This guide shows you how to deploy and connect to a VM that is configured to run SAP NetWeaver on Linux-based systems on Google Cloud. To deploy a VM that is running Windows, see the Windows Deployment Guide.
VM configuration deployed by these instructions
The VM that is deployed by these instructions is for use in a 3-tier configuration, where SAP NetWeaver runs on one VM and the database server runs on another. During deployment, you also install Google's monitoring agent and can validate that it is sending metrics to SAP.
To set up a 2-tier configuration, where SAP NetWeaver runs on the same VM as the database server, you deploy the database server first and create the VM and the required disk drives for both the database server and for SAP NetWeaver at that time. You then install SAP NetWeaver on the same VM as the database server. In a 2-tier configuration, SAP NetWeaver and SAP HANA must use different SAP system IDs (SIDs).
For instructions about deploying the VM for a database server, see the database deployment guide for your database server.
Creating a project
To create a project:
- Accede a tu Cuenta de Google.
Si todavía no tienes una cuenta, regístrate para obtener una nueva.
En GCP Console, en la página de selección de proyecto, selecciona o crea un proyecto de GCP.
Comprueba que la facturación esté habilitada en tu proyecto.
gcloud command environment
These instructions use
Cloud Shell to enter
gcloud commands that deploy or configure
your Google Cloud resources. Cloud Shell is accessed through the
Cloud Console in your browser.
Cloud Shell runs on a VM that Google Cloud provisions each time
you start Cloud Shell. The first time you use Cloud Shell,
Google Cloud also creates a persistent
$HOME directory for you,
which is restored each time you open Cloud Shell.
The provisioned VM includes the latest
which provides the
gcloud command-line interface. Therefore, the
commands that you use in Cloud Shell are the same as
those you would use in a locally installed instance of the Cloud SDK.
If you have the Cloud SDK installed, you can issue the
commands that are used in these instructions from your local machine. However,
with a locally installed Cloud SDK you must always make sure that you
are using the latest version of the Cloud SDK.
Whether you use Cloud Shell or Cloud SDK, you can
can set and change the properties of your
gcloud command environment and save
them as a configuration. Configurations are collections of key-value pairs
that influence the behavior of the
Some basic actions you can take with a configuration in Cloud Shell include:
Initialize a configuration with
Check the settings of your current gcloud configuration with
gcloud config list.
Change the Google Cloud project you are working in with
gcloud config set project [PROJECT_ID]where
[PROJECT_ID]represents your Google Cloud project.
Set a default region with
gcloud config set compute/region [REGION]where
[REGION]represents a Google Cloud region.
Set a default zone with
gcloud config set compute/zone [ZONE]where
[ZONE]represents a Google Cloud zone.
Create a new configuration with
gcloud config configurations create [NAME]where
[NAME]represents the name for the configuration.
For more information about working with configurations, see Managing Cloud SDK configurations.
Creating a network
For security purposes, create a new network. You control who has access by adding firewall rules or by using another access control method.
If your project has a default VPC network, don't use it. Instead, create your own VPC network so that the only firewall rules in effect are those that you create explicitly.
Go to Cloud Shell.
Create a new network in the custom subnetworks mode:
gcloud compute networks create [YOUR_NETWORK_NAME] --subnet-mode custom
[YOUR_NETWORK_NAME]is the name of the new network. The network name can contain only lowercase characters, digits, and the dash character (-).
--subnet-mode customto avoid using the default auto mode, which automatically creates a subnet in each Compute Engine region. For more information, see Subnet creation mode.
Create a subnetwork, and specify the region and IP address range:
gcloud compute networks subnets create [YOUR_SUBNETWORK_NAME] \ --network [YOUR_NETWORK_NAME] --region [YOUR_REGION] --range [YOUR_RANGE]
[YOUR_SUBNETWORK_NAME]is the new subnetwork.
[YOUR_NETWORK_NAME]is the name of the network you created in the previous step.
[REGION]is the region where you want the subnetwork. Use a region that is supported for SAP NetWeaver.
[YOUR_RANGE]is the IP address range, specified in CIDR format, such as
10.1.0.0/24.If you plan to add more than one subnetwork, assign non-overlapping CIDR IP address ranges for each subnetwork in the network. Note that each subnetwork and its internal IP address ranges are mapped to a single region.
