AZ-120 : Planning and Administering Microsoft Azure for SAP Workloads : Part 02

AZ-120 : Planning and Administering Microsoft Azure for SAP Workloads : Part 02

1. Case Study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided. To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study. At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section. To start the case study
   To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question. Overview Litware, Inc. is an international manufacturing company that has 3,000 employees. Litware has two main offices. The offices are located in Miami, FL, and Madrid, Spain. Existing Environment Infrastructure Litware currently uses a third-party provider to host a datacenter in Miami and a disaster recovery datacenter in Chicago, IL. The network contains an Active Directory domain named litware.com. Litware has two third-party applications hosted in Azure. Litware already implemented a site-to-site VPN connection between the on-premises network and Azure. SAP Environment Litware currently runs the following SAP products:- Enhancement Pack6 for SAP ERP Central Component 6.0 (SAP ECC 6.0)
   – SAP Extended Warehouse Management (SAP EWM)
   – SAP Supply Chain Management (SAP SCM)
   – SAP NetWeaver Process Integration (PI)
   – SAP Business Warehouse (SAP BW)
   – SAP Solution Manager All servers run on the Windows Server platform. All databases use Microsoft SQL Server. Currently, you have 20 production servers. You have 30 non-production servers including five testing servers, five development servers, five quality assurance (QA) servers, and 15 pre-production servers. Currently, all SAP applications are in the litware.com domain. Problem Statements The current version of SAP ECC has a transaction that, when run in batches overnight, takes eight hours to complete. You confirm that upgrading to SAP Business Suite on HANA will improve performance because of code changes and the SAP HANA database platform. Litware is dissatisfied with the performance of its current hosted infrastructure vendor. Litware experienced several hardware failures and the vendor struggled to adequately support its 24/7 business operations. Requirements Business Goals Litware identifies the following business goals:- Increase the performance of SAP ECC applications by moving to SAP HANA. All other SAP databases will remain on SQL Server.
   – Move away from the current infrastructure vendor to increase the stability and availability of the SAP services.
   – Use the new Environment, Health and Safety (EH&S) in Recipe Management function.
   – Ensure that any migration activities can be completed within a 48-hour period during a weekend.

   Planned Changes

   Litware identifies the following planned changes:

   – Migrate SAP to Azure.
   – Upgrade and migrate SAP ECC to SAP Business Suite on HANA Enhancement Pack 8.

   Technical Requirements

   Litware identifies the following technical requirements:

   – Implement automated backups.
   – Support load testing during the migration.
   – Identify opportunities to reduce costs during the migration.
   – Continue to use the litware.com domain for all SAP landscapes.
   – Ensure that all SAP applications and databases are highly available.
   – Establish an automated monitoring solution to avoid unplanned outages.
   – Remove all SAP components from the on-premises network once the migration is complete.
   – Minimize the purchase of additional SAP licenses. SAP HANA licenses were already purchased.
   – Ensure that SAP can provide technical support for all the SAP landscapes deployed to Azure.

   1. You are evaluating the migration plan.

      Licensing for which SAP product can be affected by changing the size of the virtual machines?

      • SAP ECC
      • SAP Solution Manager
      • PI
      • SAP SCM
      Explanation:

      Scenario: Increase the performance of SAP ECC applications by moving to SAP HANA.

2. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

   After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

   You deploy SAP HANA on Azure (Large Instances).

   You need to back up the SAP HANA database to Azure.

   Solution: You create a Recovery Services vault and a backup policy.

   Does this meet the goal?

   • Yes
   • No
   Explanation:

   Backup architecture
   – The backup process begins by creating a Recovery services vault in Azure. This vault will be used to store the backups and recovery points created over time.
   – The Azure VM running SAP HANA server is registered with the vault, and the databases to be backed-up are discovered. To enable the Azure Backup service to discover databases, a preregistration script must be run on the HANA server as a root user.
   – This script creates AZUREWLBACKUPHANAUSER DB user and a corresponding key with the same name in hdbuserstore. Refer to the setting up permissions section to understand more about what the script does.
   – Azure Backup Service now installs the Azure Backup Plugin for HANA on the registered SAP HANA server.
   – The AZUREWLBACKUPHANAUSER DB user created by the preregistration script is used by the Azure Backup Plugin for HANA to perform all backup and restore operations. If you attempt to configure backup for SAP HANA DBs without running this script, you might receive the following error: User Error Hana Script Not Run.
   – To configure backup on the databases that are discovered, choose the required backup policy and enable backups.
   – Once the backup is configured, Azure Backup service sets up the Backint parameters at the DATABASE level on the protected SAP HANA server.
   – The Azure Backup Plugin for HANA maintains all the backup schedules and policy details. It triggers the scheduled backups and communicates with the HANA Backup Engine through the Backint APIs.
   – The HANA Backup Engine returns a Backint stream with the data to be backed up.
   – All the scheduled backups and on-demand backups (triggered from the Azure portal) that are either full or differential are initiated by the Azure Backup Plugin for HANA. However, log backups are managed and triggered by HANA Backup Engineitself.

