AWS  Data  Provider  for  SAP  

Installation  and  Operations  Guide  

AWS Data Provider Version 2.7

December 2016
Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

© 2016, 2017 Amazon Web Services, Inc. or its affiliates. All rights reserved.

Notices    
This document is provided for informational purposes only. It represents AWS’s
current product offerings and practices as of the date of issue of this document,
which are subject to change without notice. Customers are responsible for
making their own independent assessment of the information in this document
and any use of AWS’s products or services, each of which is provided “as is”
without warranty of any kind, whether express or implied. This document does
not create any warranties, representations, contractual commitments, conditions
or assurances from AWS, its affiliates, suppliers or licensors. The responsibilities
and liabilities of AWS to its customers are controlled by AWS agreements, and
this document is not part of, nor does it modify, any agreement between AWS
and its customers.

The software included with this paper is licensed under the Apache License,
Version 2.0 (the "License"). You may not use this file except in compliance with
the License. A copy of the License is located at http://aws.amazon.com/apache2.0/ or
in the "license" file accompanying this file. This code is distributed on an "AS IS"
BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
express or implied. See the License for the specific language governing
permissions and limitations under the License.

Page  2  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

Contents  
Abstract 4  
Introduction 4  
Upgrading from Previous Versions 6  
Versions 1.3 and 1.3.1 6  
Technical Requirements 6  
Internet Access 6  
IAM Roles 8  
Installing the AWS Data Provider for SAP 13  
Installing on Linux 14  
Installing on Windows 19  
Updating the AWS Data Provider for SAP 24  
Uninstalling the Linux Version 24  
Uninstalling the Windows Version 25  
Troubleshooting 25  
Troubleshooting on Linux 25  
Troubleshooting on Windows 30  
Appendix A: Customizing the AWS Data Provider 35  
Syntax Rules for Configuration Files 35  
User-Configurable EC2 Instance Types 36  
User-Configurable Support Status 37  
Appendix B: Verification of AWS Data Provider in SAP System Monitoring 39  
Checking Metrics with the SAP OS Collector (SAPOSCOL) 39  
Checking Metrics with the SAP CCMS Transactions 41  
Appendix C: Changes and Bug Fixes by Product Version 44  
Release 1.2 (Sept. 16, 2014) 44  

Page  3  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

Release 1.2.1 (Sept. 29, 2014) 44  

Release 1.2.2 (Oct. 1, 2014) 44  
Release 1.3 (Feb. 17, 2015) 45  
Release 1.3.1 (June 2, 2015 and July 14, 2015) 45  
Release 2.0 (December 22, 2015) 46  
New in Release 2.1 (Jan. 20, 2016) 46  
Release 2.5 (May 2, 2016) 46  
Contributors 47  
Notes 47  

Abstract  
The Amazon Web Services (AWS) Data Provider for SAP is a tool that collects
performance-related data from AWS services, and makes this data available to
SAP applications, to help monitor and improve the performance of business
transactions. The AWS Data Provider uses operating system, network, and
storage data that is most relevant to the operation of the SAP infrastructure. Its
data sources include Amazon Elastic Compute Cloud (Amazon EC2) and Amazon
CloudWatch. This guide provides installation, configuration, and troubleshooting
information for the AWS Data Provider.

Introduction  
Many SAP organizations of all sizes are choosing to host their key SAP systems on
the Amazon Web Services (AWS) platform. This platform can rapidly speed up
the time it takes to provision SAP environments, and the elastic nature of the
platform makes it easy to scale computing resources up and down as needed.
This leaves more resources (both people and funds) to focus on innovation that
can really benefit the business immediately.

AWS and SAP recognize that many SAP systems are used to operate daily
business transactions and are critical to their customers’ business functions.

Page  4  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

Therefore, SAP customers need the ability to track and troubleshoot the
performance of these transactions. To that end, SAP has built extensive
monitoring transactions within SAP applications to surface relevant performance
information in a logical and consistent format across the many operating system
and database platforms that SAP supports. These transactions rely on metrics
from the operating system and database layers, which, in a virtual environment,
might just be a portion of the relevant performance metrics.

