Prerequisites

• Create an API key for your VPC. The API key is used to authenticate with the IBM Cloud platform and to determine your permissions for IBM Cloud services. For more information, see Create or retrieve an IBM Cloud API key.

• Create a SSH key on the IBM Cloud VPC. For more information, see Create or retrieve your SSH key ID.

Before deploying any SAP workload in the IBM Cloud VPC, there are certain IBM Cloud services which need to be provisioned. The order in which these are provisioned is mentioned here:

• VPC for SAP provisioning
  • New Subnet for the VPC
  • Security Group for the VPC
    • New Intel Virtual Server Instance (VSI)
      • Block storage for Intel Virtual Server Instances (VSIs) – additional storage can be added post VSI creation
      • NFS-based file storage for VPC – additional request for certain deployment scenarios

New subnet for VPC

Following are the steps to create a new subnet for the VPC:

1. To add a new subnet during the creation of new VPC, click Add subnet.

2. Enter a unique name for the VPC subnet.

3. Select a Resource group for the subnet.

4. Select a Location for the subnet. The location consists of a region and a zone.

   The region is automatically inherited from the VPC (currently in creation).

5. Optional: Make use of tags to better organize and find your resources.

6. Enter an address prefix, number of addresses, and an IP range for the subnet. The IP range is entered in CIDR notation, for example: 10.240.0.0/24. Usually, you can use the default IP range. If you want to specify a custom IP range, you can use the IP range calculator to select a different address prefix or change the number of addresses.

   A subnet cannot be resized after it has been created.

7. Attach a public gateway to the subnet to allow all the attached resources to communicate with the public internet (not mandatory for certain scenarios).

8. Click Create virtual private cloud.

If you have disabled the default address prefixes, which hides the new subnet for VPC section on the VPC ordering page, then you need to manually define your subnets before provisioning your virtual servers for VPC. Following are the steps to set up your subnets:

1. Click Menu icon > Infrastructure > Network > Subnets.
2. Choose the desired Region and click Create.
3. Confirm the Location (Geography, Region and Zone).
4. Enter a unique name and select the VPC to be associated.
5. Select a Resource group.
6. Optional: Use tags to better organize and find your resources.
7. Choose the VPC fro the subnet to be associated.
8. Enter an Address prefix, Total IP addresses and an IP range for the subnet. The IP range is entered in CIDR notation, for example: 10.240.0.0/24. Usually, you can use the default IP range. If you want to specify a custom IP range, you can use the IP range calculator to select a different address prefix or change the number of addresses.
9. Leave the values as default for the Routing table and Subnet access control list.
10. Choose a Public gateway to the subnet to allow all the attached resources to communicate with the public internet (not mandatory for certain scenarios).
11. Review the costs of your subnet resource and click Create subnet.

Security Group for VPC

After creating the VPC and subnet, a default Security Group will be automatically provisioned.

1. Navigate to Menu icon > Infrastructure > Network > VPCs.
2. Selecting the VPC, displays the Overview tab, showing various information on the VPC and the default security group.
3. Click on the default security group, to display the Overview tab.
4. Navigate to the Rules tab to bring forward the Inbound rules and Outbound rules settings.

By default, this Security Group is unrestricted, and the user should close the Inbound/Outbound access according to its security requirements and regulations.

Virtual server profile names

In IBM Cloud VPC, the profile families that are certified for SAP are:

• Compute Optimized
• Balanced
• Memory Optimized
• Very High Memory Optimized
• Ultra High Memory Optimized

All the memory family profiles provide memory intensive workloads, such as demanding database applications, in-memory analytics workloads, and are designed for SAP HANA workloads. For more information, see x86-64 instance profiles. For more information about SAP profiles, see Intel Virtual Server certified profiles on VPC infrastructure for SAP HANA and Intel Virtual Server certified profiles on VPC infrastructure for SAP NetWeaver.

The following profile families are available to provision the VSI:

The first letter of the profile name indicates the profile family:

Instance storage

Instance storage is a set of one or more solid-state drives (full or isolated partial storage spaces) attached to your virtual server instance when the instance is provisioned. Instance storage is close to the compute resources of the virtual server and on a high-speed communication channel that is independent from the network. An instance storage disk provides fast, affordable, temporary storage to improve the performance of cloud native workloads with scratch space, caching buffers, or a place for replicated data. The data that is stored on instance storage is temporary, which means that the data is attached directly to the instance lifecycle. The instance storage disk is automatically created and destroyed with the instance. Instance storage data is not lost when an instance is rebooted.

