• SAP HANA

saphana
  1. Help Center
  2. SAP HANA
  3. User Guide (API)
  4. Typical Deployment Scenarios
  5. Single-Node Scenario Where HA is Not Required
  6. Preparing Network Resources

Preparing Network Resources

  1. Create a router.
    POST /v2.0/routers
    {
       "router": {
         "name": "router2"//VPC name displayed on the console
       }
    }
  2. Create a network.
    Only one network is required in single-node deployment where HA is not required.
    POST /v2.0/networks
    {
       "network":
       {
        "name": "HANAVPC",
        "admin_state_up": true,
        "tenant_id": 6fbe9263116a4b68818cf1edce16bc4"
       }
    }
  3. Create a subnet.
    Only one subnet is required in single-node deployment where HA is not required.
    POST /v2.0/subnets
    {
       "subnet": {
         "name": "testsubnet",
         "enable_dhcp": true,
         "network_id": "60c809cb-6731-45d0-ace8-3bf5626421a9",
         "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f",
         "dns_nameservers": [
           "10.0.0.1",//Change the IP address to the actual one.
           "10.0.0.2",//Change the IP address to the actual one.
     ],
      "allocation_pools": [
       {
         "start": "10.0.10.2",
         "end": "10.0.10.254"
       }
     ],
     "host_routes": [],
     "ip_version": 4,
     "gateway_ip": "10.0.10.1",
     "cidr": "10.0.10.0/24"
     }
    }
  4. Configure the subnet on the router.
    PUT /v2.0/routers/5b8e885c-1347-4ac2-baf9-2249c8ed1270/add_router_interface//Route ID
    {
        "subnet_id": "ab78be2d-782f-42a5-aa72-35879f6890ff"
    }
  5. Create security groups.
    POST /v2.0/security-groups
    {
        "security_group":{
        "name":"SAPHANAgroup",
        "description": "This is a security group"
        }
    }
    POST /v2.0/security-groups
    {
        "security_group":{
        "name":"SAPHANAStudiogroup",
        "description": "This is a security group"
        }
    }
    POST /v2.0/security-groups
    {
        "security_group":{
        "name":"NATServergroup",
        "description": "This is a security group"
        }
    }

  6. Add security group rules.

Configure security group rules for each security group based on the information described in section Network Planning.

The following table provides SAP HANA security group rules. In this table, ## indicates an SAP HANA instance ID.

Table 1 Security group rules

Source

Protocol

Port range

Description

Inbound

10.0.3.0/24

TCP

5##13 to 5##14

Allows the SAP HANA Studio to access SAP HANA.

10.0.3.0/24

TCP

3##15 to 3##17

Provides ports for the service plane.

10.0.2.0/24

TCP

3##00 to 3##10

Provides ports for internal communication between SAP HANA nodes.

10.0.3.0/24

TCP

22

Allows SAP HANA to be accessed using SSH.

10.0.3.0/24

UDP

123

Allows other servers to synchronize time with SAP HANA.

Determined by the public cloud

ANY

ANY

Allows ECSs in the same security group to communicate with each other.

Outbound

0.0.0.0/0

ANY

ANY

Allows all peers to access SAP HANA.

NOTE:

The following section describes how to use the API to add the first, fourth, and sixth rules. Use this method to add all security group rules.

Add the first rule:

POST /v2.0/security-group-rules
{
    "security_group_rule":{
    "security_group_id":"5cb9c1ee-00e0-4d0f-9623-55463cd26ff8", //Security group ID
    "direction":"ingress",
    "protocol":"tcp",
    "port_range_max":5##14,
    "port_range_min":5##13,
    "remote_ip_prefix": "10.10.3.0/24"
}
}

Add the fourth rule:

POST /v2.0/security-group-rules
{
    "security_group_rule":{
    "security_group_id":"5cb9c1ee-00e0-4d0f-9623-55463cd26ff8", //Security group ID
    "direction":"ingress",
    "protocol":"tcp",
    "port_range_max":22,
    "port_range_min":22,
    "remote_ip_prefix": "10.10.3.0/24"
    }
}

Add the sixth rule:

POST /v2.0/security-group-rules
{
    "security_group_rule":{
    "security_group_id":"5cb9c1ee-00e0-4d0f-9623-55463cd26ff8", //Security group ID
    "direction":"ingress",
    "protocol":null,
    "port_range_max": null,
    "port_range_min": null,
    "remote_group_id": "5cb9c1ee-00e0-4d0f-9623-55463cd26ff8" //Security group ID
}
}