To provide these metrics, AWS has created an AWS Data Provider for SAP, which
collects key performance-related data and surfaces it to SAP applications for use
in the monitoring transactions built by SAP. This performance data is collected
from a variety of sources, including the Amazon Elastic Compute Cloud (Amazon
EC2) API, EC2 instance metadata, and Amazon CloudWatch, to ensure that
performance analysis can be performed on all aspects of the operating
environment. This approach includes metrics from the operating system,
network, and storage that are most relevant to the operation of the SAP
infrastructure.The SAP Operating System Collector (SAPOSCOL) and the SAP
CIM Provider are the SAP components that will read data from the AWS Data
Provider for SAP. Figure 1 provides a high-level illustration of the AWS Data
Provider for SAP, its data sources, and its outputs.

Figure 1: Data Sources for the AWS Data Provider for SAP

Page  5  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

The purpose of this guide is to help you:

•   Understand the technical requirements and components necessary to
install and operate the AWS Data Provider for SAP.
•   Install the AWS Data Provider for SAP.
•   Understand the update process for the AWS Data Provider.
•   Troubleshoot installation issues.

Upgrading  from  Previous  Versions    

The current version of the AWS Data Provider is 2.5. See Appendix C for a list of
changes in each version of the AWS Data Provider.

If you have older versions of the AWS Data Provider, we recommend that you
uninstall them before installing this version for the best installation experience.

Versions  1.3  and  1.3.1  

If you’ve already installed and customized AWS Data Provider version 1.3 or 1.3.1,
save your proxy configuration from your custom proxy.properties file. Version 2.5
will look for these files in the same location as before.

Technical  Requirements  
Internet  Access  
The AWS Data Provider for SAP requires an active route to the Internet. This is in
part due to the fact that the tool pulls key performance metrics from the AWS
CloudWatch service and the Amazon EC2 API. Automatic updates to the AWS
Data Provider for SAP also necessitate network access to the Amazon Simple
Storage Service (Amazon S3).

SAP systems that receive information from the AWS Data Provider are required
to be deployed within an Amazon Virtual Private Cloud (Amazon VPC). You can
use one of the following network topologies to enable the routing necessary to
reach the Internet-based endpoints:

Page  6  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

•   The first topology configures an Internet gateway within the Amazon VPC
(virtual private network), which allows for routing directly to the Internet.
Figure 2 illustrates the topology where the Amazon VPC is directly
connected to the Internet. For more information about Internet gateways,
see the AWS documentation.1

Amazon  CloudWatch  API

SAP  Instance NAT  Instance Internet  

Gateway

Amazon  EC2  API

Private  Subnet Public  Subnet

Figure 2: Amazon VPC to Internet via Internet Gateway

•   An alternative topology funnels traffic back through the customer’s own

data center where it will travel on to the Internet through data center
network gear. Figure 3 illustrates the second topology option where the
Amazon VPC is fenced in, and traffic is routed through the customer’s data
center. For more information about this topology, see the AWS
documentation.2

Page  7  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

VPN  Tunnels  or   Internet

Fiber  Connection Amazon  CloudWatch  API

SAP  Instance Proxy  Server/

Virtual  Private   Customer   Border  Router
Gateway Gateway

Amazon  EC2  API

Private  Subnet

Customers  Datacenter

Figure 3: Amazon VPC to Internet via Customer Data Center

IAM  Roles  
Because the AWS Data Provider needs the APIs for Amazon CloudWatch and
Amazon EC2, you will have to grant the AWS Data Provider read-only access to
those services. This can be accomplished by using the AWS Identity and Access
Management (IAM) service and by adding a feature known as an IAM role to
your instance.

The first step is to create a policy. To set this policy:

1.   Sign in to the AWS Management Console, and open the IAM console at
https://console.aws.amazon.com/iam/.
2.   In the navigation pane, choose Policies, and then choose Create Policy.
3.   Choose Create Your Own Policy.

Page  8  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

Figure 4: Creating a Policy

4.   On the next screen, enter a policy name and description, and copy the
following policy into the Policy Document box:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"EC2:DescribeInstances",
"EC2:DescribeVolumes"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "cloudwatch:GetMetricStatistics",
"Resource": "*"
}
]
}

Page  9  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

This is shown in Figure 5.

Figure 5: Copying the Policy

5.   Choose Create Policy. The IAM console will confirm the new policy with
a message similar to the following.

Figure 6: Policy Confirmation

Page  10  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

6.   To set this policy, sign in to the AWS Management Console, and open the
IAM console at https://console. aws.amazon.com/iam/.
7.   In the navigation pane, choose Roles, and then choose Create New Role
to begin the process of creating your IAM role.

