Lesson Overview
In this lesson you will learn how to increase high availability and disaster tolerance of your SAP HANA Cloud database.
Business Case
You need to increase the high availability and disaster tolerance of your SAP HANA Cloud database beyond the default SAP BTP System Availability SLA of 99.7% (as mentioned in the document Service Level Agreement for SAP Cloud Services ENGLISH v.2-2022). You are considering to add replicas and database recovery in a different availability zone.
SAP BTP - Regions
SAP has several processes in place to support resilience for applications and services running in the SAP BTP. SAP additional provides several features so that you can support the high availability of your applications.
A region represents a geographical location (e.g., Europe, US East) where applications, data, or services are hosted. In the SAP BTP a region is connected to a subaccount. In your global account you can have multiple subaccounts. You can deploy applications and/or services (e.g., SAP HANA Cloud) in different subaccountss (regions).
Regions are provided either by SAP or by our Infrastructure-as-a-Service (IaaS) partners Amazon Web Services (AWS), Microsoft Azure, Google Cloud, and Alibaba Cloud. The third-party region providers operate the infrastructure layer of the regions, whereas SAP operates the platform layer and Cloud Foundry. Each region consists of multiple availability zones.
Selecting a Region
Deciding on the location of your Platform as a Service (PaaS) is an important task. A region is chosen at the SAP BTP subaccount level. For each subaccount, you can select exactly one region (that is one data center). Try to consider the following selection criteria:
- Availability of the required services in the individual regions.
- Security requirements, such as country- or industry-specific data privacy regulations.
- The location of other cloud offerings that you’re using.
- Application performance (response time, latency) is influenced by the distance to a region.
Following these selection criteria makes sure that your applications have the best availability, comply to the required security requirements, can interact with existing cloud services, and have the best performance.
The region assignment of a subaccount can't be changed. For a list of available regions, see SAP Discovery Center - Regions
SAP BTP - Availability Zones
Availability Zones are single failure domains within a single geographical region and are separate physical locations with independent power, network, and cooling. Multiple availability zones exist in one region and are connected through a low-latency network.
To achieve better fault-tolerance in the Cloud Foundry environment, the services are deployed across multiple availability zones, which improves the availability of a service if there are issues with the infrastructure of one availability zone.
For a list of availability zones that support the Cloud Foundry environment, see Availability Zones for the Cloud Foundry Environment
SAP HANA Cloud - Increasing Resilience
SAP HANA Cloud is a service inside the Cloud Foundry environment. On top of the regions and availability zones functionality of the Cloud Foundry environment, SAP HANA Cloud offers replicas, (automatic) takeovers, backup and recovery features to increase the availability and resilience of your SAP HANA database instances.
Replicas
A replica is an exact copy of your source SAP HANA Cloud database. A replica is created either synchronously within the same availability zone or synchronously/asynchronously to other availability zones.
In SAP HANA Cloud, you can create one or two replicas of your SAP HANA Cloud database to reduce outage due to planned maintenance, faults, and disasters. The option of adding one or two replicas will increase the hardware resources used, and by this incurs additional costs. The replica feature is only supported in productive landscapes.
Note
Depending on the availability zone that you choose, the system will have and increased availability, or increased availability and disaster tolerance.
Same Availability Zone
Creating a replica in the same availability zone creates a high available setup. Within the same availability zone, you will have the fastest takeover time, and by this the best high availability, but no disaster tolerance.
- Option 1: High Availability, Single-Zone
The data is synchronously replicated to the target system; transactions are not committed on the target system until the transaction log has been successfully persisted on the replica. In this scenario, it is optional possible to add a second asynchronous replica in a different availability zone to further increase the high availability and disaster tolerance of your SAP HANA database instance.
If there is a failure of the source system, an automatic takeover is performed. The synchronous replication makes sure there is no data loss. The Recovery Point Objective (RPO) in this scenario is 0 minutes.
Different Availability Zone
Creating a replica in a different availability zone creates a high available setup that is also disaster tolerant, but increases the network latency. A replica can be created as a synchronous or asynchronous replica.
- Option 2: High Availability, Multi-Zone
The data is synchronously replicated to the target system in a different availability zone. In this scenario, because of the increased latency, the query response time will increase because transactions are not committed on the target system until the transaction log has been successfully persisted on the replica.
If there is a failure of the source system, an automatic or manual takeover can be performed. The synchronous replication makes sure there is no data loss. The Recovery Point Objective (RPO) in this scenario is 0 minutes.
- Option 3: Disaster Recovery, Multi-Zone
The data is asynchronously replicated to the target system in a different availability zone. In this scenario, because of the increased latency, the systems may not be so tightly synchronized, and a manual takeover procedure is available from within SAP HANA Cloud Central.
You can trigger a takeover after verifying the synchronization status, the takeover process then runs automatically in the background. The Recovery Point Objective (RPO) in this scenario is 15 minutes.
Changing a replica availability zone assignment isn't possible. To change the setup (availability zone, synchronization mode) of a replica, you need to delete and recreate the replica with the changes configuration setup.
Backup and Recovery
A full backup of all SAP HANA Cloud instances is taken automatically once per day, and in addition log backups are automatically taken every 15 minutes. This is the recovery point objective, that is, if your system needs to be recovered and log files replayed to restore the system, there may be a loss of data up to a maximum of 15 minutes.
Backups are retained for 15 days and stored encrypted in an object store independent of a specific availability zone.
Two options are available to recover an instance from backup:
- Recovery to a selected point in time
- Using this option, you can choose the point in time within the last 15 days. You can start the recovery process by selecting Start Recovery from the Actions menu in HANA Cloud Central.
- Recreate instance
- Using this option, you can choose the availability zone into which the instance is recovered. You can start the recovery process by selecting Recreate Instance from the Actions menu in HANA Cloud Central. You can use this option, for example, if an availability zone becomes unavailable, or if you wish to migrate your database to a different zone.Using the recreate instance option will create a new SAP HANA database instance at the chosen availability zone location, and delete the SAP HANA database instance at the source location.
Summary
In this lesson you learned how to increase the high availability and disaster tolerance of SAP HANA cloud by utilizing the regions, availability zones, replicas, and backup and recovery features provided by the SAP BTP and SAP HANA Cloud.
