このページは、お客様の言語ではご利用いただけません。Huawei Cloudは、より多くの言語バージョンを追加するために懸命に取り組んでいます。ご協力ありがとうございました。
- What's New
- SAP on Cloud Technology Poster
- SAP Deployment Guide
- Data Provider for SAP User Guide
- SAP HA and DR Guide
- SAP Security White Paper
- SAP HANA Overview
-
SAP HANA User Guide (Single Node)
- Introduction
-
Deployment
- Scheme
- Data Planning
- Preparing Resources
- Creating ECSs
- Installing SAP HANA (Single-Node Deployment Without HA Required)
-
Installing SAP HANA (Single-Node Deployment with HA Required)
- Formatting a Disk
- Installing the SAP HANA Software
- Installing the SAP HANA Studio on a Windows ECS
- Installing the SAP HANA Studio on a Linux ECS
- Connecting SAP HANA Nodes to the SAP HANA Studio
- Configuring the Backup Path
- Configuring the System Replication
- Configuring HA on SAP HANA Nodes
- Configuring SAP HANA Storage Parameters
- Installing Data Provider
- Configuring iSCSI (Cross-AZ HA Deployment)
- Management and Monitoring
- Backing Up and Restoring Data
- FAQs
- Appendix
- Change History
- SAP HANA HA and DR Guide
- SAP NetWeaver User Guide
-
SAP Application AS User Guide
- Overview
- Deployment
- SAP Application AS Management
-
FAQs
- What Is SAP Application AS?
- What Are the Advantages of SAP Application AS?
- What Are Restrictions on Using SAP Application AS?
- How Many AS Policies and AS Configurations Can I Create and Use?
- How Many AS Policies Can Be Enabled?
- How Can I View the Logs of SAP Application AS?
- How Do I Change the CPU Threshold?
- Change History
- SAP S/4HANA Quick Deployment Guide
- SAP S/4HANA HA Deployment Guide
- SAP Business One User Guide
- SAP Business One Quick Deployment Guide
-
Best Practices
- SAP Best Practices
- Huawei Cloud SAP on DB2 Installation Best Practice
- Huawei Cloud SAP on SQL Server Installation Best Practice
-
SAP S/4HANA (1809) HA Deployment Best Practice
- Overview
- Preparations
- Resource Planning
- Resource Creation
- Software Installation
- High Availability Configuration
- Change History
- HUAWEI CLOUD SAP Business One on HANA Installation Best Practice
-
SAP Monitoring Best Practices
- Overview
-
Installing the Monitoring Agent
- SAP HANA (Single-Node Deployment Without High Availability Required)
- SAP HANA (Single-Node Deployment With High Availability Required)
- SAP S/4HANA (Single-Node Deployment Without High Availability Required)
- SAP S/4HANA (Single-Node Deployment With High Availability Required)
- SAP S/4HANA (Distributed Deployment with High Availability Required)
- SAP S/4HANA (Distributed Deployment Without High Availability Required)
- SAP ECC
- (Optional) Upgrading the Monitoring Agent
- Viewing Monitoring Metrics
- Configuring Grafana SAP Full Screen Monitoring
- Alarm Configuration
- FAQs
- Best Practices of SAP Migration to HUAWEI CLOUD
- Best Practice of Using Block-Level Migration of SMS to Migrate SAP Applications and Databases Running on Linux Servers
- Best Practice of SAP Migration from XEN to KVM
- Best Practice of SAP Disaster Recovery with SDRS
- Best Practice of Rsync-based SAP Disaster Recovery
- SAP Backint Installation Guide
- Best Practices for Uploading SAP Backups to the OBS Bucket
- Best Practices of the SAP ASE Solution
- Best Practices of SAP System Capacity Expansion
- Change History
-
FAQs
-
FAQs
- Basic Concepts
-
Purchase
- Why Do I Deploy SAP System on the Cloud?
- What Are the Advantages of Huawei SAP on Cloud Solution?
- What SAP Products Does Huawei SAP on Cloud Solution Support?
- Can I Migrate Local SAP Resources Directly to the Cloud?
- Which Billing Mode Should I Choose When Buying SAP Systems on HUAWEI CLOUD?
- Is SAP Hybris Supported?
- How Do I Ensure the Security of SAP Systems Deployed on HUAWEI CLOUD?
- What Are the Advantages of Deploying SAP HANA on HUAWEI CLOUD?
- What Are the Scenarios Supported by Huawei SAP on Cloud Solution?
- Does HUAWEI CLOUD Sell SAP Software Licenses?
- How Do I Use SAP Software Licenses on HUAWEI CLOUD?
- What Are the Application Scenarios of SAP HANA?
- What OSs Can Be Used by SAP Products on HUAWEI CLOUD?
- Can I Deploy SAP Software on HUAWEI CLOUD Immediately Just After Buying It?
- Can I Migrate SAP Systems on Other Clouds to HUAWEI CLOUD?
-
Products
- What SAP HANA Products Does HUAWEI CLOUD Provide?
- What HANA ECSs Does HUAWEI CLOUD Provide?
- What SAP NetWeaver ECSs Does HUAWEI CLOUD Provide?
- How Do I Deploy SAP NetWeaver on HUAWEI CLOUD?
- How Do I Deploy SAP HANA on HUAWEI CLOUD?
- How Do I Back Up and Restore SAP HANA?
- How Do I Deploy HA and DR Systems?
- How Can I Migrate an Existing SAP System to HUAWEI CLOUD?
