DNS integration with SAP RISE in multi-cloud environment series guide – GCP
source link: https://blogs.sap.com/2023/02/27/dns-integration-with-sap-rise-in-multi-cloud-environment-series-guide-gcp/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
DNS plays the ‘phone book’ role in the internet world. As multi-cloud setup has become more and more prevalent for enterprise customers. The Integration of customer-owned on-premise networks with cloud-based infrastructures to provide a seamless domain name resolution experience is vital to customers’ enterprise landscapes.
link to guide for Azure: here
link to guide for AWS: here
Problem Description
In this article, we are addressing such scenarios, where SAP RISE customers have their SAP workloads hosted on SAP managed cloud environment (on Azure, AWS, GCP, or SAP Data Center), while might also have one or both of: their own on-premise data centers, and their own hyperscalers (Azure, AWS, or GCP) subscription. And each network environment has its own DNS setup. Chaos might occur if domain names or IP ranges were not properly routed.
Thereby, we are proposing a reference architecture for such scenarios to resolve DNS requests coming from all sources (SAP RISE managed environments, on-premise data center DNS servers, and customer’s own hyperscalers DNS services), with disaster recovery been considered.
Terminologies and Abbraviations
DNS: short for Domain Name System. It translates between domain names (like *.ecs.sap.com) and IP addresses (like 192.168.1.1 in IPv4, 2400:cb00:2048:1::c629:d7a2 in IPv6) in both ways.
DNS Zone Transfer: [SAP RISE preferred] one of the mechanisms to replicate DNS databases across a set of DNS servers. SAP RISE recommends this because of: its high availability; it provides redundancy and higher SLA, especially for DR scenarios; it can establish reliable status monitoring. The disadvantage is: DNS Notifiers should be in place to ensure the full DNS TTL Delay.
DNS Conditional Forward (or so-called ‘IP Forward’): DNS servers that only forward queries for specific domain names. The advantage is, if no outbound traffic from SAP RISE is necessary, customers do not have to configure their own DNS for their inbound traffic. The disadvantages are: customer OP DNS may suffer delay due to forward cache (but configurable); also due to forward cache, failover could take more time, hence diminishing SLA; limited status monitoring.
Zone Delegation: a process of assigning authority over a domain or subdomain to different DNS servers to keep records updated. The advantage is: customers can manage OP DNS through SAP RISE as a single point. The disadvantages are: configuration is onerous; lower performance due to increased DNS traffic; diminished SLA.
Consensus / Prerequisites
- Only server-side DNS servers are been considered in this reference architecture, client-side DNS (if any) are not been addressed here
- Disaster recovery on customer’s data center is not been considered
- Network connections for pairing virtual networks or connecting on-premise networks with the cloud (like VPC peering, VNet peering, VPN, .etc), and other network components (like load balancer, .etc.) are not been addressed in this reference architecture. Separate reference architectures will be created in later blog series.
- SAP RISE DNS servers are seen as resources, and each standard virtualized DNS cluster deployed within a zone contains 2 DNS servers for HA.
