Segregation of Duties is one of those business concepts that’s a bit abstract, but the…
Spoiler alert. Yes.
We talk with a lot of Enterprise customers, and we hear their unfiltered concerns and hesitation in moving SAP workloads to AWS. In this series, we will explore some commonly heard themes that are worth investigating. Specifically, we will examine concerns centred around placing critical and legacy SAP workloads in the AWS Cloud.
Adoption of the Public Cloud Platform
Let’s start with the platform. If you think about where the public cloud was just a few years ago, few believed that the public cloud was suitable to host a database, or any database, let alone a critical workload. There were questions and concerns about performance, resources, and accessibility.
But as the public cloud matured, so did our perceptions and confidence. Today, no one can imagine a cloud platform that does not support multiple databases with performance comparable to what you can achieve on premises or in the private cloud.
As the public cloud adoption grew, so did concerns about security and compliance. This was somewhat expected given that the public cloud is a bit of a black box. Bottom line, few know how AWS Cloud really works under the bonnet; we only know that it works exceptionally well. And against this enigma that is AWS Cloud, some still find it unsettling that in this new multi-tenant, hyperscale world, security has literally been reimagined.
Where AWS Cloud Shines
Deploying firewalls, which are the primary line of defence when deploying on premises, have now become more of an exception than the rule in the cloud. Who saw that coming? It is worth noting that Enterprise IT has not fully embraced the public cloud for all workloads, given that this is shared infrastructure at its foundation.
While this introduces legitimate concerns about noisy neighbours and the risk of intrusion and DDoS attacks, this is where AWS really shines. AWS Cloud is nearly self-healing and has over 100 services, including ACLs, Security Groups, and advanced services like AWS Shield Advanced that can secure infrastructure to your new virtual network edge. When it comes to compliance, AWS meets almost every compliance standard.
But even with all the tools that AWS Cloud offers, there are more than just native tools that can be leveraged when deploying SAP in AWS Cloud. This is where the world’s largest marketplace comes into play. Besides knowing AWS Cloud and the AWS marketplace, it is also crucial to know SAP and how to architect for SAP in AWS Cloud
Architecting SAP in AWS Cloud
For instance, we deploy SAP in AWS Cloud with almost no public-facing internet exposure. We lock everything down and deploy Bastion hosts for management control to further secure the SAP landscape. Then we layer on the Best in Breed monitoring solution and architect and deploy collectors that work in concert with AWS CloudWatch to give us the needed visibility into the entire stack.
Just because we don’t have root access to the hypervisors shouldn’t mean we don’t have or need visibility into the underlying infrastructure health. That is the difference between reactive event monitoring and preventative event monitoring.
For a finicky application like SAP, this makes AWS a great platform for hosting. But even with the power of AWS Cloud and all our special deployment tools, there are still some technical questions about moving legacy workloads to the public cloud that we ought to explore.
Moving Legacy Workloads to the Public Cloud
For context, when we talk about applications that are purposely designed to thrive in the public cloud, we use terms like Cloud Native, or Born in the Cloud. This describes the next generation of applications that are architected to maximise all the layers of the stack and not just the OS and virtualisation layer.
Few legacy systems (as their name implies) meet this criterion. This is because most legacy applications like SAP are carry-overs from the single application – the single server era. These applications were originally architected and designed for static environments, and most were originally deployed on dedicated infrastructure, servers, or appliances. Stable. Predictable. Isolated. But with the advent of virtualisation, this model has been all but eliminated.
In the last few years, we have observed a shift where more legacy applications are now supported on virtual machines, opening the door for virtualisation and by extension, to public cloud providers. As for SAP, and most recently SAP HANA, both are now certified not only as virtual machines in your datacentres and ours, but as instances in AWS Cloud.
This certification is evidence that SAP is completely Cloud Ready. Cloud Ready refers to a state where legacy applications that were not Born in the Cloud have been tested, vetted, and can function as designed in Public Hyperscale Cloud.
But wait, there’s more. It’s one thing for SAP to be Cloud Ready and another for your combination of virtual machines, operating systems, and databases to be certified. This is where AWS Cloud meets the SAP Product Availability Matrix, or PAM for short.
Partner in Developing a Key Strategy
This is where having a partner that can help you navigate the intersection of these very different requirements can help you develop your strategy. For instance, Oracle works with SAP and is available in AWS Cloud, but knowing the specific OS versions that will work is where having AWS Cloud and SAP expertise comes into play.
To conclude, this is the power of the POC. SAP functions and is certified in AWS Cloud. Check. SAP supported databases will function and are certified in AWS Cloud. Check. SAP functions and is supported on ESX in your datacentres and ours. Check.
However, SAP needs a lot of patching. When migrating to AWS Cloud, it would be helpful to know upfront that you are not the first to discover an issue; good to know if existing patches will cover any snowflakes that your SAP deployment might throw at AWS Cloud; helpful to validate compatibility; valuable to validate your SAP performance in AWS Cloud.
This is where our partnership with SAP and AWS Cloud can be helpful. Let’s talk and see how we can help put together a POC where the infrastructure costs and licensing have been absorbed to help make this a positive experience for you.
So yes, the AWS Public Cloud is ready to host SAP. With the right partner, and with a little extra care and feeding, your journey can be both manageable and predictable.
In the next instalment, we will discuss why migrating SAP to AWS Cloud is not only manageable and predictable, but also makes good business sense in terms of cost, ROI, and competing IT priorities. We will explore how to create a compelling business case and help you figure out what timeline makes the most sense to consider a migration given your unique environment and limited resources.