3. HOTSPOT

   For each of the following statements, select Yes if the statement is true. Otherwise, select No.

   NOTE: Each correct selection is worth one point.

   

   

   Explanation:

   Box 1: No

   Box 2: Yes
   The minimum SAP HANA certified conditions for the different storage types are:

   Azure Premium SSD – /hana/log is required to be cached with Azure Write Accelerator. The /hana/data volume could be placed on Premium SSD without Azure Write Accelerator or on Ultra disk

   Box 3: Yes

4. HOTSPOT

   You plan to deploy a highly available ASCS instance to SUSE Linux Enterprise Server (SLES) virtual machines in Azure.

   You are configuring an internal Azure Standard Load Balancer for the ASCS instance.

   How should you configure the internal Standard Load Balancer? To answer, select the appropriate options in the answer area.

   NOTE: Each correct selection is worth one point.

   

   

   Explanation:

   Box 1: Client IP
   The standard load balancer allows stateful sessions to remain as there are no IP address changes with this method.

   Box 2: Enabled
   Make sure to enable Floating IP.

5. You have an SAP environment on Azure that uses multiple subscriptions.

   To meet GDPR requirements, you need to ensure that virtual machines are deployed only to the West Europe and North Europe Azure regions.

   Which Azure components should you use?

   • Azure resource locks and the Compliance admin center
   • Azure resource groups and role-based access control (RBAC)
   • Azure management groups and Azure Policy
   • Azure Security Center and Azure Active Directory (Azure AD) groups
   Explanation:
   Azure Policy enables you to set policies to conform to the GDPR. Azure Policy is generally available today at no additional cost to Azure customers. You can use Azure Policy to define and enforce policies that help your cloud environment become compliant with internal policies as well as external regulations.

   Azure Policy is deeply integrated into Azure Resource Manager and applies across all resources in Azure. Individual policies can be grouped into initiatives to quickly implement multiple rules. You can also use Azure Policy in a wide range of compliance scenarios, such as ensuring that your data is encrypted or remains in a specific region as part of GDPR compliance. Microsoft is the only hyperscale cloud provider to offer this level of policy integration built in to the platform for no additional charge.

6. HOTSPOT

   You have an Azure Availability Set that is configured as shown in the following exhibit.

   

   Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

   NOTE: Each correct selection is worth one point.

   

   

   Explanation:

   Box 1: the same fault domain
   Fault domains define the group of virtual machines that share a common power source and network switch. If a storage fault domain fails due to hardware or software failure, only the VM instance with disks on the storage fault domain fails.

   Box 2: managed disks
   Managed disks provide better reliability for Availability Sets by ensuring that the disks of VMs in an Availability Set are sufficiently isolated from each other to avoid single points of failure. It does this by automatically placing the disks in different storage fault domains (storage clusters) and aligning them with the VM fault domain.

7. A customer that has a large enterprise SAP environment plans to migrate to Azure. The environment uses servers that run Windows Server 2016 and Microsoft SQL Server.

   The environment is critical and requires a comprehensive business continuity and disaster recovery (BCDR) strategy that minimizes the recovery point objective (RPO) and the recovery time objective (RTO).

   The customer wants a resilient environment that has a secondary site that is at least 250 kilometers away.

   You need to recommend a solution for the customer.

   Which two solutions should you recommend? Each correct answer presents part of the solution.

   NOTE: Each correct selection is worth one point.

   • warm standby virtual machines in paired regions
   • Azure Traffic Manager to route incoming traffic
   • warm standby virtual machines in an Azure Availability Set that uses geo-redundant storage (GRS)
   • an internal load balancer to route Internet traffic
   • warm standby virtual machines in Azure Availability Zones
   Explanation:
   A: An Azure Region Pair is a relationship between two Azure Regions within the same geographic region for disaster recovery purposes. If one of the regions were to experience a disaster or failure, then the services in that region will automatically failover to that regions secondary region in the pair.

