SAP Vora - AWS Marketplace Production Edition Reference Guide

Similar documents
Master Guide for SAP HANA Smart Data Integration and SAP HANA Smart Data Quality

Configuring Client Keystore for Web Services

PUBLIC SAP Vora Sizing Guide

System Requirements and Technical Prerequisites for SAP SuccessFactors HCM Suite

Non-SAP Backend System Readiness Check

SAP Workforce Performance Builder 9.5

Creating RFC Destinations

Afaria Document Version: Windows Phone Enterprise Client Signing

Development Information Document Version: CUSTOMER. ABAP for Key Users

ADDITIONAL GUIDES Customer SAP Enable Now System Requirements Customer

SAP Enable Now What s New. WHAT S NEW PUBLIC Version 1.0, Feature Pack SAP Enable Now What s New. Introduction PUBLIC 1

PUBLIC Rapid Deployment Guide

SAP Enable Now. Desktop Components (Cloud Edition)

What's New in SAP HANA Smart Data Streaming (Release Notes)

SAP IoT Application Enablement Reuse Components and Templates

Configuring the Web Service Runtime for ATTP

ATTP Settings for ATTP to ATTP Connection

SAP VORA 1.4 on AWS - MARKETPLACE EDITION FREQUENTLY ASKED QUESTIONS

SAP Enable Now. System Requirements

SAP Workforce Performance Builder 9.5

Configuring the SAP Cryptolibrary on the ABAP Application Server

1704 SP2 CUSTOMER. What s New SAP Enable Now

Security Guide SAP Supplier InfoNet

PUBLIC DQM Microservices Blueprints User's Guide

SAP Anywhere Security Guide

VERSION 1.0, FEATURE PACK What s New SAP Enable Now

Advanced Reporting in the Online Report Designer Administration Guide

SAP Workforce Performance Builder

FAQs. Business (CIP 2.2) AWS Market Place Troubleshooting and FAQ Guide

CUSTOMER Upgrade: SAP Mobile Platform SDK for Mac OS

FortiMail AWS Deployment Guide

Introduction to Cloudbreak

edocument for Hungary Invoice Registration - SAP Cloud Platform Integration Guide (SAP S/ 4HANA Cloud)

CUSTOMER SAP Afaria Overview

Manual 1704 Document Version: SAP SE or an SAP affiliate company. All rights reserved. PUBLIC. SAP Enable Now.

edocument for Italy - SAP Cloud Platform Integration Guide

Cloudera s Enterprise Data Hub on the Amazon Web Services Cloud: Quick Start Reference Deployment October 2014

Pexip Infinity and Amazon Web Services Deployment Guide

SAP Workforce Performance Builder 9.5

Load Balancing Web Servers with OWASP Top 10 WAF in AWS

SAP Enable Now. Desktop Assistant

CPM. Quick Start Guide V2.4.0

Secure Login for SAP Single Sign-On Sizing Guide

NGF0502 AWS Student Slides

SonicWall Web Application Firewall 2.0. AWS Deployment Guide

Installation of Informatica Services on Amazon EC2

PCoIP Connection Manager for Amazon WorkSpaces

NetApp Cloud Volumes Service for AWS

Deploy the Firepower Management Center Virtual On the AWS Cloud

Load Balancing FreePBX / Asterisk in AWS

Puppet on the AWS Cloud

Load Balancing Nginx Web Servers with OWASP Top 10 WAF in AWS

TIBCO Cloud Integration Security Overview

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Security and Privacy Overview

Bomgar Vault Server Installation Guide

unisys Unisys Stealth(cloud) for Amazon Web Services Deployment Guide Release 2.0 May

EdgeConnect for Amazon Web Services (AWS)

MICROSTRATEGY PLATFORM ON AWS MARKETPLACE. Quick start guide to use MicroStrategy on Amazon Web Services - Marketplace

Launch and Configure SafeNet ProtectV in AWS Marketplace

epldt Web Builder Security March 2017

8.0 Help for Community Managers Release Notes System Requirements Administering Jive for Office... 6

Xerox Connect for Dropbox App

CloudEdge Deployment Guide

Installing SmartSense on HDP

Amazon AppStream 2.0: SOLIDWORKS Deployment Guide

Pulse Connect Secure Virtual Appliance on Amazon Web Services

Accessing clusters 2. Accessing Clusters. Date of Publish:

Configuring AWS for Zerto Virtual Replication

Silver Peak EC-V and Microsoft Azure Deployment Guide

CPM Quick Start Guide V2.2.0

Cloudera s Enterprise Data Hub on the AWS Cloud

Sophos Mobile Control SaaS startup guide. Product version: 6.1

McAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide

Pexip Infinity and Amazon Web Services Deployment Guide

F5 BIG-IQ Centralized Management and Amazon Web Services: Setup. Version 5.4

CloudLink SecureVM. Administration Guide. Version 4.0 P/N REV 01

Silver Peak. AWS EC-V for Multi- Instance Inbound Load Balancing

Hortonworks SmartSense

StreamSets Control Hub Installation Guide

CloudEdge SG6000-VM Installation Guide

Deploy and Secure an Internet Facing Application with the Barracuda Web Application Firewall in Amazon Web Services

Infosys Information Platform. How-to Launch on AWS Marketplace Version 1.2.2

HySecure Quick Start Guide. HySecure 5.0

Cloud Help for Community Managers...3. Release Notes System Requirements Administering Jive for Office... 6

Databricks Enterprise Security Guide

AWS Integration Guide. Full documentation available at

SAP IoT Application Enablement Best Practices Authorization Guide

Guide for Attempting an HDP Certification Practice Exam. Revision 2 Hortonworks University

Integration Service. Admin Console User Guide. On-Premises

Tetration Cluster Cloud Deployment Guide

FAQ. General Information: Online Support:

DreamFactory Security Guide

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

Testbed-12 TEAM Engine Virtualization User Guide

Chef Server on the AWS Cloud

DenyAll WAF User guide for AWS

Xcalar Installation Guide

Quick Install for Amazon EMR

Tanium IaaS Cloud Solution Deployment Guide for Microsoft Azure

Transcription:

SAP Vora - AWS Marketplace Production Edition Reference Guide 1. Introduction 2 1.1. SAP Vora 2 1.2. SAP Vora Production Edition in Amazon Web Services 2 1.2.1. Vora Cluster Composition 3 1.2.2. Ambari 3 1.2.3. Vora Manager and Vora Tools 3 1.2.4. Zeppelin 3 1.2.5. Makerr Updates: Continuous Delivery and Deployment 4 1.3. Bill of Material 4 2. Getting Started 4 2.1. Prerequisites 4 2.2. Cluster Provisioning and Setup 5 3. Security 5 3.1. Network Security 6 3.1.1. Security Groups 6 3.1.2. Virtual Private Cloud 6 3.2. Access Management 7 3.2.1. Authentication and Authorization 8 3.3. Communication Security 10 3.4. Storage Security 11 4. Help & Support 11 SAP Vora AWS Marketplace Production Edition 1

1. Introduction 1.1. SAP Vora SAP Vora is a distributed in-memory engine both in cloud and on premise which provides you with various processing engines for different data types such as Relational Engine, Time Series, Graph, Document Store, Disk-to- Memory Accelerator and a web UI to allow you to develop your data scenarios using visual artifacts. It extends the Spark execution engine and sits in the Hadoop Ecosystem. 1.2. SAP Vora in Amazon Web services (AWS) Marketplace SAP Vora Production Edition is a public cloud solution offering SAP Vora in Amazon Marketplace. This AWS Marketplace offering provides SAP Vora Console for provisioning and managing Vora on Hortonworks Data Platform Hadoop distribution. The marketplace Image (AMI) can be used to launch and create a fully functional SAP Vora cluster. By launching Marketplace AMI, we get an EC2 instance which is of node type ManagerVora (also referred as Manager). This instance has SAP Vora Console application that is used to launch and configure an optimal cluster. The Vora Console application is running in the instance under Docker. This application serves as provisioning and orchestrating engine. The overview of the SAP Vora in AWS is shown in figure below: SAP Vora AWS Marketplace Production Edition 2

