Unit 3 - Overview of Administration of SAP HANA Cloud

Basic Provisioning Concepts of SAP HANA Cloud

 Describe the key steps to provision SAP HANA Cloud.
SAP Business Technology Platform Account Structure
To get started with SAP HANA Cloud you will first need to setup a BTP global account. This is the highest level of account
management in BTP. Think of the global account as the 'contract' level. SAP BTP provides different types of global
accounts: enterprise and trial accounts.
A trial account lets you try out the platform for free. Access is open to everyone. Trial accounts are intended for personal
exploration, and not for production use or team application development. They allow restricted use of the platform resources and
services. The trial period varies depending on the environment.
An enterprise account is usually associated with one SAP customer or partner. The global account is the level at which you
purchase platform resources and services.
Once you have your global account setup, you can then create one or more subaccounts which consume the services of the global
account. During the creation of a subaccount, you choose the cloud provider and also the region. For example, Azure in EMEA, or
AWS in APJ. This service provider location does not have to be the same as the actual location of consumption. As more cloud
providers become available, the list of providers in more regions will increase.
Subaccounts are technically independent of each other. This means users, applications, authorizations etc. are not shared between
subaccounts.
Subaccounts can be optionally managed using directories. Directories allow you to group subaccounts for easy management of
large numbers of subaccounts. Quotas can also be assigned to directories in case you don't want to assign quotas directly to
subaccounts.

A directory can be sub-divided into more directories to create a directory hierarchy. Subaccounts can be assigned to any level of the
directory hierarchy.

Entitlements and Quotas

SAP BTP genel anlamda çeşitli servisler kullanıma sunuyor. HANA Cloud bu servislerden biridir. BTP içinde “servis plan” satın
alıyoruz. Birden fazla servis satın aldığımızda her birinde farklı konfigurasyon özelliklerinde HANA Cloud hizmeti alabiliriz. Satın
aldığımız servisler “entitlements = hak sahipliği” altında toplanıyor. Entitlements ve Quotas satın almak istediğimizde “global
account” ile birlikte satın alınıyor. “Quotas” içinde kaç tane servis account entitlement you purchase to use (quotas içinde satın
aldığımız servislerin sayıları yer alıyor. Kaç adet servis satın almış isek o kadarını kullanmamıza izin veriyor). İlerleyen zamanda
quotas içinde yer alan servisleri iptal edip başka servisler satın alabiliriz. Bu anlamda sahip olduğumuz servisler, Servis Plan X’lerin
içinde yer alıyor.

In order to find the overall information regarding the provisioning and consumption of resources at a global account level you go to
the SAP BTP cockpit and navigate to Usage Analytics.

Spaces and Instances

When you subscribe to the SAP HANA Cloud service, the SAP BTP guides you through creating a copy of the SAP HANA
Cloud, SAP HANA database component in your SAP BTP account. This copy is called an instance, and creating an instance is
referred to as provisioning. An SAP BTP wizard guide you through provisioning an instance using simple questions.
But before you can create your first instance, you must already have created a Cloud Foundry Space. A space provides complete
isolation for applications to run independently. A space can contain more than one database instances.
Once you have an SAP HANA Cloud database instance, you are ready to begin developing your BTP application. During
application deployment you can choose which database instance you wish to bind to.
In the context of the SAP BTP, a service is a software product you use on a subscription basis through your SAP BTP account.
SAP HANA Cloud is an example of an SAP BTP service you subscribe to.

Cloud Providers
Choose your cloud provider based on region where you would like you service provisioned from.

The current cloud providers are:

 SAP
 Amazon Web Services (AWS)
 Google Cloud Platform (GCP)
 Alibaba Cloud
 Microsoft Azure

Cloud provider are responsible for:

 Installing, configuring, and upgrading the operating system.

 Backing up and restoring, and recovering the database software.
 Tuning the database to run optimally on the underlying operating system, and hardware.

Cloud providers are not responsible for:

  Sizing and provisioning the SAP HANA Cloud database
 Monitoring the SAP HANA Cloud database
 Managing users, roles, and permissions in the SAP HANA Cloud database
These tasks are handled by the customer.

Provision an SAP HANA Cloud database instance

Before you can create an SAP HANA Cloud database instance, you must already have fulfilled these prerequisites:

 You have created a subaccount in the Cloud Foundry Environment

 You have enabled Cloud Foundry environment for the subaccount
 You have assigned quota to the subaccount
 You have created a Cloud Foundry space in the subaccount
A database instance can then be created using the provisioning interface : SAP HANA Cloud Central.
Watch this video to learn how to create a database instance.

Working with Administration Tools

 Describe the key tools used for SAP HANA Cloud provisioning.
SAP HANA Cloud Central
You can provision multiple instances of SAP HANA Cloud. SAP HANA Cloud Central is a tool to provision and
manage all your SAP HANA Cloud instances on one screen.

