(SM-2208) Snowflake Storage Setup
This page provides general guidelines on how to set up Snowflake Storage to work with Storage Management.
1. General prerequisites
1.1 Open Ports
To enable communication of SAP systems with the Snowflake host, the following host/port needs to be reachable from the SAP system:
Port | Type | Snowflake Host |
---|---|---|
443 | https | <account name>.<region>.<platform>.snowflakecomputing.com |
If your Snowflake account is hosted in a particular cloud environment like AWS or MS Azure, make sure their respective domains are reachable from the SAP system as well (e.g. *.amazonaws.com, *.windows.net); port 443.
This is needed for file upload to the Snowflake staging area.
There is an automatic redirect happening during PUT operation when transferring data to Snowflake internal stage, which goes to the respective vendor’s file service (example: customer-stage.s3.us-east-2.amazonaws.com)
1.2 Warehouse and Database
Snowflake warehouse and database must already exist.
1.3 Snowflake user
Snowflake technical user must be created with full privileges on chosen Snowflake DB schema.
Recommended privilege for the Snowflake technical user is OWNERSHIP of the Snowflake database.
In case that ownership of the database cannot be assigned to the technical user, minimal requirements are following:
GRANT ALL ON DATABASE <DATABASE> TO ROLE <ROLE>
GRANT USAGE ON WAREHOUSE <WAREHOUSE> TO ROLE <ROLE>
GRANT ALL ON SCHEMA <SCHEMA> TO ROLE <ROLE>
There should be one-to-one relation between Snowflake schemas and every SAP system connected, ensuring replicated data isolation.
2. OS prerequisites (On SAP host)
This group of requirements relates to the operating systems underlying the SAP system with all its application servers. SNP products (e.g. SNP Glue™, SNP OutBoard™ Data Tiering) have been developed and tested in the SUSE Linux environment and Windows Server 2012. However, by design, they are not limited by the choice of an operating system, if the requirements listed in this guide are met.
2.1 OS directory and JDBC Driver
JDBC protocol is used to connect to Snowflake. Snowflake JDBC driver needs to be manually copied to the operating system and accessible to the connector. Download Snowflake JDBC driver. Latest version of Snowflake JDBC driver is recommended.
It is recommended storing the drivers in a directory shared between application servers, organized in sub-directories to avoid possible conflicts (some customers connect to multiple different platforms/services).
Default directory used to store drivers needed for communication with remote storages/services is:
$ ls -ld /sapmnt/<SID>/global/security/dvd_conn
rwx------ 2 dvqadm sapsys 4096 --- /sapmnt/<SID>/global/security/dvd_conn
Actual Snowflake JDBC driver should be put into dedicated sub-directory, example:
$ ls -ld /sapmnt/<SID>/global/security/dvd_conn/*
drwxr-xr-x 2 dvqadm sapsys 4096 --- /sapmnt/<SID>/global/security/dvd_conn/snowflake
$ ls -l /sapmnt/<SID>/global/security/dvd_conn/snowflake
drwxr-xr-x 2 dvqadm sapsys 4096 --- /sapmnt/<SID>/global/security/dvd_conn/snowflake/snowflake-jdbc-3.12.9.jar
Set its ownership and permissions appropriately to <sid>adm[:sapsys]
.
Please be aware that there was an issue with SSL handshake in older versions of driver (3.13.x), this issue was fixed in snow-jdbc-3.13.21 version.
3. SAP configuration
3.1 JAVA connector
Java connector is a critical middle-ware component. Please follow the steps in Java Connector Setup to set it up/upgrade to a new version before you continue.
The (SM-2208) Java Connector Setup is narrowed per Snowflake JDBC driver requirement and must be installed in a 64-bit environment and requires Java 1.8 (or higher), link to the official page: JDBC Driver | Snowflake Documentation.
WARNING: In case of JCo running on JDK 16, please add a custom argument in the Advanced tab → Additional java starting arguments: -Djdk.module.illegalAccess=permit
JDK 16 introduced strong encapsulation of JDK internals (see the documentation https://www.oracle.com/java/technologies/javase/16-all-relnotes.html#JDK-8256299) that cause problems in combination with the Snowflake JDBC driver.
In JDK 17 option -Djdk.module.illegalAccess=permit
does not work anymore and is therefore unusable for connection using the current Snowflake JDBC driver (for more information see https://www.oracle.com/java/technologies/javase/17all-relnotes.html ).
3.2 Storage Management setup
The final step in SAP & Snowflake connectivity is the creation of two storages in transaction /DVD/SM_SETUP
- Snowflake storage which represents the table level of Snowflake infrastructure and the Snowflake stage that handles temporary files.
3.2.1 Snowflake Stage (SNOW_STAGE)
This is binary storage pointing to the Internal Stage of the Snowflake user. It is used for data transfer leveraging the extended functionality of the Snowflake JDBC driver.
Storage ID
- Logical name of the storage connectionStorage type
- SNOW_STAGE (Snowflake internal stage)Java connector RFC
- TCP/IP RFC destination used for communication with Java connectorAccount name
- Name of the snowflake account without .snowflakecomputing.com
domain, in format: <account name>.<region>.<platform> (more information can be found in Snowflake account name doc).User role
- Role to be used when connecting to Snowflake (parameter is not mandatory, default role is PUBLIC)JAVA Call Repeat
- Number of times failed calls should be retriedRepeat delay (seconds)
- Delay between retried callsDriver path
- Absolute path to the directory containing the Snowflake JDBC driver.
NOTE: In previous versions of Storage Management, SAP logical file of type DIR (directory) was used. This is now automatically converted to a physical path.Connection pool size
- Number of connections that can be kept open in the pool, reducing resource-expensive establishment of JDBC connections.Username
- Snowflake user.Password
- User password.Password for JDBC Connection is Hashed
- Indicator whether the password is hashed (you can also create password hash manually by using report /DVD/XOR_GEN).
If Key Pair authentication is established according to Key-pair authentication and key-pair rotation | Snowflake Documentation, it can be configured with or without a passphrase as follows:
3.2.2 Snowflake Storage (SNOWFLAKE)
It is transparent storage pointing to Snowflake Database. For sending SQL commands data use the Snowflake JDBC driver.
Storage ID
- Logical name of the storage connectionStorage type
- SNOWFLAKE (Snowflake transparent storage)Referenced storage
- Storage ID of Snowflake stage area for temporary file upload/downloadJava connector RFC
- RFC Destination used for communication with JCoAccount name
- <account name>.<region>.<platform> (more information can be found in Snowflake account name doc).Warehouse
- Optional parameter, you can select the existing warehouse in the Snowflake account to be usedDatabase
- Name of an existing database in SnowflakeDatabase schema
- Name of an existing database schema in SnowflakeRole
- Default role in Snowflake (parameter is not mandatory)Driver path
- Snowflake driver directoryJava connector RFC
- TCP/IP RFC destination used for communication with Java connectorUser
- Snowflake userPassword
- User password (preferably in hashed format)Password for JDBC Connection is Hashed
- Indicator whether the password is hashed (you can create a hash of the password by using report /DVD/XOR_GEN)Table name prefix
- Optional text value for naming prefix of all Glue tables created within this storageWrap values in staged CSV files
- Depending on table content, it may be necessary to encapsulate field values to avoid errors during INSERT into the Snowflake table from staging CSV files