Figure 7: Creating an IAM Role

8.   Now you can select Amazon EC2 as the role type, as shown in Figure 8.

Page  11  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

Figure 8: Selecting a Role Type

9.   The next step is to force the console to show the Customer Managed
Policies. This is shown in Figure 9.

Figure 9: Displaying Customer Managed Policies

Page  12  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

10.  Select your policy to add it to the new role.

11.  Review your new role, as shown in Figure 10.

Figure 10: Reviewing the Role

You will then attach the DataCollectorAccess role to the EC2 instances that
will be monitored on startup .

The other option is to add the policy to a role, which gets assigned to a new EC2
instance.

Installing  the  AWS  Data  Provider  for  SAP  

The AWS Data Provider for SAP is a daemon or service that automatically starts
with your operating system and collects, aggregates, and exposes metrics to the
SAP platform. Metrics are sourced from a variety of providers that pull metrics
from the relevant areas of the platform. The Data Provider is designed to
continue operating regardless of whether its providers have connectivity or
authorization to the metrics they are targeting. Providers that cannot reach the
metrics they are harvesting return blank values.

For example, if the EC2 instance does not have an IAM role associated with it
that grants explicit access to the Amazon CloudWatch GetMetricStatistics API,
the CloudWatch provider will be unable to access metrics on the EC2 instance
and will return blank values.

Page  13  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

AWS provides customers with a rapidly evolving platform, and the AWS Data
Provider was designed to automatically update itself so it can always provide the
most current metrics to SAP customers. When the Data Provider starts up, a
built-in update service pulls down the latest versions of its components and
metric definitions. In order to take advantage of this capability, you must provide
Internet access at startup. If the Data Provider cannot access the update service,
it will continue to run but will not be able to obtain updates.

Installing  on  Linux  

Oracle Linux: Install wget before the Data Provider. It is needed by the
installation script and it is unlikely to be preinstalled on an Oracle Linux AMI.

To install the AWS Data Provider on SUSE Linux Enterprise Server (SLES) 11 or
12, on Red Hat or Oracle Linux, with an IAM role assigned with the appropriate
authorizations to access CloudWatch and the Amazon EC2 API, follow these
steps:

1.   Download the Linux installation script from

https://s3.amazonaws.com/aws-data-provider/bin/aws-agent_install.sh.

Figure 11: Downloading the Linux Installation Script

2.   Make the script executable, and then run it:

Figure 12: Running the Linux Installation Script

Page  14  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

If you don’t have transparent HTTP/HTTPS access to the Internet, start the
script with the required information about the HTTP/HTTPS proxies,
using the following syntax:

aws-agent_install.sh [proxy-host [proxy-port [ proxy-user-

name [proxy-user-password [domain]]]]]

where:
•   proxy-host specifies the address of the HTTP proxy server (for
example, 10.0.10.2)
•   proxy-port specifies the port number of the HTTP proxy server (for
example, 8080)
•   proxy-user-name, proxy-user-password, and domain specify the
credentials for the HTTP proxy server, if it requires authentication
(these arguments are optional)
You should see the script pulling down all the required files it needs:

Figure 13: AWS Data Provider Update Service

At the very end you will see the agent start as a daemon:

Page  15  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

Figure 14: Completing the Installation on Linux

3.   Verify that the service is running by calling netstat –ant to determine if

the listener is running on localhost port 8888.

Figure 15: Verifying the Installation on Linux

You should also view the log files at /var/log/aws-agent/messages to make

sure the daemon has the appropriate connectivity and authorization it
needs to access the required metrics.

Page  16  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

Figure 16: Verifying Connectivity and Authorization on Linux

The monitoring agent runs three sets of diagnostics at startup:

•   The AWS connectivity diagnostic ensures network connectivity to Amazon
S3 for obtaining automatic updates to the Data Provider.
•   The second diagnostic tests for authorization to Amazon CloudWatch,
which requires assigning an IAM role to the EC2 instance you are running
on, with IAM policy that allows access to CloudWatch. For details, see the
IAM Roles section earlier in this guide.
•   The third diagnostic tests for authorization to the Amazon EC2 API, which
is also tied to the IAM role associated with the EC2 instance.
The Data Provider is designed to run with or without connectivity, but you will
not be able to obtain updates without connectivity. CloudWatch and the EC2 API
will return blank values if you do not have the proper authorizations in place.

Page  17  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

You can also call the AWS Data Provider directly to view the metrics. Calling
wget http://localhost:8888/vhostmd returns a file of metrics. You can look
inside the file to see the metrics that were returned, as shown in Figure 17.

Figure 17: Viewing Metrics on Linux

The AWS Data Provider will now automatically start each time the operating
system starts, and you can also manually stop and restart the AWS Data Provider
with the following command:

service aws-agent [start|stop]

Page  18  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

Installing  on  Windows  

1.   Open a web browser and download the installer from
https://s3.amazonaws.com/aws-data-provider/bin/aws-agent-installer-
win-x64.exe.
2.   Run the installer, and choose Yes when prompted. This will install and
run the AWS Data Provider for SAP as a Windows service.

Figure 18: Running the Windows Installation Script

You will receive the following message when the installation process is
complete.

Figure 19: Completing the Installation on Windows

3.   Check the installation.

Page  19  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

¾   When the script has completed, the software will be installed in the
C:\Program Files\Amazon\DataProvider directory.
¾   The installation also creates and starts a Windows service called AWS
Data Provider for SAP.
¾   You can open a web browser and type
http://localhost:8888/vhostmd to ensure that the service is
running. If it is, it will return pages of metrics from the Data Provider.

4.   Configure the Data Provider to use proxies:

a.   Stop the Windows service AWS Data Provider for SAP.
b.   Enter the required proxy information into the file
C:\Program Files\Amazon\DataProvider\proxy.properties.
c.   Restart the Windows service AWS Data Provider for SAP.

The service performs an update of the agent when it starts, and then works
in standard mode.
5.   Verify that the service is running by calling netstat –ant from a
command window or from a Windows PowerShell script to determine if the
listener is running on localhost port 8888:

Figure 20: Verifying the Installation on Windows

Page  20  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

6.   You should then go to the Windows event log and look at the application
log for startup events from the Data Provider. In particular, you should
look at the diagnostics.

Figure 21: Checking Diagnostics on Windows

7.   Check the subsequent event to make sure the diagnostic passed.

Figure 22: Verifying Connectivity and Access on Windows

Page  21  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

The monitoring agent runs three sets of diagnostics at startup:

•   The AWS connectivity diagnostic ensures network connectivity to Amazon
S3 for obtaining automatic updates to the Data Provider.
•   The second diagnostic tests for authorization to Amazon CloudWatch,
which requires assigning an IAM role to the EC2 instance you are running
on, with IAM policy that allows access to CloudWatch. For details, see the
IAM Roles section earlier in this guide.
•   The third diagnostic tests for authorization to the Amazon EC2 API, which
is also tied to the IAM role associated with the EC2 instance.
The Data Provider is designed to run with or without connectivity, but you will
not be able to obtain updates without connectivity, and CloudWatch and the EC2
API will return blank values if you do not have the proper authorizations in place.

You can also call the AWS Data Provider directly from your web browser to view
metrics, as shown in Figure 23:

Page  22  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

Figure 23: Viewing Metrics on Windows

The AWS Data Provider will now automatically start each time the operating
system starts, and you can also manually stop and restart the AWS Data Provider
just as you would stop and restart any other Windows service.

Page  23  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

Figure 24: Stopping and Restarting the Data Provider on Windows

Updating  the  AWS  Data  Provider  for  SAP  

AWS Data Provider version 1.2.2 and older cannot be automatically updated to
version 2.5. To upgrade to AWS Data Provider version 2.5, please uninstall the
old version by using the instructions in the following sections, and then install
the latest version.

If you’re using a proxy configuration, you should preserve the proxy.properties

file by copying it into a safe location.

Uninstalling  the  Linux  Version  

1.   Log in to Linux as a superuser.
2.   Stop the service with the command:

service aws-agent stop

3.   Remove the AWS Data Provider installation with the commands:

Page  24  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

rm –rf /usr/local/ec2/aws-agent
rm /etc/rc.d/aws-agent

Uninstalling  the  Windows  Version  

1.   Run the uninstaller:

C:\Program Files\AmazonA\DataProvider\uninstall.exe

2.   When prompted, as shown in Figure 25, choose Uninstall.

Figure 25: Uninstalling the Data Provider on Windows

Troubleshooting  
Troubleshooting  on  Linux  
Problem: The installation failed, and I’m not sure if my files are in a
consistent state.
Check the /usr/local/ec2/aws-agent directory for the presence of a versions.mf
file. If this file is not present in the directory, rerun the installation script to
reload the entire set of files for the AWS Data Provider from the update service.
If the versions.mf file is present, delete it, and then rerun the installation script to
reload the Data Provider files.