Watch this video to learn about SAP HANA Cloud Central.

SAP HANA Cockpit
A key tool used by the administrator of SAP HANA Cloud is the SAP HANA Cockpit.

The SAP HANA cockpit provides a single point of access to a range of tools for the administration and detailed
monitoring of your SAP HANA cloud database. The tool presents key information about the database using configurable
cards. Each card provides only the essential information, but a drill-down is possible from each card to get to the
detailed information. The cards are grouped into views. SAP provide four standard views but administrators can created
additional views. A custom view can include only the cards they are interested in and also the settings and filters that
apply to them.

The key areas of SAP HANA Cloud that can be managed and monitored using the SAP HANA Cockpit include:
  Services - database services such as indexserver, nameserver.
 Memory - monitor memory usage and check out-of-memory issues
 Alerts - be warned of critical situation such as disk becoming full
 Workload - organise jobs into workloads for better system utilization
 Table Usage - ensure tables are optimally designed for best performance
 Database Configuration - manage configuration (*.ini) files that determine database behavior
You access the SAP HANA cockpit for your SAP HANA instance through SAP HANA Cloud Central, SAP BTP
Cockpit, or by using the direct URL.

The cloud version of SAP HANA Cockpit is based on the same design as the SAP HANA Cockpit used in SAP HANA
on-premise deployments.

The SAP HANA Cockpit has its own release cycle separate from SAP HANA Cloud. New features are immediately
pushed out to all customers. There is no upgrade to perform, this is done by the cloud provider.

SAP HANA Cockpit is used to manage only SAP HANA Cloud databases.

SAP BTP Cockpit is used to manage all SAP cloud applications which includes SAP HANA Cloud, but there are many
others too.

Command Line Interfaces

Cockpits provide a user-friendly interface for carrying out key administration tasks. However, there are also two
command line interfaces available that are used with SAP HANA Cloud setup and administration.

Command Line Interfaces are often preferred by administrators who want to create scripts to automate tasks, or to
copy/paste commands that are regularly used.

The BTP Command Line Interface (btp CLI)

The SAP Business Technology Platform (BTP) Command Line Interface (CLI) is an alternative to the BTP cockpit for
users who prefer working with a command line. This interface is usually referred to simply as btp CLI.
These are some of the tasks that you perform with the btp CLI.

 Creating subaccounts and directories

 Managing entitlements of global accounts and subaccounts
 Managing users and their authorizations in global accounts and subaccounts
 Subscribing to applications

Cloud Foundry Command Line Interface (cf CLI)

Use the Cloud Foundry Command Line Interface (cf CLI) for managing subaccounts in the Cloud Foundry environment,
such as creating orgs and spaces, or managing quota.

These are some of the tasks that you perform with the cf CLI.

 Create spaces
 Add ORGANIZATION members
 Add SPACE members
 Create SPACE quota plans
 Assign quota plans to SPACES

SAP HANA Database Explorer

The SAP HANA Database Explorer is used to query information about the database and display information about your
database's catalog objects of SAP HANA database.
A key feature of the SAP HANA Database Explorer is the in-built SQL console. Use this to write SQL and SQLScript
statements. It includes code correction and auto-complete capabilities. You can execute the SQL statements view the
results and examine the SQL plan and run-time statistics to identify issues.

Search tools can be used to locate database objects.

The Database Explorer can be used with both HDI containers and classic schemas.

You access the SAP HANA Database Explorer from the SAP HANA Cockpit or from the Business Application Studio.

HDI Administration tool

Containers play a key role in SAP HANA Cloud database development and provide an efficient method of isolating the
database runtime artifacts and encouraging modularization. User and roles are granted privileges on containers so that
they can access the resources they contain.

An SAP HANA Cloud database will usually have many containers. Each container will have various combinations of
user and role privileges assigned. This can soon become difficult to manage.
The HANA Deployment Infrastructure (HDI) Administration tool allows an administrator to easily navigate containers,
adding them into groups and displaying the users and roles that have been granted access to them. The administrator can
grant and revoke container privileges to users or roles. The tool is accessed from the SAP HANA Cloud Cockpit and is
located under Database Administration > HDI Administration.

Administrator Activities
 Describe the key administration tasks of SAP HANA Cloud.
Start and Stop the SAP HANA Cloud Database
The SAP HANA Cloud administrator is responsible for starting and stopping the SAP HANA Cloud database instances.

SAP HANA Cloud Central is the tool to achieve this.

There are many reasons for stopping and restarting the database. These include:

 Adding a data lake

 Scale-up the database to add more RAM
 Maintenance of the application that is running on the database.
 Take database offline to prevent unwanted updates
 Cloud provider support team suggests a restart after troubleshooting

Database instances setup under a trial BTP account will automatically stop after a period of inactivity. You will need to
restart them if you wish to use them again.

Upgrade the SAP HANA Cloud Database

Watch this video to learn about how to upgrade the SAP HANA Cloud database.