1.2.1. Vora Cluster Composition When the marketplace AMI is launched, an instance of type ManagerVora node is created. The Vora console runs on manager node/instance. Once the instance passes 2x2 checks in AWS, Vora console is available and can be accessed by using the public IP address of the instance. The console is used to set up an optimal cluster to start with. The optimal cluster comprises of Manager, Master, Worker and Worker2 node types. The cluster is created within the AWS Virtual Private Cloud, which is secured by firewall settings of security group. More nodes of type DataVora can be added to the cluster for scaling. Below figure shows the different nodes of an optimal cluster. 1.2.2. Ambari Apache Ambari is an open source licensed under Apache 2.0 license. Ambari server is installed on the ManagerVora node (manager instance) and comes built in with marketplace AMI. Apache Ambari provides APIs which are used for Hadoop cluster provisioning and management 1.2.3. Vora Manager and Vora Tools Vora Manager provides a web UI for managing Vora services and node assignments. Vora Tools provide a web UI for viewing and exporting data in tables and views, an SQL editor for creating and running SQL scripts and a modeler for creating data models. Both these tools provide APIs, which are used by Vora Console to automate cluster management. 1.2.4. Zeppelin Zeppelin is an open source tool under Apache License 2.0. It is web-based notebook that enables interactive data analytics. Interactive browser-based notebooks enable data engineers, data analysts and data scientists to be more productive by developing, organizing, executing, and sharing data code SAP Vora AWS Marketplace Production Edition 3

and visualizing results without referring to the command line or cluster details. 1.2.5. Makerr Updates: Continuous Delivery and Deployment On the backend of the Vora console is a webserver powered by Makerr, the orchestration engine. The Makerr runs in a Docker container. The Makerr deployment consists of a package including Makerr binary, set of scripts, configuration files and other additional dependencies. Using dockerized application helps us to continuously deliver new versions in the form of updates to the customer. When SAP uploads the latest Makerr patches to Update server the customer gets a notification on the Vora console regarding the new patch. Customer can download and deploy this new Makerr patches on the running cluster. This technique helps customers to get latest Makerr updates on their running Manager instance, without launching a new instance. Note: This feature is available only for Makerr patches and not for Vora or other patches. 1.3. Bill of Material Below is the Bill of Material for a typical Vora Cluster: Vora 1.4.12 Apache Ambari 2.4.3 as Cluster Provisioning Tool Spark 1.6.2 Hadoop Distribution HDP 2.5.3.0 Zeppelin 0.7.2 Centos 7.2 2. Getting Started 2.1. Prerequisites Below are the prerequisites that needs to be met for launching a fully function SAP Vora Cluster in AWS: Amazon Web Services (AWS) account. Create AWS account or use existing account AWS Access Key and Secret Key AWS Virtual Private Cloud (VPC) setup AWS Security Group setup SAP Vora AWS Marketplace Production Edition 4

Google Chrome (version 24 or higher) Below are the links to How To s Guide which gives a step by step information on how to create a VPC and Security Group with required ports in AWS. Create VPC in AWS: https://s3.amazonaws.com/sapvora/prod/1.4.0.12/guides/aws+step+by+step+guide+to+create+vp C+for+SAP+Vora+1.4_MarketPlace+Edition+Edition.pdf Create Security Group in AWS: https://s3.amazonaws.com/sapvora/prod/1.4.0.12/guides/aws+step+by+step+guide+to+create+se curity+group+for+sap+vora+1.4_marketplace+edition.pdf 2.2. Cluster Provisioning and Setup Once all the prerequisites are met one can launch an instance using Marketplace AMI. Using Vora Console on this instance one can setup and administer a fully functional cluster. Below is the link to How To s Guide which gives a step by step information on how to setup and administer SAP Vora Production Edition cluster in AWS. Cluster Setup and Administration https://s3.amazonaws.com/sapvora/prod/1.4.0.12/guides/sap+hana+vora+cluster+setup+and+a dministration+vora+1.4_marketplace+edition.pdf 3. Security This section provides an overview of communication over network and security mechanisms used by SAP Vora Console and its component s web consoles. Figure below shows the high-level security and communication channels: SAP Vora AWS Marketplace Production Edition 5

3.1. Network Security It is recommended security practice to have a well-defined network topology to control and limit network access to SAP Vora and to apply appropriate additional security measures, such as encryption, wherever necessary. The above target can be achieved through different means, such as separate network zones, network firewalls, and through configuration options provided by SAP Vora (for example, encryption). There are various web based administrative clients included as part of AMI, which are accessed securely using AWS security group firewall and protected by secure channels. The AWS firewall enables access to these web clients on specific inbound ports. 3.1.1. Security Group AWS Security group acts as a virtual firewall. It is mandatory to use EC2-VPC while creating instances to setup Vora cluster. While creating VPC, the security group/s must be specified. Below are the details of the required security group ports: Application Vora Manager Console Vora Manager UI Vora Tools Apache Ambari Port 443, 80 (HTTPS/HTTP) 9443 (HTTPS) 9453 (HTTPS) 8443 (HTTPS) SAP Vora AWS Marketplace Production Edition 6