   C: For increased availability, you can deploy two VMs with two HANA instances within an Azure availability set that uses HANA system replication for availability.

8. You plan to deploy an SAP environment on Azure that will use Azure Availability Zones.

   Which load balancing solution supports the deployment?

   • Azure Basic Load Balancer
   • Azure Standard Load Balancer
   • Azure Application Gateway v1 SKU
   Explanation:
   When you deploy Azure VMs across Availability Zones and establish failover solutions within the same Azure region, some restrictions apply:
   – You can’t use an Azure Basic Load Balancer to create failover cluster solutions based on Windows Server Failover Clustering or Linux Pacemaker. Instead, you need to use the Azure Standard Load Balancer SKU.

9. You have an Azure subscription.

   Your company has an SAP environment that runs on SUSE Linux Enterprise Server (SLES) servers and SAP HANA. The environment has a primary site and a disaster recovery site. Disaster recovery is based on SAP HANA system replication. The SAP ERP environment is 4 TB and has a projected growth of 5% per month.

   The company has an uptime Service Level Agreement (SLA) of 99.99%, a maximum recovery time objective (RTO) of four hours, and a recovery point objective (RPO) of 10 minutes.

   You plan to migrate to Azure.

   You need to design an SAP landscape for the company.

   Which options meet the company’s requirements?

   • – Azure virtual machines and SLES for SAP application servers
     – SAP HANA on Azure (Large Instances) that uses SAP HANA system replication for high availability and disaster recovery
   • – ASCS/ERS and SLES clustering that uses the Pacemaker fence agent
     – SAP application servers deployed to an Azure Availability Zone
     – SAP HANA on Azure (Large Instances) that uses SAP HANA system replication for database high availability and disaster recovery
   • – SAP application instances deployed to an Azure Availability Set
     – SAP HANA on Azure (Large Instances) that uses SAP HANA system replication for database high availability and disaster recovery
   • – ASCS/ERS and SLES clustering that uses the Azure fence agent
     – SAP application servers deployed to an Azure Availability Set
     – SAP HANA on Azure (Large Instances) that uses SAP HANA system replication for database high availability and disaster recovery
   Explanation:

   With Availability Zones, Azure offers industry best 99.99% VM uptime SLA.

10. DRAG DROP

    Your on-premises network contains an Active Directory domain.

    You have an SAP environment on Azure that runs on SUSE Linux Enterprise Server (SLES) servers.

    You configure the SLES servers to use domain controllers as their NTP servers and their DNS servers.

    You need to join the SLES servers to the Active Directory domain.

    Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

    

    

    Explanation:

    Step 1: Install the samba-winbind package
    Install samba-winbind

    Step 2: Add realm details to /etc/krb5.conf and /etc/samba/smb.conf
    Edit files – best way to do this is to use yast on test machine and copy files from it
    In following examples you need to replace EXAMPLE/EXAMPLE.COM/.example.com with your values/settings
    /etc/samba/smb.conf
    [global]
    workgroup = EXAMPLE
    usershare allow guests = NO #disallow guests from sharing
    idmap gid = 10000-20000
    idmap uid = 10000-20000
    kerberos method = secrets and keytab
    realm = EXAMPLE.COM
    security = ADS
    template homedir = /home/%D/%U
    template shell = /bin/bash
    winbind offline logon = yes
    winbind refresh tickets = yes

    /etc/krb5.conf
    [libdefaults]
    default_realm = EXAMPLE.COM
    clockskew = 300
    [realms]
    EXAMPLE.COM = {
    kdc = PDC.EXAMPLE.COM
    default_domain = EXAMPLE.COM
    admin_server = PDC.EXAMPLE.COM
    }
    ..

    Step 3: Run net ads join -U administrator
    Join the SLES 12 Server to the AD domain

11. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You deploy SAP HANA on Azure (Large Instances).

    You need to back up the SAP HANA database to Azure.

    Solution: You configure DB13 to back up directly to a local disk.

    Does this meet the goal?

    • Yes
    • No
    Explanation:

    You need to back up the SAP HANA database to Azure, not to a local disk.

12. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You plan to migrate an SAP HANA instance to Azure.

    You need to gather CPU metrics from the last 24 hours from the instance.

    Solution: You use Monitoring from the SAP HANA Cockpit.

    Does this meet the goal?

    • Yes
    • No
    Explanation:
    The SAP HANA cockpit provides a single point of access to a range of SAP HANA administration and monitoring tasks. It is used to monitor and ensure the overall health of the system.

