Drive Operational Efficiency at Raikela Iron ore Mines with SAP on AWS

M/s Geetarani Mohanty, operating as M/s GRM, is a registered partnership firm under the Indian Partnership Act of 1932. With over three decades of experience, M/s GRM is a well-established mining company known for its scientific mining practices. It operates primarily in the Koira Block of Sundargarh district, Odisha, focusing on Iron Ore extraction.

M/s GRM is deeply committed to Health, Safety, and Environmental (HSE) standards and champions sustainable mining practices. The company’s success stems from a collaborative management approach that emphasizes scientific mining, mechanization, exploration, and ecosystem preservation. With an experienced team and strict adherence to global mineralogical recovery standards, M/s GRM consistently provides high-quality minerals for both domestic and international markets.

M/s Geetarani Mohanty serves the steel, engineering, and related industries, known for delivering consistent-grade products with punctual and seamless delivery. The company values its human resources as a cornerstone of its ongoing success.

• Geetarani Mohanty was an application built on the SAP platform designed to operate within the Azure cloud environment. The primary challenge revolved around tackling vendor support concerns, meeting increasing demand, and promptly adapting to evolving requirements. The critical focal points included ensuring security, establishing robust database backup procedures, and developing effective restoration strategies in case of failures: 
  • Infrastructure Administration skillsets: Setting up and overseeing the foundational infrastructure for SAP systems in a cloud environment can prove intricate and resource-intensive. The task entails configuring and fine-tuning virtual machines, storage, and network components, demands specialized knowledge and proficiency.

   

  • Seeking Cost Efficiency: Although Azure Cloud offers flexibility and scalability, the organization is also focused on achieving cost-optimized solutions. Issues like misconfigured resources and instances of over or underutilization have led to avoidable expenses.

   

  Prompt Vendor Support: Managing delayed responses from the vendor’s support team presents a significant challenge. GRM faced critical issues that required immediate attention and resolution, yet the vendor’s support team faced difficulties in providing timely responses. This circumstance resulted in extended system downtime, negatively affecting business operations. The presence of ambiguities or inefficiencies in the vendor’s escalation processes has led to an increased mean time to recover, causing concerns about its adverse impact on the customer’s SAP environment.

• Configuring the SAP on AWS infrastructure involved several key steps. Here is a high-level solution approach we took for Geetarani Mohanty for configuring the SAP on AWS.
  • Planning and Architecture Design
  • Network & Connectivity
  • Infrastructure Provisioning
  • SAP Installation & Configuration
  • Data Migration & Integration
  • Security & Compliance

   

  During the implementation phase, we addressed several key technical aspects:

  • Workmate’s team provisioned SAP instances based on the BSAP Notes updated to November 28, 2021, adhering to the recommended sizing.

   

  • We established an isolated network, specifically a Virtual Private Cloud (VPC), equipped with robust security measures and firewalls (AWS In-built). Additionally, we set up a VPN server with Linux OS in alignment with network security and compliance requirements. All servers and resources were placed within the private subnet, and we chose the AWS Mumbai region to minimize network latency.

   

  • In the public subnet, only the production OpenVPN server was deployed, making it internet-facing. The other production servers, including application and database servers, were situated in the private subnet, which is off the internet zone. All servers were bound to the OpenVPN server, and remote users used the OpenVPN client to access them. To enhance security, we modified the default RDP/SSH and DB server ports.

   

  • We also ensured access to AWS Systems Manager in case RDP/SSH credentials were lost for the provisioned instances. To simulate proper traffic handling, we implemented an Application Load Balancer (ALB). The ALB endpoint served incoming requests to the application server.

   

  • Monitoring was made available through AWS Enterprise tool CloudWatch. Initially, we employed native backups on the VM itself, later transferring them to S3.

   

  • All infrastructure and database backups were stored on the S3 storage service, with a retention period of 15 days, ensuring accessibility at any time. System, container, and database logs were enabled in CloudWatch Logs and copied to an S3 bucket for archiving purposes. We also utilized CloudTrail to record changes in AWS infrastructure, maintaining 90 days of logs without incurring additional costs.

  All the Infrastructure has been spined up using CloudFormation templates.

GRM SAP application was successfully deployed on the AWS environment ready to handle scale and growing demands.

• Now customer is able to Deploy new SAP environments in hours instead of weeks or months using automated pipelines and templates.
• By appropriately sizing virtual machines to align with business needs and optimizing costs, we accelerated customer business transformation and growth through the deployment of SAP on AWS Cloud.
• Ensures high availability and reliability for critical business applications. Able to achieve 95% uptime.
• Reduces database backup times from 6 hours to 30 minutes.

Impressed regulators with a robust array of security features, certifications, and comprehensive data protection mechanisms that effectively meet a range of regulatory demands, ensuring the utmost data integrity and confidentiality.

• AWS IAM role-based access control to restrict users to only the required resources.
• Deep visibility into API calls are maintained through AWS Cloud Trail, including who, what, and from where calls were made. All user related activities are tracked and logged.
• For any Administrative task Remote user have need to connect to VPN client for accessing the servers. All the RDP/SSH port are bound with OpenVPN server, also default ports will be changed to the custom port.
• The DB ports are accessible only from the Application containers and are restricted using Security Group.
• All the container workloads are under the private subnets, the Fiori application are exposed using the Application Load Balancer. SSL listeners has been setup for ALB and certificate has been issued using AWS ACM.