Optionally, repeat the previous step and add additional subnetworks.
Setting up a NAT gateway
If you intend to create a VM without a public IP address, you must create a NAT gateway so that your VM can access the internet to download Google's monitoring agent. If you intend to assign an external public IP address to your VM, you can skip this procedure.
Create a VM to act as the NAT gateway in the subnet you just created:
gcloud compute instances create [YOUR_VM_NAME] --can-ip-forward \ --zone [YOUR_ZONE] --image-family [YOUR_IMAGE_FAMILY] \ --image-project [YOUR_IMAGE_PROJECT] --machine-type=[YOUR_MACHINE_TYPE] \ --subnet [YOUR_SUBNETWORK_NAME] \ --metadata startup-script="sysctl -w net.ipv4.ip_forward=1; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" \ --tags [YOUR_VM_TAG]
[YOUR_VM_NAME]is the name of the VM you are creating that you want to use for the NAT gateway.
[YOUR_ZONE]is the zone where you want the VM.
[YOUR_IMAGE_PROJECT]specify the image you want to use for the NAT gateway VM. If you are using SUSE Linux Enterprise Server (SLES) for your SAP NetWeaver components, you must specify a SLES VM for your gateway as well. However, if you are using Red Hat Enterprise Linux (RHEL), then you don't have to select a premium image for your gateway. For example, to select the latest version of Debian, specify
[YOUR_MACHINE_TYPE]is any supported machine type. If you expect high network traffic, choose a machine type with that has at least 8 virtual CPUs.
[YOUR_SUBNETWORK_NAME]is the name of the subnetwork where you want the VM.
[YOUR_VM_TAG]is the tag that is applied to the VM you are creating. If you will also use this VM as a bastion host, this tag is used to apply the firewall rule only to this VM.
Create a route that is tagged so that traffic passes through the NAT VM instead of the default internet gateway:
gcloud compute routes create [YOUR_ROUTE_NAME] --network [YOUR_NETWORK_NAME] \ --destination-range 0.0.0.0/0 --next-hop-instance [YOUR_VM_NAME] \ --next-hop-instance-zone [YOUR_ZONE] --tags [YOUR_TAG_NAME] --priority 800
[YOUR_ROUTE_NAME]is the name of the route you are creating.
[YOUR_NETWORK_NAME]is the network you created.
[YOUR_VM_NAME]is the VM you are using for your NAT gateway.
[YOUR_ZONE]is the zone where the VM is located.
[YOUR_TAG_NAME]is the tag on the route that directs traffic through the NAT VM.
If you also want to use the NAT Gateway VM as a bastion host, run the following command to allow inbound SSH access to this instance from the internet:
gcloud compute firewall-rules create allow-ssh --network [YOUR_NETWORK_NAME] \ --allow tcp:22 --source-ranges 0.0.0.0/0 --target-tags "[YOUR_VM_TAG]"
[YOUR_NETWORK_NAME]is the network you created.
[YOUR_VM_TAG]is the tag you specified when you created the NAT gateway VM. This tag is used so this firewall rule applies only to the VM that hosts the NAT gateway, and not to all VMs in the network.
Adding firewall rules
By default, incoming connections from outside your Google Cloud network are blocked. To allow incoming connections, set up a firewall rule for your VM. Firewall rules regulate only new incoming connections to a VM. After a connection is established with a VM, traffic is permitted in both directions over that connection.
You can create a firewall rule to allow access to specified ports, or to allow access between VMs on the same subnetwork.
Create firewall rules to allow access for such things as:
- The default ports used by SAP NetWeaver, as documented in TCP/IP Ports of All SAP Products.
- Connections from your computer or your corporate network environment to your Compute Engine VM instance. If you are unsure of what IP address to use, talk to your company's network admin.
- Communication between VMs in a 3-tier or scaleout configuration. For example, if you are deploying a 3-tier system, you will have at least 2 VMs in your subnetwork: the VM for SAP NetWeaver, and another VM for the database server. To enable communication between the two VMs, you must create a firewall rule to allow traffic that originates from the subnetwork.
