Terraform Modules for SAP are a subcomponent designed to be used from the Terraform Templates for SAP, but can be executed individually.
These custom Terraform Modules for SAP enable different solution scenarios of SAP software installations, and are used where there is siginificant repeated code, such as bootstraping a new Cloud Account with a new Resource Group, VPC and Subnets - i.e. a 'Minimal Landing Zone'.
Every Terraform Template (e.g. /sap_hana_single_node_install/aws_ec2_instance):
- will reference Terraform Modules for SAP infrastructure platforms (e.g.
/aws_ec2_instance/host_provision) - will reference Terraform Modules for SAP solution scenarios (e.g.
/all/ansible_sap_s4hana_install_maintplan)
It is possible to create your own Terraform Templates and re-use other Terraform Modules from the Terraform Registry, although these combinations are not tested; for example:
- Terraform Module for the Cloud Service Provider's defined landing zone patterns (e.g. Azure Cloud Adoption Framework (CAF))
- Terraform Module for SAP Host provision to a specified Infrastructure Platform (e.g.
/msazure_vm/host_provisionsubdirectory) - any of the Terraform Modules for SAP installations using Ansible (e.g.
/all/ansible_sap_s4hana_install_maintplansubdirectory)
For more information which explains Terraform Modules, please see:
Each Cloud and Hypervisor are not designed the same, each will have different interpretations and implementation of computing concepts.
Additionally, the implementations change over time - whether this is "Previous Generation" environments from a Cloud Service Provider, or a "Major.Minor" version update from a Hypervisor vendor.
Therefore it is not possible to match precisely the same functionality when bootstrapping and installing SAP software. For this reason the bootstrap of an environment is kept separate from existing resources.
In addition, dependant upon the additional configuration and policies within an existing configured environment - these Terraform Modules for SAP may not work at all and may require custom changes to fit the bespoke environment.
For further information, please see below for the Infrastructure provisioning parity comparison table.
N.B. Contributions to these Terraform Modules need to retain as much parity across each infrastructure platform.
Please note, for all SAP software installations the execution time will vary based on multiple factors:
- Infrastructure provision time
- Installation media downloads time from SAP.com
- Storage volume used for downloads and database backup files (default is lowest cost / slowest speed when using Cloud IaaS)
All detailed execution permissions are listed in the documentation for the Terraform Modules of each Infrastructure Platform. See the next section.
The below table lists the Terraform Modules for SAP, and any detailed documentation:
| Terraform Modules for SAP | Link |
|---|---|
| TF Modules for Infrastructure Platforms | - |
| Amazon Web Services Elastic Compute Cloud (EC2) Virtual Server | |
| Google Cloud Platform Compute Engine (CE) Virtual Machine | N/A |
| IBM Cloud Virtual Servers | N/A |
| IBM Cloud, IBM Power Virtual Servers | |
| IBM Power Virtualization Center | N/A |
| Microsoft Azure Virtual Machine | N/A |
| |
N/A |