Zeppelin 9099 (HTTPS) SSH access to the instance 22 Communication within the cluster nodes All the ports to be opened within the VPC It is advised that these inbound ports are opened for the IP addresses of the machines from where the various components will be accessed. It is not recommended to open the ports to everyone. By default, the outbound ports are accessible to all. 3.1.2. Virtual Private Cloud in AWS VPC allows to provision logically isolated resources in AWS. Refer to AWS VPC documentation https://aws.amazon.com/vpc/ for more details. The VPC needs to be specified while launching Amazon EC2 Manager instance. All the instances/nodes in the cluster are also launched in the same VPC during cluster configuration. 3.2. Access Management The Vora Console is accessed using the public IP address of manager instance (https://<public IP of manager>). After successful authentication and authorization, you can use the console for configuring the cluster. SAP Vora AWS Marketplace Production Edition 7

Once the cluster is configured and is in running state, Vora is ready for use. Various components like Apache Ambari management tools, Vora Manager UI, Vora Tools and Zeppelin can be accessed from the links provided on the SAP Vora console. These applications are also secured by their own authentication methods. Below is a table which describes the web clients available and enabled for access: Name URL Port Function SSL Authentication SAP Vora Yes Console Apache Ambari Vora Manager UI/ Vora UI Vora Tools Zeppelin https://<public ip of manager instance> https://<public ip of manager instance> https://<public ip of manager instance> https://<public ip of manager instance> https://<public ip of manager instance> 443 Single dashboard to provision, configure, manage, monitor and scale Vora Cluster 8443 Hadoop cluster management server which provides APIs and web client. The APIs are used by Vora Console backend to configure, manage and monitor the Vora cluster 9443 Vora manager serves as server to Vora Console backend and used to setup and manage Vora cluster. 9453 This is web UI to view, export data tables, SQL editor and modeler 9099 Web based notebook 3.2.1. Authentication and Authorization Yes Yes Yes Yes Password based. Password set when setting up the cluster User: admin Password: set by Vora console (this password is same as console password when first cluster setup is successful) User: admin Password: set by Vora console (this password is same as console password when first cluster setup is successful) User: admin Password: set by Vora console (this password is same as console password when first cluster setup is successful) User: admin this password is same as console password when first cluster setup is successful On top of security provided by the firewall, the instances access is to be authenticated and authorized to the user of the cluster. It is achieved through following measures. SAP Vora AWS Marketplace Production Edition 8

User Authentication and Authorization Vora Console The authorization to access an SAP Vora Console is based on user authentication using the access key and secret access key from AWS. These keys are authenticated to ensure that they are valid and belong to the user of the instance. Instance Authentication The user authentication flow described above takes part in the application layer. In AWS, a self-discovery API describes the instance ID at runtime. The application layer invokes management calls against this instance with help of the access and secret keys. If the call succeeds, then the user has the authorization to manage the instance and therefore can also manage SAP Vora. Session Authentication After successful user authentication in the SAP Vora Console, session cookies are used to maintain a session with predefined expiry. Session cookies are in encrypted format. The session is a sliding window for a session lease. Thus, as the client makes valid calls with sessions cookies, the session gets extended with new session cookies which are set from the server. If the session cookies expire and the session is stale, the client cannot make any more requests. The client is then returned to the login page for re-authentication. Apache Ambari, Vora Manager, Vora Tools & Zeppelin Ambari, Vora manager UI, Vora Tools and Zeppelin has user and password based authentication. The default user is admin. When we setup Vora Manager using Vora console, the console password is set as the password for these components as well. The admin user password can be reset using Reset Credentials option on Vora Console. Note: One needs to enter the AWS credentials to reset the password to avoid unintended operations. Also, the default password of these components is initially stored in encrypted format and is then reset during the first cluster configuration with the console password. Vora Manager UI and Vora Tools provide their own user management functionality. Below are the figures describing the Reset Credential Option on Vora Console: SAP Vora AWS Marketplace Production Edition 9