SAP HANA Cloud Release Cycle

One of the key benefits of using a cloud solution is that new features are available much sooner than with on-premise
solutions. Whereas a new release of an on-premise solution usually take place yearly or even bi-yearly, cloud solution
updates take place more frequently, usually every few weeks.

For SAP HANA Cloud, currently, a new version is released every 3 months. This is known as the quarterly release cycle
(QRC). The release code format is QRC QQ/YYYY.
Customers can choose to upgrade once the new release is available, or they can delay the upgrade for a maximum of 7
months. After 7 months if a customer did not choose to upgrade then the upgrade is performed automatically. The
automatic upgrade moves the customer to the next release after the one they were using, and not to the very latest release
available.

SAP continually provide patches that address security and other high priority aspects of SAP HANA Cloud and these do
not wait until the next QRC release.

The upgrade of SAP HANA Cloud highlights one of the biggest differences between SAP HANA Cloud and SAP
HANA on- premise. Whereas the upgrade of SAP HANA Cloud on-premise requires a significant investment in
resources and time, and includes many tasks, an SAP HANA Cloud upgrade is automated, very simple and is started
from a single menu option controlled by the customer. All aspects of the upgrade are taken care of by the cloud provider.

Backup and Recovery of the SAP HANA Cloud Database

Backup the SAP HANA Cloud database
Backups for your HANA Cloud instance take place automatically to ensure that it can be recovered to its most recent
consistent state. Multiple backups are stored so that it is possible to recover not only to the last backup but to any
previous backup that is available. This is very useful so that a stable state of the database can be selected even if it is not
the latest backup.
Backups are replicated in additional availability zones in the same region. This provides extra safeguarding against loss
of data in case of an individual data centre catastrophe.

SAP HANA database instances are continually backed up.

The recovery point objective (RPO) is no more than 15 minutes. This means that potential loss of data is limited to a
maximum of 15 minutes worth of data updates.

In order to create historical recovery points, snapshot backups can be created and retained. Up to 15 backups are
retained.

You can display information about available database backups in the SAP HANA cockpit.

Managing backups is the responsibility of the SAP HANA Cloud Administrator.

Recover the SAP HANA Cloud database

SAP HANA Cloud Central is the tool used by the administrator to start the recovery. In this tool, the administrator is
able to recover the database up to a selected point in time in the past for which a backup is available.

Recovery of the SAP HANA Cloud Database is the responsibility of the SAP HANA Cloud Administrator.

Manage and Monitor Performance

Bu işlerin tamamı SAP HANA Cloud Administrator’un sorumluluğunda yer alıyor.

Secure the SAP HANA Cloud database

Security administration is a specialist area within general administration and is usually managed by security experts who
need to consider the entire IT landscape and not just the SAP HANA Cloud database. They must ensure compliance
across all solutions.
There are many tasks that are handled by the security administrator in an SAP HANA Cloud environment. These
include:

Monitoring critical security settings - SAP provide recommendations for security settings such as password lifetime of
users, how system privileges should be distributed, setting the database activity trace level. The security administrator
should review and check these.

Data encryption - SAP HANA Cloud database uses a number of encryption services to protect data and logs. Although
SAP takes care of encryption, the security administrator should check the status of encryption using the SAP HANA
Cockpit.

Auditing activities - monitor and record selected actions performed in the SAP HANA database, providing visibility on
who did what in the database (or tried to do what) and when. Examples include, changes to user authorization, creation
or deletion of database objects, authentication of users, changes to system configuration, access to or changes to
sensitive information.

Manage certificates and keys required for trust validation -SAP HANA Cloud supports multiple authentication
methods and these often use keys and certificates.

Monitor data anonymization -SAP HANA Cloud database provides anonymization services to ensure the privacy of
data. This is implemented by creating SQL views that include a anonymization settings. The security administrator runs
reports that identify which views are anonymized (and which ones are not) and various KPIs that provide insight into
how data is being secured.

Manage Users, Roles and Permissions

The administrator is responsible for managing users. Users is a generic term and can refer to developers or application
users. Administration tasks typically include:

 Creating users, user groups and assigning roles and privileges

 Investigating authorization or authentication issues
  Deactivating users

Watch this video to learn about managing users, roles and permissions.

The setup sequence is usually as follows:

1. Create privileges (many standard privileges are supplied by SAP)

2. Create roles
3. Assign privileges to roles
4. Create users
5. Create user groups
6. Assign users to user groups
7. Assign users to roles

In the SAP HANA Cloud, SAP HANA database, there is no single "user administrator" user, that is a user with the system privilege
USER ADMIN. This is because the user SYSTEM in SAP HANA database instances is reserved for use by SAP. The default
administration user in SAP HANA database instances is DBADMIN. As the administrator of the default user group, DBADMIN
can be used to set up other administration users and delegate administration tasks.