The AWS public cloud is an extremely popular option for SAP. Enterprises can use its extensive infrastructure and toolset to create a flexible, scalable global landscape while controlling costs. However, a public cloud like AWS is its own animal, requiring a certain amount of “Public Cloud IQ.”
The challenge for most organizations is either investing in the in-house resources dedicated to running SAP in a public cloud, or outsourcing it to a trusted partner. Either way, it’s important to understand that SAP is not just another workload, it requires the knowledge and expertise to optimize the entire SAP stack.
Four Key Things Your SAP AWS Provider Must Do
1. Understand the True Costs of Architecting SAP in the Public Cloud:
While the public cloud is a great option for hosting SAP, in this case it’s wise to challenge the common belief that this is cheap. The raw compute power of the public cloud is very inexpensive, but RAM-intensive applications, such as HANA can get quite pricey. The same is true in the cloud – it’s pretty inexpensive until you start needing high-performance storage for a good database response, which quickly adds to your overhead costs.
To be clear, this is not to suggest that the TCO for SAP in the public cloud is not favorable. However, the cost to meet your SAP SLAs in the public cloud is not necessarily cheap, depending on the landscape, the desired availability uptime and your other supporting SLAs. In fact, the value is not in cost alone, but resiliency, elasticity and the ability to transform on the fly. It is easy to argue that in public cloud requires both SAP and public cloud specific expertise.
Consideration #1: The proposition of deploying SAP in the public cloud is not based solely on cost. Choose your partners wisely in order to navigate all of the moving parts and deliver true value.
2. Understand There is No 1:1 Correlation with Public-Cloud Computing:
Public-cloud deployments, by design, do not map 1:1 to private or on-premises solutions. In fact, public-cloud deployments do not map 1:1 between cloud providers, either.
On-premises solutions are architected from the top-down to be safe, secure, and high-performance solutions that traditionally sit behind a firewall, are shielded by creating a DMZ, and then traffic is distributed by a load balancer (Application Delivery Controller). Traffic is further segmented into VLANs before being routed to workload-specific servers.
In a public cloud, solutions are architected from the bottom-up. It starts with a subscription and is then defined by the region or regions. Solutions are then architected across Availability Zones, Security Groups, and Auto Scale Groups. Depending on the public-cloud provider, the virtual machine families drive what storage families are supported, which in turn determines the IOPS, which determines the performance. When you then add SAP to the mix, it instantly makes the architecture even more interesting and dramatically more challenging in order to meet the SLAs your users need to do their jobs.
Consideration #2: Identify a service provider that understands the entire stack, and not just the application layer.
3. Know How to Secure SAP in the Public Cloud:
Industry best practices call for isolating database and application servers. You also want to limit access by segmenting network traffic and establishing VPS tunnels to connect to and access the system. It’s important to understand that both AWS and Azure have branded their MPLS connectivity with names such as AWS Direct Connect and Azure Express Route. In public-cloud deployments, using Security Groups can serve the same purpose as firewalls, as they both restrict network traffic. Security Groups also have operational advantages over traditional firewalls, as you can easily apply policies to new servers as they are introduced into the ecosystem. It is also common to architect solutions that include bastion hosts or jumpbox servers to further isolate access.
Consideration #3: Architecting in the public cloud has unique security implications. Your partner should be able to articulate how your SAP security was engineered.
4. Provide Proactive Tuning and Management:
SAP requires careful management and frequent tuning to maintain performance. The key is to approach SAP tuning regularly and proactively, as SAP is most effective when tuning is not done only when needed. Since SAP performance doesn’t start at the application layer, it requires ongoing monitoring, hardening, and tuning of the entire stack.
One of the challenges that companies experience with public-cloud SAP deployments is simply that they treat SAP like just another workload. Taking a more holistic view of the platform and application layer increases the likelihood that your SAP solutions will be more stable and will perform better. An example of this synergy is the database. It is difficult to imagine tuning a database without also optimizing and hardening the OS. As you can see, these nuances of managing public cloud-based SAP delivery further highlight the need to find a partner that understands the underlying platform as well as the application and the cloud. AWS certification is a strong credential, but broader expertise is crucial.
Consideration #4: Does your partner understand the relationship between the platform and the application?
SAP Can Thrive in the AWS Cloud
The thing to remember about architecting SAP in the public cloud is that the Amazon or Azure cloud is a destination, not a solution. It’s the neighborhood where you’re going to build a home for your company’s data and processes. Whether it turns out to be a dream home or a money pit depends on choosing the right team to design, build, and care for it.
As a complete SAP hosting and managed-services provider, Symmetry can help you get the most out of SAP on the public cloud. We serve as a true extension of your team; whether you’re looking for a complete, managed private-cloud solution, a hybrid cloud, AWS migration, or someone to help you with day-to-day AWS or Azure operations, we’re here to help. Let’s talk and see how we can help you build the SAP solution you need, in the cloud.