- SSH connections to your VM instance, including
SSH from the browser,
- Connections to your VM instance from third-party tools, such as a local terminal or PuTTY. Create a rule to allow access for the tool through your firewall. For more information, see Connecting using third-party tools.
To create a firewall rule:
In the Cloud Console, go to the Firewall Rules page.
At the top of the page, click Create firewall rule.
- In the Network field, select the network where your VM is located.
- In the Targets field, select All instances in the network.
- In the Source filter field, select one of the following:
- IP ranges to allow incoming traffic from specific IP addresses. Specify the range of IP addresses in the Source IP ranges field.
- Subnets to allow incoming traffic from a particular subnetwork. Specify the subnetwork name in the following subnets field. You can use this option to allow access between the VMs in a 3-tier or scaleout configuration.
- In the Protocols and ports section, select Specified protocols and
ports and specify
Click Create to create your firewall rule.
Deploying a VM manually
The following instructions show you how to deploy an example 3-tier SAP system running Linux and either SAP HANA, SAP ASE, or IBM Db2 for Linux, UNIX and Windows (IBM Db2) as the database. The database components run on one VM, and the other SAP components, including the SAP central services, run on a second VM.
For general considerations for a scale-out system, see Deploying a 3-tier scale-out system.
Creating and setting up the VM
When you create a VM, you can specify several options, including the operating system, region, machine type, and persistent disks. You must also specify a start-up script to install Google's monitoring agent on the VM.
To create a VM:
Go to the Images page in Compute Engine:
To use a public image, choose an image from one of the following image families:
- For RHEL, select an image that begins with
rhel-, such as
- For SLES, select an image that begins with
sles-, such as
- For RHEL, select an image that begins with
Click the Create instance button.
Enter a name for the VM.
Limit your name to 13 characters, because this is the maximum supported by SAP. For more information, see SAP Note 611361: Hostnames of SAP servers.
Select the region and zone for your VM based on the location of your internal resources and users, and based on the CPU platform you want to use.
For more details on the zones supported for SAP NetWeaver, see the following guides and SAP Notes:
Under Machine type, select a pre-defined
n1-highmemmachine type, or customize a VM to more precisely match your expected workload.
To compare the supported machine types and their persistent-disk limitations, see the Planning Guide.
Optionally, in the Boot disk section, click Change to configure your boot disk. For Linux systems, ensure that the boot disk is at least 16 GB.
Under Access Scope, for the Compute Engine default service account, select Set access for each API.
To ensure that your VM instance can interact with Compute Engine and Stackdriver and that the Google monitoring agent functions correctly, the following API access for the service account are recommended:
API Access Cloud Source Repositories Read Write Compute Engine Read Write Service Control Enabled Service Management Read Only Stackdriver Logging API Full Stackdriver Monitoring API Full Stackdriver Trace Write Only Storage Full
Expand the Management, disks, networking, sole tenancy section.
If you are using a NAT gateway, in the Networking tab, under Network tags, add the tag that you specified as
[YOUR_TAG_NAME]when you set up the route that directs traffic through the gateway.
In the Management tab, under Automation > Startup script, specify the following script to install the Google monitoring agent:
curl -s https://storage.googleapis.com/sap-netweaver-on-gcp/setupagent_linux.sh | bash
The startup script creates two cron jobs that are required for the continuous operation of Google's monitoring agent, so do not delete them.
The Google monitoring agent, which sends data to the SAP monitoring system, must be installed and running to get support from SAP.
For more information about the Google monitoring agent, see the Operations Guide.
In the Management tab, under Availability policy, ensure that you leave the following default settings:
- To ensure availability of your SAP systems, keep the Preemptibility setting Off (recommended).
- To ensure that your VM can restart if there's a maintenance or failure event, keep the Automatic restart setting On (recommended) .
- To ensure that your VM is migrated to other hardware during infrastructure maintenance, keep the On host maintenance setting on Migrate VM instance (recommended).
Optionally, in the Disks tab, under Boot disk > Deletion rule, clear the Delete boot disk when instance is deleted checkbox.
In the Disks tab, under Additional disks, click Add new disk to add persistent disks for storage.
Optionally, specify a name in the Name field.
In the Create a disk window, under Disk Type, select the disk type based on the purpose of the disk.
- For SAP NetWeaver binaries, add a standard persistent disk (HDD). SSD disks are generally not required for SAP application installations.