Instance storage is a complementary storage technology to boot and block storage volumes that are offered with VPC. For more information, see About instance storage on IBM Cloud VPC. Below are the examples for instance storage disks:

• Distributed File Systems: Technologies like Hadoop Distributed File System (HDFS) replicate data across multiple servers to improve read bandwidth and ensure reliability. It is recommended to maintain at least three copies of the data, ideally across availability zones, when using Instance Storage for these workloads.

• Transactional jobs: Transaction processing usually creates a significant number of temporary files. Instance storage is a great place to temporarily store that data while the transactions are processed, with the results stored persistently on a data volume.

Block storage for virtual servers on VPC infrastructure

When you create secondary data volumes, you select a volume profile to meet your requirements. Volume profiles are available in three predefined tiers or as a custom profile. These volume profiles relate to virtual server instance profiles:

• A 3 IOPS general-purpose tier profile provides IOPS/GB performance suitable for a virtual server instance Balanced profile.
• A 5-IOPS tier profile provides IOPS/GB performance suitable for a virtual server instance Compute profile.
• A 10-IOPS tier profile provides IOPS/GB performance suitable for a virtual server instance Memory profile.

For network storage, IOPS per GB is limited and performance varies based on the workload. For Relational Database Management Systems (RDBMS), it is beneficial to store both the database log and data on the same volume, depending on the applications behavior. In general, for typical RDBMS-based applications, a 5 IOPS/GB profile is reasonable. If your application relies on specific KPIs for storage performance, test the storage throughput before deploying software.

More information on Block Storage for Virtual Servers Instances on VPC can be found under About Block Storage for VPC.

NFS-based file storage for VSI on VPC infrastructure

IBM Cloud® File Storage for VPC is a zonal file storage offering that provides NFS-based file storage services. You can create file shares in an availability zone within a region. You can share them with multiple virtual server instances within the same zone or other zones in your region, across multiple VPCs. You can also limit access to a file share to a specific virtual server instance within a VPC and encrypt the data in transit.

File Storage for VPC provides file shares within the VPC Infrastructure. You create a file share in a zone and create the mount targets for the share per VPC. Replication between the source file share and a replica file share can be enabled. So if an outage at the primary site was to occur, you can fail over to the replica file share. Data on a file share is encrypted at rest with IBM-managed encryption by default. For added security, you can use your own root keys to protect your file shares with customer-managed keys.

For more information on NFS-based file storage for Virtual Server Instances on VPC Infrastructure, see About File Storage for VPC.

Catalog images on VPC

When provisioning IBM Cloud virtual servers for VPC on x86 architecture, choose from the supported stock images, a virtual server operating system bundle, or a custom image from IBM Cloud Object Storage. The selected image determines the operating system that is provisioned for your instance. If the image selected is a virtual server operating system bundle stock image, then the software that is part of that bundle is also included in your instance.

In the IBM Cloud console, go to the navigation Menu icon > Infrastructure > Compute > Images.

There are 3 different types of images for VPC:

1. Custom images (includes Image from volume)
2. Stock images
3. Catalog images

To share or publish a custom image within your enterprise, you must create a private catalog, which allows you to manage access to products for multiple accounts within the same enterprise. You can share any existing x86 virtual server custom image with a private catalog, except for an encrypted image. For more information about these limitations, see VPC considerations when using custom images in a private catalog.

When you select a catalog image, ensure that you are informed about any associated billing plans.

Catalog images are billed in one of the following ways:

• Free trial
• Usage-based
• Bring Your Own License (BYOL)

Bring your own OS product license

When you have your own operating system license, you can install on your virtual server based on the instructions. For more information about custom images, see Importing and managing custom images. The OS chosen must be certified for SAP and have access to the necessary OS packages for SAP. For more information, see Bring your own license.

Related information

• Release notes for IBM Cloud VPC
• SAP Note 84555 - Windows Server, Linux®, and UNIX: Certified hardware
• SAP Note 2927211 - SAP Applications on IBM Cloud Virtual Private Cloud (VPC) Infrastructure environment
• SAP Note 2923773 - Linux® on IBM Cloud (IaaS): Adaption of your SAP License
• SAP Note 171380 - Released IBM hardware (Intel processors) and IBM Cloud services offers
• SAP Note 1380654 - SAP support in IaaS environments
• SAP Note 2369910 - SAP Software on Linux®: General information
• SAP Note 3108316 - Red Hat Enterprise Linux 9.x: Installation and Configuration
• SAP Note 1597355 - Swap-space recommendation for Linux
• SAP Product Availability Matrix