- How Can I Do Sizing?
- What Modules Does a Typical SAP System Contain?
- How Many SAP Systems are Required to Support Services?
- How Do I Back Up SAP Systems and the HANA Database on HUAWEI CLOUD?
- How Do I Connect to the SAP System on HUAWEI CLOUD?
- Change History
-
FAQs
- Videos
- Glossary
- General Reference
Copied.
Service Border
The development and test environment needs to interconnect with enterprise intranets for service development and tests and communicate with the public network. Therefore, set up VPN channels between the development and test environment and enterprise intranets (IDCs). Configure access control policies between the cloud and the on-premises system and between the cloud and the Internet.
VPN
The development and test environment is used for service development and tests in an enterprise. Therefore, static connections are usually required in the development and test environment. When security and latency are taken into consideration, the recommended priority is as follows: Direct Connect > IPsec VPN > SSL VPN.
NOTE:
Currently, the HUAWEI CLOUD VPN service supports only Direct Connect and IPsec VPN. If you need to use SSL VPN, you can deploy it using a third-party image.
Security Policies
The development and test environment needs to communicate with enterprise intranets and allow access from the Internet. Therefore, networks ACLs are used for access control.
As shown in Figure 1, network ACL NACL-DEV-APP is associated with the subnets for the DEV-DMZ, DEV-application, and DEV-SAP DB zones. Configure outbound rules of network ACL NACL-DEV-APP to strictly control access to enterprise intranets (IDCs), allowing access to only specified IP addresses and ports in IDCs.
Configure inbound rules of network ACL NACL-DEV-APP based on your service requirements to control access from IDCs to the development and test environment. For a fixed scenario, such as an AD server, configure access control policies to allow the AD server to communicate with specified IP addresses and ports in the cloud. For end users, configure access control policies to allow them to access a specified IP address segment and port range and management ports, such as 22 and 3389.
Network ACL NACL-DEV-APP is associated with the subnets for the DEV-DMZ, DEV-application, and DEV-SAP DB zones. Network ACL NACL-DMZ-SAP-Router is associated with the subnet for the DEV&PRD SAP router. Configure their inbound rules to strictly control access from the Internet, allowing access from the Internet to only specified IP addresses and ports in the development and test environment.
NOTE:
IP addresses and ports in this section are only used as examples. If the public IP address is not fixed, you can create an ACL rule to allow access from a specified public source IP address to meet your service requirements (such as technical support) and then delete the rule when it is not required. If there are other services, you can add ACL rules as required.
|
Rule |
Destination IP Address |
Protocol |
Destination Port |
Allow or Deny |
Description |
|---|---|---|---|---|---|
|
* |
0.0.0.0/0 |
Any |
Any |
Deny |
Denies all outbound traffic that is not processed using preset fixed rules. |
|
Rule |
Source IP Address |
Protocol |
Destination Port |
Allow or Deny |
Description |
|---|---|---|---|---|---|
|
For SAP technical support personnel (SAP GUI or software server) |
123.123.123.0/24 |
TCP |
3299 |
Allow |
Allows Internet SAP technical support personnel (SAP GUI or software server) from specified source IP addresses to access the DEV&PRD SAP router and then access backend services. |
|
* |
0.0.0.0/0 |
Any |
Any |
Deny |
Denies all inbound traffic that is not processed based on preset rules. |
|
Rule |
Destination IP Address |
Protocol |
Destination Port |
Allow or Deny |
Description |
|---|---|---|---|---|---|
|
For AD or ADFS servers |
IP address of an AD or ADFS network in the IDC |
TCP |
AD or ADF port |
Allow |
Allows access to AD or ADFS servers in IDCs. |
|
* |
0.0.0.0/0 |
Any |
Any |
Deny |
Denies all outbound traffic that is not processed based on preset rules. |
|
Rule |
Source IP Address |
Protocol |
Destination Port |
Allow or Deny |
Description |
|---|---|---|---|---|---|
|
For Internet users and consultants |
123.123.123.0/24 |
TCP |
80 |
Allow |
Allows Internet users and consultants from specified IP addresses to access web services in the development and test environment. |
|
For Internal users and consultants |
123.123.123.0/24 |
TCP |
443 |
Allow |
Allows Internet users and consultants from specified IP addresses to access web services in the development and test environment. |
|
For IDC users and consultants |
A subnet (subnet b) in an IDC |
TCP |
80 |
Allow |
Allows internal users and consultants in a subnet (subnet b) in an IDC to access web services in the development and test environment. |
|
For IDC users and consultants |
A subnet (subnet b) in an IDC |
TCP |
443 |
Allow |
Allows internal users and consultants in a subnet (subnet b) in an IDC to access web services in the development and test environment. |
|
* |
0.0.0.0/0 |
Any |
Any |
Deny |
Denies all inbound traffic that is not processed based on preset rules. |
For security group rule configuration, see the related content in Network Isolation and Access Control.
Security Services
- Anti-DDoS
The development and test environment needs to communicate with the public network. Therefore, it is recommended that you deploy Anti-DDoS on SAP router, SRM, and Hybrids servers. You can use HUAWEI CLOUD Anti-DDoS to protect elastic IP addresses (EIPs).
- WAF
The development and test environment needs to provide web applications for the Internet. Therefore, it is recommended that you install WAF to defend against OWASP TOP10 and other web attacks. You can use the HUAWEI CLOUD WAF service to create WAF instances to protect EIPs.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