- For the swap disk, add an HDD disk.
Under Source type, select Blank disk.
Specify the size of your disk.
For the swap disk, size the disk according to your needs. The minimum recommended size is 24 GB. For larger instances, you may need more. Refer to the SAP documentation. For example, see SAP Note 1597355 - Swap-space recommendation for Linux.
Repeat these steps to create each disk you need for your system.
In the Networking tab, under Network interfaces, click the pencil icon to edit the selected network interface.
- Select the network that you created previously.
- Select the subnetwork.
- Click Done.
Click Create to create and start the instance.
At the bottom of the page, you can click REST or command line
to see the equivalent REST and
gcloud commands for the instance you are
creating. These can be useful for creating additional VMs.
Connecting to your VM
If you have defined a firewall rule that allows access on port 22, you can connect to a Linux VM using common SSH tools.
GCP provides two easy connection methods. You can connect with a click of a
button through the Cloud Console or you can connect from a terminal
by using a
To SSH directly from your web browser in the Google Cloud Console:
- En la Consola de APIs, ve a la página Instancias de VM.
En la lista de instancias de máquinas virtuales, haz clic en el botón SSH de la fila de la instancia a la que quieres conectarte.
gcloud command-line tool manages your SSH keys for you by generating
and applying new project-wide SSH keys when you need them. To connect
gcloud tool, replace the brackets and their contents with your
values before entering the following command:
gcloud compute --project "[VM-GCP-PROJECT]" ssh --zone "[VM-ZONE]" "[VM-NAME]"
After you submit the preceding command, the terminal is connected to your
VM on Google Cloud and you can run commands on your Linux VM. When
you are done, use the
exit command to disconnect from the VM.
You can also generate a new key-pair for your Linux VM and apply it to your project, which allows you to connect using third-party tools such as PuTTY on Windows workstations. For more details, see Creating a new SSH key pair.
Other connection options, which are not discussed here, are also possible.
For more detailed information about connecting to a Linux VM on Google Cloud, see Connecting to Linux instances.
Formatting and mounting disk drives
After you connect to your VM, format and mount the disk drives, including the SAP disk drives and the swap disk drive.
Formatting and mounting SAP disk drives
The following steps format and mount the
/usr/sap disk. For other disks, such
/backup, replace the
/usr/sap volume and mount
point identifiers in the example commands with identifiers for those disks.
In a terminal connected to your VM, switch to super user:
sudo su -
Create a physical volume for the disk:
Create a volume group for the disk:
vgcreate vg_usrsap /dev/disk/by-id/google-[DISK]
Create a logical volume for the disk:
lvcreate -l 100%FREE -n vol vg_usrsap
Format the disk. The following command formats the disk with a single
xfsfile system and no partition table:
mkfs -t xfs /dev/vg_usrsap/vol
Update the file system table
echo "/dev/vg_usrsap/vol /usr/sap xfs defaults,discard,nofail 0 2" >>/etc/fstab
nofailoption is specified so that the instance can continue to boot even if the disk is not present. For example, if you take a snapshot of the boot disk and create a new instance without any persistent disks attached, the instance can continue through the startup process and not pause indefinitely.
Create a mount point:
mkdir -p /usr/sap
Mount the disk to the VM:
Confirm that the disk is mounted properly:
You should see output similar to the following:
Filesystem Size Used Avail Use% Mounted on devtmpfs 15G 8.0K 15G 1% /dev tmpfs 23G 0 23G 0% /dev/shm tmpfs 15G 9.7M 15G 1% /run /dev/sda1 16G 1.8G 14G 12% / tmpfs 15G 0 15G 0% /sys/fs/cgroup tmpfs 3.0G 0 3.0G 0% /run/user/1001 /dev/mapper/vg_usrsap-vol 15G 33M 15G 1% /usr/sap /dev/mapper/vg_sapmnt-vol 15G 33M 15G 1% /sapmnt
Repeat these steps for each additional disk.
