Skip to Content

Allowing on-premises Users to access a protected HANA instance through Route 53 (Work in Progress)

The route53 agent described here is an open source solution. There is as of today (April 2017) no support from AWS or SUSE for it.

Both parties work however jointly to make this solution available as a supported product.

Why does it take an additional agent?

The current Overlay IP address agent only allows application servers inside the VPC to access a protected HANA server.

HANA Studio users working from on-premises work places will not be able to reach this Overlay IP address. The AWS gateway will not route traffic to it.

A name based approach using the AWS DNS service Route53 will allow users to reconnect from on premises through a name. The SLES HAE cluster will update the correct IP address behind this name.

How do I install this agent?

This agent will be installed after the standard HANA on AWS setup. The Route 53 agent will change the IP address of a Route 53 named zone whenever the Overlay IP agent will be called as well.

Both agents operate in parallel. The Overlay IP agent will route traffic from the Overlay IP address to the active node. The Route 53 agent will update the name of the HANA server with the current IP address in an Availability zone.

What is this agent doing?

The internal working of this agent is described in the document DNS Name Failover for Highly Available AWS Services. This document is independent of SAP. It describes how the Route 53 hosted zone is getting updated.

Will this agent work with other applications?

Yes. This application is independent of SAP. It work as well with the SAP Netweaver Central Instance components of SLES HAE.

How is this software available?

AWS released this software under an MIT license. The license file states:

Copyright 2017 Amazon.com, Inc. and its affiliates

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

AWS engineers currently work with Pacemaker engineers to check in the agent into the upstream repository.

This documentation assumes that the Overlay IP address agent including the SLES  Pacemaker cluster is already installed.

The installation of this agent is being described in the previous section.

The one thing which should be added, very early, at the time of the EC2 instance creation are the prerequisites as being described in the first section.

 



book | by Dr. Radut