Ambari, Vora Manager and Vora tools have a different API for user setup. Makerr leverages powerful Ambari and Vora Manager APIs to setup and manage cluster. This API user s credentials are reset during initialization and setup phase. It is recommended not to remove API user voraadmin. If this user is removed or changed, the Vora console will not serve it s purpose. 3.3. Communication Security SAP Vora AWS Marketplace Production Edition 10

This section covers communication security feature implementations used by SAP Vora Console for inter-node communication. SAP Vora Console is accessed over Internet using the web browser to exchange information with the backend. Any traffic entering the Vora Console instance through the front-end web layer is always encrypted with SSL. The administration client components have external access and are also encrypted with SSL (HTTPS enabled). That means these clients are protected by and can only be accessed over SSL/TLS secured network channels. Vora Console The Vora Console uses communication channel based on TLS/SSL, which provides strong server authentication, message privacy and integrity of the data. It uses self-signed certificate method to initiate secure communication between the server and the browser. On top of SSL security all the sensitive information is encrypted using PKI. When user enters AWS credentials or any passwords, they are secured by encryption. Ambari, Vora Manager, Vora Tools and Zeppelin Ambari, Vora Manager, Vora Tools and Zeppelin can be accessed on their respective ports using a communication channel secured by TLS/SSL. Note: In Zeppelin settings, the zeppelin.ssl.keystore.password has a default key store password as value. In Zeppelin configuration, encrypted way of using the key store password is not supported. 3.4. Storage Security Below are set of keys and information which needs to be stored for authentication, authorization and cloud API access reasons: AWS Access and Secret Key These keys are entered by the user via front-end and are used to authenticate and authorize the user as a valid user of the instance. These keys once entered by the user are then encrypted by public key of the instance and sent over SSL. On the backend, this information is stored in secure store. Only secure store can decrypt the data when needed. The private key never leaves the secure store and cannot be exposed. During initialization, every instance generates a PKI key pair for the first time. Console password Vora console password is hashed and encrypted and stored in the secure vault. When user logs back, the entered password is encrypted SAP Vora AWS Marketplace Production Edition 11

4. Help and Support and hashed and compared with the stored hash in the vault to successfully log back the user. 4.1. Community Support Below is the link to Community Support where you can find answers to your questions or post new questions. https://www.sap.com/community/tag.html?id=73555000100800000134 4.2. Additional Links SAP Vora 1.4 Intro and Overview https://blogs.sap.com/2017/03/29/sap-vora-1.4-intro-andoverview/ FAQ: https://s3.amazonaws.com/sapvora/prod/1.4.0.12/guides/sap+vora+faq.pdf SAP Vora AWS Marketplace Production Edition 12

Important Disclaimers and Legal Information Coding Samples Any software coding and/or code lines / strings ("Code") included in this documentation are only examples and are not intended to be used in a productive system environment. The Code is only intended to better explain and visualize the syntax and phrasing rules of certain coding. SAP does not warrant the correctness and completeness of the Code given herein, and SAP shall not be liable for errors or damages caused by the usage of the Code, unless damages were caused by SAP intentionally or by SAP's gross negligence. Accessibility The information contained in the SAP documentation represents SAP's current view of accessibility criteria as of the date of publication; it is in no way intended to be a binding guideline on how to ensure accessibility of software products. SAP in particular disclaims any liability in relation to this document. This disclaimer, however, does not apply in cases of willful misconduct or gross negligence of SAP. Furthermore, this document does not result in any direct or indirect contractual obligations of SAP. Gender-Neutral Language As far as possible, SAP documentation is gender neutral. Depending on the context, the reader is addressed directly with "you", or a gender-neutral noun (such as "sales person" or "working days") is used. If when referring to members of both sexes, however, the third-person singular cannot be avoided or a genderneutral noun does not exist, SAP reserves the right to use the masculine form of the noun and pronoun. This is to ensure that the documentation remains comprehensible. Internet Hyperlinks The SAP documentation may contain hyperlinks to the Internet. These hyperlinks are intended to serve as a hint about where to find related information. SAP does not warrant the availability and correctness of this related information or the ability of this information to serve a purpose. SAP shall not be liable for any damages caused by the use of related information unless damages have been caused by SAP's gross negligence or willful misconduct. All links are categorized for transparency (see: http://help.sap.com/disclaimer). SAP HANA SAP Vora AWS Marketplace Production Edition 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback