The azure-native:workloads:ProviderInstance resource, part of the Pulumi Azure Native provider, defines a monitoring provider that connects to SAP system components and collects telemetry from databases, application servers, and infrastructure. This guide focuses on three capabilities: database provider configuration (HANA, Db2), application layer monitoring (NetWeaver), and infrastructure monitoring via Prometheus exporters.
Provider instances belong to an SAP Monitor resource and connect to external endpoints that must be accessible. The examples are intentionally small. Combine them with your own SAP Monitor, Key Vault for secrets, and network configuration.
Monitor SAP HANA database with server certificate
SAP monitoring deployments often start by connecting to the HANA database layer to track performance metrics and resource utilization.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const providerInstance = new azure_native.workloads.ProviderInstance("providerInstance", {
monitorName: "mySapMonitor",
providerInstanceName: "myProviderInstance",
providerSettings: {
dbName: "db",
dbPassword: "****",
dbPasswordUri: "",
dbUsername: "user",
hostname: "name",
instanceNumber: "00",
providerType: "SapHana",
sapSid: "SID",
sqlPort: "0000",
sslCertificateUri: "https://storageaccount.blob.core.windows.net/containername/filename",
sslHostNameInCertificate: "xyz.domain.com",
sslPreference: azure_native.workloads.SslPreference.ServerCertificate,
},
resourceGroupName: "myResourceGroup",
});
import pulumi
import pulumi_azure_native as azure_native
provider_instance = azure_native.workloads.ProviderInstance("providerInstance",
monitor_name="mySapMonitor",
provider_instance_name="myProviderInstance",
provider_settings={
"db_name": "db",
"db_password": "****",
"db_password_uri": "",
"db_username": "user",
"hostname": "name",
"instance_number": "00",
"provider_type": "SapHana",
"sap_sid": "SID",
"sql_port": "0000",
"ssl_certificate_uri": "https://storageaccount.blob.core.windows.net/containername/filename",
"ssl_host_name_in_certificate": "xyz.domain.com",
"ssl_preference": azure_native.workloads.SslPreference.SERVER_CERTIFICATE,
},
resource_group_name="myResourceGroup")
package main
import (
workloads "github.com/pulumi/pulumi-azure-native-sdk/workloads/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := workloads.NewProviderInstance(ctx, "providerInstance", &workloads.ProviderInstanceArgs{
MonitorName: pulumi.String("mySapMonitor"),
ProviderInstanceName: pulumi.String("myProviderInstance"),
ProviderSettings: &workloads.HanaDbProviderInstancePropertiesArgs{
DbName: pulumi.String("db"),
DbPassword: pulumi.String("****"),
DbPasswordUri: pulumi.String(""),
DbUsername: pulumi.String("user"),
Hostname: pulumi.String("name"),
InstanceNumber: pulumi.String("00"),
ProviderType: pulumi.String("SapHana"),
SapSid: pulumi.String("SID"),
SqlPort: pulumi.String("0000"),
SslCertificateUri: pulumi.String("https://storageaccount.blob.core.windows.net/containername/filename"),
SslHostNameInCertificate: pulumi.String("xyz.domain.com"),
SslPreference: pulumi.String(workloads.SslPreferenceServerCertificate),
},
ResourceGroupName: pulumi.String("myResourceGroup"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var providerInstance = new AzureNative.Workloads.ProviderInstance("providerInstance", new()
{
MonitorName = "mySapMonitor",
ProviderInstanceName = "myProviderInstance",
ProviderSettings = new AzureNative.Workloads.Inputs.HanaDbProviderInstancePropertiesArgs
{
DbName = "db",
DbPassword = "****",
DbPasswordUri = "",
DbUsername = "user",
Hostname = "name",
InstanceNumber = "00",
ProviderType = "SapHana",
SapSid = "SID",
