Adding an SAP HANA application server

Edit online

To start protecting SAP HANA resources, you must add the server that hosts your SAP HANA instances, and set credentials for the instances. Repeat the procedure to add all the servers that host the SAP HANA resources.

Before you begin

IBM Storage® Protect Plus agent secures the connections that are established by the hdbsql client even if they are inside the SAP HANA application server. If you are not using the default Personal Security Environment (PSE) file or if you want to specify the SSL options, you must configure the additional parameters in the /etc/guestapps.conf file.

The shown values represent the defaults that are applied in the absence of the file.
[DEFAULT]

HANATolerateUnencryptedHdbsqlConnections = True
HANAHdbsqlSSLOptions = (Empty)
To configure the parameters, complete the following steps:
  1. Create the guestapps.conf file in /etc/, which does not exist by default.
  2. Change the HANATolerateUnencryptedHdbsqlConnections parameter value to False. The default value is True.
    Note: The SAP HANA hdbsql commands that are issued by the IBM Storage Protect Plus agent will always encrypt the communication, if this parameter is set to False.
  3. Depending on the type of certificate being used, add any of the SSL related options listed to the HANAHdbsqlSSLOptions parameter, which will be passed to hdbsql. The default value is empty.
    • ssltrustcert
    • ssltruststore <file name>
    • sslhostnameincert <hostname>
    • sslkeystore <file name>
    • sslprovider <provider name>
    • sslsniname <hostname>
    For example,:
    
HANAHdbsqlSSLOptions=-ssltrustcert -ssltruststore /usr/sap/PLE/HDB00/ulmhana5/sec/sapcli.pse

    For more information about the SSL options and their arguments, refer to SAP HANA Documentation.

  4. Save the file.

About this task

To add an SAP HANA application server to IBM Storage Protect Plus, you must have the host address of the machine.

Procedure

  1. In the navigation panel, expand Manage Protection > Databases > SAP HANA.
  2. In the SAP HANA window, click Manage Application Servers, and click Add Application Server to add the host machine.
  3. In the Application Properties form, enter the Host Address.
  4. Obtain the server key and verify that the key type and key fingerprint match the host. Click Get server key.
    Get server key
    The SSH server key for the Linux-based host. You must complete this step when adding servers for the first time or if the key on the server changes.
    Key type
    The type of key for the Linux-based host is displayed. The following key types are supported:
    • RSA with a minimum key size of 2048 bits
    • ECDSA
    • DSA
    Key fingerprint
    The MD5 hash of the SSH key fingerprint is displayed. Confirm that they key fingerprint matches the key fingerprint of the host that you are adding.
  5. Choose to register the host with a user or an SSH key.
    • If you choose to specify a user, either select Use existing user or enter user ID and Password.
    • If you are using an SSH key, select SSH key from the menu.
    • password
    Restriction: Any user that is specified must have sudo privileges set up.
    Figure 1. Adding an SAP HANA agent
    Adding SAP HANA application server
  6. Click Get Instances to detect and list the SAP HANA instances that are available on the host server that you are adding.

    Each SAP HANA instance is listed with its connection host address, status, and an indication of whether it is configured.

  7. Click Set Credential, and set the database user ID, and password. Alternatively, you can select to use an existing user profile.
    For more information about access control, see Managing user access.

    When you set credentials, you assign SAP HANA user roles for the backup and restore operations with access to role-protected SAP HANA servers. The SAP HANA user that is assigned for the role-protected SAP HANA server requires the following privileges to protect resources:

    • BACKUP ADMIN: Authorizes BACKUP and RECOVERY statements for defining and initiating backup and recovery procedures. It also authorizes changing system configuration options with respect to backup and recovery.
    • CATALOG READ: Authorizes unfiltered access to the data in the system views that a user has already been granted the SELECT privilege on.
    • INIFILE ADMIN: Authorizes the user to make changes to the system settings.
    • DATABASE RECOVERY OPERATOR: Authorizes the user to copy or recover the tenant databases. It also authorizes to check whether the backups are accessible.
  8. Save the form, and repeat the steps to add other SAP HANA application servers to IBM Storage Protect Plus.

What to do next

After you add the SAP HANA application servers to IBM Storage Protect Plus, an inventory is automatically run on each application server to detect the relevant databases in those instances.

To verify that the databases are added, review the job log. Go to Jobs and Operations. Click Running Jobs tab, and look for the latest Application Server Inventory log entry.

Completed jobs are shown on the Job History tab. You can use the Sort By list to sort jobs based on start time, type, job name, or duration. Use the Search by name field to search for jobs by name. You can use asterisks as a wildcard in the name.

Databases must be detected to ensure that they can be protected. For instructions about running a manual inventory, see Detecting SAP HANA resources.