You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/backup/backup-azure-sap-hana-database.md
+27Lines changed: 27 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -50,6 +50,9 @@ More details around using these options are shared below:
50
50
51
51
Private endpoints allow you to connect securely from servers inside a virtual network to your Recovery Services vault. The private endpoint uses an IP from the VNET address space for your vault. The network traffic between your resources inside the virtual network and the vault travels over your virtual network and a private link on the Microsoft backbone network. This eliminates exposure from the public internet. Read more on private endpoints for Azure Backup [here](./private-endpoints.md).
52
52
53
+
> [!NOTE]
54
+
> Private endpoints are supported for Azure Backup and Azure storage. Azure AD has support private end-points in private preview. Until they are generally available, Azure backup supports setting up proxy for AAD so that no outbound connectivity is required for HANA VMs. Refer to the [proxy support section](#use-an-http-proxy-server-to-route-traffic) for more details.
55
+
53
56
#### NSG tags
54
57
55
58
If you use Network Security Groups (NSG), use the *AzureBackup* service tag to allow outbound access to Azure Backup. In addition to the Azure Backup tag, you also need to allow connectivity for authentication and data transfer by creating similar [NSG rules](../virtual-network/network-security-groups-overview.md#service-tags) for Azure AD (*AzureActiveDirectory*) and Azure Storage(*Storage*). The following steps describe the process to create a rule for the Azure Backup tag:
@@ -87,6 +90,30 @@ You can also use the following FQDNs to allow access to the required services fr
87
90
> [!NOTE]
88
91
> Currently, we only support HTTP Proxy for Azure Active Directory (Azure AD) traffic for SAP HANA. If you need to remove outbound connectivity requirements (for Azure Backup and Azure Storage traffic) for database backups via Azure Backup in HANA VMs, use other options, such as private endpoints.
89
92
93
+
##### Using an HTTP proxy server for AAD traffic
94
+
95
+
1. Go to the "opt/msawb/bin" folder
96
+
2. Create a new JSON file named "ExtensionSettingOverrides.JSON"
97
+
3. Add a key-value pairs to the JSON file as follows:
98
+
99
+
```json
100
+
{
101
+
"UseProxyForAAD":true,
102
+
"UseProxyForAzureBackup":false,
103
+
"UseProxyForAzureStorage":false,
104
+
"ProxyServerAddress":"http://xx.yy.zz.mm:port"
105
+
}
106
+
```
107
+
108
+
4. Change the permissions and ownership of the file as follows:
109
+
110
+
```bash
111
+
chmod 750 ExtensionSettingsOverrides.json
112
+
chown root:msawb ExtensionSettingsOverrides.json
113
+
```
114
+
115
+
5. No restart of any service is required. The Azure Backup service will attempt to route the AAD traffic via the proxy server mentioned in the JSON file.
116
+
90
117
[!INCLUDE [How to create a Recovery Services vault](../../includes/backup-create-rs-vault.md)]
0 commit comments