    The HANA Monitoring dashboard also visualizes key HANA Metrics of SAP HANA system.

13. HOTSPOT

    You have SAP ERP on Azure.

    For SAP high availability, you plan to deploy ASCS/ERS instances across Azure Availability Zones and to use failover clusters.

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Box 1: No
    You can’t use an Azure Basic Load Balancer to create failover cluster solutions based on Windows Server Failover Clustering or Linux Pacemaker. Instead, you need to use the Azure Standard Load Balancer SKU.

    Box 2: Yes
    Azure Availability Zones is one of the high-availability features that Azure provides. Using Availability Zones improves the overall availability of SAP workloads on Azure.
    The SAP application layer is deployed across one Azure availability set. For high availability of SAP Central Services, you can deploy two VMs in a separate availability set.

    Box 3: Yes
    You must use Azure Managed Disks when you deploy to Azure Availability Zones.

14. HOTSPOT

    You are deploying an SAP environment across Azure Availability Zones. The environment has the following components:

    – ASCS/ERS instances that use a failover cluster
    – SAP application servers across the Azure Availability Zones
    – Database high availability by using a native database solution

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Box 1: No
    Azure Availability Zones are physically separate locations within an Azure region protecting customers’ applications and data from datacenter-level failures. It is good for applications that require low-latency synchronous replication with protection from datacenter-level failures.

    Box 2: Yes
    AAP application server to database server latency can be tested with ABAPMeter report /SSA/CAT.

    Box 3: Yes
    To analyze network issue or measure network metrics you can test the connection using SAP’s NIPING program. You can use NIPING to analyze the network connection between any two machines running SAP software.

15. You deploy an SAP environment on Azure.

    You need to validate the load distribution to the application servers.

    What should you use?

    • SAPControl
    • SAP Solution Manager
    • Azure Monitor
    • SAP Web Dispatcher
    Explanation:

    Load balancers. These are used to distribute traffic to virtual machines in the application-tier subnet. For high availability, use the built-in SAP Web Dispatcher, Azure Load Balancer, or network appliances, depending on the traffic type (such as HTTP or SAPGUI) or the required network services, such as Secure Sockets Layer (SSL) termination.

16. Case Study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided. To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study. At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section. To start the case study
    To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question. Overview Litware, Inc. is an international manufacturing company that has 3,000 employees. Litware has two main offices. The offices are located in Miami, FL, and Madrid, Spain. Existing Environment Infrastructure Litware currently uses a third-party provider to host a datacenter in Miami and a disaster recovery datacenter in Chicago, IL.

    The network contains an Active Directory domain named litware.com. Litware has two third-party applications hosted in Azure.

    Litware already implemented a site-to-site VPN connection between the on-premises network and Azure.

    SAP Environment

    Litware currently runs the following SAP products:

    – Enhancement Pack6 for SAP ERP Central Component 6.0 (SAP ECC 6.0)
    – SAP Extended Warehouse Management (SAP EWM)
    – SAP Supply Chain Management (SAP SCM)
    – SAP NetWeaver Process Integration (PI)
    – SAP Business Warehouse (SAP BW)
    – SAP Solution Manager

    All servers run on the Windows Server platform. All databases use Microsoft SQL Server. Currently, you have 20 production servers.

    You have 30 non-production servers including five testing servers, five development servers, five quality assurance (QA) servers, and 15 pre-production servers.

    Currently, all SAP applications are in the litware.com domain.

    Problem Statements

    The current version of SAP ECC has a transaction that, when run in batches overnight, takes eight hours to complete. You confirm that upgrading to SAP Business Suite on HANA will improve performance because of code changes and the SAP HANA database platform.

    Litware is dissatisfied with the performance of its current hosted infrastructure vendor. Litware experienced several hardware failures and the vendor struggled to adequately support its 24/7 business operations.

    Requirements

    Business Goals

    Litware identifies the following business goals:

    – Increase the performance of SAP ECC applications by moving to SAP HANA. All other SAP databases will remain on SQL Server.
    – Move away from the current infrastructure vendor to increase the stability and availability of the SAP services.
    – Use the new Environment, Health and Safety (EH&S) in Recipe Management function.
    – Ensure that any migration activities can be completed within a 48-hour period during a weekend.

    Planned Changes

    Litware identifies the following planned changes:

    – Migrate SAP to Azure.
    – Upgrade and migrate SAP ECC to SAP Business Suite on HANA Enhancement Pack 8.

