The azure-native:workloads:ProviderInstance resource, part of the Pulumi Azure Native provider, defines a monitoring provider that connects to SAP system components and collects telemetry from databases, application servers, and infrastructure. This guide focuses on three capabilities: database provider configuration (HANA, Db2), application layer monitoring (NetWeaver), and infrastructure monitoring via Prometheus exporters.
Provider instances belong to an SAP Monitor resource and connect to external endpoints that must be accessible. The examples are intentionally small. Combine them with your own SAP Monitor, Key Vault for secrets, and network configuration.
Monitor SAP HANA database with server certificate
SAP monitoring deployments often start by connecting to the HANA database layer to track performance metrics and resource utilization.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const providerInstance = new azure_native.workloads.ProviderInstance("providerInstance", {
monitorName: "mySapMonitor",
providerInstanceName: "myProviderInstance",
providerSettings: {
dbName: "db",
dbPassword: "****",
dbPasswordUri: "",
dbUsername: "user",
hostname: "name",
instanceNumber: "00",
providerType: "SapHana",
sapSid: "SID",
sqlPort: "0000",
sslCertificateUri: "https://storageaccount.blob.core.windows.net/containername/filename",
sslHostNameInCertificate: "xyz.domain.com",
sslPreference: azure_native.workloads.SslPreference.ServerCertificate,
},
resourceGroupName: "myResourceGroup",
});
import pulumi
import pulumi_azure_native as azure_native
provider_instance = azure_native.workloads.ProviderInstance("providerInstance",
monitor_name="mySapMonitor",
provider_instance_name="myProviderInstance",
provider_settings={
"db_name": "db",
"db_password": "****",
"db_password_uri": "",
"db_username": "user",
"hostname": "name",
"instance_number": "00",
"provider_type": "SapHana",
"sap_sid": "SID",
"sql_port": "0000",
"ssl_certificate_uri": "https://storageaccount.blob.core.windows.net/containername/filename",
"ssl_host_name_in_certificate": "xyz.domain.com",
"ssl_preference": azure_native.workloads.SslPreference.SERVER_CERTIFICATE,
},
resource_group_name="myResourceGroup")
package main
import (
workloads "github.com/pulumi/pulumi-azure-native-sdk/workloads/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := workloads.NewProviderInstance(ctx, "providerInstance", &workloads.ProviderInstanceArgs{
MonitorName: pulumi.String("mySapMonitor"),
ProviderInstanceName: pulumi.String("myProviderInstance"),
ProviderSettings: &workloads.HanaDbProviderInstancePropertiesArgs{
DbName: pulumi.String("db"),
DbPassword: pulumi.String("****"),
DbPasswordUri: pulumi.String(""),
DbUsername: pulumi.String("user"),
Hostname: pulumi.String("name"),
InstanceNumber: pulumi.String("00"),
ProviderType: pulumi.String("SapHana"),
SapSid: pulumi.String("SID"),
SqlPort: pulumi.String("0000"),
SslCertificateUri: pulumi.String("https://storageaccount.blob.core.windows.net/containername/filename"),
SslHostNameInCertificate: pulumi.String("xyz.domain.com"),
SslPreference: pulumi.String(workloads.SslPreferenceServerCertificate),
},
ResourceGroupName: pulumi.String("myResourceGroup"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var providerInstance = new AzureNative.Workloads.ProviderInstance("providerInstance", new()
{
MonitorName = "mySapMonitor",
ProviderInstanceName = "myProviderInstance",
ProviderSettings = new AzureNative.Workloads.Inputs.HanaDbProviderInstancePropertiesArgs
{
DbName = "db",
DbPassword = "****",
DbPasswordUri = "",
DbUsername = "user",
Hostname = "name",
InstanceNumber = "00",
ProviderType = "SapHana",
SapSid = "SID",
SqlPort = "0000",
SslCertificateUri = "https://storageaccount.blob.core.windows.net/containername/filename",
SslHostNameInCertificate = "xyz.domain.com",
SslPreference = AzureNative.Workloads.SslPreference.ServerCertificate,
},
ResourceGroupName = "myResourceGroup",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.workloads.ProviderInstance;
import com.pulumi.azurenative.workloads.ProviderInstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var providerInstance = new ProviderInstance("providerInstance", ProviderInstanceArgs.builder()
.monitorName("mySapMonitor")
.providerInstanceName("myProviderInstance")
.providerSettings(HanaDbProviderInstancePropertiesArgs.builder()
.dbName("db")
.dbPassword("****")
.dbPasswordUri("")
.dbUsername("user")
.hostname("name")
.instanceNumber("00")
.providerType("SapHana")
.sapSid("SID")
.sqlPort("0000")
.sslCertificateUri("https://storageaccount.blob.core.windows.net/containername/filename")
.sslHostNameInCertificate("xyz.domain.com")
.sslPreference("ServerCertificate")
.build())
.resourceGroupName("myResourceGroup")
.build());
}
}
resources:
providerInstance:
type: azure-native:workloads:ProviderInstance
properties:
monitorName: mySapMonitor
providerInstanceName: myProviderInstance
providerSettings:
dbName: db
dbPassword: '****'
dbPasswordUri: ""
dbUsername: user
hostname: name
instanceNumber: '00'
providerType: SapHana
sapSid: SID
sqlPort: '0000'
sslCertificateUri: https://storageaccount.blob.core.windows.net/containername/filename
sslHostNameInCertificate: xyz.domain.com
sslPreference: ServerCertificate
resourceGroupName: myResourceGroup
The providerSettings block defines connection parameters for the HANA database. The providerType identifies this as a SapHana provider. The hostname, instanceNumber, and sapSid locate the HANA instance, while dbUsername and dbPassword authenticate the connection. The sslPreference set to ServerCertificate validates the server’s identity using the certificate at sslCertificateUri. For production, use dbPasswordUri to reference a Key Vault secret instead of inline credentials.
Monitor SAP NetWeaver application layer
Application-layer monitoring tracks NetWeaver instance health, work processes, and RFC connections to understand system behavior from the user perspective.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const providerInstance = new azure_native.workloads.ProviderInstance("providerInstance", {
monitorName: "mySapMonitor",
providerInstanceName: "myProviderInstance",
providerSettings: {
providerType: "SapNetWeaver",
sapClientId: "111",
sapHostFileEntries: ["127.0.0.1 name fqdn"],
sapHostname: "name",
sapInstanceNr: "00",
sapPassword: "****",
sapPasswordUri: "",
sapPortNumber: "1234",
sapSid: "SID",
sapUsername: "username",
sslCertificateUri: "https://storageaccount.blob.core.windows.net/containername/filename",
sslPreference: azure_native.workloads.SslPreference.ServerCertificate,
},
resourceGroupName: "myResourceGroup",
});
import pulumi
import pulumi_azure_native as azure_native
provider_instance = azure_native.workloads.ProviderInstance("providerInstance",
monitor_name="mySapMonitor",
provider_instance_name="myProviderInstance",
provider_settings={
"provider_type": "SapNetWeaver",
"sap_client_id": "111",
"sap_host_file_entries": ["127.0.0.1 name fqdn"],
"sap_hostname": "name",
"sap_instance_nr": "00",
"sap_password": "****",
"sap_password_uri": "",
"sap_port_number": "1234",
"sap_sid": "SID",
"sap_username": "username",
"ssl_certificate_uri": "https://storageaccount.blob.core.windows.net/containername/filename",
"ssl_preference": azure_native.workloads.SslPreference.SERVER_CERTIFICATE,
},
resource_group_name="myResourceGroup")
package main
import (
workloads "github.com/pulumi/pulumi-azure-native-sdk/workloads/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := workloads.NewProviderInstance(ctx, "providerInstance", &workloads.ProviderInstanceArgs{
MonitorName: pulumi.String("mySapMonitor"),
ProviderInstanceName: pulumi.String("myProviderInstance"),
ProviderSettings: &workloads.SapNetWeaverProviderInstancePropertiesArgs{
ProviderType: pulumi.String("SapNetWeaver"),
SapClientId: pulumi.String("111"),
SapHostFileEntries: pulumi.StringArray{
pulumi.String("127.0.0.1 name fqdn"),
},
SapHostname: pulumi.String("name"),
SapInstanceNr: pulumi.String("00"),
SapPassword: pulumi.String("****"),
SapPasswordUri: pulumi.String(""),
SapPortNumber: pulumi.String("1234"),
SapSid: pulumi.String("SID"),
SapUsername: pulumi.String("username"),
SslCertificateUri: pulumi.String("https://storageaccount.blob.core.windows.net/containername/filename"),
SslPreference: pulumi.String(workloads.SslPreferenceServerCertificate),
},
ResourceGroupName: pulumi.String("myResourceGroup"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var providerInstance = new AzureNative.Workloads.ProviderInstance("providerInstance", new()
{
MonitorName = "mySapMonitor",
ProviderInstanceName = "myProviderInstance",
ProviderSettings = new AzureNative.Workloads.Inputs.SapNetWeaverProviderInstancePropertiesArgs
{
ProviderType = "SapNetWeaver",
SapClientId = "111",
SapHostFileEntries = new[]
{
"127.0.0.1 name fqdn",
},
SapHostname = "name",
SapInstanceNr = "00",
SapPassword = "****",
SapPasswordUri = "",
SapPortNumber = "1234",
SapSid = "SID",
SapUsername = "username",
SslCertificateUri = "https://storageaccount.blob.core.windows.net/containername/filename",
SslPreference = AzureNative.Workloads.SslPreference.ServerCertificate,
},
ResourceGroupName = "myResourceGroup",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.workloads.ProviderInstance;
import com.pulumi.azurenative.workloads.ProviderInstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var providerInstance = new ProviderInstance("providerInstance", ProviderInstanceArgs.builder()
.monitorName("mySapMonitor")
.providerInstanceName("myProviderInstance")
.providerSettings(SapNetWeaverProviderInstancePropertiesArgs.builder()
.providerType("SapNetWeaver")
.sapClientId("111")
.sapHostFileEntries("127.0.0.1 name fqdn")
.sapHostname("name")
.sapInstanceNr("00")
.sapPassword("****")
.sapPasswordUri("")
.sapPortNumber("1234")
.sapSid("SID")
.sapUsername("username")
.sslCertificateUri("https://storageaccount.blob.core.windows.net/containername/filename")
.sslPreference("ServerCertificate")
.build())
.resourceGroupName("myResourceGroup")
.build());
}
}
resources:
providerInstance:
type: azure-native:workloads:ProviderInstance
properties:
monitorName: mySapMonitor
providerInstanceName: myProviderInstance
providerSettings:
providerType: SapNetWeaver
sapClientId: '111'
sapHostFileEntries:
- 127.0.0.1 name fqdn
sapHostname: name
sapInstanceNr: '00'
sapPassword: '****'
sapPasswordUri: ""
sapPortNumber: '1234'
sapSid: SID
sapUsername: username
sslCertificateUri: https://storageaccount.blob.core.windows.net/containername/filename
sslPreference: ServerCertificate
resourceGroupName: myResourceGroup
The providerType SapNetWeaver configures RFC-based monitoring of the application server. The sapHostname, sapInstanceNr, and sapClientId identify the NetWeaver instance and client. The sapHostFileEntries array provides custom hostname resolution when DNS isn’t available. The sapUsername and sapPassword authenticate the RFC connection. For production, use sapPasswordUri to store credentials in Key Vault.
