Administration

Connecting On-Premise Infrastructures to AWS

SAP and Amazon Web Services (AWS) offer different SAP business applications from the AWS cloud.

 

One of the tenets of the cloud is the accessibility over internet. However, for business-critical applications such as SAP, many organizations do not allow internet connectivity for several reasons, such as security, latency, etc. This section discusses some other ways you can connect to AWS from your data center or office.

 

AWS Direct Connect

AWS Direct Connect is a network service using IEEE 802.1Q virtual local area networking (VLAN) that provides private, low-latency, and high-speed connections to AWS cloud. At the time of writing, AWS Direct Connect traffic is not encrypted out of the box; however, encryption can be implemented by your organization. You can either have a dedicated connection or use delivery partners through a hosted connection. Dedicated connections support up to 100 Gbps while hosted connection goes up to 10 Gbps.

 

The top of the figure below shows what a connection from an on-premise data center or office location would look like using AWS Direct Connect. Since global companies have multiple locations, the SiteLink feature of AWS Direct Connect lets you create a private network connection on an AWS backbone among the locations.

 

AWS Direct Connect to Cloud and Connection between Locations Using SiteLink

 

AWS Direct Connect and SAP Landscapes: In our experience, the majority of organizations moving their SAP landscapes to AWS use AWS Direct Connect for latency, throughput, and security reasons.

 

Virtual Private Networks

A virtual private network (VPN) uses Internet Protocol security (IPsec) to create a secure connection to AWS over the internet; all data over VPN is encrypted. As far as connectivity to AWS, you can use following VPN options:

  • AWS Site-to-Site VPN: This option offers VPN tunnel between AWS and the customer gateway used to connect to an office location for AWS. It has built-in redundancy with two tunnels and supports throughputs of up to 1.25 Gbps.
  • AWS Client VPN: This option connects an end user to AWS using an OpenVPN client and supports up to 10 Mbps bandwidth.
  • AWS VPN CloudHub: If you have more than one site-to-site connection, say, at multiple office locations, this option lets your office locations communicate with AWS cloud as well as with each other.
  • Third-party VPN appliance: This option involves bringing your own software model, where the software is installed on an AWS server similar to any other third parties and is not provided or maintained by AWS.

AWS Transit Gateway

From our AWS Direct Connect and VPN discussions earlier in this chapter, we hope you noticed a pattern for scaling: If you’re still not convinced that scaling has met your organization’s needs, we’re at the connectivity option that you might be looking for. AWS Transit Gateway acts as a central hub for connectivity between your on-premise network and AWS cloud (specifically Amazon VPC). Think of AWS Transit Gateway as a scalable cloud router that connects your VPNs and AWS Direct Connect instances to Amazon VPC instances, as shown in the next figure, instead of establishing complex connections (such as peering) among Amazon VPC instances.

 

On-Premise to AWS Connectivity Example Using AWS Transit Gateway as the Hub

 

AWS Transit Gateway is a regional service that operates at layer 3 (network) of the open systems interconnection (OSI) model, and you can create more than one in a region as well. As your organization’s AWS footprint increases, you can peer inter-region transit gateways to use the AWS network backbone.

 

Editor’s note: This post has been adapted from a section of the book SAP on AWS: Architecture, Migration, and Operation by Ravi Kashyap, Rajendra Narikimelli, and Rozal Singh.

Recommendation

SAP on AWS
SAP on AWS

Are you ready to move to Amazon’s public cloud? Find all the information you need to deploy SAP on AWS in this guide! Learn how to design a system that meets your business needs with the AWS Well-Architected Framework. Then, prepare for your migration by reviewing AWS-approved methodologies, approaches, and tools. Finally, you’ll see what daily operations look like on AWS, and get tips for multicloud strategies and SAP workload transformations. Your cloud journey starts here!

Learn More
SAP PRESS
by SAP PRESS

SAP PRESS is the world's leading SAP publisher, with books on ABAP, SAP S/4HANA, SAP CX, intelligent technologies, SAP Business Technology Platform, and more!

Comments

The official SAP PRESS Blog

As the world’s leading SAP publisher, SAP PRESS’ goal is to create resources that will help you accelerate your SAP journey. The SAP PRESS Blog is designed to provide helpful, actionable information on a variety of SAP topics, from SAP ERP to SAP S/4HANA. Explore ABAP, FICO, SAP HANA, and more!

© 2024 Rheinwerk Publishing, Inc. | Change Privacy Options