SqlPort = "0000",
SslCertificateUri = "https://storageaccount.blob.core.windows.net/containername/filename",
SslHostNameInCertificate = "xyz.domain.com",
SslPreference = AzureNative.Workloads.SslPreference.ServerCertificate,
},
ResourceGroupName = "myResourceGroup",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.workloads.ProviderInstance;
import com.pulumi.azurenative.workloads.ProviderInstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var providerInstance = new ProviderInstance("providerInstance", ProviderInstanceArgs.builder()
.monitorName("mySapMonitor")
.providerInstanceName("myProviderInstance")
.providerSettings(HanaDbProviderInstancePropertiesArgs.builder()
.dbName("db")
.dbPassword("****")
.dbPasswordUri("")
.dbUsername("user")
.hostname("name")
.instanceNumber("00")
.providerType("SapHana")
.sapSid("SID")
.sqlPort("0000")
.sslCertificateUri("https://storageaccount.blob.core.windows.net/containername/filename")
.sslHostNameInCertificate("xyz.domain.com")
.sslPreference("ServerCertificate")
.build())
.resourceGroupName("myResourceGroup")
.build());
}
}
resources:
providerInstance:
type: azure-native:workloads:ProviderInstance
properties:
monitorName: mySapMonitor
providerInstanceName: myProviderInstance
providerSettings:
dbName: db
dbPassword: '****'
dbPasswordUri: ""
dbUsername: user
hostname: name
instanceNumber: '00'
providerType: SapHana
sapSid: SID
sqlPort: '0000'
sslCertificateUri: https://storageaccount.blob.core.windows.net/containername/filename
sslHostNameInCertificate: xyz.domain.com
sslPreference: ServerCertificate
resourceGroupName: myResourceGroup
The providerSettings block defines connection parameters for the HANA database. The providerType identifies this as a SapHana provider. The hostname, instanceNumber, and sapSid locate the HANA instance, while dbUsername and dbPassword authenticate the connection. The sslPreference set to ServerCertificate validates the server’s identity using the certificate at sslCertificateUri. For production, use dbPasswordUri to reference a Key Vault secret instead of inline credentials.
Monitor SAP NetWeaver application layer
Application-layer monitoring tracks NetWeaver instance health, work processes, and RFC connections to understand system behavior from the user perspective.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const providerInstance = new azure_native.workloads.ProviderInstance("providerInstance", {
monitorName: "mySapMonitor",
providerInstanceName: "myProviderInstance",
providerSettings: {
providerType: "SapNetWeaver",
sapClientId: "111",
sapHostFileEntries: ["127.0.0.1 name fqdn"],
sapHostname: "name",
sapInstanceNr: "00",
sapPassword: "****",
sapPasswordUri: "",
sapPortNumber: "1234",
sapSid: "SID",
sapUsername: "username",
sslCertificateUri: "https://storageaccount.blob.core.windows.net/containername/filename",
sslPreference: azure_native.workloads.SslPreference.ServerCertificate,
},
resourceGroupName: "myResourceGroup",
});
import pulumi
import pulumi_azure_native as azure_native
provider_instance = azure_native.workloads.ProviderInstance("providerInstance",
monitor_name="mySapMonitor",
provider_instance_name="myProviderInstance",
provider_settings={
"provider_type": "SapNetWeaver",
"sap_client_id": "111",
"sap_host_file_entries": ["127.0.0.1 name fqdn"],
"sap_hostname": "name",
"sap_instance_nr": "00",
"sap_password": "****",
"sap_password_uri": "",
"sap_port_number": "1234",
"sap_sid": "SID",
"sap_username": "username",
"ssl_certificate_uri": "https://storageaccount.blob.core.windows.net/containername/filename",
"ssl_preference": azure_native.workloads.SslPreference.SERVER_CERTIFICATE,
},