Monitor IBM Db2 database with SSL
Some SAP landscapes run on IBM Db2 as the database layer, requiring specialized monitoring to track Db2-specific metrics.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const providerInstance = new azure_native.workloads.ProviderInstance("providerInstance", {
monitorName: "mySapMonitor",
providerInstanceName: "myProviderInstance",
providerSettings: {
dbName: "dbName",
dbPassword: "password",
dbPasswordUri: "",
dbPort: "dbPort",
dbUsername: "username",
hostname: "hostname",
providerType: "Db2",
sapSid: "SID",
sslCertificateUri: "https://storageaccount.blob.core.windows.net/containername/filename",
sslPreference: azure_native.workloads.SslPreference.ServerCertificate,
},
resourceGroupName: "myResourceGroup",
});
import pulumi
import pulumi_azure_native as azure_native
provider_instance = azure_native.workloads.ProviderInstance("providerInstance",
monitor_name="mySapMonitor",
provider_instance_name="myProviderInstance",
provider_settings={
"db_name": "dbName",
"db_password": "password",
"db_password_uri": "",
"db_port": "dbPort",
"db_username": "username",
"hostname": "hostname",
"provider_type": "Db2",
"sap_sid": "SID",
"ssl_certificate_uri": "https://storageaccount.blob.core.windows.net/containername/filename",
"ssl_preference": azure_native.workloads.SslPreference.SERVER_CERTIFICATE,
},
resource_group_name="myResourceGroup")
package main
import (
workloads "github.com/pulumi/pulumi-azure-native-sdk/workloads/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := workloads.NewProviderInstance(ctx, "providerInstance", &workloads.ProviderInstanceArgs{
MonitorName: pulumi.String("mySapMonitor"),
ProviderInstanceName: pulumi.String("myProviderInstance"),
ProviderSettings: &workloads.Db2ProviderInstancePropertiesArgs{
DbName: pulumi.String("dbName"),
DbPassword: pulumi.String("password"),
DbPasswordUri: pulumi.String(""),
DbPort: pulumi.String("dbPort"),
DbUsername: pulumi.String("username"),
Hostname: pulumi.String("hostname"),
ProviderType: pulumi.String("Db2"),
SapSid: pulumi.String("SID"),
SslCertificateUri: pulumi.String("https://storageaccount.blob.core.windows.net/containername/filename"),
SslPreference: pulumi.String(workloads.SslPreferenceServerCertificate),
},
ResourceGroupName: pulumi.String("myResourceGroup"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var providerInstance = new AzureNative.Workloads.ProviderInstance("providerInstance", new()
{
MonitorName = "mySapMonitor",
ProviderInstanceName = "myProviderInstance",
ProviderSettings = new AzureNative.Workloads.Inputs.Db2ProviderInstancePropertiesArgs
{
DbName = "dbName",
DbPassword = "password",
DbPasswordUri = "",
DbPort = "dbPort",
DbUsername = "username",
Hostname = "hostname",
ProviderType = "Db2",
SapSid = "SID",
SslCertificateUri = "https://storageaccount.blob.core.windows.net/containername/filename",
SslPreference = AzureNative.Workloads.SslPreference.ServerCertificate,
},
ResourceGroupName = "myResourceGroup",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.workloads.ProviderInstance;
import com.pulumi.azurenative.workloads.ProviderInstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var providerInstance = new ProviderInstance("providerInstance", ProviderInstanceArgs.builder()
.monitorName("mySapMonitor")
.providerInstanceName("myProviderInstance")
.providerSettings(Db2ProviderInstancePropertiesArgs.builder()
.dbName("dbName")
.dbPassword("password")
.dbPasswordUri("")
.dbPort("dbPort")
.dbUsername("username")
.hostname("hostname")
.providerType("Db2")
.sapSid("SID")
.sslCertificateUri("https://storageaccount.blob.core.windows.net/containername/filename")
.sslPreference("ServerCertificate")
.build())
.resourceGroupName("myResourceGroup")
.build());
}
}
resources:
providerInstance:
type: azure-native:workloads:ProviderInstance
properties:
monitorName: mySapMonitor
providerInstanceName: myProviderInstance
providerSettings:
dbName: dbName
dbPassword: password
dbPasswordUri: ""
dbPort: dbPort
dbUsername: username
hostname: hostname
providerType: Db2
sapSid: SID
sslCertificateUri: https://storageaccount.blob.core.windows.net/containername/filename
sslPreference: ServerCertificate
resourceGroupName: myResourceGroup
The providerType Db2 configures database monitoring for IBM Db2. The hostname, dbPort, and dbName locate the database, while dbUsername and dbPassword authenticate. The sapSid associates metrics with the SAP system. The sslPreference ServerCertificate validates the database server’s certificate from sslCertificateUri.
Collect OS metrics via Prometheus exporter
Operating system metrics provide infrastructure-level visibility into SAP system health, often exposed through Prometheus node exporters.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const providerInstance = new azure_native.workloads.ProviderInstance("providerInstance", {
monitorName: "mySapMonitor",
providerInstanceName: "myProviderInstance",
providerSettings: {
prometheusUrl: "http://192.168.0.0:9090/metrics",
providerType: "PrometheusOS",
sapSid: "SID",
sslCertificateUri: "https://storageaccount.blob.core.windows.net/containername/filename",
sslPreference: azure_native.workloads.SslPreference.ServerCertificate,
},
resourceGroupName: "myResourceGroup",
});
import pulumi
import pulumi_azure_native as azure_native
provider_instance = azure_native.workloads.ProviderInstance("providerInstance",
monitor_name="mySapMonitor",
provider_instance_name="myProviderInstance",
provider_settings={
"prometheus_url": "http://192.168.0.0:9090/metrics",
"provider_type": "PrometheusOS",
"sap_sid": "SID",
"ssl_certificate_uri": "https://storageaccount.blob.core.windows.net/containername/filename",
"ssl_preference": azure_native.workloads.SslPreference.SERVER_CERTIFICATE,
},
resource_group_name="myResourceGroup")
package main
import (
workloads "github.com/pulumi/pulumi-azure-native-sdk/workloads/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := workloads.NewProviderInstance(ctx, "providerInstance", &workloads.ProviderInstanceArgs{
MonitorName: pulumi.String("mySapMonitor"),
ProviderInstanceName: pulumi.String("myProviderInstance"),
ProviderSettings: &workloads.PrometheusOsProviderInstancePropertiesArgs{
PrometheusUrl: pulumi.String("http://192.168.0.0:9090/metrics"),
ProviderType: pulumi.String("PrometheusOS"),
SapSid: pulumi.String("SID"),
SslCertificateUri: pulumi.String("https://storageaccount.blob.core.windows.net/containername/filename"),
SslPreference: pulumi.String(workloads.SslPreferenceServerCertificate),
},
ResourceGroupName: pulumi.String("myResourceGroup"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var providerInstance = new AzureNative.Workloads.ProviderInstance("providerInstance", new()
{
MonitorName = "mySapMonitor",
ProviderInstanceName = "myProviderInstance",
ProviderSettings = new AzureNative.Workloads.Inputs.PrometheusOsProviderInstancePropertiesArgs
{
PrometheusUrl = "http://192.168.0.0:9090/metrics",
ProviderType = "PrometheusOS",
SapSid = "SID",
SslCertificateUri = "https://storageaccount.blob.core.windows.net/containername/filename",
SslPreference = AzureNative.Workloads.SslPreference.ServerCertificate,
},
ResourceGroupName = "myResourceGroup",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.workloads.ProviderInstance;
import com.pulumi.azurenative.workloads.ProviderInstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var providerInstance = new ProviderInstance("providerInstance", ProviderInstanceArgs.builder()
.monitorName("mySapMonitor")
.providerInstanceName("myProviderInstance")
.providerSettings(PrometheusOsProviderInstancePropertiesArgs.builder()
.prometheusUrl("http://192.168.0.0:9090/metrics")
.providerType("PrometheusOS")
.sapSid("SID")
.sslCertificateUri("https://storageaccount.blob.core.windows.net/containername/filename")
.sslPreference("ServerCertificate")
.build())
.resourceGroupName("myResourceGroup")
.build());
}
}
resources:
providerInstance:
type: azure-native:workloads:ProviderInstance
properties:
monitorName: mySapMonitor
providerInstanceName: myProviderInstance
providerSettings:
prometheusUrl: http://192.168.0.0:9090/metrics
providerType: PrometheusOS
sapSid: SID
sslCertificateUri: https://storageaccount.blob.core.windows.net/containername/filename
sslPreference: ServerCertificate
resourceGroupName: myResourceGroup
The providerType PrometheusOS configures OS metric collection from a Prometheus endpoint. The prometheusUrl points to the exporter’s metrics endpoint (typically port 9090). The sapSid associates metrics with the SAP system. The sslPreference and sslCertificateUri enable secure communication with the Prometheus endpoint.