    Technical Requirements

    Litware identifies the following technical requirements:

    – Implement automated backups.
    – Support load testing during the migration.
    – Identify opportunities to reduce costs during the migration.
    – Continue to use the litware.com domain for all SAP landscapes.
    – Ensure that all SAP applications and databases are highly available.
    – Establish an automated monitoring solution to avoid unplanned outages.
    – Remove all SAP components from the on-premises network once the migration is complete.
    – Minimize the purchase of additional SAP licenses. SAP HANA licenses were already purchased.
    – Ensure that SAP can provide technical support for all the SAP landscapes deployed to Azure.

    1. You need to ensure that you can receive technical support to meet the technical requirements.

       What should you deploy to Azure?

       • SAP Landscape Management (LaMa)
       • SAP Gateway
       • SAP Web Dispatcher
       • SAPRouter

       Explanation:

       Scenario: Ensure that SAP can provide technical support for all the SAP landscapes deployed to Azure.

    2. HOTSPOT

       For each of the following statements, select Yes if the statement is true. Otherwise, select No.

       NOTE: Each correct selection is worth one point.

       

       

       Explanation:

       In a Hybrid-IT scenario, Active Directory from on-premises can be extended to serve as the
       authentication mechanism through an Azure deployed domain controller (as well as potentially using the integrated DNS).
       It is important to distinguish between traditional Active Directory Servers and Microsoft Azure Active Directory that provides only a subset of the traditional on-premises AD offering. This subset include Identity and Access Management, but does not have the full AD schema or services that many 3rd party application take advantage of. While Azure Active Directory IS a requirement to establish authentication for the Azure virtual machines in use, and it can synchronize users with customers’ on-premises AD, the two are explicitly different and customers will likely continue to require full Active Directory servers deployed in Microsoft Azure.

    3. You need to recommend a solution to reduce the cost of the SAP non-production landscapes after the migration.

       What should you include in the recommendation?

       • Configure scaling of Azure App Service
       • Migrate the SQL Server databases to Azure SQL Data Warehouse
       • Deallocate virtual machines when not in use
       • Deploy non-production landscapes to Azure DevTest Labs
       Explanation:
       Relevant use cases Dev/test environments for SAP workloads on Azure.

       Noncritical SAP nonproduction workloads (such sandbox, development, test, and quality assurance).
       Noncritical SAP business workloads.

17. Case StudyThis is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study
    To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.OverviewContoso, Ltd. is a manufacturing company that has 15,000 employees.The company uses SAP for sales and manufacturing.

    Contoso has sales offices in New York and London and manufacturing facilities in Boston and Seattle.

    Existing Environment

    Active Directory

    The network contains an on-premises Active Directory domain named ad.contoso.com. User email addresses use a domain name of contoso.com.

    SAP Environment

    The current SAP environment contains the following components:

    – SAP Solution Manager
    – SAP ERP Central Component (SAP ECC)
    – SAP Supply Chain Management (SAP SCM)
    – SAP application servers that run Windows Server 2008 R2
    – SAP HANA database servers that run SUSE Linux Enterprise Server 12 (SLES 12)

    Problem Statements

    Contoso identifies the following issues in its current environment:

    – The SAP HANA environment lacks adequate resources.
    – The Windows servers are nearing the end of support.
    – The datacenters are at maximum capacity.

    Requirements

    Planned Changes

    Contoso identifies the following planned changes:

    – Deploy Azure Virtual WAN.
    – Migrate the application servers to Windows Server 2016.
    – Deploy ExpressRoute connections to all of the offices and manufacturing facilities.
    – Deploy SAP landscapes to Azure for development, quality assurance, and production.

    All resources for the production landscape will be in a resource group named SAPProduction.

    Business goals

    Contoso identifies the following business goals:

    – Minimize costs whenever possible.
    – Migrate SAP to Azure without causing downtime.
    – Ensure that all SAP deployments to Azure are supported by SAP.
    – Ensure that all the production databases can withstand the failure of an Azure region.
    – Ensure that all the production application servers can restore daily backups from the last 21 days.

    Technical Requirements

    Contoso identifies the following technical requirements:

    – Inspect all web queries.
    – Deploy an SAP HANA cluster to two datacenters.
    – Minimize the bandwidth used for database synchronization.
    – Use Active Directory accounts to administer Azure resources.
    – Ensure that each production application server has four 1-TB data disks.
    – Ensure that an application server can be restored from a backup created during the last five days within 15 minutes.
    – Implement an approval process to ensure that an SAP administrator is notified before another administrator attempts to make changes to the Azure virtual machines that host SAP.

