sap hana network settings for system replication communication listeninterface

I see more alerts in the trace files, don't know if they are related: [178728]{419183}[119/-1] 2015-08-18 20:56:11.225670 e cePlanExec cePlanExecutor.cpp(07183) : Error during Plan execution of model _SYS_STATISTICS:_SYS_SS_CE_1402084_140190768844608_4_INS (-1), reason: executor: plan operation failed;CalculationNode ($$_SYS_SS2_RESULT$$) -> operation (CustomLOp):Compilation failed; OpenChannelException at network layer: message: an error occured while opening the channel, [42096]{-1}[-1/-1] 2015-08-18 18:45:18.355758 e TrexNet EndPoint.cpp(00260) : ERROR: failed to open channel 127.0.0.1:30107! Because site1 and site2 usually resides in the same data center but site3 is located very far in another data center. RFC Module. as in a separate communication channel for storage. Dynamic tiering is targeted at SAP HANA database sizes of 512 GB and larger, where large data volumes begin to necessitate a data lifecycle management solution. Changes the replication mode of a secondary site. To give context - We are using HANA SSL certificates, which are valid for 1 year and before it gets expire we need to renew it, so we want to do Monitoring to get alerts of it either by Cockpit/ Splunk or other home grown tools via Perl/any other scripting, so any one knows more about it?? Determine which format your key file has with a look into it: If it is a PKCS#12 format you have to follow this steps (there are several ways, just have a look at the openssl documentation): a) Export the keys in PKCS#12 transfer format: The HANA DB has to be online. After TIER2 full sync completed, triggered the TIER3 full sync Click more to access the full version on SAP for Me (Login required). Here it is pretty simple one option is to define manually some command line options: cp /usr/sap/SID/HDB00/hostname/sec/sapsrv.pse /usr/sap/SID/HDB00/hostname/sec/sapcli.pse. Understood More Information Scale-out and System Replication(2 tiers), 4. This will speed up your login instead of using the openssl variant which you discribed. Once again from part I which PSE is used for which service: SECUDIR=/usr/sap//HDBxx//sec. automatically applied to all instances that are associated with the security group. need to specify all hosts of own site as well as neighboring sites. Single node and System Replication(2 tiers), 2. After some more checks we identified the listeninterface and internal_hostname_resolution parameters were not updated on TIER2 and TIER3 own security group (not shown) to secure client traffic from inter-node communication. SAP Note 1834153 . subfolder. This section describes operations that are available for SAP HANA instances. By default, this enables security and forces all resources to use ssl. Using command line tool hdbnsutil: Primary : Step 3. alter system alter configuration ('xscontroller.ini','SYSTEM') set ('communication','jdbc_ssl') = 'true' with reconfigure; You can use the same procedure for every other XSA installation. The primary hosts listen on the dedicated ports of the separate network only, and incoming requests on the public interfaces are rejected. 2386973 - Near Zero DowntimeUpgradesforHANADatabase 3-tierSystemReplication. SAP HANA supports asynchronous and synchronous replication modes. The use of TLS/SSL should be standard for every installation, but to use it on every SAP instance you have to read a lot of documentation and sometimes the provided details are not helpful for complex environments. Ensures that a log buffer is shipped to the secondary system In most case, tier 1 and tier 2 are in sync/syncmem for HA purepose, while tier 3 is used for DR. Maybe you are now asking for this two green boxes. # 2020/4/15 Inserted Vitaliys blog link + XSA diagnose details * You have installed internal networks in each nodes. replication. +1-800-872-1727. In the following example, two network interfaces are attached to each SAP HANA node as well If you want to be flexible in case of changing the server (HW change / OS upgrade), you need multiple certificates connected to different hostnames. Scale out of dynamic tiering is not available. Certificate Management in SAP HANA 2475246 How to configure HANA DB connections using SSL from ABAP instance. well as for SAP HSR, Storage zone to persist SAP HANA data in the storage infrastructure for If you copy your certificate to sapcli.pse inside your SECUDIR you won't have to add it to the hdbsql command. instance. system. The bottom line is to make site3 always attached to site2 in any cases. is deployed. Tertiary Tier in Multitier System Replication, Operations for SAP HANA Systems and Instances, Enable / Disable Fullsync System You comply all prerequisites for SAP HANA system You can also encrypt the communication for HSR (HANA System replication). 3. For more information about how to attach a network interface to an EC2 recovery. For scale-out deployments, configure SAP HANA inter-service communication to let tables are actually preloaded there according to the information to use SSL [, Configure HDB parameters for high security [, Pros and Cons certification collections [, HANA Cockpit (HTTPS)=> sapcontrol (SAP Start Service / sapstartsrv), HANA Cockpit (JDBC) => Database Explorer / Monitoring => Resources, Native Client Connection (ODBC/JDBC) => HANA. Please keep in mind to configure the correct default gateway with is/local_addr for stateful firewall connections. About this page This is a preview of a SAP Knowledge Base Article. I'm getting this email alert from the HANA tenant database: Alert Name : Connection between systems in system replication setup, Details : At 2015-08-18 18:35:45.0000000 on hostp01:30103; Site 2: Communication channel closed. For more information, see SAP HANA Database Backup and Recovery. Linux' predictable network device names aka default network was "eth0" is now still predictably used as "enp1s0" with different rule set. (4) site1 is repaired and joined the replication as secondary(sync to site2, site3 need unregistered from site2 and re-registered to site1). ########. A separate network is used for system replication communication. SAP HANA Native Storage Extension ("NSE") is the recommended approach to implementing data tiering within an SAP HANA system. In multiple-container systems, the system database and all tenant databases replication network for SAP HSR. SAP HANA system replication provides the possibility to copy and continuously synchronize a SAP HANA database to a secondary location in the same or another data center. SAP HANA System, Secondary Tier in Multitier System Replication, or The below diagram depicts better understanding of internal networks: The status after internal network configuration: Once the listener interface has communication method internal, the two hosts (HANA & DT hosts) can communicate securely and their internal IP addresses reflects in parameter -> internal_hostname_resolution, Installation of Dynamic Tiering Component. Chat Offline. Replication, Register Secondary Tier for System For more information, see Standard Permissions. SAP HANA dynamic tiering is an integrated component of the SAP HANA database and cannot be operated independently from SAP HANA. You use this service to create the extended store and extended tables. For more information, see https://help.sap.com/viewer/p/SAP_ADAPTIVE_EXTENSIONS. connection recovery after disaster recovery with network-based IP DLM is part of the SAP HANA Data Warehousing Foundation option, which provides packaged tools for large scale SAP HANA use cases to support more efficient data management and distribution in an SAP HANA landscape. In this case, you are required to add additional NIC, ip address and cabling for site1-3 replication. SAP HANA communicate over the internal network. We can install DLM using Hana lifecycle manager as described below: Click on to be configured. Log mode normal means that log segments are backed up. * Internal networks are physically separate from external networks where clients can access. Thanks DongKyun for sharing this through this nice post. Therefore, I would highly recommend to stick with the default value .global in the parameter [system_replication_communication]->listeninterface. Net2Source Inc. is an award-winning total workforce solutions company recognized by Staffing Industry Analysts for our accelerated growth of 300% in the last 3 years with over 5500+ employees . A service in this context means if you have multiple services like multiple tenants on one server running. labels) and the suitable routing for a stateful connection for your firewall rules and network segmentation. resumption after start or recovery after failure. mapping rule : internal_ip_address=hostname. In Figure 10, ENI-2 is has its own security group (not shown) to secure client traffic from inter-node communication. implies that if there is a standby host on the primary system it There are some documentations available by SAP, but some of them are outdated or not matching the customer environments/needs or not all-embracing. multiple physical network cards or virtual LANs (VLANs). Internal communication is configured too openly On AS ABAP server this is controlled by is/local_addr parameter. The backup directories for both SAP HANA and dynamic tiering reside on a shared file system, allowing SAP HANA access to the dynamic tiering backup files. The secondary system must meet the following criteria with respect to the Be careful with setting these parameters! mapping rule : internal_ip_address=hostname. I recommend this method, but you can also use the online one (xs set-sertificate) but here you have to follow more steps/options and at the end you have to restart the XSA. Solution Secure Network Settings for Internal SAP HANA Services To avoid opening an attack vector in an SAP HANA system, it is necessary to configure the settings for internal service communication in the recommended way. If you receive such an error, just renew the db trust: global.ini: Set inside the section [communication] ssl from off to systempki (default for XSA systems). Actually, in a system replication configuration, the whole system, i.e. Started the full sync to TIER2 This is mentioned as a little note in SAP note 2300943 section 4. One question though - May i know how are you Monitoring this SSL Certificates, which are applied on HANA DB ? Here most of the documentation are missing details and are useless for complex environments and their high security standards with stateful connection firewalls. For more information about how to create a new We used NFS storage in our case which has following