SAP HANA Deployment Guide

This deployment guide shows you how to deploy SAP HANA systems on Google Compute Engine, which is part of Google Cloud Platform (GCP). The guide helps you configure Compute Engine, persistent disks, and the SUSE Linux Enterprise Server (SLES) operating system, to achieve the best performance for your SAP HANA system. The guide incorporates best practices from Compute Engine and SAP.

Deploying SAP HANA on GCP

This section shows you how to deploy a 4-node SAP HANA installation on GCP.

Setting up your Google account

A Google account is required to work with GCP.

  1. Sign up for a Google account if you don't already have one.
  2. Log in to the Google Cloud Platform Console, and create a new project.
  3. Enable your billing account.
  4. Configure SSH keys so that you are able to use them to SSH into your Compute Engine instances. Use the gcloud command-line tool to create a new SSH key, or, if you already have an existing SSH key, use the tool to format your existing SSH keys.
  5. Use the gcloud command-line tool or GCP Console to add the SSH keys to your project metadata. This allows you to access any Compute Engine instance created within this project, except for instances that explicitly disable project-wide SSH keys.

Creating a network and setting up a NAT gateway

When you create a project, a default network is created for your project. However, for security purposes, you should create a new network and specify firewall rules to control who has access.

To set up networking:

  1. Go to Cloud Shell.

    Go to Cloud Shell

  2. To create a new network in the custom subnetworks mode, run:

    gcloud compute networks create [YOUR_NETWORK_NAME] --mode custom

    where [YOUR_NETWORK_NAME] is the name of the new network. The network name can contain only lowercase characters, digits, and the dash character (-).

    Make sure to specify the custom flag instead of using an automatic subnetwork. An automatic subnetwork always has the same assigned IP address range, which can cause issues if you have multiple subnetworks and want to use VPN.

  3. Create a subnetwork, and specify the region and IP range:

    gcloud compute networks subnets create [YOUR_SUBNETWORK_NAME]
            --network [YOUR_NETWORK_NAME] --region [YOUR_REGION] --range [YOUR_RANGE]


    • [YOUR_SUBNETWORK_NAME] is the new subnetwork.
    • [YOUR_NETWORK_NAME] is the name of the network you created in the previous step.
    • [REGION] is the region where you want the subnetwork.
    • [YOUR_RANGE] is the IP address range, specified in CIDR format, such as If you plan to add more than one subnetwork, assign non-overlapping CIDR IP ranges for each subnetwork in the network. Note that each subnetwork and its internal IP ranges are mapped to a single region.
  4. Optionally, repeat the previous step and add additional subnetworks.

Optionally, you can also create a NAT gateway. If you intend to create a VM without a public IP address, you must create a NAT gateway so that your VM can access the Internet to download Google's monitoring agent. If you intend to assign an external public IP address to your VM, you can skip this step.

To create a NAT gateway:

  1. Create a VM to act as the NAT gateway in the subnet you just created:

    gcloud compute instances create [YOUR_VM_NAME] --can-ip-forward \
            --zone [YOUR_ZONE]  --image-family [YOUR_IMAGE_FAMILY] \
            --image-project [YOUR_IMAGE_PROJECT] \
            --machine-type=[YOUR_MACHINE_TYPE] --subnet [YOUR_SUBNETWORK_NAME] \
            --metadata startup-script="sysctl -w net.ipv4.ip_forward=1; iptables \
            -t nat -A POSTROUTING -o eth0 -j MASQUERADE" --tags [YOUR_VM_TAG]


    • [YOUR_VM_NAME] is the name of the VM you are creating that want to use for the NAT gateway.
    • [YOUR_ZONE] is the zone where you want the VM.
    • [YOUR_IMAGE_FAMILY] and [YOUR_IMAGE_PROJECT] specify the image you want to use for the NAT gateway.
    • [YOUR_MACHINE_TYPE] is any supported machine type. If you expect high network traffic, choose a machine type with that has at least eight virtual CPUs.
    • [YOUR_SUBNETWORK_NAME] is the name of the subnetwork where you want the VM.
    • [YOUR_VM_TAG] is a tag that is applied to the VM you are creating. If you use this VM as a bastion host, this tag is used to apply the related firewall rule only to this VM.
  2. Create a route that is tagged so that traffic passes through the NAT VM instead of the default Internet gateway:

    gcloud compute routes create [YOUR_ROUTE_NAME] \
            --network [YOUR_NETWORK_NAME] --destination-range \
            --next-hop-instance [YOUR_VM_NAME] --next-hop-instance-zone \
            [YOUR_ZONE] --tags [YOUR_TAG_NAME] --priority 800


