Increased Business Agility for BiharVegfed with Implementation of “SAP on AWS”

Bihar is an agrarian based economy with most of the population residing in rural areas being indulged in agricultural activities either directly or indirectly. It is the largest producer of vegetables, which is dominated by potato, onion, eggplant & cauliflower and ranks among top five vegetable producing states in India. There are several relevant numerous factors which disintegrate vegetable value chain and make it complex such as transportation, logistics, packaging, sorting, grading and post-harvest losses thus it became very difficult for farmers to sustain in these circumstances and situations.

To address these inherent challenges and edify vegetable growers from misery and poverty, the Cooperative Department, Government of Bihar has launched a scheme, namely, Bihar state Vegetable Processing and Marketing Scheme. The objective of this scheme is to establish a brand of trust in the society by marketing the vegetable produced in the state under umbrella brand “Tarkaari”.

• BiharVegFed was an SAP based application to run on the On-premise Data center. The key challenge was to address the issues of scale, growing demand and quick response to changing requirements. The key requirements for the security, database backup and restoration failure and application upgradation:
  • Response to Changing Requirements: Adapting the application quickly to changing business requirements and market dynamics may be cumbersome. On-premise setup has longer lead times for hardware provisioning and software updates.

   

  • Performance and Speed: BiharVegFed SAP environment processed vast amounts of data from multiple sources, leading to performance bottlenecks and slower response times. This hindered the organization’s ability to deliver timely insights and make informed decisions.

   

  • Scalability and Flexibility: The on-premises data center lacked the necessary scalability to accommodate BiharVegFed growing business needs. Scaling hardware and infrastructure proved to be time-consuming and costly, limiting the organization’s ability to respond to changing demands effectively.

   

  • Cost Efficiency: Maintaining and upgrading the on-premises SAP infrastructure resulted in significant capital and operational expenditures for BiharVegFed. The organization sought a more cost-effective solution without compromising performance and reliability.

   

  • Data Security and Disaster Recovery: Ensuring the security and integrity of critical business data was a top priority for BiharVegFed. With an on-premises setup, there was an inherent risk of data loss or breach, and disaster recovery mechanisms were complex and time-intensive to implement.

• Configuring the SAP on AWS infrastructure involved several key steps. Here is a high-level solution approach we took for BiharVegFed for configuring the SAP on AWS.
  • Planning and Architecture Design
  • Network & Connectivity
  • Infrastructure Provisioning
  • SAP Installation & Configuration
  • Data Migration & Integration
  • Security & Compliance

   

  Some of the key technical aspects which we undertook during the implementation were:

  • Workmates team provisioned the SAP instances based on the BSAP Notes updated to 28th November 2021 for the recommended sizing.
  • We provisioned an isolated network i.e., VPC (Virtual Private Cloud) with proper security and firewalls (AWS In-built). We provisioned a VPN server with Linux OS, as per the network security and compliance. All server’s and other resources were placed in the private subnet, wherein using AWS Mumbai region for low network latency.
  • Only prod OpenVPN has been placed in public subnet i.e., internet facing zone, while the other Prod servers (namely application and database) were on a private subnet i.e., Off Internet zone. All the servers are bound with OpenVPN server and remote user are using OpenVPN client for accessing the servers. A change was made in the default RDP/SSH and DB server port of the servers for additional security.
  • We also provisioned access to AWS Systems Manager in case there is any loss of RDP/SSH credentials for the provisioned instances. In order to simulate proper traffic handling we used an Application Load Balancer. The ALB endpoint served incoming requests on to the application server.
  • All monitoring had been available using AWS Enterprise tool CloudWatch. Preliminary backup mechanism had been involve native backup on the VM itself and later pushed to S3.

  All the infra and DB backup has been stored on s3 storage service with 15 days retention and can be accessible at any point of time. We have enabled system, all Container logs and DB logs in the CW Logs and copy logs to the S3 bucket for archiving. CloudTrail for recording changes in AWS infra maintain 90 days logs without any additional cost.

BiharVegfed SAP application was successfully deployed on AWS environment ready to handle scale and growing demands.

• Enhanced monitoring and alerting capability from the Amazon CloudWatch had been notify the support team on any production issues so they can mitigate it immediately.
• The overall security posture on the cloud is improved using cloud native security features private networks and continuous compliance using AWS Config.
• AWS Backint Agent supports full, incremental, differential, and log backup of SAP HANA databases and catalogs to Amazon S3.
• AWS Infra delivers 20 to 25 % more SAPS than the other cloud service providers
• AWS delivers 3 IOPS per GB (IOPS read size is 16 kb) normally other cloud service providers deliver 1 IOPS (IOPS read size is 8 kb).
• Auto recovery – automatically recover an impaired instance due to an underlying hardware failure which is unique across industry
• Cost effective object storage S3 which is having unique features that helps the client to store logs ad native data backup which can help for data analytics in future along with archival option.
• Server snapshot with incremental option helps point in time restoration.
• Delivers higher bandwidth which helps to download the SAP software’s more faster 25Gbps internal network from AWS server to S3 storage and server to server.
• AWS Backint Agent for SAP HANA supports server-side encryption of backups and validates Amazon S3 bucket ownership before backup and restore to and from Amazon S3. AWS Backint Agent for SAP HANA is optimized to utilize the maximum Elastic Block Storage (EBS) throughput and network bandwidth available to Amazon S3 from your EC2 instance. This increases the speed at which your SAP HANA database can be backed up or restored to and from Amazon S3, improving your Recovery Time Objective (RTO).
• AWS Backint Agent for SAP HANA can automatically backup your SAP HANA database log files to Amazon S3 at regular intervals to meet your RPO requirements.

• AWS IAM role-based access control to restrict users to only the required resources.
• Deep visibility into API calls are maintained through AWS Cloud Trail, including who, what, and from where calls were made. All user related activities are tracked and logged.
• For any Administrative task Remote user have need to connect to VPN client for accessing the servers. All the RDP/SSH port are bound with OpenVPN server, also default ports will be changed to the custom port.
• The DB ports are accessible only from the Application and are restricted using Security Group.
• All the SAP and CMS workloads are under the private subnets, the Fiori and CMS application are exposed using the Application Load Balancer. SSL listeners has been setup for ALB and certificate has been issued using AWS ACM.