessary configurations. You can find detailed instructions in our documentation available here. Systems created by ACSS have a structure resembling the following: - 3.5.2. Register Systems using ACSS If you already have an SAP system installed on Azure and wish to utilize this automation, you can do so by following these steps: 3.5.2.1. Registration of SAP System Begin by registering the existing system with ACSS. You can find a detailed process for this action here. The registered system will resemble the following: - 3.5.2.2. Create Key Vault After registering the SAP system, proceed to establish a Key Vault within the managed resource group. Choose a name that represents the SAP SID. Once the Key Vault is established, add a secret named "<SID>-sid-sshkey" to the Key Vault, and input the SSH private key value for the root user across all SAP Virtual Machines. 3.6. Adding SAP's Kernel Media to Storage Account Additionally, it's necessary to either create a new storage account or utilize an existing one. Afterwards, add the new SAP Kernel components to the container within the storage account. These components comprise SAP Kernel files obtained from the SAP Marketplace, including SAPEXE, SAPEXEDB, SAPCAR, and more. The Function Apps will utilize these stored SAP bits in the storage account to execute the kernel upgrade operation on the SAP System. 4. Execution Initiate the automation runbook and furnish the following compulsory inputs: MSIAPPLICATIONID – This pertains to the application ID of the Managed Identity utilized for executing the automation runbook. SAPMEDIASTORAGEACCOUNTRGNAME – This designates the Resource Group name of the storage account housing the SAP Kernel Media. SAPMEDIASTORAGEACCOUNTNAME – Refers to the name of the storage account containing the new SAP Kernel Media. SAPMEDIASTORAGECONTAINERNAME – This denotes the name of the container storing the new SAP Kernel Media Files. SAPEXEFILES – Represents the names of the SAR files within the storage container. Multiple files can be provided by separating them with commas, for example, SAPEXE_100-80005374.SAR,SAPEXEDB_100-80005373.SAR. SAPCARFILE – Indicates the name of the SAPCAR files within the storage account. For instance, SAPCAR_1115-70006178.EXE. SAPSIDS – Represents the SAP System IDs targeted for the kernel upgrade, such as [‘KS1’,‘KD1’,’KH1’], etc. Once the execution is initiated, we can observe the logs detailing the actions performed on the console. Upon completion of the execution, all tasks are executed seamlessly, including the startup of SAP instances, without encountering any issues. After the tasks are finished, you can verify the new Kernel patch version of the SAP System by accessing the overview of the central service instance within the SAP Solution for the SAP system on the ACSS screen in the Azure Portal. 5. Monitoring And Notifications To monitor the automation runbook, configure alerts for the runs as outlined in our documentation Monitor Azure Automation runbooks with metric alerts | Microsoft Learn To monitor the functions within the function app, set up monitoring and configure alerts using the desired metrics as detailed in the documentation Configure monitoring for Azure Functions | Microsoft LearnAnnouncing Public Preview for Microsoft Azure Center for SAP Solutions
Customers deploying and managing SAP solutions in the cloud can move faster and more confidently with Microsoft Azure Center for SAP solutions, now available in public preview. It is an end-to-end solution enabling customers and partners to create and run SAP systems as a unified workload on Azure and provides a more seamless foundation for innovation on the Microsoft Cloud.Announcing General Availability for Microsoft Azure Center for SAP Solutions
Today we are excited to announce the general availability of Microsoft Azure Center for SAP solutions along with key product updates. Azure Center for SAP solutions brings together an integrated set of capabilities for deploying and managing SAP landscapes by making Azure SAP aware.Microsoft Azure Center for SAP solutions Product Update October 2022
At Microsoft Inspire 2022, we announced the preview of Microsoft Azure Center for SAP solutions, an end-to-end solution for customers and partners to create and run SAP systems as a unified workload on Azure and to provide a more seamless foundation for innovation on the Microsoft Cloud. It has been great to hear from our partners and customers about the value the solution brings to their organizations. In this post I want to highlight along with my partner, Matt Ordish some of the latest capabilities we have added and are available for you today.