Page  25  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

Problem: The Data Provider failed to start at the end of the

installation process.
Check for the existence of the versions.mf file in the /usr/local/ec2/aws-agent
directory. If the file is present, delete it, and then rerun the installation script to
download the files again.

If reinstalling the Data Provider doesn’t solve the problem, you can gather debug
information about the Data Provider by going to the /etc/rc.d/ directory and
editing the aws-agent file.

Figure 26: Debugging the Installation on Linux

In the DAEMONOPTS section of the aws-agent file, make these changes:

•   Add the –debug flag as the first option right before –jvm
•   Change the –LogLevel=INFO option to –LogLevel=FINE
Lastly, you should copy:

exec='$DAEMON $DAEMONOPTS > /dev/null 2>&1

Page  26  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

and then remove the last part of the line that suppresses console output
(> /dev/null 2>&1). You can comment out the original line so you can put it
back later.

Now if you run service aws-agent-start you will get a lot of debugging output
that may be of value in diagnosing the root cause of the problem.

Figure 27: Debugging Information on Linux

Problem: I want to reinstall the AWS Data Provider from scratch.

Log in to Linux as a super user, and remove your current Data Provider
installation:

rm –rf /usr/local/ec2/aws-agent
rm /etc/rc.d/aws-agent

Page  27  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

You can then get the latest version of the installation script from
https://s3.amazonaws.com/aws-data-provider/bin/aws-agent_install.sh and
rerun it. This will download all prerequisites from scratch, and will install the
latest software distribution.

Problem: When I looked at my logs I noticed that I failed all

diagnostics.

Figure 28: Symptoms of Internet Connectivity Problems on Linux

Failing all diagnostics indicates that there's a problem with your outbound
connection to the Internet. You can confirm this by pinging a well-known
Internet location like www.amazon.com. The most common cause of routing
issues will be in the VPC network configuration, which needs to have either an
Internet gateway in place, or a VPN connection to your data center with a route to
the Internet. For details, see the Internet Access section.

Problem: When I looked at my logs I noticed that I do not have access

to CloudWatch and the EC2 API, but I did pass the first diagnostic for
AWS connectivity.

Page  28  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

Figure 29: Symptoms of Authorization Issues on Linux

This is a clear indicator that you have an authorization issue when trying to
access CloudWatch and the Amazon EC2 API. The common cause for this
problem is not having an IAM role associated with your instance that contains
the IAM policy, as specified in the IAM Roles section of this guide. You can
quickly diagnose this issue by looking at the EC2 instance in question in the
Amazon EC2 console and verifying the IAM role.

Figure 30: Verifying IAM Role for EC2 Instances

If the IAM role does not exist, you will have to launch a new instance from an
AMI and assign it an IAM role. IAM roles cannot currently be assigned to an
instance that has already been launched.

Page  29  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

If you do have an IAM role assigned to the instance, go to the IAM console, select
the IAM role name, and then choose Show. Verify that you have the required
policy that is specified in the IAM Roles section of this guide.

Figure 31: Verifying the Policy for the IAM Role

Troubleshooting  on  Windows  

Problem: The installation failed, and I’m not sure if my files are in a
consistent state.
Check the C:\Program Files\Amazon\DataProvider directory for the presence of
a versions.mf file. If this file is not present in the directory, rerun the installation
script to reload the entire set of files for the AWS Data Provider from the update
service. If the versions.mf file is present, delete it, and then rerun the installation
script to reload the Data Provider files.

Page  30  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

Problem: The Data Provider failed to start at the end of the

installation process.
Check for the existence of the versions.mf file in the C:\Program
Files\Amazon\DataProvider directory. If the file is present, delete it, and then
rerun the installation script to download the files again.

If reinstalling the Data Provider doesn’t solve the problem, you can gather
debugging information about the Data Provider by going to the C:\Program
Files\Amazon\DataProvider directory.

This directory contains several log files, including an installation log, a log of the
service installation, and the output of the AWS Data Provider itself.

Figure 32: Log Files on Windows

Problem: I want to reinstall the AWS Data Provider from scratch.

Remove the C:\Program Files\Amazon\DataProvider\versions.mf file, and then
rerun the installation script from
https://s3.amazonaws.com/aws-data-provider/bin/aws-agent-installer-win-
x64.exe. This will download all prerequisites from scratch, and you will have the
latest software distribution.

