• SAP HANA

saphana
  1. Help Center
  2. SAP HANA
  3. Automatic Deployment User Guide
  4. Single-Node Deployment Without HA Required
  5. Operation Instructions (Deployment Using the CLI)
  6. Creating a Security Group

Creating a Security Group

Scenarios

Create a security group for nodes in the SAP HANA system to communicate based on the specified policies.

Procedure

  1. Run the following command to create a security group for the SAP HANA nodes:

    heat --insecure stack-create -f SAP-HANA-Resource-SingleNode-SecurityGroup.template -P "hana_service_cidr=10.0.3.0/24;hana_instance_num=01" saphana-hananode-security-group

    Specify hana_service_cidr based on the network plan. Set hana_instance_num to the same as the ECS instance number in the SAP HANA system, otherwise, SAP HANA Studio may fail to connect to the instance.

  2. Run the following command to check whether the stack has been successfully created and record the security group ID:

    heat --insecure stack-show saphana-hananode-security-group

    • If the value of stack_status is CREATE_COMPLETE, the stack is successfully created.
    • The value of output_value in the outputs field is the security group ID.
    Figure 1 Checking the SAP HANA node security group

  3. Run the following command to create a security group for SAP HANA Studio:

    heat --insecure stack-create -f SAP-HANA-Resource-NatAndStudio-SecurityGroup.template -P "port_min=3389;port_max=3389" saphana-hanostudio-security-group

    Specify port_min and port_max based on the network plan.

  4. Run the following command to check whether the stack has been successfully created and record the security group ID:

    heat --insecure stack-show saphana-hanostudio-security-group

    • If the value of stack_status is CREATE_COMPLETE, the stack is successfully created.
    • The value of output_value in the outputs field is the security group ID.
    Figure 2 Checking the SAP HANA Studio security group

  5. Run the following command to create a security group for the NAT server:

    heat --insecure stack-create -f SAP-HANA-Resource-NatAndStudio-SecurityGroup.template -P "port_min=22;port_max=22" saphana-natserver-security-group

    Specify port_min and port_max based on the network plan.

  6. Run the following command to check whether the stack has been successfully created and record the security group ID:

    heat --insecure stack-show saphana-natserver-security-group

    If the value of stack_status is  CREATE_COMPLETE, the stack is successfully created.
    • The value of output_value in the outputs field is the security group ID.
    Figure 3 Checking the NAT server security group