| VMware vSphere Virtual Machine | /vmware_vm/host_provision |
| Generic documentation | |
| TF Modules as wrapper to Ansible for SAP solution scenarios | - |
| SAP BW/4HANA single-node | /all/ansible_sap_bw4hana_install |
| SAP ECC on SAP HANA single-node | /all/ansible_sap_ecc_hana_install |
| SAP ECC on SAP HANA single-node System Copy (Homogeneous with SAP HANA Backup / Recovery) |
/all/ansible_sap_ecc_hana_system_copy_hdb |
| SAP ECC on IBM Db2 single-node | /all/ansible_sap_ecc_ibmdb2_install |
| SAP ECC on Oracle DB single-node | /all/ansible_sap_ecc_oracledb_install |
| SAP ECC on SAP ASE single-node | /all/ansible_sap_ecc_sapase_install |
| SAP ECC on SAP MaxDB single-node | /all/ansible_sap_ecc_sapmaxdb_install |
| SAP HANA 2.0 single-node | /all/ansible_sap_hana_install |
| SAP NetWeaver AS (ABAP) with SAP HANA single-node | /all/ansible_sap_nwas_abap_hana_install |
| SAP NetWeaver AS (ABAP) with IBM Db2 single-node | /all/ansible_sap_nwas_abap_ibmdb2_install |
| SAP NetWeaver AS (ABAP) with Oracle DB single-node | /all/ansible_sap_nwas_abap_oracledb_install |
| SAP NetWeaver AS (ABAP) with SAP ASE single-node | /all/ansible_sap_nwas_abap_sapase_install |
| SAP NetWeaver AS (ABAP) with SAP MaxDB single-node | /all/ansible_sap_nwas_abap_sapmaxdb_install |
| SAP NetWeaver AS (JAVA) with IBM Db2 single-node | /all/ansible_sap_nwas_java_ibmdb2_install |
| SAP NetWeaver AS (JAVA) with SAP ASE single-node | /all/ansible_sap_nwas_java_sapase_install |
| SAP S/4HANA single-node | /all/ansible_sap_s4hana_install |
| SAP S/4HANA single-node, using SAP Maintenance Planner Stack XML (to run SUM and SPAM / SAINT) |
/all/ansible_sap_s4hana_install_maintplan |
| SAP S/4HANA single-node System Copy (Homogeneous with SAP HANA Backup / Recovery) |
/all/ansible_sap_s4hana_system_copy_hdb |
| SAP S/4HANA Distributed Install, using SAP Maintenance Planner Stack XML (to run SUM and SPAM / SAINT) |
/all/ansible_sap_s4hana_distributed_install_maintplan |
| SAP Solution Manager (ABAP/JAVA) with SAP ASE single-node | /all/ansible_sap_solman_sapase_install |
| SAP Solution Manager (ABAP/JAVA) with SAP HANA single-node | /all/ansible_sap_solman_saphana_install |
| Infrastructure Platform | Amazon Web Services (AWS) | Google Cloud | Microsoft Azure | IBM Cloud | IBM Cloud | IBM PowerVC | VMware vSphere |
|---|---|---|---|---|---|---|---|
| Product | EC2 Virtual Server | VM | VM | Virtual Server | IBM Power Virtual Server | LPAR | VM |
| Compute Type |
Virtual Machine (Type 1) |
Virtual Machine (Type 1) |
Virtual Machine (Type 1) |
Virtual Machine (Type 1) |
Virtual Machine (Type 1) |
Virtual Machine (Type 1) |
Virtual Machine (Type 1) |
| Compute Hypervisor |
KVM | KVM | HyperV | KVM | IBM PowerVM (PHYP LE) |
IBM PowerVM (PHYP LE) |
VMware vSphere |
Account Init |
|||||||
| Create Resource Group, or re-use existing Resource Group | 🚫 | 🚫 | ✅ | ✅ | ✅ | N/A | N/A |
| Create VPC/VNet, or re-use existing VPC/VNet | ✅ | ✅ | ✅ | ✅ | ✅ | N/A | N/A |
| Create Subnet, or re-use existing Subnet | ✅ | ✅ | ✅ | ✅ | ✅ | N/A | N/A |
| Create Many-to-One NAT Gateway (Public Internet access for hosts) | ✅ | ✅ | ✅ | ✅ | ✅ | N/A | N/A |
Account Bootstrap (aka. minimal landing zone) |
|||||||
| Create Private DNS | ✅ | ✅ | ✅ | ✅ | ✅ | N/A | N/A |
