IBM Cloud Docs
Backup strategies for SAP HANA on IBM Power Virtual Server

Backup strategies for SAP HANA on IBM Power Virtual Server

IBM Cloud offers a robust Power Virtual Server infrastructure to run SAP HANA, and this document outlines the steps and best practices for performing backups of SAP HANA database.

When deploying SAP HANA on Power Virtual Server instance, it is essential to implement a reliable and efficient backup strategy to ensure the availability and recoverability of your data. Two primary methods are available for performing backups of SAP HANA database running on Power Virtual Server instance:

  1. Secure automated backup with Compass for SAP HANA
  2. SAP HANA Backint Agent for IBM Cloud Object Storage

Both of these methods offer flexible, secure, and scalable solutions for backing up SAP HANA, and each has its own set of advantages based on your infrastructure and requirements.

Secure automated backup with Compass for Linux

The Backup Offering is powered by Cobalt Iron Compass and is accessible from the IBM Cloud catalog. The Backup Offering provides enterprise-class backup and restore features in a cloud-centric SaaS solution. Compass capabilities and security features, along with many other security functions provides protection and self-assessments to protect enterprise data and applications.

For more information, see Cobalt Iron documentation.

Cobalt Iron Compass protects various platforms, applications, and data classes. The Backup Offering includes the following unique features and functions for SAP HANA on Power Virtual Server:

  1. HDBackInt-integrated backup and restore of SAP HANA databases
  2. HDBackInt-integrated backup and restore of SAP HANA redo log files
  3. Support for the SAP HANA Cockpit for configuration, monitoring, and scheduling of backups

The Backup Offering provides various integrated security and operational features that includes:

  1. Alerting, notifications, and ticketing features and integration
  2. Automated auditing and validation of backup server landscape
  3. Backup server automation that includes hands-free automation of all backup server tasks
  4. Centralized policy management
  5. Complete governance
  6. Data reduction through compression and deduplication
  7. Data replication across regions in IBM Cloud
  8. Encryption of data in all phases from in-transit, to-storage, and at-rest
  9. Extensive support for encryption, data immutability, and other security access controls
  10. Multitenancy and unlimited sub-organizations
  11. Role-based access control management.

Network architecture for deploying the backup instance

To deploy the backup instance, use one of the following architectures:

Single copy Backup Offering

Using a single copy Backup Offering, you can take a backup of your workload in a single data center.

By studying the network architecture diagram of single copy Backup Offering, you can understand the following concepts:

  • The architecture of single copy Backup Offering deployed in IBM data center
  • The requirements for AIX and Linux VMs on Power to access the Compass backup servers through the IBM Cloud network

Compass Accelerator Vaults are backup server instances that are preconfigured in IBM Cloud data centers and are replicated across other regions.

Do not deploy any additional resources to the Backup Offering VPC.

Backup Offering network architecture
Single copy Backup Offering network architecture

The Backup as a Service (BaaS) VPC is created when the Backup Offering is provisioned. The BaaS VPC enables Virtual Private Endpoints (VPEs) for private IP connectivity to the managed backup server instances. When you deploy the backup server instance, an automation process creates the following network segments:

  • Local Transit Gateway, if it does not exist
  • BaaS VPC for the dedicated use of the backup activity
  • VPE for secure connectivity to each of the backup servers
  • Security group with inbound rule, address prefix, and subnet

The Backup Offering VPC and the Power Virtual Server workspaces must exist in the same region and be connected by using the local Transit Gateway. You can connect your on-premises workloads to the Transit Gateway through the Direct Link connection. You can use VPN connection in place of a Direct Link connection.

Dual copy Backup Offering

Using a dual copy Backup Offering, you can take a backup of your workload in two different data center regions.

By studying the network architecture diagram of dual copy Backup Offering, you can understand the following concepts:

  • The architecture of dual copy Backup Offering that is deployed in IBM data center
  • The requirements for AIX and Linux VMs on Power to access the Compass backup servers through the IBM Cloud network

Compass backup servers are preconfigured in data centers and are also replicated across the other regions.

Do not deploy any additional resources to the Backup Offering VPC.

Backup Offering network architecture
Dual copy Backup Offering network architecture

The Backup Offering VPC is a managed backup server instance that is deployed when the Backup Offering is provisioned. When you deploy the backup server instance, an automation process creates the following network segments:

  • Local Transit Gateway if it does not exist
  • VPC for backup activity only
  • VPE for each of the backup servers
  • Security group with inbound rule, address prefix, and subnet

The Backup Offering VPC and the Power Virtual Server workspaces must exist in the same region and be connected by using the local Transit Gateway. You can connect your on-premises workloads to the Transit Gateway through the Direct Link connection. You can use VPN connection in place of a Direct Link connection.

Provisioning the backup instance in IBM data center

To create and deploy a backup server instance from the IBM Cloud catalog, complete the following steps:

  1. Log in to the IBM Cloud catalog with your credentials.

    To create or edit VPC and Transit Gateway, you must have roles with permissions such as writer or editor for your IBM Cloud account.