Format and mount the swap disk
In a terminal connected to your VM, create a physical volume for the swap disk:
Create a volume group for the swap disk:
vgcreate vg_swap /dev/disk/by-id/google-[DISK]
Create a logical volume for the swap disk:
lvcreate -l 100%FREE -n vol vg_swap
Format the swap disk:
echo "/dev/vg_swap/vol none swap defaults,nofail 0 2" >>/etc/fstab
Mount the disk to the VM:
Preparing the operating system
After you have created your VM, consult the relevant SAP notes on installation and ensure that your system includes the software components specified:
- 1310037 - SUSE LINUX Enterprise Server 11: Installation notes
- 1984787 - SUSE LINUX Enterprise Server 12: Installation notes
- 1496410 - Red Hat Enterprise Linux 6.x: Installation and Upgrade
- 2002167 - Red Hat Enterprise Linux 7.x: Installation and Upgrade
Setting up the database
If you haven't yet deployed your database on Google Cloud, follow the instructions for setting up your database in both the Google Cloud deployment guide for your database, and in the database documentation that is provided by your database vendor.
Google Cloud provides deployment guides for the following SAP-certified databases:
- SAP HANA guides
- SAP ASE guides
- SAP MaxDB guides
- IBM Db2 guides
- Windows SQL Server guide: when SAP NetWeaver is running on Linux, Windows SQL Server is supported only in 3-tier architectures.
When SAP NetWeaver and the database server are running on different VMs in a 3-tier architecture, make sure that your firewall rules are defined to allow communication between the VMs.
Installing the Stackdriver Logging agent
The Stackdriver Logging agent provides you with a solution for Google Cloud system-activity logging, including operating system events and, if you are using SAP HANA, SAP HANA events. The Stackdriver Logging agent is an optional but recommended component. See the SAP NetWeaver on Google Cloud operations guide for more information about Google Cloud logging.
To install the Stackdriver Logging agent in your new VM, see the instructions for Linux and Windows in Installing the agent.
Installing SAP NetWeaver
After you install SAP NetWeaver:
Update the SAP kernel to the minimum supported patch level.
For details on the supported SAP kernel patch levels, see SAP Note 2446441 - Linux on Google Cloud (IaaS): Adaptation of your SAP License.
Install your permanent SAP NetWeaver license.
For more information from SAP about managing your SAP NetWeaver licenses, see SAP Licensing Procedure.
Installing the SAP Host Agent
The SAP Host Agent has been enhanced for running on Google Cloud. Ensure that you run at least the minimum SAP Host Agent version required for the Google Cloud environment.
For details, refer to the following SAP Notes:
- SAP Note 2460297 - SAP on Linux on Google Cloud Platform: Enhanced Monitoring.
- To update your SAP Host Agent by default on a regular basis, see SAP Note 1473974 - Using the SAP Host Agent Auto Upgrade Feature.
Validating your installation of the monitoring agent
After you have deployed a VM and installed SAP NetWeaver, validate that Google's monitoring agent is functioning properly with SAP's enhanced monitoring.
Verifying that Google's monitoring agent is running
You can check whether the monitoring agent is running by polling for a health check from the server. Follow these steps:
In the Cloud Console, open Cloud Shell.
Connect to the VM instance you want to monitor. For details on how to connect, see Connecting to your VM.
At the command prompt, enter the following command:
If the monitoring agent is functioning properly, the value for
If the monitoring agent isn't running, see the Operations Guide section about restarting Google's monitoring agent.
Verifying that SAP NetWeaver is receiving metrics
To check whether the connection between Google's monitoring agent and SAP
NetWeaver works as intended, enter transaction
ST06 in your SAP NetWeaver ABAP
system. In the overview pane, check the availability and content of the
following fields for the correct end-to-end setup of the SAP and Google
- Cloud Provider:
Google Cloud Platform
- Enhanced Monitoring Access:
- Enhanced Monitoring Details:
This section contains information about how to correct common issues.
Troubleshooting communication problems to the database server
If you are setting up a 3-tier SAP system and having connection issues between your VMs, ensure that you have created a firewall rule to allow traffic between VMs on your subnetwork.
Troubleshooting connecting to your VM
If you are having issues connecting to your VM through
ssh, ensure that you
have created a firewall rule to open port
22 on the Google Cloud network
you are using.
For other possible issues, see Known issues for SSH from the browser.
Troubleshooting Google's monitoring agent
To troubleshoot the monitoring agent, see the Operations guide.