Manualshelf

Best Practices for Deploying HP-UX Secure Resource Partitions (SRP) for SAP Whitepaper

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
11121314151617181920
11
Deployment best practices
Operating system choice
The following OS requirements are needed for using SRP with SAP:
HP-UX 11i version 3 (11.31)
Minimum OS patch requirements for SAP according to SAP note 837670
HP-UX 11i kernel requirements for SAP according to SAP Note: 172747
The following product versions were used for the reference architecture:
HP-UX Secure Resource Partitions and Configuration Manager: HP-UX-SRPA.02.00.001
HP-UX Secure Shell: SecureShell A.05.20.006,
If IPFilter will be used:
o IPFilter A.11.31.16
o OpenSSL Secure Network Communications Protocol : A.00.09.08k.003
Best practices for configuring SRP for SAP during an installation
SRP with SAP configurations
If a high separation level is required during an installation, the SRP compartment should be created
before starting the SAP installation. The access to other already existing SAP systems in other SRP
compartments on the host will then be limited.
For the installation of an SAP system, more access rights to directories like /oracle have to be
provided. This has to be changed after the SAP installation.
Note
After the installation of SAP within an SRP compartment, follow the
instructions in the section of this white paper, “Best practices for configuring
SRP for the SAP production system.”
To configure a completely new SAP system with SRP usage, follow the next steps:
1. Create the file system and check the OS patch level and kernel tunables as described in the
respective SAP installation guide and Note: 837670 and
Note: 172747.
The directory structure required by SAP should be created before creating the individual SRP
compartments and starting the installation. Refer to the white paper section,SRP rule file
SAP_INST.hfor which directories must exist. If they do not exist, sapinst will fail, because
the parent directories like /oracle or /sapmnt do not have write permission per definition of
the SRP compartment rule files.
2. Create the SAP users and groups for the SAP system as described in the SAP OS
dependency guide. Required users are the <sid>adm, the ora<sid> user and a root user
with the respective OS groups.
3. Create a new OS login group used for the login to the SRP compartment. Add the created
users required for SAP to this group.
4. Define an IP Address for the SRP compartment to be created. Decide if a hostname, other
than the physical hostname, will be used for the SRP compartment; if so, use this hostname