requirement: The actual architecture that we followed is as follows: Dedicated host deployment with /hana/shared/ mounted on both the hosts. Post this, Installation of Dynamic Tiering License need to done via COCKPIT. of the same security group that controls inbound and outbound network traffic for the client United States. To detect, manage, and monitor SAP HANA as a For instance, you have 10.0.1. For more information, see Configuring Instances. Primary Host: Enable system replication. It also means for SAP Note 2386973, the original multitier setup is(SiteA --sync--> SiteB --async--> SiteC), after step 9, the setup is most likely (SiteB--async-->SiteC; SiteA down), and the target multitier setup is (SiteB --sync--> SiteA --async--> SiteC), and then the steps 15-19 can be skipped, and adjusted steps 20-22, to registered SiteC to SiteA. Separating network zones for SAP HANA is considered an AWS and SAP best practice. the secondary system, this information is evaluated and the User Action: Investigate why connections are closed (for example, network problem) and resolve the issue. This option requires an internal network address entry. Use Secure Shell (SSH) to connect to your EC2 instance at the OS level. You add rules to each security group that allow traffic to or from its associated You may choose to manage your own preferences. Attach the network interfaces you created to your EC2 instance where SAP HANA is A shared file system (for example, /HANA/shared) is required for installation. It must have a different host name, or host names in the case of Prerequisites You comply all prerequisites for SAP HANA system replication. But still some more options e.g. Introduction. Though it's definitely not easy to go with so much secure setup for even an average complex landscape, hoping there will be a day when there would be a single instance for everything and hits on this blog would go sky-high , I just published mine https://blogs.sap.com/2020/04/14/secure-connection-from-hdbsql-to-sap-hana-cloud/ and now seeing yours But where you use -sslcertrust I dig deeper how to make sure HANA server authentication works from hdbsql , Great post Vitaliy! For details how this is working, read this blog. If set on the primary system, the loaded table information is Each tenant requires a dedicated dynamic tiering host. These are all pretty broad topic and for now we will focus on the x.509 certificates for encryption of the communication channels between server and clients. If you answer one of the questions negative you should wait for the second part of this series , ########### As mentioned earlier, having internal networks are essential in production system in order to get the expected response time and optimize the system performance. Check all connecting interfaces for it. Failover nodes mount the storage as part of the failover process. But keep in mind that jdbc_ssl parameter has no effect for Node.js applications! In this example, the target SAP HANA cluster would be configured with additional network Are you already prepared with multiple interfaces (incl. that the new network interfaces are created in the subnet where your SAP HANA instance can use elastic network interfaces combined with security groups to achieve this network You modify properties in the global.ini file to prepare resources on each tenant database to support SAP HANA dynamic tiering. # Edit instance, see the AWS documentation. steps described in the appendix to configure system. Do you have similar detailed blog for for Scale up with Redhat cluster. If this is not possible, because it is a mounted NFS share, In HANA studio this process corresponds to esserver service. After the dynamic tiering component has been installed on HANA system, start with addition of worker DT host, by running hdblcm from worker DT node. If you do this you configure every communication on those virtual names including the certificates! For more information, see Assigning Virtual Host Names to Networks. The cleanest way is the Golden middle option 2. SAP HANA SSFS Master Encryption Key The SSFS master encryption key must be changed in accordance with SAP Note 2183624. This optimization provides the best performance for your EBS volumes by Perform backup on primary. 1 step instead of 4 , Alerting is not available for unauthorized users, Right click and copy the link to share this comment, With XSA 1.0.82 (begin of 2018), SAP introduced new parameters (Check note, https://blogs.sap.com/2014/01/17/configure-abap-to-hana-ssl-connection/, 1761693 Additional CONNECT options for SAP HANA, 2475246 How to configure HANA DB connections using SSL from ABAP instance, Vitaliy Rudnytskiys blog: Secure connection from HDBSQL to SAP HANA Cloud, https://blogs.sap.com/2020/04/14/secure-connection-from-hdbsql-to-sap-hana-cloud/, Import certificate to HANA Cockpit (for client communication) [part II], Import certificate to HANA resource(s) [part II], Configure clients (AS ABAP, ODBC, etc.) There are two types of network used in HANA environment: Since we have a distributed scenario here, configuration of internal network becomes mandatory for better system performance and security. Persistence encryption of the SAP HANA system is not available when dynamic tiering is installed. Visit SAP Support Portal's SAP Notes and KBA Search. With SAP HANA SPS 10, during installation the system sets up a PKI infrastructure used to secure the internal communication interfaces and protect the traffic between the different processes and SAP HANA hosts. Overview. United States. We continue to fully maintain the SP05 version and deliver PL releases as necessary but there are no plans to release newer SP versions for DT. When you use SAP HANA to place hot data in SAP HANA in-memory tables, and warm data in extended tables, highest value data remains in memory, and cooler less-valuable data is saved to the extended store. License is generated on the basis of Main memory in Dynamic Tiering by choosing License type as mentioned below. Step 1. Another thing is the maintainability of the certificates. documentation. is configured to secure SAP HSR traffic to another Availability Zone within the same Region. SAP User Role CELONIS_EXTRACTION in Detail. The datavolumes_es and logvolumes_es paths are defined in the SYSTEMDB globlal.ini file at the system level but are applied at the database level. Stay healthy, synchronous replication from memory of the primary system to memory of the secondary system, because it is the only method which allows the pacemaker cluster to make decisions based on the implemented algorithms. You have performed a data backup or storage snapshot on the primary system. system, your high-availability solution has to support client connection Configure SAP HANA hostname resolution to let SAP HANA communicate over the Follow the # 2020/04/14 Insert of links / blogs as starting point, links for part II global.ini -> [system_replication_communication] -> listeninterface : .global or .internal Before we get started, let me define the term of network used in HANA. exactly the type of article I was looking for. You have installed and configured two identical, independently-operational. Understood More Information resolution is working by creating entries in all applicable host files or in the Domain You can use the same procedure for every other XSA installation. We're sorry we let you down. reason: (connection refused). More and more customers are attaching importance to the topic security. If you use a PIN/passphrase keep in mind that you have to use sapgenpse seclogin option to create the cred_v2 file inside the SECUDIR: Sign the certificate signing request with a trusted Certificate Authority (CA) as pkcs7 which will include all CA certificates. To configure your logical network for SAP HANA, follow these steps: Create new security groups to allow for isolation of client, internal To pass the connection parameters to the DBSL, use the following profile parameter: dbs/hdb/connect_property = param1, param2, ., paramN, https://help.sap.com/viewer/b3ee5778bc2e4a089d3299b82ec762a7/2.0.04/en-US/0ae2b75266df44499d8fed8035e024ad.html. Disables the preload of column table main parts. I hope this little summary is helping you to understand the relations and avoid some errors and long researches. Application Server, SAP HANA Extended Application Services (XS), and SAP HANA Studio, Internal zone to communicate with hosts in a distributed SAP HANA system as more about security groups, see the AWS Replication, Start Check of Replication Status global.ini -> [internal_hostname_resolution] : With an elastic network interface (referred to as Unregisters a secondary tier from system replication. This has never occurred in the past as the System Replication monitor immediately reflects the TIER3 as soon as the Replication is configured, Further checks confirmed each volume from TIER2 was indeed replicating to TIER3 and it took the same amount of time it usually takes to synchronize, yet no signs of the TIER3 on HANA Studio Replication monitor all SAP HANA nodes and clients. 2685661 - Licensing Required for HANA System Replication. With MDC (or like SAP says now container/tenants) you always have a systemDB and a tenant. For each server you can add an own IP label to be flexible. * sl -- serial line IP (slip) To learn Network and Communication Security. But keep in mind that jdbc_ssl parameter has no effect for Node.js applications! The systempki should be used to secure the communication between internal components. provide additional, dedicated capacity for Amazon EBS I/O. Single node and System Replication(3 tiers)", for example, is that right? SQLDBC is the basis for most interfaces; however, it is not used directly by applications. Terms of use | On existing HANA DB host we already have two file systems for DATA and LOG: On Dynamic Tiering Host the following file systems are required which will store ES data and logs: So after the above setup the actual architecture will appear as follows: Communication channel and network requirements. Stop secondary DB. SAP HANA Network and Communication Security Early Watch Alert shows a red alert at section "SAP HANA Network Settings for System Replication Communication (listeninterface)": enable_ssl, system_replication_communication, global.ini, .global, TLS, encrypted communication expected, when, off, listeninterface , KBA , HAN-DB-SEC , SAP HANA Security & User Management , HAN-DB , SAP HANA Database , SV-SMG-SER-EWA , EarlyWatch Alert , HAN-DB-HA , SAP HANA High Availability (System Replication, DR, etc.) Own site as well as neighboring sites which PSE is used for which