resource_group_name="myResourceGroup")
package main
import (
workloads "github.com/pulumi/pulumi-azure-native-sdk/workloads/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := workloads.NewProviderInstance(ctx, "providerInstance", &workloads.ProviderInstanceArgs{
MonitorName: pulumi.String("mySapMonitor"),
ProviderInstanceName: pulumi.String("myProviderInstance"),
ProviderSettings: &workloads.SapNetWeaverProviderInstancePropertiesArgs{
ProviderType: pulumi.String("SapNetWeaver"),
SapClientId: pulumi.String("111"),
SapHostFileEntries: pulumi.StringArray{
pulumi.String("127.0.0.1 name fqdn"),
},
SapHostname: pulumi.String("name"),
SapInstanceNr: pulumi.String("00"),
SapPassword: pulumi.String("****"),
SapPasswordUri: pulumi.String(""),
SapPortNumber: pulumi.String("1234"),
SapSid: pulumi.String("SID"),
SapUsername: pulumi.String("username"),
SslCertificateUri: pulumi.String("https://storageaccount.blob.core.windows.net/containername/filename"),
SslPreference: pulumi.String(workloads.SslPreferenceServerCertificate),
},
ResourceGroupName: pulumi.String("myResourceGroup"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var providerInstance = new AzureNative.Workloads.ProviderInstance("providerInstance", new()
{
MonitorName = "mySapMonitor",
ProviderInstanceName = "myProviderInstance",
ProviderSettings = new AzureNative.Workloads.Inputs.SapNetWeaverProviderInstancePropertiesArgs
{
ProviderType = "SapNetWeaver",
SapClientId = "111",
SapHostFileEntries = new[]
{
"127.0.0.1 name fqdn",
},
SapHostname = "name",
SapInstanceNr = "00",
SapPassword = "****",
SapPasswordUri = "",
SapPortNumber = "1234",
SapSid = "SID",
SapUsername = "username",
SslCertificateUri = "https://storageaccount.blob.core.windows.net/containername/filename",
SslPreference = AzureNative.Workloads.SslPreference.ServerCertificate,
},
ResourceGroupName = "myResourceGroup",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.workloads.ProviderInstance;
import com.pulumi.azurenative.workloads.ProviderInstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var providerInstance = new ProviderInstance("providerInstance", ProviderInstanceArgs.builder()
.monitorName("mySapMonitor")
.providerInstanceName("myProviderInstance")
.providerSettings(SapNetWeaverProviderInstancePropertiesArgs.builder()
.providerType("SapNetWeaver")
.sapClientId("111")
.sapHostFileEntries("127.0.0.1 name fqdn")
.sapHostname("name")
.sapInstanceNr("00")
.sapPassword("****")
.sapPasswordUri("")
.sapPortNumber("1234")
.sapSid("SID")
.sapUsername("username")
.sslCertificateUri("https://storageaccount.blob.core.windows.net/containername/filename")
.sslPreference("ServerCertificate")
.build())
.resourceGroupName("myResourceGroup")
.build());
}
}
resources:
providerInstance:
type: azure-native:workloads:ProviderInstance
properties:
monitorName: mySapMonitor
providerInstanceName: myProviderInstance
providerSettings:
providerType: SapNetWeaver
sapClientId: '111'
sapHostFileEntries:
- 127.0.0.1 name fqdn
sapHostname: name
sapInstanceNr: '00'
sapPassword: '****'
sapPasswordUri: ""
sapPortNumber: '1234'
sapSid: SID
sapUsername: username
sslCertificateUri: https://storageaccount.blob.core.windows.net/containername/filename
sslPreference: ServerCertificate
resourceGroupName: myResourceGroup
The providerType SapNetWeaver configures RFC-based monitoring of the application server. The sapHostname, sapInstanceNr, and sapClientId identify the NetWeaver instance and client. The sapHostFileEntries array provides custom hostname resolution when DNS isn’t available. The sapUsername and sapPassword authenticate the RFC connection. For production, use sapPasswordUri to store credentials in Key Vault.