    It is estimated that during the migration, the bandwidth required between Azure and the New York office will be 1 Gbps. After the migration, a traffic burst of up to 3 Gbps will occur.

    Proposed Backup Policy

    An Azure administrator proposes the backup policy shown in the following exhibit.

    

    Azure Resource Manager Template

    An Azure administrator provides you with the Azure Resource Manager template that will be used to provision the production application servers.

    

    

    1. This question requires that you evaluate the underlined text to determine if it is correct.

       You are planning for the administration of resources in Azure.

       To meet the technical requirements, you must first implement Active Directory Federation Services (AD FS).

       Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.

       • No change is needed
       • Azure AD Connect
       • Azure AD join
       • Enterprise State Roaming
       Explanation:
       The SAP Cloud Platform Identity Authentication and Active Directory Federation Services enable you to implement SSO across applications or services that are protected by Azure AD (as an IdP) with SAP applications and services that are protected by SAP Cloud Platform Identity Authentication.

       Scenario: Use Active Directory accounts to administer Azure resources.

       Incorrect Answers:
       Not D: With Windows 10, Azure Active Directory (Azure AD) users gain the ability to securely synchronize their user settings and application settings data to the cloud. Enterprise State Roaming provides users with a unified experience across their Windows devices and reduces the time needed for configuring a new device. Enterprise State Roaming operates similar to the standard consumer settings sync that was first introduced in Windows 8.

    2. HOTSPOT

       Before putting the SAP environment on Azure into production, which command should you run to ensure that the virtual machine disks meet the business requirements? To answer, select the appropriate options in the answer area.

       NOTE: Each correct selection is worth one point.

       

       

       Explanation:

       Scenario: Ensure that all the production databases can withstand the failure of an Azure region.

    3. HOTSPOT

       You need to provide the Azure administrator with the values to complete the Azure Resource Manager template.

       Which values should you provide for diskCount, StorageAccountType, and domainName? To answer, select the appropriate options in the answer area.

       NOTE: Each correct selection is worth one point.

       

       

       Explanation:

       Box 1: 4

       Scenario: the Azure Resource Manager template that will be used to provision the production application servers.
       Ensure that each production application server has four 1-TB data disks.

       Box 2: Standard_LRS
       Scenario: Minimize costs whenever possible.

       Box 3: contoso.onmicrosoft.com
       The network contains an on-premises Active Directory domain named ad.contoso.com.
       The Initial domain: The default domain (onmicrosoft.com) in the Azure AD Tenant. For example, contoso.onmicrosoft.com.

18. DRAG DROP

    You have an SAP environment on Azure.

    You are designing a training landscape that will be used 10 times a year.

    You need to recommend a solution to create the training landscape. The solution must meet the following requirements:

    – Minimize the effort to build the training landscape.
    – Minimize costs.

    In which order should you recommend the actions be performed for the first training session? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.

    

    

19. You plan to deploy an SAP environment on Azure.

    During a bandwidth assessment, you identify that connectivity between Azure and an on-premises datacenter requires up to 5 Gbps.

    You need to identify which connectivity method you must implement to meet the bandwidth requirement. The solution must minimize costs.

    Which connectivity method should you identify?

    • an ExpressRoute connection
    • an Azure site-to-site VPN that is route-based
    • an Azure site-to-site VPN that is policy-based
    • Global VNet peering
    Explanation:
    Azure site-to-site VPN is cheaper.

    Incorrect Answers:
    A: ExpressRoute could be quite expensive.

    C: Policy-based gateways use static routing, and only work with site-to-site connections.

20. You plan to migrate an SAP environment to Azure.

    You need to create a design to facilitate end-user access to SAP applications over the Internet, while restricting user access to the virtual machines of the SAP application servers.

    What should you include in the design?

    • Configure a public IP address for each SAP application server
    • Deploy an internal Azure Standard Load Balancer for incoming connections
    • Use an SAP Web Dispatcher to route all incoming connections
    • Configure point-to-site VPN connections for each user
    Explanation:
    1. A public internet user can reach the SAP Web-Dispatcher over port 443
    2. The SAP Web-Dispatcher can reach the SAP Application server over port 443
    3. The App Subnet accepts traffic on port 443 from 10.0.0.0/24
    4. The SAP Application server sends traffic on port 30015 to the SAP DB server
    5. The DB subnet accepts traffic on port 30015 from 10.0.1.0/24.
    6. Public Internet Access is blocked on both App Subnet and DB Subnet.