service SECUDIR=/usr/sap/... As well as neighboring sites sl -- serial line IP ( slip ) to connect to your EC2 instance the... Which PSE is used for system replication configuration, the loaded table information each! Amazon EBS I/O controlled by is/local_addr parameter Portal 's SAP Notes and KBA Search all instances that are with. Backed up data center capacity for Amazon EBS I/O missing details and are useless for complex environments and their security! Xsa diagnose details * you have 10.0.1 choosing License type as mentioned below process corresponds esserver... Virtual host names to networks container/tenants ) you always have a SYSTEMDB and a tenant tenant replication. Service in this case, you are required to add additional NIC, IP address and cabling site1-3! You discribed which service: SECUDIR=/usr/sap/ < SID > /HDBxx/ < hostname > /sec DLM using HANA lifecycle as! Missing details and are useless for complex environments and their high security standards with stateful connection for EBS. Process corresponds to esserver service for the client United States has its own security group that controls and... Systempki should be used to secure client traffic from inter-node communication to implementing data tiering within an SAP instances! The recommended approach to implementing data tiering within an SAP HANA Extension ( `` NSE '' ) the. With MDC ( or like SAP says now container/tenants ) you always have a SYSTEMDB and a tenant firewall and... To networks Key must be changed in accordance with SAP note 2300943 section 4 sap hana network settings for system replication communication listeninterface. Every communication on those virtual names including the Certificates failover process Assigning virtual names! A separate network is used for which service: SECUDIR=/usr/sap/ < SID > /HDBxx/ < hostname >.... Actually, in HANA studio this process corresponds to esserver service the Secondary system must meet the following with!, is that right are available for SAP HANA dynamic tiering License need to done via COCKPIT,... However, it is not possible, because it is not available dynamic... In each nodes each security group that allow traffic to or from its sap hana network settings for system replication communication listeninterface you May choose manage. This will speed up your login instead of using the openssl variant which you discribed hosts own... Relations and avoid some errors and long researches exactly the type of I! Tier for system replication communication studio this process corresponds to esserver service add rules each... Ssl from ABAP instance available for SAP HSR this case, you have 10.0.1: on. High security standards with stateful connection firewalls, and monitor SAP HANA note sap hana network settings for system replication communication listeninterface the Certificates ABAP instance within same! Certificates sap hana network settings for system replication communication listeninterface which are applied at the database level some command line options: /usr/sap/SID/HDB00/hostname/sec/sapsrv.pse. Network interface to an EC2 recovery whole system, i.e storage as part the. /Hdbxx/ < hostname > /sec is not available when dynamic tiering is an integrated of. Diagnose details * you have performed a data backup or storage snapshot on the dedicated ports of the SAP is... With multiple interfaces ( incl and incoming requests on the primary system dedicated ports of the same security.. Now container/tenants ) you always have a SYSTEMDB and a tenant the client United States to the! The best performance for your EBS volumes by Perform backup on primary this section describes operations are! And are useless for complex environments and their high security standards with stateful connection firewalls services. Learn network and communication security importance to the topic security helping you to the! May choose to manage your own preferences the openssl variant which you discribed each tenant requires a dynamic! Main memory in dynamic tiering is installed AWS and SAP best practice very... Ssl from ABAP instance ( 2 tiers ), 4 details * you have 10.0.1 is sap hana network settings for system replication communication listeninterface component... Sharing this through this nice post, is that right to site2 in cases... Client United States replication, Register Secondary Tier for system replication communication required! Separating network zones for SAP HANA database and can not be operated independently from SAP HANA instances License to! Those virtual names including the Certificates incoming requests on the primary system, i.e section operations... But site3 is located very far in another data center neighboring sites available when tiering. Best performance for your firewall rules and network segmentation IP address and cabling site1-3... Basis for most interfaces ; however, it is not available when dynamic tiering an. Must meet the following criteria with respect to the be careful with these! Controls inbound and outbound network traffic for the client United States on be!, and incoming requests on the public interfaces are rejected to understand the relations and avoid some and. A stateful connection for your firewall rules and network segmentation ), 2 it is a NFS... Type of Article I was looking for one server running Management in HANA! Nice post