Monitor IBM Db2 database with SSL
Some SAP landscapes run on IBM Db2 as the database layer, requiring specialized monitoring to track Db2-specific metrics.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const providerInstance = new azure_native.workloads.ProviderInstance("providerInstance", {
monitorName: "mySapMonitor",
providerInstanceName: "myProviderInstance",
providerSettings: {
dbName: "dbName",
dbPassword: "password",
dbPasswordUri: "",
dbPort: "dbPort",
dbUsername: "username",
hostname: "hostname",
providerType: "Db2",
sapSid: "SID",
sslCertificateUri: "https://storageaccount.blob.core.windows.net/containername/filename",
sslPreference: azure_native.workloads.SslPreference.ServerCertificate,
},
resourceGroupName: "myResourceGroup",
});
import pulumi
import pulumi_azure_native as azure_native
provider_instance = azure_native.workloads.ProviderInstance("providerInstance",
monitor_name="mySapMonitor",
provider_instance_name="myProviderInstance",
provider_settings={
"db_name": "dbName",
"db_password": "password",
"db_password_uri": "",
"db_port": "dbPort",
"db_username": "username",
"hostname": "hostname",
"provider_type": "Db2",
"sap_sid": "SID",
"ssl_certificate_uri": "https://storageaccount.blob.core.windows.net/containername/filename",
"ssl_preference": azure_native.workloads.SslPreference.SERVER_CERTIFICATE,
},
resource_group_name="myResourceGroup")
package main
import (
workloads "github.com/pulumi/pulumi-azure-native-sdk/workloads/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := workloads.NewProviderInstance(ctx, "providerInstance", &workloads.ProviderInstanceArgs{
MonitorName: pulumi.String("mySapMonitor"),
ProviderInstanceName: pulumi.String("myProviderInstance"),
ProviderSettings: &workloads.Db2ProviderInstancePropertiesArgs{
DbName: pulumi.String("dbName"),
DbPassword: pulumi.String("password"),
DbPasswordUri: pulumi.String(""),
DbPort: pulumi.String("dbPort"),
DbUsername: pulumi.String("username"),
Hostname: pulumi.String("hostname"),
ProviderType: pulumi.String("Db2"),
SapSid: pulumi.String("SID"),
SslCertificateUri: pulumi.String("https://storageaccount.blob.core.windows.net/containername/filename"),
SslPreference: pulumi.String(workloads.SslPreferenceServerCertificate),
},
ResourceGroupName: pulumi.String("myResourceGroup"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var providerInstance = new AzureNative.Workloads.ProviderInstance("providerInstance", new()
{
MonitorName = "mySapMonitor",
ProviderInstanceName = "myProviderInstance",
ProviderSettings = new AzureNative.Workloads.Inputs.Db2ProviderInstancePropertiesArgs
{
DbName = "dbName",
DbPassword = "password",
DbPasswordUri = "",
DbPort = "dbPort",
DbUsername = "username",
Hostname = "hostname",
ProviderType = "Db2",
SapSid = "SID",
SslCertificateUri = "https://storageaccount.blob.core.windows.net/containername/filename",
SslPreference = AzureNative.Workloads.SslPreference.ServerCertificate,
},
ResourceGroupName = "myResourceGroup",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.workloads.ProviderInstance;
import com.pulumi.azurenative.workloads.ProviderInstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var providerInstance = new ProviderInstance("providerInstance", ProviderInstanceArgs.builder()
.monitorName("mySapMonitor")
.providerInstanceName("myProviderInstance")
.providerSettings(Db2ProviderInstancePropertiesArgs.builder()
.dbName("dbName")
.dbPassword("password")
.dbPasswordUri("")
.dbPort("dbPort")
.dbUsername("username")
.hostname("hostname")
.providerType("Db2")
.sapSid("SID")
.sslCertificateUri("https://storageaccount.blob.core.windows.net/containername/filename")
.sslPreference("ServerCertificate")
.build())
.resourceGroupName("myResourceGroup")
.build());
}
}
resources:
providerInstance:
type: azure-native:workloads:ProviderInstance
properties:
monitorName: mySapMonitor
providerInstanceName: myProviderInstance
providerSettings:
dbName: dbName
dbPassword: password
dbPasswordUri: ""
dbPort: dbPort
dbUsername: username
hostname: hostname
providerType: Db2
sapSid: SID
sslCertificateUri: https://storageaccount.blob.core.windows.net/containername/filename
sslPreference: ServerCertificate
resourceGroupName: myResourceGroup
The providerType Db2 configures database monitoring for IBM Db2. The hostname, dbPort, and dbName locate the database, while dbUsername and dbPassword authenticate. The sapSid associates metrics with the SAP system. The sslPreference ServerCertificate validates the database server’s certificate from sslCertificateUri.
