Lesson Overview
In this lesson, you'll learn how to increase high availability and disaster tolerance of your SAP HANA Cloud database.
Business Case
You must increase the high availability and disaster tolerance of your SAP HANA Cloud database beyond the default SAP BTP System Availability SLA of 99.7% (as mentioned in the document Service Level Agreement for SAP Cloud Services ENGLISH v.2-2022). You're considering adding replicas and database recovery in a different availability zone.
SAP BTP – Regions
SAP has several processes in place to support resilience for applications and services running in the SAP BTP. SAP also provides several features so that you can support the high availability of your applications.
A region represents a geographical location (for example, Europe, U.S. East) where applications, data, or services are hosted. In the SAP BTP, a region is connected to a subaccount. In your global account, you can have multiple subaccounts. You can deploy applications and/or services (for example, SAP HANA Cloud) in different subaccounts (regions).
Regions are provided either by SAP or by our infrastructure as a service (IaaS) partners Amazon Web Services (AWS), Microsoft Azure, Google Cloud, and Alibaba Cloud. The third-party region providers operate the infrastructure layer of the regions, whereas SAP operates the platform layer and Cloud Foundry. Each region consists of multiple availability zones.
Selecting a Region
Deciding on the location of your platform as a service (PaaS) is an important task. A region is chosen at the SAP BTP subaccount level. For each subaccount, you can select exactly one region (that is, one data center). Try to consider the following selection criteria:
- Availability of the required services in the individual regions.
- Security requirements, such as country- or industry-specific data privacy regulations.
- The location of other cloud offerings that you’re using.
- Application performance (response time, latency) is influenced by the distance to a region.
Following these selection criteria makes sure that your applications have the best availability, comply to the required security requirements, can interact with existing cloud services, and have the best performance.
The region assignment of a subaccount can't be changed. For a list of available regions, see SAP Discovery Center – Regions
SAP BTP – Availability Zones
Availability Zones are single failure domains within a single geographical region and are separate physical locations with independent power, network, and cooling. Multiple availability zones exist in one region and are connected through a low-latency network.
To achieve better fault-tolerance in the Cloud Foundry environment, the services are deployed across multiple availability zones, which improves the availability of a service if there are issues with the infrastructure of one availability zone.
For a list of availability zones that support the Cloud Foundry environment, see Availability Zones for the Cloud Foundry Environment
SAP HANA Cloud – Increasing Resilience
SAP HANA Cloud is a service inside the Cloud Foundry environment. On top of the regions and availability zones functionality of the Cloud Foundry environment, SAP HANA Cloud offers replicas, (automatic) takeovers, backup, and recovery features to increase the availability and resilience of your SAP HANA database instances.
Replicas
A replica is an exact copy of your source SAP HANA Cloud database. A replica is created either synchronously within the same availability zone or synchronously/asynchronously to other availability zones.
In SAP HANA Cloud, you can create one or two replicas of your SAP HANA Cloud database to reduce outage due to planned maintenance, faults, and disasters. The option of adding one or two replicas will increase the hardware resources used, and by this incurs additional costs. The replica feature is only supported in productive landscapes.
Note
Depending on the availability zone that you choose, the system will have and increased availability, or increased availability and disaster tolerance.
Same Availability Zone
Creating a replica in the same availability zone creates a high available setup. Within the same availability zone, you'll have the fastest takeover time, and by this the best high availability, but no disaster tolerance.
- Option 1: High Availability, Single-Zone
The data is synchronously replicated to the target system; transactions aren't committed on the target system until the transaction log has been successfully persisted on the replica. In this scenario, it's possible to add an optional second asynchronous replica in a different availability zone to further increase the high availability and disaster tolerance of your SAP HANA database instance.
If there's a failure of the source system, an automatic takeover is performed. The synchronous replication makes sure that there's no data loss. The Recovery Point Objective (RPO) in this scenario is zero minutes.
Different Availability Zone
Creating a replica in a different availability zone creates a high available setup that is also disaster tolerant, but increases the network latency. A replica can be created as a synchronous or asynchronous replica.
- Option 2: High Availability, Multi-Zone
The data is synchronously replicated to the target system in a different availability zone. In this scenario, because of the increased latency, the query response time will increase because transactions aren't committed on the target system until the transaction log has been successfully persisted on the replica.
If there's a failure of the source system, an automatic or manual takeover can be performed. The synchronous replication makes sure that there's no data loss. The Recovery Point Objective (RPO) in this scenario is zero minutes.
- Option 3: Disaster Recovery, Multi-Zone
The data is asynchronously replicated to the target system in a different availability zone. In this scenario, because of the increased latency, the systems may not be so tightly synchronized, and a manual takeover procedure is available from within SAP HANA Cloud Central.
You can trigger a takeover after verifying the synchronization status, the takeover process then runs automatically in the background. The recovery point objective (RPO) in this scenario is fifteen minutes.
Changing a replica availability zone assignment isn't possible. To change the setup (availability zone, synchronization mode) of a replica, you must delete and recreate the replica with the changes configuration setup.
Backup and Recovery
A full backup of all SAP HANA Cloud instances is taken automatically once per day, and in addition log backups are automatically taken every fifteen minutes. This is the recovery point objective, that is, if your system needs to be recovered and log files replayed to restore the system, there may be a loss of data up to a maximum of fifteen minutes.
Backups are retained for fifteen days and stored encrypted in an object store independent of a specific availability zone.
Two options are available to recover an instance from backup:
- Recovery to a Selected Point in Time
- Using this option, you can choose the point in time within the last 15 days. You can start the recovery process by selecting Start Recovery from the Actions menu in HANA Cloud Central.
- Recreate instance
- Using this option, you can choose the availability zone into which the instance is recovered. You can start the recovery process by selecting Recreate Instance from the Actions menu in HANA Cloud Central. You can use this option, for example, if an availability zone becomes unavailable, or if you wish to migrate your database to a different zone.Using the recreate instance option will create a new SAP HANA database instance at the chosen availability zone location, and delete the SAP HANA database instance at the source location.
Summary
In this lesson, you learned how to increase the high availability and disaster tolerance of SAP HANA Cloud by using the regions, availability zones, replicas, and backup and recovery features provided by the SAP BTP and SAP HANA Cloud.
