Deploying highly available SAP with Db2
The highly available SAP with Db2 on IBM Cloud VPC solution requires manual configuration of various non-IBM Cloud software components. This deployment process requires various specific deployment and configuration steps as described:
- Deploy IBM Cloud infrastructure resources
- Install the required software
- Configure Db2 Pacemaker
- Deploy SAP
- Test the environment
Before you begin
You need an IBM Cloud® SSH key and a Virtual Private Cloud (VPC) deployed before continuing. If an SSH key or VPC already exists, you can get started on deploying your infrastructure resources.
Securing access to your environment
Security is a significant concern when running business-critical applications in a cloud environment. To secure your connection to your IBM Virtual Servers, a public SSH key can be uploaded to your account, per region. These public keys are deployed to your virtual servers instances to allow access to the servers.
Before you continue, create an SSH public key that you can upload later to the region of your choice when you are creating the virtual server instance. For more information, see Getting started with SSH keys.
You use security groups to restrict access to and from IP ranges, protocols, and ports. Security groups aren't within the scope of this guidance, and the default security group that is deployed with your sample VPC can suffice. However, you might have to add other ports for exceptions to the access restrictions, such as, the SAP Software Provisioning Manager and for the ports that are being used by your SAP NetWeaver-based application.
Create an IBM Cloud VPC
Cloud resources are deployed in a global region within a VPC. Use the following steps to create a VPC:
- Log in to the IBM Cloud console with your unique credentials.
- Go to Virtual Private Clouds.
- Click Create.
- Select the Geography and Region where your VPC will be deployed.
- Enter a unique name for the VPC, for example, sap-db2-cluster.
- Keep the default resource group unless you want to create a new one. Use resource groups to organize your account resources for access control and billing purposes. For more information, see Best practices for organizing resources in a resource group.
- Optional: Enter tags to help you organize and find your resources. You can add more tags later. For more information, see Working with tags.
- Keep the default security group settings, which allow inbound SSH and ping traffic to virtual server instances in this VPC.
Deploy IBM Cloud infrastructure resources
The first step is to deploy the infrastructure, Virtual Server Instances (VSIs) or Bare Metal servers to support the IBM Db2 and SAP Pacemaker clusters.
Installing Virtual Server infrastructure
If you are using Virtual Server Instances (VSIs), you must complete the following steps:
- Set up a Virtual Private Cloud (VPC) and subnet
- Provision Intel virtual servers
- Add Block Storage for VPC
- Create the network interfaces
- Ready your operating system
For more information about these steps, see Deploying your VPC VSI infrastructure.
Installing Bare Metal Server infrastructure
If you are using Bare Metal servers, you must complete the following steps:
- Set up a Virtual Private Cloud (VPC) and subnet
- Provision Intel bare metal servers
- Create the network interfaces
- Ready your operating system
- Define the storage layout for your Bare Metal servers
For more information about these steps, see Deploying your Bare Metal infrastructure.
Install the required software
After the infrastructure is deployed, install the software that is required to support the IBM Db2 and SAP Pacemaker clusters.
- Install SAP and IBM Db2 software
- Install the Pacemaker software in the SAP cluster
- Install the Pacemaker software in the IBM Db2 cluster
Installing the SAP and IBM Db2 software
IBM Cloud provides a fully managed Db2 service by using the catalog. The pattern doesn't use this cloud service and requires Db2 to be manually installed.
Download and install SAP software and applications
SAP software installation media must be obtained from SAP directly, and requires valid license agreements with SAP in order to access these files.
Installing the Pacemaker software in the SAP cluster
SAP uses the Pacemaker software that is provided by the Linux distribution that you are using. Follow the appropriate steps for the Linux distribution that's being used:
Installing the Pacemaker software in the IBM Db2 cluster
IBM Db2 provides its own Pacemaker cluster software package that is intended for use with Db2. This must be used instead of the Pacemaker software that is provided by the Linux distribution.
The following links describe the installation of the IBM Db2 Pacemaker software:
Configure Db2 Pacemaker
The IBM Db2 Pacemaker configuration requires two steps:
- Setting up a Virtual IP address with an Application Load Balancer.
- Configuring Db2 HADR Pacemaker cluster fencing or Qdevice on IBM Cloud.
Setting up a Virtual IP address setup
A Virtual IP address (VIP) is used for communication between the Db2 database and the application and is routed by the IBM Cloud application load balancer (ALB). The application load balancer service with failover support routes the client traffic to a given database in a Db2 HADR cluster.
IBM Cloud application load balancers use front end listeners, security groups, backend pools, and health checks to route the traffic. For more information, see About application load balancers.
For more information on the steps to configure this Virtual IP address, see Setting up Virtual IP address for two-node Db2 HADR Pacemaker cluster with application load balancer on IBM Cloud.
Pacemaker fencing agent setup
Pacemaker provides different mechanisms to handle node failures and in particular the 'split brain' scenario in a two-node cluster. One mechanism is to use a third quorum node within the Pacemaker cluster to arbitrate when one of the HADR cluster nodes fails.
On IBM Cloud, while you can configure a quorum device on a third host, there is an alternative that uses a fencing agent. The fencing agent interacts with the IBM Cloud infrastructure to start, stop, monitor and/or restart the virtual machines. The advantage of configuring a two-node HADR Pacemaker cluster with fencing is that it removes the requirement of a third host for the quorum device, thus reducing ongoing cost.
For more information on configuring Pacemaker with the fence_ibm_vpc fencing agent, see Setting up two-node Db2 HADR Pacemaker cluster with fencing on IBM Cloud
Deploy SAP
IBM provides several templates with scripts to deploy different SAP NetWeaver and IBM Db2 architectures. Both use Terraform or Terraform and Ansible to deploy SAP. For more information, see SAP Terraform deployment templates.
Testing the environment
The final step is to test the environment to help ensure that failures are handled as expected by the Pacemaker cluster. The tests depend on the configuration that has been implemented and might include:
- Manually moving the SAP ABAP Central Services (ASCS) instance
- Manually moving the SAP ERS instance
- Testing failure of the SAP ASCS instance
- Testing failure of the SAP ERS instance
- Manually moving the Db2 primary database instance
- Manually moving the Db2 secondary database instance
- Testing failure of the Db2 primary database instance
- Testing failure of the Db2 secondary database instance
- Failure of SAP ASCS instance due to node crash
- Failure of SAP ERS instance due to node crash
- Failure of Db2 primary database instance due to node crash
- Failure of Db2 secondary database instance due to node crash