| Create Network Interconnectivity hub (e.g. Transit Gateway) | ✅ | 🚫 | 🚫 | ✅ | ✅ | N/A | N/A |
| Create Network Security for Subnet/s (e.g. ACL, NSG) | ✅ | ✅ | ✅ | ✅ | ✅ | N/A | N/A |
| Create Network Security for Host/s (e.g. Security Groups) | ✅ | 🚫 | ✅ | ✅ | ✅ | N/A | N/A |
| Create TLS key pair for SSH (using RSA algorithm) | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Import public key to Cloud platform | ✅ | 🚫 | ✅ | ✅ | ✅ | N/A | N/A |
Account IAM |
|||||||
| Create IAM Access Group/s and contained Policies for SAP 'Basis' Administrators | ❌ WIP | ❌ WIP | ❌ WIP | ❌ WIP | N/A | N/A | |
Bastion Injection |
|||||||
| Find OS Image | ✅ | ✅ | ✅ | ✅ | ✅ | N/A | N/A |
| Create Subnet for Bastion (using small CIDR prefix) | ✅ | ✅ | ✅ | ✅ | ✅ | N/A | N/A |
| Create Network Security for Host/s connection from Bastion (e.g. Security Groups) | ✅ | ✅ | ✅ | ✅ | ✅ | N/A | N/A |
| Create Network Security for Bastion (e.g. Security Groups) | ✅ | ✅ | ✅ | ✅ | ✅ | N/A | N/A |
| Create Public IP address for Bastion | ✅ | ✅ | ✅ | ✅ | ✅ | N/A | N/A |
| Create Bastion host | ✅ | ✅ | ✅ | ✅ | ✅ | N/A | N/A |
| Build scripts for Bastion host: - Create OS User for bastion access - Amend SSH Authorized Keys of OS User for bastion access - Activate firewalld - Change SSH Port to within IANA Dynamic Ports range - Update SELinux of port change - Deny root login from Public IP |
✅ | ✅ | ✅ | ✅ | ✅ | N/A | N/A |
Host Network Access for SAP |
|||||||
| Append Network Security rules for SAP (e.g. Security Group Rules) - SAP NetWeaver AS (ABAP) - SAP NetWeaver AS (JAVA) - SAP HANA - SAP HANA XSA - SAP Web Dispatcher |
✅ | ✅ | ✅ | ✅ | ✅ | N/A | N/A |
Host NFS |
|||||||
| Provision | ✅ | ✅ | ✅ | ✅ | N/A | N/A | |
Proxy interconnect provision for increased security hosts |
|||||||
| Find OS Image | N/A | N/A | N/A | N/A | ✅ | N/A | N/A |
| Create Proxy host | N/A | N/A | N/A | N/A | ✅ | N/A | N/A |
| Create DNS Records (i.e. A, CNAME, PTR) | N/A | N/A | N/A | N/A | ✅ | N/A | N/A |
| Build scripts for Bastion host: - Setup BIND/named for DNS Proxy - Setup Squid for Web Forward Proxy - Setup Nginx for Web Reverse Proxy |
N/A | N/A | N/A | N/A | ✅ | N/A | N/A |
Host Provision |
|||||||
| Find OS Image with SAP-relevant OS Package Repositories | ✅ | ✅ | ✅ | ✅ | ✅ clone from Stock OS Image |
✅ | ✅ |
| Create DNS Records (i.e. A, CNAME, PTR) | ✅ | ✅ | ✅ | ✅ | ✅ | N/A | N/A |
| Create Storage Volumes (defined storage profile with IOPS/GB, or custom IOPS) | ✅ | ✅ | ✅ | ✅ | no custom IOPS |
✅ | ✅ |
| Create Host/s | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Attach Storage Volumes to Host/s | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Build scripts for Host: - Enable root login - Set hostname - Set DNS in resolv.conf - Disks and Filesystem setup (LVM with XFS and striping, or Physical with XFS) |
✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Build scripts for increased security Hosts: - Set DNS Proxy in resolv.conf - Set Web Proxy for non-interactive login shell |
N/A | N/A | N/A | N/A | ✅ | ✅ | ✅ |
| Build scripts for BYOL OS: - Enable OS Subscription with BYOL, setup OS Package Repositories |
N/A | N/A | N/A | N/A | ✅ | ✅ | ✅ |
Key:
- ✅ Ready and Tested
⚠️ Pending work- ❌ Not available yet
- 🚫 Capability not provided by vendor (or construct concept does not exist)