Monitor high-availability cluster via Prometheus
SAP high-availability deployments use clustering software to manage failover, with cluster metrics exposed through Prometheus exporters.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const providerInstance = new azure_native.workloads.ProviderInstance("providerInstance", {
monitorName: "mySapMonitor",
providerInstanceName: "myProviderInstance",
providerSettings: {
clusterName: "clusterName",
hostname: "hostname",
prometheusUrl: "http://192.168.0.0:9090/metrics",
providerType: "PrometheusHaCluster",
sid: "sid",
sslCertificateUri: "https://storageaccount.blob.core.windows.net/containername/filename",
sslPreference: azure_native.workloads.SslPreference.ServerCertificate,
},
resourceGroupName: "myResourceGroup",
});
import pulumi
import pulumi_azure_native as azure_native
provider_instance = azure_native.workloads.ProviderInstance("providerInstance",
monitor_name="mySapMonitor",
provider_instance_name="myProviderInstance",
provider_settings={
"cluster_name": "clusterName",
"hostname": "hostname",
"prometheus_url": "http://192.168.0.0:9090/metrics",
"provider_type": "PrometheusHaCluster",
"sid": "sid",
"ssl_certificate_uri": "https://storageaccount.blob.core.windows.net/containername/filename",
"ssl_preference": azure_native.workloads.SslPreference.SERVER_CERTIFICATE,
},
resource_group_name="myResourceGroup")
package main
import (
workloads "github.com/pulumi/pulumi-azure-native-sdk/workloads/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := workloads.NewProviderInstance(ctx, "providerInstance", &workloads.ProviderInstanceArgs{
MonitorName: pulumi.String("mySapMonitor"),
ProviderInstanceName: pulumi.String("myProviderInstance"),
ProviderSettings: &workloads.PrometheusHaClusterProviderInstancePropertiesArgs{
ClusterName: pulumi.String("clusterName"),
Hostname: pulumi.String("hostname"),
PrometheusUrl: pulumi.String("http://192.168.0.0:9090/metrics"),
ProviderType: pulumi.String("PrometheusHaCluster"),
Sid: pulumi.String("sid"),
SslCertificateUri: pulumi.String("https://storageaccount.blob.core.windows.net/containername/filename"),
SslPreference: pulumi.String(workloads.SslPreferenceServerCertificate),
},
ResourceGroupName: pulumi.String("myResourceGroup"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var providerInstance = new AzureNative.Workloads.ProviderInstance("providerInstance", new()
{
MonitorName = "mySapMonitor",
ProviderInstanceName = "myProviderInstance",
ProviderSettings = new AzureNative.Workloads.Inputs.PrometheusHaClusterProviderInstancePropertiesArgs
{
ClusterName = "clusterName",
Hostname = "hostname",
PrometheusUrl = "http://192.168.0.0:9090/metrics",
ProviderType = "PrometheusHaCluster",
Sid = "sid",
SslCertificateUri = "https://storageaccount.blob.core.windows.net/containername/filename",
SslPreference = AzureNative.Workloads.SslPreference.ServerCertificate,
},
ResourceGroupName = "myResourceGroup",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.workloads.ProviderInstance;
import com.pulumi.azurenative.workloads.ProviderInstanceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var providerInstance = new ProviderInstance("providerInstance", ProviderInstanceArgs.builder()
.monitorName("mySapMonitor")
.providerInstanceName("myProviderInstance")
.providerSettings(PrometheusHaClusterProviderInstancePropertiesArgs.builder()
.clusterName("clusterName")
.hostname("hostname")
.prometheusUrl("http://192.168.0.0:9090/metrics")
.providerType("PrometheusHaCluster")
.sid("sid")
.sslCertificateUri("https://storageaccount.blob.core.windows.net/containername/filename")
.sslPreference("ServerCertificate")
.build())
.resourceGroupName("myResourceGroup")