Problem: When I looked at my logs I noticed that I failed all

diagnostics.

Page  31  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

Figure 33: Symptoms on Internet Connectivity Problems on Windows

Failing all diagnostics indicates that there’s a problem with your outbound
connection to the Internet. You can confirm this by pinging a well-known
Internet location like www.amazon.com. The most common cause of routing
issues will be in the VPC network configuration, which needs to have either an
Internet gateway in place, or a VPN connection to the customer’s data center with
a route to the Internet.

Problem: When I looked at my logs I noticed that I do not have access

to CloudWatch and the EC2 API, but I did pass the first diagnostic for
AWS connectivity.

Figure 34: Symptoms of Authorization Issues on Windows

Page  32  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

This is a clear indicator that you have an authorization issue when trying to
access CloudWatch and the Amazon EC2 API. The common cause for this
problem is not having an IAM role associated with your instance that contains
the IAM policy, as specified in the IAM Roles section of this guide. You can
quickly diagnose this issue by looking at the EC2 instance in question in the
Amazon EC2 console and verifying the IAM role.

Figure 35: Verifying the IAM Role for EC2 Instances

If the IAM role does not exist, you will have to launch a new instance from an
AMI and assign it an IAM role. IAM roles cannot currently be assigned to an
instance that has already been launched.

If you do have an IAM role assigned to the instance, go to the IAM console, select
the IAM role name, and then choose Show. Verify that you have the required
policy that is specified in the IAM Roles section of this guide.

Page  33  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

Figure 36: Verifying the Policy for the IAM Role

Page  34  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

Appendix  A:  Customizing  the  AWS  Data  

Provider  
Some settings are hard-coded in the AWS Data Provider for SAP. You can
override existing settings, or add new settings. For example, when AWS adds new
instance types, you can add these to the AWS Data Provider configuration.

The AWS Data Provider creates a database by reading the configuration

information from the following files, in this sequence:
•   It reads the config.properties file from the JAR (Java Archive) file of the
data provider application.
•   It reads the file from https://s3.amazonaws.com/aws-data-
provider/config.properties, which provides settings for Amazon EC2
instance types and Amazon EBS volume types. For example, when AWS
releases new instance types, AWS will update this file. This file does not
have to exist.
•   It reads the file from the directory in which the proxy configuration file is
located. This file is required only if a user wants to override or extend the
current configuration. Default locations are:
¾   On Linux: /usr/local/ec2/aws-agent/config.properties
¾   On Windows: C: \Program Files\Amazon\DataProvider\config

Syntax  Rules  for  Configuration  Files  

•   The configuration files require a comma after the last value in every row.
•   Spaces are not ignored in strings. The entire string between the commas,
including any spaces, is accepted as the value.
•   If there are multiple rows with the same instance type, the existing value
for that type is overwritten.
•   Capitalization in strings is case-sensitive.

Page  35  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

User-­Configurable  EC2  Instance  Types  

The AWS Data Provider for SAP maintains a database of all relevant EC2 instance
types for SAP.

Entries for EC2 instance types must be in a comma-separated list, as follows:

ec2type,i-type,cpu,core,threads,t-ecu,ecu,hthread,l-map,w-map,speed,p-ecu,

For example:

ec2type,r3.8xlarge,2,16,2,32,1,thread,eth0,lan2,10000,true,

where:

Field  name   Content   Example   Type   Description  

keyword   ec2type   –   String   A  token  to  identify  a  

record  with  an  EC2  
instance  description  

i-­type    See  list   r3.8xlarge   String   Instance  type,  

(instance  type)   which  must  match  
the  EC2  instance  
metadata  string    

cpu   1  |  2   2   2   Number  of  sockets  

(CPUs)  

core   integer   16   Integer   Total  number  of  

(Cores)   processor  cores  

threads   1  |  2   2   Integer   Threads  per  core  

(threads  per  core)  

t-­ecu   integer   32   Double   ECU  value  for  

(total  ECU  value)   previous-­generation  
instance  types  that  
have  ECU  ratings;;  
number  of  cores  for  
post-­ECU  instance  
types  