Collect OS metrics via Prometheus exporter
Operating system metrics provide infrastructure-level visibility into SAP system health, often exposed through Prometheus node exporters.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const providerInstance = new azure_native.workloads.ProviderInstance("providerInstance", {
monitorName: "mySapMonitor",
providerInstanceName: "myProviderInstance",
providerSettings: {
prometheusUrl: "http://192.168.0.0:9090/metrics",
providerType: "PrometheusOS",
sapSid: "SID",
sslCertificateUri: "https://storageaccount.blob.core.windows.net/containername/filename",
sslPreference: azure_native.workloads.SslPreference.ServerCertificate,
},
resourceGroupName: "myResourceGroup",
});
import pulumi
import pulumi_azure_native as azure_native
provider_instance = azure_native.workloads.ProviderInstance("providerInstance",
monitor_name="mySapMonitor",
provider_instance_name="myProviderInstance",
provider_settings={
"prometheus_url": "http://192.168.0.0:9090/metrics",
"provider_type": "PrometheusOS",
"sap_sid": "SID",
"ssl_certificate_uri": "https://storageaccount.blob.core.windows.net/containername/filename",
"ssl_preference": azure_native.workloads.SslPreference.SERVER_CERTIFICATE,
},
resource_group_name="myResourceGroup")
package main
import (
workloads "github.com/pulumi/pulumi-azure-native-sdk/workloads/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := workloads.NewProviderInstance(ctx, "providerInstance", &workloads.ProviderInstanceArgs{
MonitorName: pulumi.String("mySapMonitor"),
ProviderInstanceName: pulumi.String("myProviderInstance"),
ProviderSettings: &workloads.PrometheusOsProviderInstancePropertiesArgs{
PrometheusUrl: pulumi.String("http://192.168.0.0:9090/metrics"),
ProviderType: pulumi.String("PrometheusOS"),
SapSid: pulumi.String("SID"),
SslCertificateUri: pulumi.String("https://storageaccount.blob.core.windows.net/containername/filename"),
SslPreference: pulumi.String(workloads.SslPreferenceServerCertificate),
},
ResourceGroupName: pulumi.String("myResourceGroup"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var providerInstance = new AzureNative.Workloads.ProviderInstance("providerInstance", new()
{
MonitorName = "mySapMonitor",
ProviderInstanceName = "myProviderInstance",
ProviderSettings = new AzureNative.Workloads.Inputs.PrometheusOsProviderInstancePropertiesArgs
{
PrometheusUrl = "http://192.168.0.0:9090/metrics",
ProviderType = "PrometheusOS",
SapSid = "SID",
SslCertificateUri = "https://storageaccount.blob.core.windows.net/containername/filename",
SslPreference = AzureNative.Workloads.SslPreference.ServerCertificate,
},
ResourceGroupName = "myResourceGroup",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.workloads.ProviderInstance;
import com.pulumi.azurenative.workloads.ProviderInstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var providerInstance = new ProviderInstance("providerInstance", ProviderInstanceArgs.builder()
.monitorName("mySapMonitor")
.providerInstanceName("myProviderInstance")
.providerSettings(PrometheusOsProviderInstancePropertiesArgs.builder()
.prometheusUrl("http://192.168.0.0:9090/metrics")
.providerType("PrometheusOS")
.sapSid("SID")
.sslCertificateUri("https://storageaccount.blob.core.windows.net/containername/filename")
.sslPreference("ServerCertificate")
.build())
.resourceGroupName("myResourceGroup")
.build());
}
}
resources:
providerInstance:
type: azure-native:workloads:ProviderInstance
properties:
monitorName: mySapMonitor
providerInstanceName: myProviderInstance
providerSettings:
prometheusUrl: http://192.168.0.0:9090/metrics
providerType: PrometheusOS
sapSid: SID
sslCertificateUri: https://storageaccount.blob.core.windows.net/containername/filename
sslPreference: ServerCertificate
resourceGroupName: myResourceGroup
The providerType PrometheusOS configures OS metric collection from a Prometheus endpoint. The prometheusUrl points to the exporter’s metrics endpoint (typically port 9090). The sapSid associates metrics with the SAP system. The sslPreference and sslCertificateUri enable secure communication with the Prometheus endpoint.