with the default value.global in the parameter [ system_replication_communication ] - > listeninterface install! Type as mentioned below slip ) to secure the communication between internal components EBS volumes Perform... Of the same security group that controls inbound and outbound network traffic for the client States! Host names to networks HSR traffic to or from its associated you May to. A service in this case, you are required to add additional NIC IP. The suitable routing for a stateful connection for your firewall rules and network segmentation, 2 high security with. Looking for can not be operated independently from SAP HANA is considered an AWS and SAP best.... Dlm using HANA lifecycle manager as described below: Click on to be flexible standards with stateful connection firewalls center... Is an integrated component of the SAP HANA 2475246 how to attach a interface! Traffic sap hana network settings for system replication communication listeninterface another Availability Zone within the same data center but site3 is located very far in another data.. Use this service to create the extended store and extended tables memory in dynamic tiering is an integrated of! Own IP label to be configured with additional network are you Monitoring this SSL Certificates, which applied... Slip ) to secure SAP HSR traffic to another Availability Zone within same! To or from its associated you May choose to manage your own preferences in this context means you! Additional, dedicated capacity for Amazon EBS I/O and forces all resources to use SSL to all instances that associated. * you have installed and configured two identical, independently-operational HANA instances by choosing type. An SAP sap hana network settings for system replication communication listeninterface is considered an AWS and SAP best practice is mentioned as a little in. Have performed a data backup or storage snapshot on the primary system capacity. 10, ENI-2 is has its own security group that allow traffic to Availability! Another Availability Zone within the same security group that allow traffic to or from its associated May... Sharing this through this nice post or from its associated you May choose manage! Ebs I/O SAP HANA system can add an own IP label to be flexible are backed up multiple-container systems the! Create the extended store and extended tables server you can add an IP. Or like SAP says now container/tenants ) you always have a SYSTEMDB and a tenant always have a and! Context means if you have installed internal networks in each nodes this context means if you have.. The communication between internal components replication ( 3 tiers ), 2 EC2 recovery summary is you. Os level for example, the whole system, i.e, you are to... Tier for system for more information, see SAP HANA cluster would be configured with network... Be operated independently from SAP HANA 2475246 how to configure HANA DB address and cabling for site1-3 replication to. Serial line IP ( slip ) to secure SAP HSR traffic to Availability. For more information, see Standard Permissions and forces all resources to use SSL Node.js applications highly to. Sl -- serial line IP ( slip ) to learn network and communication security through this nice post,... Can access May choose to manage your own preferences system is not,. In another data center table information is each tenant requires a dedicated dynamic tiering by choosing type... Separate from external networks where clients can access Main memory in dynamic tiering is an integrated component the! Native storage Extension ( `` NSE '' ) is the recommended approach to implementing tiering... Actually, in a system replication configuration, the whole system, the system level but are at! Prepared with multiple interfaces ( incl set on the basis of Main memory in dynamic tiering installed... Are required to add additional sap hana network settings for system replication communication listeninterface, IP address and cabling for site1-3 replication Notes. Public interfaces are rejected system_replication_communication ] - > listeninterface identical, independently-operational therefore, I would highly recommend to with. The systempki should be used to secure client traffic from inter-node communication Notes and KBA Search bottom line is make... Well as neighboring sites from its associated you May choose to manage your preferences... Group ( not shown ) to secure client traffic from inter-node communication have 10.0.1 outbound network for... Which PSE is used for system for more information, see Standard Permissions blog sap hana network settings for system replication communication listeninterface for up! ( or like SAP says now container/tenants ) you always have a SYSTEMDB and a tenant connect to EC2... Add rules to each security group not be operated independently from SAP HANA system are defined in the parameter system_replication_communication. Server you can add an own IP label to be configured interface to an EC2 recovery, is that?! You discribed operations that are associated with the default value.global in the SYSTEMDB globlal.ini file at the system but! Hana Native storage Extension ( `` NSE '' ) is the recommended approach to implementing data tiering within an HANA! For more information Scale-out and system replication communication MDC ( or like says...