Page  36  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

Field  name   Content   Example   Type   Description  

ecu   double   1   Double   1  for  all  post-­ECU  

(ECU  per  core)   instance  types;;  total  
ECU  divided  by  
cores  for  previous-­
generation  instance  
types  that  have  
ECU  ratings  

hthread   thread  |  core   thread   String   thread  for  

(hyperthreading)   hyperthreaded  
instance  types;;  
core  for  non-­
hyperthreaded  
instance  types  

l-­map   eth0   eth0   String   Linux  mapping  of  

(Linux  NIC   network  interface  
mapping)  

w-­map   eth0   lan2   String   Windows  mapping  

(Windows  NIC   of  network  interface  
mapping)  

speed   1000  |  2000  |   100000   Integer   Maximum  speed  of  

(network  interface   10000   network  interface,  in  
speed)   KB  

p-­ecu   true  |  false   true   Boolean   true  for  modern  

(post  ECU)   instances  that  don’t  
have  ECU  ratings  

User-­Configurable  Support  Status  

To include optional entries for the support status, use a comma-separated list, as
follows:
support,status,
For example:

support,production,

Page  37  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

where:

Field  name   Content   Example   Type   Comment  

keyword   support   –   String   A  token  to  identify  

the  support  status  

status   production  |   production   String   Choose  production  

anonymous  |  none   (default)  to  allow  
AWS  to  check  
whether  the  
instance  meets  
prerequisites    

The status field supports the following values:

•   “production” (default): Allows AWS to check whether the instance meets
the SAP required prerequisites for SAP support, from SAP Note 1656250
(requires SAP support portal login).3
•   “anonymous”: Does not allow AWS to check whether the instance meets
prerequisites.
•   “none”: Legacy mode for version 1.3.1 backwards compatibility.

Page  38  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

Appendix  B:  Verification  of  AWS  Data  

Provider  in  SAP  System  Monitoring  
The AWS Data Provider exposes AWS-specific metrics through an XML page at
http://localhost:8888/vhostmd of the given system.

This section explains which metrics get exposed to the SAP system, and how they
can be accessed for SAP system monitoring.

Checking  Metrics  with  the  SAP  OS  Collector  

(SAPOSCOL)  
The information provided by the AWS Data Provider for SAP is read by the SAP
Operating System Collector (SAPOSCOL).4 You can use the interactive mode of
SAPOSCOL to verify that the two tools are working together correctly. The
following example shows a lookup under Windows. A lookup under Linux is very
similar.

1.   Open a Windows command shell and direct the shell to the directory
C:\Program Files\SAP\hostctrl\exe. Start saposcol.exe with the -d
option.

Figure 37: Starting SAPOSCOL

2.   SAPOSCOL is now in interactive mode. Type dump ccm and press Enter to
list all values gathered. SAPOSCOL will display a lengthy list of metrics:

Page  39  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

Figure 38: Metrics from SAPOSCOL

•   The two following metrics indicate that SAPOSCOL is collaborating

successfully with the AWS Data Provider:
¾   Enhanced Monitoring Access TRUE
¾   Enhanced Monitoring Details ACTIVE
•   The AWS-specific metrics start with the following strings:
¾   Virtualization_Configuration
¾   CPU_Virtualization_Virtual_System
¾   Memory_Virtualization_Virtual_System
¾   System_Info_Virtualization_System

Figure 39: AWS-specific Metrics

Page  40  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

Checking  Metrics  with  the  SAP  CCMS  Transactions  

The SAPOSCOL hands the AWS enhanced statistics with other OS-specific
metrics to the SAP system. The AWS enhanced statistics can be checked in the
SAP CCMS as well. You can enter the transaction st06 (or /nst06 ) in the upper-
left transaction field of the SAP GUI for quick access to this data.

Note that you will need the appropriate authorizations to look up this
information.

Figure 40: Statistics in the SAP CCMS (Standard View)

On this screen, you can verify core AWS information such as:

•   Cloud provider
•   Instance type

Page  41  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

•   Status of enhanced monitoring access (must be TRUE)

•   Status of enhanced monitoring details (must be ACTIVE)
•   Virtual machine identifier

Important: The enhanced AWS metrics isn’t shown in standard view.

To view enhanced AWS statistics, choose the Standard View button in the
upper-left corner. It will change to Expert View and display the enhanced AWS
statistics. The list shown will be fairly comprehensive. It shows the processor
details:

Figure 41: Enhanced AWS Statistics (Expert View)

It also shows details about the memory subsystem (main memory and disks) and
network interfaces:

Page  42  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

Figure 42: Memory and Networking Statistics (Expert View)

Note: The screen illustrations in Figures 40-42 were taken from SAP NetWeaver
7.4 SP08. This version shows the enhanced AWS metrics in the Memory
Virtualization section. This problem has been fixed by SAP in later versions of
NetWeaver.

