Technical Requirements - SAP NetWeaver on AWS

Technical Requirements

  1. Ensure that any service limits are high enough and the current usage low enough to be able to launch the resources that you need. If necessary, request a service limit increase for the AWS resource that you’re planning to use. In particular:

    1. Ensure that your EC2 service limits are sufficient to launch the instances that you need for your SAP NetWeaver system.

    2. Ensure that your VPC service limits are sufficient to launch a new VPC (if necessary) or individual network resources within your VPC, such as Elastic IP addresses.

  2. Gather the following information about your existing AWS resources. You will need this information to create your Amazon EC2 and Amazon EBS resources using the AWS Command Line Interface (AWS CLI) commands:

    AWS Resource Information Required
    Information Needed Description
    Region ID Region where you want to deploy your AWS resources
    Availability Zone Availability Zone within your target Region where you want to deploy your resources
    Amazon VPC ID Amazon VPC where you want to deploy your Amazon EC2 instance for SAP installation
    Subnet ID Subnet where you want to deploy your Amazon EC2 instance
    AMI ID Amazon Machine Image (AMI) that will be used to launch your Amazon EC2 instance. You can find the latest Linux AMIs in AWS Marketplace
    Key Pair Make sure that you have generated the key pair in your target Region, and that you have access to the private key
    Security Group ID Name of the security group that you want to assign to your Amazon EC2 instance. See the appendix for detailed information about the security group for SAP instances
    Access Key ID Access key for your AWS account that will be used with AWS CLI tools
    Secret Access Key Secret key for your AWS account that will be used with AWS CLI tools
    1. Ensure that you have a key pair that you can use to launch your Amazon EC2 instances. To import or create a new key pair, see Amazon EC2 Key Pairs and Windows Instances.

    2. Ensure that you know the network details, such as VPC-ID and Subnet-ID, of the VPC where you plan to launch your Amazon EC2 instances to host your SAP NetWeaver application.

    3. Ensure that you have the required ports open on the security group attached to your Amazon EC2 instance hosting your database, to allow communication between your database and your SAP NetWeaver application. If needed, create new security groups that allow network traffic over both the database ports and the SAP NetWeaver application ports. For a list of SAP ports, see TCP/IP Ports of All SAP Products.

  3. If you plan to use the AWS Command Line Interface (AWS CLI) to launch your instances, ensure that you have installed and configured the AWS CLI with the appropriate credentials. See Configuring the AWS CLI for more details.

  4. If you plan to use the AWS Management Console to launch your instances, ensure that your IAM user has permission to launch and configure Amazon EC2, Amazon EBS, etc. See the IAM User Guide for more details.

  5. Ensure that you have the required SAP software available either via an S3 bucket or on a file share accessible from Windows, such as Amazon FSx. For the fastest installation experience, we recommend copying the required software to an EBS volume attached to the relevant EC2 instance before running the install. This is best set up as a separate volume (mapped to a new drive in Windows) that, after completion of the installation, can then be detached and either deleted or re-attached to other EC2 instances for further installations. We recommend using the AWS CLI for this. Be sure to assign the appropriate IAM role permissions to the EC2 instance to allow S3 access.

  6. If the installation type is distributed or high availability (HA), it will need to be a domain-based installation and a domain controller is required. If desired, you can use AWS Directory Service for this purpose. AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in AWS. For details, see AWS Directory Service and Create Your AWS Managed Microsoft AD directory.

    When doing a domain-based installation, sapinst.exe should be run by a user with domain administration privileges (but not the <SID>adm user) or a domain administrator must complete the appropriate preparatory steps. For more details, consult the SAP NetWeaver installation guide for your version of SAP NetWeaver.

  7. To create an Amazon FSx file system, you need the following prerequisites:

    1. An AWS account with the permissions necessary to create an Amazon FSx file system and an Amazon EC2 instance. For more information, see Setting Up.

    2. An Amazon EC2 instance running Microsoft Windows Server in the VPC based on the Amazon VPC service that you want to associate with your Amazon FSx file system. For information on creating an EC2 Windows instance, see Getting Started with Amazon EC2 Windows Instances.

    3. Amazon FSx works with Microsoft Active Directory to perform user authentication. You join your Amazon FSx file system to an AWS Directory Service for Microsoft Active Directory. For more information, see Create Your File System.

    4. This guide assumes that you haven’t changed the rules on the default security group for your VPC. If you have changed them, you need to ensure that you add the necessary rules to allow network traffic from your Amazon EC2 instance to your Amazon FSx file system. For more details, see Security.

    5. Install and configure the AWS Command Line Interface (AWS CLI).

For additional details on these prerequisites, see Prerequisites for Getting Started.