Menu
SAP HANA on AWS
Quick Start Reference Deployment Guide

Step 5. Access SAP HANA Nodes

The default network security setup for this solution follows AWS security best practices. The provisioning logic creates the solution architecture described in the Architecture section, with the SAP HANA instances in a private subnet to restrict direct exposure to the Internet. As such, the SAP HANA instances can only be accessed through instances placed in the public subnet or DMZ layer.

You can access SAP HANA nodes through this DMZ layer in two ways:

  • Access with SAP HANA Studio: To access your SAP HANA database with SAP HANA Studio, you will need to use a remote desktop client to connect to the Windows Server instance. Once connected, you can manually install SAP HANA Studio and start accessing your SAP HANA database.

  • OS-level Access: SSH to the bastion host and then to the SAP HANA instance(s) by using an SSH client of your choice.

These two methods are discussed in the following sections.

Tip

To connect directly to the SAP HANA systems from a corporate network, you can provision an encrypted IPSec hardware VPN connection between your corporate data center and your VPC. For details, see Amazon VPC on the AWS website.

You can also set up AWS Direct Connect between your data center and AWS to gain direct access to your AWS resources. See AWS Direct Connect on the AWS website for details.

Using SAP HANA Studio

To install SAP HANA Studio, establish a connection to the Windows Server instance.

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. From the console dashboard, click Running Instances to find the RDP instance.

    
                            Amazon EC2 Running Instances with RDP Instance Selected

    Figure 12: Amazon EC2 running instances with RDP instance selected

  3. Select your RDP instance and choose Connect.

  4. Get the Windows administrator password from the Amazon EC2 console:

    1. In the Connect To Your Instance dialog box, choose Get Password.

    2. Paste the contents of your private key in the space provided.

      —or—

      Choose Browse and navigate to your private key file, select the file, and choose Open to copy the entire contents of the file into the contents box.

    The password will be decrypted and displayed.

  5. In the Connect To Your Instance dialog box, choose Download Remote Desktop File, or connect by using an RDP client of your choice.

  6. Install SAP HANA Studio. You can do this in two ways:

    • Download the SAP HANA Studio installation files from SAP Service Marketplace.

      —or—

    • Download and extract the SAP HANA software from your S3 bucket to install SAP HANA Studio.

  7. When the installation is complete, start SAP HANA Studio and add a system with the following parameters:

    • IP address: address of master node

    • Instance number: 00

    • User: SYSTEM

    • Password: the master password you entered during step 4

Note

At this point, we recommend that you make a backup of your newly installed SAP HANA instance by using SAP HANA Studio. You can also use the Amazon EC2 console to make a complete system image (Amazon Machine Image, or AMI) that can be used for recovery or for additional system builds. Keep in mind that this image is only a point-in-time snapshot.

Using OS-Level Access

You can also connect to the NAT instance to establish a remote SSH connection to any of the SAP HANA master or worker nodes.

  1. On the Amazon EC2 console, choose Running Instances.

  2. Select your bastion host, and note the public Elastic IP address displayed below your running instances.

    
                            Elastic IP Address for NAT Instance

    Figure 13: Elastic IP address for bastion host

  3. Using an SSH client of your choice (for example, PuTTY or iTerm), connect to the bastion host and use the key pair you specified during the deployment process.

    Note

    If your connection times out, you might need to adjust the security group rules for the bastion host to allow access from your computer's IP address or proxy server. For more information, see Security Group Rules in the Amazon EC2 User Guide.

    iTerm Example:

    1. Add private key to authentication agent (ssh-add).

    2. Connect to the bastion host by using SSH, with the –A option to forward the key, specifying the username ec2-user.

    3. Connect to the SAP HANA server by IP address using SSH.

      
                                    iTerm Example for SSH Connection

      Figure 14: iTerm example for SSH connection

    PuTTY Example:

    1. Download PuTTY (putty.exe), PuTTY Key Generator (puttygen.exe), and Pageant (pageant.exe).

    2. Load your private key into PuTTY Key Generator and save it as a .ppk file that PuTTY can use.

    3. Run Pageant.exe, and add your new .ppk key. The Pageant process must be running in order for agent forwarding to work.

    4. Configure PuTTY with the private key and select Allow agent forwarding.

      
                                    PuTTY Example for SSH Connection

      Figure 15: PuTTY example for SSH connection

    5. Save the configuration.

    6. Open up the connection to the bastion host by using SSH with the ec2-user user ID.

    7. Connect to the SAP HANA server by using SSH.