  2. In the search box, type Compass Backup and click Secure Automated Backup with Compass tile.

  3. Select a deployment location for your backup instance.

It is recommended not to deploy any additional resources to the Backup Offering VPC.

  1. Define the fields – Pricing plan, Service name, Resource group, your IBM Cloud API key, and Compass organization name according to your business needs. Also, specify the VPC subnet IP range that you want to use to access the Compass Vaults.

  2. Click Create.

  3. Compass creates and connects the Backup VPC to the Power Virtual Server workspace that you want to back up by using the local Transit Gateway. A Transit Gateway is created if it does not exist.

    For more information, see Ordering IBM Cloud Transit Gateway and Using virtual private endpoints for VPC to privately connect to IBM Cloud Transit Gateway.

  4. Click Launch Compass UI that will redirect you to the Cobalt Iron Compass Commander page where you need to complete the setup. For more information, see Cobalt Iron documentation.

Connectivity between Power Virtual Server instances and the backup servers is established via a Transit Gateway connection to the backup VPC. Name resolution is for the backup server connections, which is also required. You can accomplish this using the agent system's /etc/hosts file, or by adding CNAME entries to your agent system's DNS server. These elements need to be deployed in your account (Transit Gateway and VPC provisioning and setup happens through automation when the Backup Offering is provisioned).

Installation and configuration of agent on host

For detailed installation and configuration steps refer to the SAP HANA agent setup process PDF

Pricing

When you use the Backup Offering, you are billed monthly through IBM Cloud for the amount of data backed up for the region and are billed hourly. For more information about pricing plans, see Cobalt Iron - Secure Automated Backup page accessible from the IBM Cloud catalog. You can generate an estimate of the cost based on your expected usage from the Summary pane.

Supported data centers

The single copy Backup Offering is available in the following data centers:

  • DAL10
  • DAL12
  • FRA04
  • FRA05
  • MAD02
  • MAD04
  • OSA21
  • SAO01
  • SAO04
  • SYD04
  • SYD05
  • TOK04
  • WDC07
  • WDC06

The dual copy Backup Offering is available in the following data center pairs:

Data center pair availibility for Backup Offering
Data Center 1 Data Center 2
DAL10 WDC07
DAL12 WDC06
MAD02 FRA04
MAD04 FRA05
SAO01 SAO04
OSA21 TOK04
SYD04 SYD05
DAL13 WDC04
LON04 LON06

Additional support

Support for the Backup Offering is provided by Cobalt Iron.

  • For more information about the offering, see the Cobalt Iron documentation.
  • For issues related to backup and restore, contact Cobalt Iron by opening a service ticket through support.cobaltiron.com.

SAP HANA Backint agent for IBM Cloud Object Storage

  • The Backint agent for SAP HANA is a tool designed to integrate with third-party backup solutions. It allows SAP HANA backups to be offloaded to various backup storage systems, such as IBM Cloud Object Storage or to a local storage disk.
  • The SAP HANA Backint Agent for IBM Cloud Object Storage is bundled as part of the IMDB_SERVER*.SAR installation file (SAP HANA database installation binary) and is essential for performing backups on SAP HANA in compliance with SAP’s backup guidelines.
  • SAP HANA Backint agent is supported both on SUSE Linux Enterprise Server (SLES) and RedHat platforms.

Prerequisites

Before you begin, ensure the following prerequisites are met:

  1. It is required to have an IBM Cloud Object Storage (COS) instance. Within this instance, an Object Storage Bucket is required. Refer to IBM Cloud Object Storage for more details.
    1. Log into IBM Cloud Console and create an instance of IBM Cloud Object Storage.
    2. Create a bucket where backups will be stored.
    3. Make sure to set the bucket’s permissions properly to control access.
    4. Obtain the service credentials (API key) required to authenticate your backups.
  2. The IMDB_SERVER*.SAR file downloaded from SAP Softwarecenter.

For better performance create an IBM Cloud VPC(VPC) and create a virtual private endpoint gateway (VPE) of type Cloud Object Storage. Add an entry in the /etc/hosts file on Power Virtual Server instance with the VPE IP which points to the direct endpoint of Cloud Object Storage. To reach the IP of VPE from the Power Virtual Server instance, the VPC and the Power Virtual Server Workspace must be connected to the same Transit Gateway.

Installation and configuration of agent on host

  1. Extract the downloaded IMDB_SERVER*.SAR on the Power Virtual Server instance.
  2. The backint agent installation package is available in SAP_HANA_DATABASE/server/aws-s3-backint-<version>-linuxppc64le.tar.gz.
  3. SAP Note 2935898 describes how to install and configure the SAP HANA Backint Agent for IBM Cloud Object Storage.
  4. Refer to BACKUP DATA Statement (Backup and Recovery).