SAP's BTP ( Business Technology Platform) is a SaaS offering where SAP is providing various integration and development services. The key focus of BTP is to keep the SAP ERP core cleaner, less customized in other words, and rely on these services to create integrations and deliver front-end services. While customers are in the process of determining use-cases to leverage this, they typically see that both BTP and AWS will be used. Typically, customers have their ERP systems in IaaS setup on AWS, and they leverage BTP on AWS as well. Let's first understand the scenarios that can exist and then cover how network design can be defined for these scenarios.
- Customer is using their SAP systems in IaaS setup on AWS and are leveraging BTP services as well on AWS
- Customer is using their SAP systems in IaaS setup on another cloud or on-premise and plans to deploy BTP services on AWS
- Customer is using SAP under RISE with SAP on AWS setup and plans to leverage BTP on AWS
In each of the above cases, several AWS services can be used to minimize latency and keep traffic secure while configuring the interfaces.
SAP systems and BTP both on AWS - The communication in this case can be kept away from internet completely, reducing the surface area for attackers. The AWS PrivateLink for SAP (AWS PrivateLink and SAP on AWS Deployments - DZone) addresses this use-case. PrivateLink provides an endpoint on SAP owned AWS Account that runs BTP called Interface VPC Endpoint. This endpoint can be connected from any AWS service in AWS account owned by customer using the so-called AWS PrivateLink or SAP PrivateLink in the manner described in below image, which is further elaborated in referenced blog. (Image Ref - How to connect SAP BTP Services with AWS Services using SAP Private Link Service | AWS for SAP (amazon.com))
SAP on another cloud or on-premises while BTP services are on AWS - In this case, if there is an existing VPN or Direct Connect established between on-premises and AWS, the same can be leveraged to enhance security. PrivateLink cannot be used in these scenarios as the PrivateLink services are a native scenario exclusively available for connectivity between various services within AWS but on different accounts. In such multi-cloud scenarios, network traversal must be over internet, unless customer has private connectivity with each of the service provider that they wish to use BTP services and SAP Infrastructure services. There are 2 possible scenarios, either customer has these connectivity setups with both cloud providers from their own managed data centers or this setup can be performed via a Multi-Cloud Connectivity provider, for example F5.
RISE with SAP on AWS and BTP on AWS - RISE with SAP is an SAP construct in which the SAP support team manages AWS Accounts, Infrastructure and SAP Platform, which provides customer an "Enterprise Software as a Service" experience. The actual SAP systems run in IaaS manner from the SAP perspective, however customer does not need to worry about the IaaS as SAP manages it completely along with all Operational tasks. RISE with SAP on AWS provides BTP Platform Credits which further makes it easier for customers to start leveraging BTP. From an architectural perspective, this setup can be performed in same manner as above, however, SAP need to enable the Load Balancer and accept the BTP endpoint connectivity request in their VPC (to be further checked and image to be updated.
Network in AWS can lead to challenges related to latency that can impact the performance.
It is necessary that a consideration is made in terms of latency requirements and accordingly the right design is chosen. The key considerations are below -
- Choosing the location of various components - The cloud deployments brings plenty of choices and with options discussed above, there is always a possibility of customer setting up a multi-cloud deployment. In such cases, its important that the end-user location, SAP systems deployment location, and the SAP BTP services deployment location are as close as possible, which will minimize latency. It should be noted that with global user base for large enterprises, this may not be possible in all cases.
- Ensuring the routing is setup correctly - It is observed in many deployments that even when servers are setup closely, there are lot of hops for packets introduced due to routing issues. Always perform a trace route of the traffic to ensure that this problem is not increasing latency and keep the hops to minimal by changing routing. Route Manager, a part of AWS Network Manager, can help diagnose and correct such problems.
- Data being transferred is chosen carefully - The BTP is a processing engine, whereas core ERP system is a data store. It might happen that lot of data is transferred over to BTP , which can eventually increase throughput and slow down the end-to-end flow processing. Always perform the selection within ERP and transfer the data chunks that are as small as possible, which can be transferred multiple times if required. SAP BTP and SAP on AWS can help customers transform their SAP business processes to ensure that the systems are ready for new-age integrations and the innovations. It is a necessity for any SAP customer now to consider these options carefully and decide their roadmap based on the available options and the customer's future roadmap for overall transformation and digitalization journey.
Top comments (0)