Deploy Oracle Database for SAP NetWeaver

This deployment guide shows you how to provision the infrastructure to run an Oracle Database with Oracle Linux for use with SAP NetWeaver based applications on Google Cloud.

For information about planning this implementation, see Plan Oracle Database implementation for SAP NetWeaver.

Before you begin

  1. Read the Plan Oracle Database implementation for SAP NetWeaver.
  2. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

  3. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  4. Make sure that billing is enabled for your Google Cloud project.

  5. Install the Google Cloud CLI.

  6. To initialize the gcloud CLI, run the following command: 

    gcloud init

  7. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  8. Make sure that billing is enabled for your Google Cloud project.

  9. Install the Google Cloud CLI.

  10. To initialize the gcloud CLI, run the following command: 

    gcloud init
  11. If you require your SAP workload to run in compliance with data residency, access control, support personnel, or regulatory requirements, then you must create the required Assured Workloads folder. For more information, see Compliance and sovereign controls for SAP on Google Cloud.
  12. Make sure that you have access to the Oracle Database installation media.

Create a VPC network

For security purposes, create a new network. You can control who has access by adding firewall rules or by using another access control method.

If your project has a default VPC network, then don't use it. Instead, create your own VPC network so that the only firewall rules in effect are those that you create explicitly.

During deployment, Compute Engine instances typically require access to the internet to download Google Cloud's Agent for SAP. If you are using one of the SAP-certified Linux images that are available from Google Cloud, then the compute instance also requires access to the internet in order to register the license and to access OS vendor repositories. A configuration with a NAT gateway and with VM network tags supports this access, even if the target compute instances don't have external IPs.

To set up networking:

Console

  1. In the Google Cloud console, go to the VPC networks page.

    Go to VPC networks

  2. Click Create VPC network.
  3. Enter a Name for the network.

    The name must adhere to the naming convention. VPC networks use the Compute Engine naming convention.

  4. For Subnet creation mode, choose Custom.
  5. In the New subnet section, specify the following configuration parameters for a subnet:
    1. Enter a Name for the subnet.
    2. For Region, select the Compute Engine region where you want to create the subnet.
    3. For IP stack type, select IPv4 (single-stack) and then enter an IP address range in the CIDR format, such as 10.1.0.0/24.

      This is the primary IPv4 range for the subnet. If you plan to add more than one subnet, then assign non-overlapping CIDR IP ranges for each subnetwork in the network. Note that each subnetwork and its internal IP ranges are mapped to a single region.

    4. Click Done.
  6. To add more subnets, click Add subnet and repeat the preceding steps. You can add more subnets to the network after you have created the network.
  7. Click Create.

gcloud

  1. Go to Cloud Shell.

    Go to Cloud Shell

  2. To create a new network in the custom subnetworks mode, run: 
    gcloud compute networks create NETWORK_NAME --subnet-mode custom

    Replace NETWORK_NAME with the name of the new network. The name must adhere to the naming convention. VPC networks use the Compute Engine naming convention.

    Specify --subnet-mode custom to avoid using the default auto mode, which automatically creates a subnet in each Compute Engine region. For more information, see Subnet creation mode.

  3. Create a subnetwork, and specify the region and IP range: 
    gcloud compute networks subnets create SUBNETWORK_NAME \
    --network NETWORK_NAME --region REGION --range RANGE

    Replace the following:

    • SUBNETWORK_NAME: the name of the new subnetwork
    • NETWORK_NAME: the name of the network you created in the previous step
    • REGION: the region where you want the subnetwork
    • RANGE: the IP address range, specified in CIDR format, such as 10.1.0.0/24

      If you plan to add more than one subnetwork, assign non-overlapping CIDR IP ranges for each subnetwork in the network. Note that each subnetwork and its internal IP ranges are mapped to a single region.

  4. Optionally, repeat the previous step and add additional subnetworks.

Set up a NAT gateway

If you need to create one or more VMs without public IP addresses, then you need to use network address translation (NAT) to enable the VMs to access the internet. Use Cloud NAT, a Google Cloud distributed, software-defined managed service that lets VMs send outbound packets to the internet and receive any corresponding established inbound response packets. Alternatively, you can set up a separate VM as a NAT gateway.

To create a Cloud NAT instance for your project, see Using Cloud NAT.

After you configure Cloud NAT for your project, your VM instances can securely access the internet without a public IP address.

Prepare the Oracle Linux image

To prepare the Oracle Linux image that you need to run your Oracle Database for SAP systems, you need to import the image into your Google Cloud project and install the necessary drivers.

To prepare the Oracle Linux image, follow these steps:

  1. From Oracle, download an Oracle Linux image that is certified by SAP for use with SAP NetWeaver based applications on Google Cloud.

    For information about SAP-certified OS versions, see Supported operating systems.

  2. Import the image to a Compute Engine image:

  3. Create a custom OS image:

    1. Create a small VM by using the imported image, and set the instance name to vm-ol-gvnic.

      For information about how to do this, see Create an instance from a custom image.