- DNS services on customer’s own hyperscalers are seen as services, and customers should ensure HA/DR been enabled on service level
- In DR cases, we call it by zone, instead of region, since RISE customers can may deploy SDDR (different zones within the same region), or LDDR (in different regions)
- The offerings by hyperscalers (Azure, AWS, and GCP) are based on the services’ general availability of hyperscalers providers’ (Microsoft, Amazon, and Google) official documentation online, as of this blog’s publishing date of time The offerings by SAP RISE are based on SAP ECS service guidance as of this blog’s publishing date of time
Architecture Design
on customer’s GCP subscription side:
Option 1: GCP DNS is server deployed on GCP compute engine (see Fig. 1 and Fig. 2)
- zone transfer (SAP RISE preferred DNS integration approach) is applied
Option 2: GCP DNS is GCP service (see Fig. 3 and Fig. 4), and SAP RISE is not on GCP
- DNS conditional forward is been used to integrate RISE DNS and OP DNS
- in DR case, Cloud DNS is shared by 2 VPCs from main zone and DR zone
Option 3: GCP DNS is GCP service (see Fig. 5 and Fig. 6), and SAP RISE is on GCP
- DNS peering is used to peer GCP cloud DNS on SAP RISE and GCP cloud DNS on customer’s own GCP cloud DNS
- the peered GCP cloud DNS on SAP RISE will do DNS conditional forward with SAP RISE DNS cluster
on SAP RISE subscription side:
- RISE DNS cluster (contains 2 DNS servers) is been deployed within the same virtual private cloud as SAP-managed VMs
- RISE DNS shares information with OP DNS through DNS zone transfer
- In DR case, a DNS cluster is deployed in each zone, the 2 DNS clusters share information through DNS zone transfer
on customer’s data center side:
- OP DNS can optionally share some information with RISE DNS through DNS conditional forward
Fig. 1: Reference architecture for DNS integration when customer’s GCP DNS is server on GCP
Fig. 2: Reference architecture for DNS integration with DR considered when customer’s GCP DNS is server on GCP
Fig. 3: Reference architecture for DNS integration when customer’s GCP DNS is GCP service, and SAP RISE is not on GCP
Fig. 4 Reference architecture for DNS integration with DR considered when customer’s GCP DNS is GCP service, and SAP RISE is not on GCP
Fig. 5: Reference architecture for DNS integration when customer’s GCP DNS is GCP service, and SAP RISE is on GCP
Fig. 6 Reference architecture for DNS integration with DR considered when customer’s GCP DNS is GCP service, and SAP RISE is on GCP
Disclaimer
- SAP takes no responsibility for managing and operating customers’ own data center, nor for customers’ own hyperscaler subscription
- RISE customers should provide corresponding DNS information, with regard to SAP ECS guidance
- RISE customers should be aware of the pros and cons of the selected DNS integration approach
Acknowledgment to contributors/reviewers/advisors:
Ke Ma (a.k.a. Mark), Senior Consultant, SAP IES AI CoE / RISE with SAP RA group
Jyothi Prakash Lakshmi, Network Engineer, SAP ECS
Richard Traut, Cloud Architect Expert, SAP RISE CAA
Kevin Flanagan, Head of SAP RISE CAA EMEA North
Murad Mursalov, Cloud Architect Expert, SAP RISE CAA
Luc DUCOIN, Cloud Architect Expert, SAP RISE CAA
Sven Bedorf, Head of SAP RISE CAA MEE
Jires Sahakian Khongi, Cloud Architect, SAP RISE CAA
Frank Gong, Digital Customer Engagement Manager, SAP ECS
Recommend
-
3
Build your own “data lake” for reporting purposes in a multi-services environment Tech companies nowadays swear by data-driven decisions. It can be good for specific business KPIs, however, if taken too far it can le...
-
9
Observability in Hybrid Multi-cloud environment
-
3
Multi-cloud Architecture Guide September 14, 2021 by Molly Clancy // Leave a c...
-
2
Tom Slee September 21, 2022 5 minute read ...
-
6
SAP HANA Cloud goes “multi-environment”: Part 2- getting started The SAP HANA Cloud 2022 QRC3 release is happening. You can read about the major enhancements in Thomas Hammer’s blog post
-
11
empower SAP RISE enterprise users with ChatGPT in multi-cloud environment ChatGPT by Open AI has become the hottest chatbot for commercial use in recent m...
-
3
DNS plays the ‘phone book’ role in the internet world. As multi-cloud setup has become more and more prevalent for enterprise customers. The Integration of customer-owned on-premise networks with cloud-based infrastructures to provide a seamless d...
-
11
DNS plays the ‘phone book’ role in the internet world. As multi-cloud setup has become more and more prevalent for enterprise customers. The Integration of customer-owned on-premise networks with cloud-based infrastructures to provide a seamless d...
-
9
Harmonized Single Sign-On for SAP RISE customers in Multi-Cloud Environment 0 7 555 updated...
-
11
Martin Pankraz June 30, 2023 7 minute read...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK