Proper subnet allocation ensures high availability (HA), scalability, and security for SAP workloads across multiple AWS accounts and regions. By carefully planning public and private subnets across Availability Zones (AZs), the architecture supports multi-AZ deployments, SAP HANA replication, and future growth.
Key benefits:
- Isolation: Public and private subnets separate external-facing services from internal SAP workloads.
- HA and Fault Tolerance: Multi-AZ subnets prevent downtime from single-AZ failures.
- Scalability: Sufficient CIDR allocation allows EC2 and HANA growth without IP conflicts.
- Automation: Subnet tagging enables monitoring, compliance, and DevOps automation.
- Design and allocate subnets within each VPC to:
- Support multi-AZ HA deployments for SAP workloads.
- Separate public-facing services from private SAP workloads.
- Reserve IP addresses for future growth and additional workloads.
- Enable cross-VPC communication via Transit Gateway.
Design Overview
Each VPC (per account) contains multiple subnets distributed across two or more AZs.
Subnet Types:
| Subnet Type | Purpose |
|---|---|
| Public | NAT Gateways, Bastion Hosts, Internet-facing services |
| Private | SAP Application Servers, SAP HANA DB, internal services |
Subnet sizing accounts for:
- Current EC2 and HANA workloads
- Future growth for SAP HANA DB and additional EC2 instances
- Potential new environments
Step 1: Define Subnet CIDR per AZ
Example for Production VPC (10.0.0.0/16):
| AZ | Subnet Type | CIDR | Purpose |
|---|---|---|---|
| AZ1 | Public | 10.0.0.0/24 | NAT Gateways, Bastion Hosts |
| AZ1 | Private | 10.0.1.0/24 | SAP Application, HANA DB |
| AZ2 | Public | 10.0.2.0/24 | NAT Gateways, Bastion Hosts |
| AZ2 | Private | 10.0.3.0/24 | SAP Application, HANA DB |
Step 2: Repeat for Other Environments
Example for Development VPC (10.1.0.0/16):
Example for Development VPC (10.1.0.0/16):
| AZ | Subnet Type | CIDR |
|---|---|---|
| AZ1 | Public | 10.1.0.0/24 |
| AZ1 | Private | 10.1.1.0/24 |
| AZ2 | Public | 10.1.2.0/24 |
| AZ2 | Private | 10.1.3.0/24 |
Step 3: Tagging Subnets
Apply consistent tags for automation, monitoring, and compliance:
Apply consistent tags for automation, monitoring, and compliance:
| Key | Value |
|---|---|
| Environment | Production / Dev / QA / Sandbox |
| AZ | ap-southeast-1a / ap-southeast-1b |
| SubnetType | Public / Private |
| Project | SAP Migration |
Step 4: Associate Subnets with Route Tables
- Public Subnets → Internet Gateway
- Private Subnets → NAT Gateway for outbound internet traffic
- Private Subnets → Transit Gateway for cross-VPC connectivity
Step 5: Consider HA & Future Growth
- Reserve 2x IP addresses per instance for elasticity.
- Leave extra CIDR space in each VPC for new subnets or services.
Diagram – Subnet Layout per VPC
Routing and Connectivity Overview:
Public Subnets
──────────────
• Route → Internet Gateway (IGW)
• Host NAT Gateway
• Bastion Hosts for admin access
Private Subnets
───────────────
• Route → NAT Gateway (Outbound Internet)
• Route → Transit Gateway (Cross-VPC communication)
• Host SAP Application Servers and SAP HANA DB
Subnet Tagging Strategy:
Key Value
----------------------------------------
Environment Production / Dev / QA
AZ ap-southeast-1a / 1b
SubnetType Public / Private
Project SAP Migration
No comments:
Post a Comment