Monitor high-availability cluster via Prometheus
SAP high-availability deployments use clustering software to manage failover, with cluster metrics exposed through Prometheus exporters.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const providerInstance = new azure_native.workloads.ProviderInstance("providerInstance", {
monitorName: "mySapMonitor",
providerInstanceName: "myProviderInstance",
providerSettings: {
clusterName: "clusterName",
hostname: "hostname",
prometheusUrl: "http://192.168.0.0:9090/metrics",
providerType: "PrometheusHaCluster",
sid: "sid",
sslCertificateUri: "https://storageaccount.blob.core.windows.net/containername/filename",
sslPreference: azure_native.workloads.SslPreference.ServerCertificate,
},
resourceGroupName: "myResourceGroup",
});
import pulumi
import pulumi_azure_native as azure_native
provider_instance = azure_native.workloads.ProviderInstance("providerInstance",
monitor_name="mySapMonitor",
provider_instance_name="myProviderInstance",
provider_settings={
"cluster_name": "clusterName",
"hostname": "hostname",
"prometheus_url": "http://192.168.0.0:9090/metrics",
"provider_type": "PrometheusHaCluster",
"sid": "sid",
"ssl_certificate_uri": "https://storageaccount.blob.core.windows.net/containername/filename",
"ssl_preference": azure_native.workloads.SslPreference.SERVER_CERTIFICATE,
},
resource_group_name="myResourceGroup")
package main
import (
workloads "github.com/pulumi/pulumi-azure-native-sdk/workloads/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := workloads.NewProviderInstance(ctx, "providerInstance", &workloads.ProviderInstanceArgs{
MonitorName: pulumi.String("mySapMonitor"),
ProviderInstanceName: pulumi.String("myProviderInstance"),
ProviderSettings: &workloads.PrometheusHaClusterProviderInstancePropertiesArgs{
ClusterName: pulumi.String("clusterName"),
Hostname: pulumi.String("hostname"),
PrometheusUrl: pulumi.String("http://192.168.0.0:9090/metrics"),
ProviderType: pulumi.String("PrometheusHaCluster"),
Sid: pulumi.String("sid"),
SslCertificateUri: pulumi.String("https://storageaccount.blob.core.windows.net/containername/filename"),
SslPreference: pulumi.String(workloads.SslPreferenceServerCertificate),
},
ResourceGroupName: pulumi.String("myResourceGroup"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var providerInstance = new AzureNative.Workloads.ProviderInstance("providerInstance", new()
{
MonitorName = "mySapMonitor",
ProviderInstanceName = "myProviderInstance",
ProviderSettings = new AzureNative.Workloads.Inputs.PrometheusHaClusterProviderInstancePropertiesArgs
{
ClusterName = "clusterName",
Hostname = "hostname",
PrometheusUrl = "http://192.168.0.0:9090/metrics",
ProviderType = "PrometheusHaCluster",
Sid = "sid",
SslCertificateUri = "https://storageaccount.blob.core.windows.net/containername/filename",
SslPreference = AzureNative.Workloads.SslPreference.ServerCertificate,
},
ResourceGroupName = "myResourceGroup",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.workloads.ProviderInstance;
import com.pulumi.azurenative.workloads.ProviderInstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var providerInstance = new ProviderInstance("providerInstance", ProviderInstanceArgs.builder()
.monitorName("mySapMonitor")
.providerInstanceName("myProviderInstance")
.providerSettings(PrometheusHaClusterProviderInstancePropertiesArgs.builder()
.clusterName("clusterName")
.hostname("hostname")
.prometheusUrl("http://192.168.0.0:9090/metrics")
.providerType("PrometheusHaCluster")
.sid("sid")
.sslCertificateUri("https://storageaccount.blob.core.windows.net/containername/filename")
.sslPreference("ServerCertificate")
.build())
.resourceGroupName("myResourceGroup")
.build());
}
}
resources:
providerInstance:
type: azure-native:workloads:ProviderInstance
properties:
monitorName: mySapMonitor
providerInstanceName: myProviderInstance
providerSettings:
clusterName: clusterName
hostname: hostname
prometheusUrl: http://192.168.0.0:9090/metrics
providerType: PrometheusHaCluster
sid: sid
sslCertificateUri: https://storageaccount.blob.core.windows.net/containername/filename
sslPreference: ServerCertificate
resourceGroupName: myResourceGroup
The providerType PrometheusHaCluster configures cluster monitoring. The clusterName and hostname identify the cluster, while prometheusUrl points to the HA cluster exporter. The sid associates metrics with the SAP system. The sslPreference ServerCertificate validates the exporter’s certificate.