    2. Connect to your instance by using SSH.

    3. Install the gve driver:

      yum install kernel-uek-modules-extra.x86_64
echo gve > /etc/modules-load.d/gve.conf

    4. Stop the instance.

      For information about how to do this, see Stop or restart a Compute Engine instance.

    5. Turn off the default auto-delete behavior of the disk attached to your compute instance. This prevents the boot disk from being deleted when you delete the compute instance.

      gcloud compute instances set-disk-auto-delete vm-ol-gvnic \
   --no-auto-delete \
   --disk=vm-ol-gvnic

    6. Create a temporary image for the boot disk:

      gcloud compute images create ol-uek-temp \
   --source-disk=vm-ol-gvnic \
   --source-disk-zone=ZONE \
   --storage-location=LOCATION

      Replace the following:

      • ZONE: the zone where the boot disk is deployed
      • LOCATION: the Cloud Storage location where you want to store the image

    7. Create a boot disk image that supports Google Virtual NIC (gVNIC), by using the temporary image you created:

      gcloud compute images create ol-uek-production \
   --source-image=ol-uek-temp \
   --source-image-project=PROJECT_ID \
   --guest-os-features="GVNIC" \
   --storage-location=LOCATION

      Replace the following:

      • PROJECT_ID: the project ID of the Google Cloud project where the source image exists
      • LOCATION: the Cloud Storage location where you want to store the image

    8. Except the gVNIC-enabled boot disk image, delete the temporary image and the VM that you created in this section:

      gcloud compute images delete ol-uek-temp
gcloud compute instances delete vm-ol-gvnic --zone=ZONE
gcloud compute disks delete DISK_NAME --zone=ZONE

      Replace the following:

      • ZONE: the zone where the boot disk is deployed
      • DISK_NAME: the name of the boot disk of the temporary VM that you want to delete

Create a Compute Engine instance for the Oracle Database

While creating a Compute Engine instance, you can specify several options such as the machine type, the region where the instance is created, and additional disks for storage.

To create a Compute Engine instance for the Oracle Database, complete the following steps:

  1. In the Google Cloud console, go to the Compute Engine Images page.

    Go to Images

  2. Select the Oracle Linux image that you prepared in the previous section, and then click Create instance.

  3. In the Name field, enter a name for your instance.

    Limit the name to 13 characters, as this is the maximum supported by SAP. For more information, see the SAP note 611361: Hostnames of SAP ABAP Platform servers.

  4. In the Region and Zone fields, select the region and zone where you want to create the instance.

    While selecting these, make sure to consider the location of your internal resources and users, and availability of the machine type that you want to use. For information about selecting the region and zone, see Plan regions and zones.

  5. Change the machine type to one of the supported machine types.

    For information about the supported machine types and their persistent-disk limitations, see the Plan Oracle Database implementation for SAP NetWeaver.

  6. Go to the OS and storage tab.

  7. Create additional disks for your Oracle Database. For information about the drives for which you need to provision disks, see Deployment architecture.

  8. To create a disk, follow these steps:

    1. Under Additional storage and VM backups, click Add new disk.
    2. In the Name field, enter a name for the disk.
    3. In the Disk storage type field, select Blank disk.
    4. In the Disk type field, select a supported disk type. For information about supported disk types, see Block storage in the planning guide.
    5. In the Size field, set a value that meets your performance requirements.
    6. Click Save.
    7. Repeat the preceding set of steps for each disk that you need to provision.

  9. Click Create.

Format and mount disk drives

  1. Connect to your compute instance by using SSH.
  2. Make sure that the Hyperdisk or Persistent Disk volumes you've attached to the compute instance are large enough to provide performant storage for the instance.
  3. Format and mount drives with logical volumes for all required drives by using LVM.

For information about the disk drives and their grouping, see Deployment architecture.

Prepare the OS

  1. Connect to your Compute Engine instance by using SSH.

  2. As recommended by Oracle, make sure that the Transparent HugePages feature is disabled.

    To verify this, follow these steps:

    1. Check if the Transparent HugePages feature is enabled by running the following command:

      cat /sys/kernel/mm/transparent_hugepage/enabled

    2. If the Transparent HugePages feature is enabled, then disable it by running the following commands:

      ORIGINAL=$(grep GRUB_CMDLINE_LINUX /etc/default/grub)
INSERT=" transparent_hugepage=never"
TARGET=$(printf '%s\n' "$ORIGINAL" | sed -e "s/\"$/$INSERT&/")
sed -i "s%^GRUB_CMDLINE_LINUX.*$%$TARGET%" /etc/default/grub
grub2-mkconfig -o /boot/grub2/grub.cfg

    3. Restart your instance. For information about how to do this, see Restart an instance.

    For information from SAP about these features, see the following SAP notes:

  3. Install the Oracle Database preinstallation RPM:

    yum install oracle-database-preinstall-19c

    If you're using Oracle Linux 9, then run the following command as well:

    yum in libxcrypt-compat

Install Google Cloud's Agent for SAP

Google Cloud's Agent for SAP is required for SAP support of SAP systems running on Google Cloud, including SAP NetWeaver, SAP HANA, SAP ASE, SAP MaxDB, and others.