    • [YOUR_ROUTE_NAME] is the name of the route you are creating.
    • [YOUR_NETWORK_NAME] is the network you created.
    • [YOUR_VM_NAME] is the VM you are using for your NAT gateway.
    • [YOUR_ZONE] is the zone where the VM is located.
    • [YOUR_TAG_NAME] is the tag on the route that directs traffic through the NAT VM.
  3. If you also want to use the NAT gateway VM as a bastion host, run the following command. This command creates a firewall rule that allows inbound SSH access to this instance from the Internet:

    gcloud compute firewall-rules create allow-ssh --network [YOUR_NETWORK_NAME] --allow tcp:22 --source-ranges --target-tags "[YOUR_VM_TAG]"


    • [YOUR_NETWORK_NAME] is the network you created.
    • [YOUR_VM_TAG] is the tag you specified when you created the NAT gateway VM. This tag is used so this firewall rule applies only to the VM that hosts the NAT gateway, and not to all VMs in the network.

Downloading SAP HANA

Unless you have already extracted the SAP HANA binaries to a Cloud Storage bucket, download SAP HANA now:

  1. Log into the SAP support portal.

    If your SAP Support Portal account does not allow access to the software and you believe that you should be entitled to the software, contact the SAP Global Support Customer Interaction Center.

  2. In the left navigation pane, choose Installation and Upgrades.

  3. Choose A – Z index. 0 In the Installations and Upgrades window, choose H.
  4. Choose SAP HANA Platform Edition from the list.
  5. Choose SAP HANA Platform Edit. 1.0 or 2.0.
  6. Choose Installation.
  7. In the Downloads windows, find the Linux x86_64 revision you wish to download, and download all applicable parts directly to your local drive. For example, all 3 parts of SAP HANA Platf.Ed.1.0 SPS12 DSP(SAP HANA DB
  8. Use the GCP Console to create a Cloud Storage bucket for storing the SAP HANA installation files. Note that the bucket name must be unique across GCP.

    • During bucket creation, choose Regional if you plan to create SAP HANA instances in a single region.

      Creating Buckets

    • If you are creating SAP HANA instances in other regions in the same continent, choose Multi-Regional for your storage class. If you are not sure, choose Multi-Regional.

  9. Configure bucket permissions. By default, as owner of the bucket, you have read-write access to the bucket. If you want, you can allow other members in your group or individual users to access your bucket, as shown here:

    Bucket Permissions

  10. In the GCP Console, in the Cloud Storage bucket page, choose Upload Files to upload the software to your bucket from your local media:

    Upload Files

  11. Note the name of the bucket that you uploaded the binaries to. You need to use it later when you install SAP HANA.

  12. Create a text file named install.cfg, which is used later by an install script to configure your SAP HANA installation, and add the following lines:

    # SAP HANA System ID
    # Instance Number
    # SAP Host Agent User (sapadm) Password
    # System Administrator Password
    # Database User (SYSTEM) Password
    Restart system after machine reboot? ( Default: n )

    Replace [SID] with an existing SAP System ID, or with a compliant string such as H1D. Replace the three password fields with existing or newly-generated values.

  13. Upload install.cfg to the root of the bucket you created.

  14. Delete the install.cfg file from your local machine as a security precaution, because it contains password information.

Creating a VM with SAP HANA installed

The following instructions create an SAP-certified n1-highmem-64 instance with all of the required disk configuration and install SAP HANA. To understand the costs, see Pricing and quota considerations for SAP HANA.

  1. Navigate to Cloud Shell.


  2. Set the follow environment variables. Replace [YOUR_BUCKET] with your bucket name.

    export INSTANCE_NAME="saphana01"
    export INSTANCE_TYPE="n1-highmem-64"
    export NETWORK_NAME="sapnetwork1"
    export ZONE="us-west1-a"
    export ADDITIONAL_NODES="3"
    export CPU_PLATFORM="Intel Broadwell"
    export LINUX_VERSION="SLES 12 SP1"

    Setting ADDITIONAL_NODES to 3 deploys 4 instances, and creates a HANA scale-out cluster.

  3. Create the instances:

    curl | bash

    The above command specifies a startup script that initates after VM creation completes. The script downloads the SAP HANA software from your bucket, and installs the software using the values specified in install.cfg. The script takes approximately 10 to 15 minutes to complete.

Verifying the SAP HANA installation

  1. After approximately 15 minutes has passed, navigate to the Storage Browser.


    Click the name of your bucket to access the contents.

  2. Look for a logs/ folder. If the folder does not appear, click the Refresh text every minute until it does. The startup script creates this folder after the script completes. Click the logs/ folder to access the contents.