Beyond these examples
These snippets focus on specific provider instance features: database provider configuration (HANA, Db2, Oracle, SQL Server), application layer monitoring (NetWeaver), and infrastructure monitoring (OS metrics, HA clusters via Prometheus). They’re intentionally minimal rather than full monitoring solutions.
The examples reference pre-existing infrastructure such as SAP Monitor resources, Azure Blob Storage for SSL certificates, and Prometheus exporters for OS and cluster metrics. They focus on configuring the provider instance rather than provisioning the surrounding infrastructure.
To keep things focused, common provider patterns are omitted, including:
- Key Vault integration for secrets (dbPasswordUri, sapPasswordUri)
- Root certificate validation (sslPreference: RootCertificate)
- Oracle and SQL Server provider configurations
- Identity and access management for provider instances
These omissions are intentional: the goal is to illustrate how each provider type is wired, not provide drop-in monitoring modules. See the ProviderInstance resource reference for all available configuration options.
Let's configure Azure SAP Monitor Provider Instances
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
SSL & Security Configuration
What's the difference between ServerCertificate and RootCertificate SSL preferences?
ServerCertificate requires you to provide a specific certificate via sslCertificateUri pointing to a blob storage location. RootCertificate uses the system’s trusted root certificates and doesn’t require sslCertificateUri.How can I securely store database passwords?
You have two options: provide the password inline using
dbPassword, or reference a secure location using dbPasswordUri. When using inline passwords, dbPasswordUri is typically set to an empty string.Provider Configuration
What provider types are available for SAP monitoring?
Seven provider types are supported:
Db2, MsSqlServer, PrometheusOS, PrometheusHaCluster, SapHana, SapNetWeaver, and Oracle. Each requires provider-specific configuration in providerSettings.What common configuration properties do database providers share?
Database providers (Db2, MsSqlServer, Oracle, SapHana) typically require
hostname, dbUsername, dbPassword (or dbPasswordUri), dbPort, sapSid, and SSL configuration (sslPreference and optionally sslCertificateUri).What's required for Prometheus-based providers?
Prometheus providers (
PrometheusOS, PrometheusHaCluster) require prometheusUrl, sapSid (or sid for HA Cluster), and SSL configuration. HA Cluster additionally requires clusterName and hostname.Resource Management
Can I change the monitor name or provider instance name after creation?
No,
monitorName, providerInstanceName, and resourceGroupName are immutable. Changing them requires recreating the resource.How can I check if my provider instance is healthy?
Check the
health output property for resource health details, provisioningState for provisioning status, and errors for any provider instance errors.Which API version should I use?
The default is 2024-02-01-preview. Version 2.x of the Azure Native provider used 2023-04-01. Other versions (2023-10-01-preview, 2023-12-01-preview) are accessible by generating a local SDK package using
pulumi package add azure-native workloads [ApiVersion].