When you install Google Cloud's Agent for SAP on a Compute Engine instance, for SAP Host Agent metrics, the agent combines monitoring data from Cloud Monitoring and the Compute Engine APIs and provides that data to the SAP Host Agent.

If you use the following RHEL or SLES "for SAP" OS images that Google Cloud provides, then Google Cloud's Agent for SAP is packaged with the OS images:

  • RHEL: all "for SAP" images
  • SLES: SLES 15 SP4 for SAP and later versions

For information about the operating systems supported by Google Cloud's Agent for SAP, see Supported operating systems.

Prerequisites for the agent

Before you install Google Cloud's Agent for SAP, you need to ensure that the following prerequisites are met.

Set the required IAM roles

At a minimum, the service account that Google Cloud's Agent for SAP uses must include the Compute Viewer (roles/compute.viewer), Monitoring Viewer (roles/monitoring.viewer), and Workload Manager Insights Writer (roles/workloadmanager.insightWriter) roles.

To add a required role to your service account, follow these steps:

  1. In the Google Cloud console, go to the IAM page.

    Go to IAM

  2. Select your Google Cloud project.

  3. Identify the service account to which you want to add a role.

    • If the service account isn't already on the principals list, then it doesn't have any roles assigned to it. Click Add and enter the email address of the service account.
    • If the service account is already on the principals list, then it has existing roles. Click the Edit button for the service account that you want to edit.

  4. Select the required role from the list of available roles:

    • Compute Engine > Compute Viewer
    • Monitoring > Monitoring Viewer
    • Workload Manager > Workload Manager Insights Writer

  5. Click Add or Save to apply the roles to the service account.

Enable access to Google Cloud APIs

Compute Engine recommends configuring your compute instances to allow all access scopes to all Cloud APIs and using only the IAM permissions of the instance service account to control access to Google Cloud resources. For more information, see Create a VM that uses a user-managed service account.

If you do limit access to the Cloud APIs, then Google Cloud's Agent for SAP requires the following minimum Cloud API access scopes on the host Compute Engine instance:

  • Cloud Platform: Enabled
  • Compute Engine: Read Only
  • Stackdriver Monitoring API: Read Only

If you are running SAP applications on a compute instance that does not have an external IP address, then you need to enable Private Google Access on the subnet of the compute instance so that Google Cloud's Agent for SAP can access Google APIs and services. To enable Private Google Access on a subnet, see Configuring Private Google Access.

Install the agent

To install Google Cloud's Agent for SAP on a Compute Engine instance that uses Oracle Linux, follow these steps:

  1. Establish an SSH connection to your compute instance.

  2. To install version 3.6 (latest) of the agent, run the following command:

    sudo tee /etc/yum.repos.d/google-cloud-sap-agent.repo << EOM
[google-cloud-sap-agent]
name=Google Cloud Agent for SAP
baseurl=https://packages.cloud.google.com/yum/repos/google-cloud-sap-agent-el$(cat /etc/redhat-release | cut -d . -f 1 | tr -d -c 0-9)-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=0
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOM
sudo yum install google-cloud-sap-agent

Verify that the agent is running

To verify that the agent is running, follow these steps:

  1. Establish an SSH connection with your Compute Engine instance.

  2. Run the following command: 

    systemctl status google-cloud-sap-agent

    If the agent is functioning properly, then the output contains active (running). For example: 

    google-cloud-sap-agent.service - Google Cloud Agent for SAP
Loaded: loaded (/usr/lib/systemd/system/google-cloud-sap-agent.service; enabled; vendor preset: disabled)
Active:  active (running)  since Fri 2022-12-02 07:21:42 UTC; 4 days ago
Main PID: 1337673 (google-cloud-sa)
Tasks: 9 (limit: 100427)
Memory: 22.4 M (max: 1.0G limit: 1.0G)
CGroup: /system.slice/google-cloud-sap-agent.service
       └─1337673 /usr/bin/google-cloud-sap-agent

If the agent isn't running, then restart the agent.

Verify that SAP Host Agent is receiving metrics

To verify that the infrastructure metrics are collected by Google Cloud's Agent for SAP and sent correctly to the SAP Host Agent, follow these steps:

  1. In your SAP system, enter transaction ST06.

  2. In the overview pane, check the availability and content of the following fields for the correct end-to-end setup of the SAP and Google monitoring infrastructure:

    • Cloud Provider: Google Cloud Platform
    • Enhanced Monitoring Access: TRUE
    • Enhanced Monitoring Details: ACTIVE

Install the Oracle Database

Get support

For issues with Google Cloud infrastructure or services, contact Cloud Customer Care. You can find the contact information on the Support Overview page in the Google Cloud console. If Customer Care determines that a problem resides in your SAP systems, then you are referred to SAP Support.

For SAP product-related issues, log your support request with SAP support. SAP evaluates the support ticket and, if it appears to be a Google Cloud infrastructure issue, then SAP transfers that ticket to the appropriate Google Cloud component in its system: BC-OP-LNX-GOOGLE or BC-OP-NT-GOOGLE.

Support requirements