Pages

AWS Landscape 20: File Share

SAP applications often require shared, persistent file storage for configuration files, logs, and temporary files across multiple application servers. AWS Elastic File System (EFS) provides a fully managed, scalable, and highly available NFS-based file system, eliminating the operational overhead of managing traditional file servers while ensuring high availability across multiple Availability Zones (AZs).

Objective:
  • Provide centralized file storage for SAP application servers.
  • Ensure high availability and durability across multiple AZs.
  • Enable POSIX-compliant access to support SAP workloads.
  • Control access securely using Security Groups and optional IAM authorization.
  • Enable encryption at rest and in transit for data security.
EFS Features:
  • Managed NFS file system that automatically scales with data growth.
  • Multi-AZ deployment ensures availability even if one AZ fails.
  • POSIX permissions enable SAP applications to manage file ownership and access.
  • Encryption: At rest via AWS KMS and in transit via TLS.
Access Pattern:
  • SAP Application Servers mount the EFS file system using NFS (port 2049).
  • Centralized storage for shared configuration, logs, and temp files.
  • Private subnets ensure no direct public access to EFS.
  • Security Groups restrict NFS access only to authorized EC2 instances.
Technical Steps for AWS EFS

Step 1: Create EFS File System
  • Navigate to EFS → Create File System.
  • Select the VPC where SAP workloads reside.
  • Enable Regional availability to allow automatic multi-AZ replication.
Step 2: Configure Mount Targets
  • Create mount targets for each private subnet with SAP app servers.
  • Attach Security Groups to allow NFS traffic from SAP EC2 instances only (port 2049).
Step 3: Set Access Controls
  • Configure POSIX permissions (owner/group) on directories.
  • Optionally enable EFS IAM authorization for fine-grained access control.
  • Enable encryption at rest (KMS-managed) and in-transit encryption.
Step 4: Mount EFS on EC2 Instances
On Linux EC2 instances:
sudo yum install -y amazon-efs-utils
sudo mkdir /mnt/sapefs
sudo mount -t efs fs-XXXXXXXX:/ /mnt/sapefs
Add entry to /etc/fstab for persistent mounts across reboots.

Step 5: Test Access
  • Verify read/write operations from all SAP application servers.
  • Confirm high availability: EFS remains accessible even if one AZ goes down.
Diagram – EFS Integration

Diagram Notes:
  • All EC2 instances mount the same EFS file system for shared access.
  • Mount targets exist in each private subnet for multi-AZ high availability.
  • Security Groups and POSIX permissions control access and ownership.
Notes
  • Provides scalable, highly available shared storage for SAP workloads.
  • Eliminates the need for manual file replication between EC2 instances.
  • Encryption and Security Group restrictions ensure data confidentiality and integrity.
  • Supports multi-AZ failover, ensuring SAP applications remain operational during AZ disruptions.
by

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)