  3. Click the file name that appears in the directory.

  4. Read the output to ensure that no errors occurred. If you see a quota error, ensure you've followed the setup steps.

  5. From your Cloud Shell window, SSH into the VM and change to the root user.

    gcloud compute ssh saphana01 --zone us-west1-a

    sudo su -

  6. At the command prompt, enter df -h. Ensure that you see output similar to the following, such as the /hana/data directory.

    Data volumes created by the script.

  7. Change to the SAP admin user. Replace [SID] with the value from the install.cfg file.

    su - [SID]adm

  8. Ensure that SAP HANA services are running on the instance.

    HDB info

If any of the above validation steps show that the installation failed, delete the instance and the disks, then re-run the create instances command. You need to delete the logs folder in the Cloud Storage bucket before re-running the command, as the startup script does not create multiple log files.

Completing the SAP HANA installation

  1. Add tags to all instances, including the worker nodes:

    export INSTANCE_NAME="saphana01"
    export NETWORK_NAME="sapnetwork1"
    export ZONE="us-west1-a"
    export TAG="private-hana-instance"

    gcloud compute instances add-tags "$INSTANCE_NAME" --tags="$TAG" --zone=$ZONE
    gcloud compute instances add-tags "$INSTANCE_NAME"w1 --tags="$TAG" --zone=$ZONE
    gcloud compute instances add-tags "$INSTANCE_NAME"w2 --tags="$TAG" --zone=$ZONE
    gcloud compute instances add-tags "$INSTANCE_NAME"w3 --tags="$TAG" --zone=$ZONE

  2. Delete external IPs:

    gcloud compute instances delete-access-config "$INSTANCE_NAME" --access-config-name "external-nat" --zone=$ZONE
    gcloud compute instances delete-access-config "$INSTANCE_NAME"w1 --access-config-name "external-nat" --zone=$ZONE
    gcloud compute instances delete-access-config "$INSTANCE_NAME"w2 --access-config-name "external-nat" --zone=$ZONE
    gcloud compute instances delete-access-config "$INSTANCE_NAME"w3 --access-config-name "external-nat" --zone=$ZONE

Creating a Windows VM for SAP HANA Studio

  1. Use the Cloud Shell to invoke the following commands.


    export NETWORK_NAME="sapnetwork1"
    export REGION="us-west1"
    export ZONE="us-west1-a"

    gcloud compute instances create "saphanastudio" --zone $ZONE --machine-type "n1-standard-2" --subnet $SUBNET --metadata "tag1=hanastudio" --image "windows-server-2012-r2-dc-v20170117" --image-project "windows-cloud" --boot-disk-size "100" --boot-disk-type "pd-standard" --boot-disk-device-name "saphanastudio"

    gcloud compute firewall-rules create ${NETWORK_NAME}-allow-rdp --network $NETWORK_NAME --allow tcp:3389 --source-ranges --target-tags "hanastudio"

    The above commands create a Windows server in the subnetwork you created earlier, with a firewall rule to allow access to the instance through Remote Desktop Protocol(RDP). Although not shown in this guide, you can whitelist your customer IP address range in the firewall rules.

  2. Install SAP HANA Studio on this server.

Setting up Google's monitoring agent for SAP HANA

Optionally, you can set up Google's monitoring agent for SAP HANA, which collects metrics from SAP HANA and sends them to Stackdriver Monitoring. Stackdriver Monitoring allows you to create dashboards for your metrics, set up custom alerts based on metric thresholds, and more. For more information on setting up and configuring Google's monitoring agent for SAP HANA, see the SAP HANA Monitoring Agent User Guide.

Connecting to SAP HANA

Note that because these instructions don't use an external IP for SAP HANA, you can only connect to the SAP HANA instances through the bastion instance using SSH or through the Windows server through SAP HANA Studio.

  • To connect to SAP HANA through the bastion instance, connect to the bastion host, and then to the SAP HANA instance(s) by using an SSH client of your choice.

  • To connect to the SAP HANA database through SAP HANA Studio, use a remote desktop client to connect to the Windows Server instance. After connection, manually install SAP HANA Studio and access your SAP HANA database.

Performing post-deployment tasks

Before using your SAP HANA instance, we recommend that you perform the following post-deployment steps. For mor information, see SAP HANA Installation and Update Guide.

  1. Update the SAP HANA software with the latest patches.

  2. Install any additional components such as Application Function Libraries (AFL) or Smart Data Access (SDA).

  3. Configure and backup your new SAP HANA database. For more information, see the SAP HANA operations guide.

What's next

Send feedback about...