.build());
}
}
resources:
providerInstance:
type: azure-native:workloads:ProviderInstance
properties:
monitorName: mySapMonitor
providerInstanceName: myProviderInstance
providerSettings:
clusterName: clusterName
hostname: hostname
prometheusUrl: http://192.168.0.0:9090/metrics
providerType: PrometheusHaCluster
sid: sid
sslCertificateUri: https://storageaccount.blob.core.windows.net/containername/filename
sslPreference: ServerCertificate
resourceGroupName: myResourceGroup
The providerType PrometheusHaCluster configures cluster monitoring. The clusterName and hostname identify the cluster, while prometheusUrl points to the HA cluster exporter. The sid associates metrics with the SAP system. The sslPreference ServerCertificate validates the exporter’s certificate.
Beyond these examples
These snippets focus on specific provider instance features: database provider configuration (HANA, Db2, Oracle, SQL Server), application layer monitoring (NetWeaver), and infrastructure monitoring (OS metrics, HA clusters via Prometheus). They’re intentionally minimal rather than full monitoring solutions.
The examples reference pre-existing infrastructure such as SAP Monitor resources, Azure Blob Storage for SSL certificates, and Prometheus exporters for OS and cluster metrics. They focus on configuring the provider instance rather than provisioning the surrounding infrastructure.
To keep things focused, common provider patterns are omitted, including:
- Key Vault integration for secrets (dbPasswordUri, sapPasswordUri)
- Root certificate validation (sslPreference: RootCertificate)
- Oracle and SQL Server provider configurations
- Identity and access management for provider instances
These omissions are intentional: the goal is to illustrate how each provider type is wired, not provide drop-in monitoring modules. See the ProviderInstance resource reference for all available configuration options.
Let's configure Azure SAP Monitor Provider Instances
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Provider Configuration
What provider types are available for SAP monitoring?
Seven provider types are supported:
Db2, MsSqlServer, Oracle, SapHana, SapNetWeaver, PrometheusOS, and PrometheusHaCluster. Each provider type monitors different components of your SAP landscape.What properties can't I change after creating a provider instance?
Three properties are immutable:
monitorName, providerInstanceName, and resourceGroupName. You’ll need to recreate the provider instance to change any of these.What fields are required for database providers?
Database providers (Db2, MsSqlServer, Oracle, SapHana) require:
hostname, dbUsername, dbPassword, dbPort, dbName, sapSid, and providerType. Additionally, you must configure SSL settings with either sslPreference.SSL & Security
What's the difference between ServerCertificate and RootCertificate SSL preferences?
ServerCertificate requires you to provide sslCertificateUri pointing to a certificate stored in Azure Blob Storage (format: https://storageaccount.blob.core.windows.net/containername/filename). RootCertificate uses the system’s root certificate store and doesn’t require sslCertificateUri.Should I use dbPassword or dbPasswordUri for database credentials?
Use
dbPassword directly. All examples show dbPassword populated with the actual password and dbPasswordUri set to an empty string, indicating direct password is the standard approach.API Versions & Compatibility
What API version does this resource use?
The default API version is 2024-02-01-preview. Version 2.x of the Azure Native provider used 2023-04-01. Other available versions include 2023-10-01-preview and 2023-12-01-preview, accessible via local SDK packages.