Page  43  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

Appendix  C:  Changes  and  Bug  Fixes  by  

Product  Version  
Release  1.2  (Sept.  16,  2014)  
•   New: Support for the T2, R3, C3 instance families.
•   New: Support for post-ECU (EC2 Compute Unit) instance types:
¾   New instance types don’t have ECU values any longer.
¾   The reference compute power for these instance types is a hardware
thread of the given processor. The total CPU power is equal to the
number of the vCPUs of a given instance type.
•   New: Support for new Amazon EBS GP2 volume type.
¾   Every volume is now tagged with the EBS volume type.
•   New: Report of EBS one-minute volume statistics.
¾   EBS volumes now report their individual sample interval in a separate
attribute.
•   Bug fix: EBS volume mapping for Windows devices now reports the correct
name.
•   Bug fix: Installation, update, and operation through HTTP/HTTPS proxies
has been fixed.
•   New: JRE 8 support has been added on Linux.

Release  1.2.1  (Sept.  29,  2014)  

•   Bug fix: EBS volumes now report correct attribute type (“string”) for
volume type.

Release  1.2.2  (Oct.  1,  2014)  

•   Windows bug fix: Installer executable pulls installation from correct
Amazon S3 bucket.

Page  44  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

•   Windows bug fix: AWS Data Provider now reports the correct disk
mapping for Windows EBS volumes with the following names: xvd[a-z][a-
z].

Release  1.3  (Feb.  17,  2015)  

•   New: Support for new Amazon EC2 C4 instance family.
•   Security fix: Upgraded Linux and Windows versions to JRE 8u31.
•   Bug fix: Relative performance of c3.8xlarge instances is now reported
correctly.
•   New: CloudWatch and Amazon EC2 metrics access points:
¾   Support for the EU (Frankfurt) Region was added.
¾   Access points are user configurable. Users can add information about
new regions without having to install a new product version.
¾   Access points are now updated from an Internet-based database file.
Users can add new regions by updating a web-based configuration file,
and then restarting the daemon/service.
•   New: Message log files with fixed disk space consumption are provided on
Linux.
•   New: User-configurable EC2 instance types are available.
•   New: Web update support was added for future EC2 instance types
without product updates.
•   Bug fix: GP2 volumes now report the correct sample interval time.
•   New: User-configurable sample times for new EBS volume types are now
available.
•   New: The AWS Data Provider now reports the virtualization type of the
EC2 instance.

Release  1.3.1  (June  2,  2015  and  July  14,  2015)  

•   Bug fixes: Security fixes.

Page  45  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

•   New: Support for C4, D2, M4 instance types. Users who migrate instances
with installed 1.3 agents will automatically receive support for the new
instance types through an updated configuration database on the web.

Release  2.0  (December  22,  2015)  

•   New: Windows devices in the range sdb to sdzz get correct SCSI device IDs
assigned.
•   New: Java VM consumption is now limited to 64 MB maximum heap size.

New  in  Release  2.1  (Jan.  20,  2016)  

•   Support for Asia Pacific (Seoul) Region.
•   Bug fix: Version 2.0 pulled files from an incorrect S3 bucket for
installation. Version 2.0 needs to be uninstalled before version 2.1 is
installed.

Release  2.5  (May  2,  2016)  

•   Bug Fixes: Security and stability fixes in versions 2.2-2.4.
•   New: Support for new Amazon EBS volume types:
¾   Throughput Optimized HDD (st1)
¾   Cold HDD (sc1)
•   New: Support for the Amazon EC2 X1 instance family.

Release  2.6  (September  1,  2016)  

•   Bug Fixes: Installation script checks for existence of wget
•   Support for Oracle Linux.

Release  2.7  (December  21,  2016)  

•   Support for Canadian, Ohio and UK region.
•   Added default access point resolution for common regions

Page  46  of  47    

Amazon  Web  Services  –  AWS  Data  Provider  for  SAP   September  2016  

Contributors  
The following individuals contributed to this document:
•   Stefan Schneider, solutions architect, Amazon Web Services

Notes  
 
1

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Internet_G
ateway.html
2 http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html
3 http://service.sap.com/sap/support/notes/1656250
4

https://help.sap.com/saphelp_nw70/helpdata/en/c4/3a6bff505211d18955000
0e829fbbd/frameset.htm

Page  47  of  47