SAP Enterprise Architecture in the Era of

SAP HANA, Infrastructure, Platforms,

Software and Everything-as-a-Service
Chuck Kichler (kichler@us.ibm.com)
How to consume the on-premise vs. off-
premise SAP applications
How to use private, hosted, and public cloud
successfully with SAP
Hear seven key learnings to make your
LEARNING POINTS
Hear seven key learnings to make your
company successful with SAP non-cloud and
cloud applications
We started with client/server
R/3
APP APP APP APP
I need 200 GB of storage
512 MB of RAM
The errors are all in German
I need Internet access to
download the fixes
You have to have a TCP/IP
network for your PC (no twin-ax)
R/3 R/3
DB DB
network for your PC (no twin-ax)
And then it exploded!
A
p
p
l
i
c
a
t
i
o
n
s
mySAP ERP Edition 2003
Self-Service Procurement
SAP R/3 Enterprise
SAP Enterprise Extension Set
Strategic Enterprise Mgmt
Internet Sales
Self Services
Industry Solutions
Additional Components
SAP R/3
SAP Enterprise
Extension Set
SAP R/3 Enterprise
mySAP ERP Edition 2004
Composite Applications
SAP ECC Extension Set
Additional Components
Self-Service Procurement
Internet Sales
SAP ERP Central Component 5.00
Self-Services (ESS/MSS)
SEM
mySAP ERP Edition 2004s
Composite Applications
SAP ECC
Additional Components
Self-Service Procurement
Internet Sales
SAP ERP Central Component 6.00
SRM
Enhanced Self-Services (ESS/MSS)
SEM
SAP ECC 6.0 Core
BANG!
T
e
c
h
n
o
l
o
g
y
SAP R/3 Enterprise Core
SAP Enterprise Extension Set
SAP NetWeaver
C
o
m
p
o
s
i
t
e

A
p
p
l
i
c
a
t
i
o
n

F
r
a
m
e
w
o
r
k
APPLICATION PLATFORM
L
i
f
e

C
y
c
l
e

M
g
m
t
PEOPLE INTEGRATION
Multi Channel Access
Portal Collaboration
INFORMATION INTEGRATION
Master Data Mgmt
Bus. Intelligence Knowledge Mgmt
PROCESS INTEGRATION
Integration
Broker
Business
Process Mgmt
J2EE ABAP
DB and OS Abstraction
SAP Basis
SAP R/3
up to 4.6C
Application
SAP Web
Application Server
SAP R/3
Enterprise Core
SAP Enterprise
Extension Set
SAP NetWeaver 04
C
o
m
p
o
s
i
t
e

A
p
p
l
i
c
a
t
i
o
n

F
r
a
m
e
w
o
r
k
APPLICATION PLATFORM
L
i
f
e

C
y
c
l
e

M
g
m
t
PEOPLE INTEGRATION
Multi Channel Access
Portal Collaboration
INFORMATION INTEGRATION
Master Data Mgmt
Bus. Intelligence Knowledge Mgmt
PROCESS INTEGRATION
Integration
Broker
Business
Process Mgmt
J2EE ABAP
DB and OS Abstraction
SAP ECC 5.0 Core
SAP NetWeaver 04s
C
o
m
p
o
s
i
t
e

A
p
p
l
i
c
a
t
i
o
n

F
r
a
m
e
w
o
r
k
APPLICATION PLATFORM
L
i
f
e

C
y
c
l
e

M
g
m
t
PEOPLE INTEGRATION
Multi Channel Access
Portal Collaboration
INFORMATION INTEGRATION
Master Data Mgmt
Bus. Intelligence Knowledge Mgmt
PROCESS INTEGRATION
Integration
Broker
Business
Process Mgmt
J2EE ABAP
DB and OS Abstraction
Switch Framework
Enterprise Extensions Industry Extensions
Our SAP world today
On-Premise and Cloud
Ariba HCM
Other Other
SRM HCM CRM
On-Premise and Cloud Connectivity
Business Objects
HANA
BW
DB2
ECC
DB2
SCM
SAP Portal
Corporate Data Center
ERP SCM
BW
Manfctr
Our SAP world very soon
On-Premise and Cloud and APIs
Direct
HCM
CRM
Indrct
API
API
API
API
API
API
API API API
Steel Grainger Amazon
API Mashup
Fraud Detection
Stat Analytics
ERP SCM
BW
Manfctr
Analytics
API
ESB
Application Program Interfaces
(APIs) are small, standardized,
registered, consumable programs.
There are 100Ks today.
Agile Data Mart (Analytics Application)
Enhance Existing Data Mart and Data Warehouse
Investments
Data Acquisition and Integration from Any Source
Real-Time Consolidated Reporting/Analytics
SAP BW on HANA
Dramatically Improved Performance
SAP HANA Today: Three Core Use Cases
Operational Data Mart / Application Accelerator
Flexible Real-Time Analytics/Reporting
Accelerated SAP Applications
Rapid Deployment Solutions for Quick Deployment
Dramatically Improved Performance
Simplified Administration & Streamlined Landscape
Unlock Data Across the Enterprise
Preserve BW Investment without Disruption
Now add in SAP Business Suite on HANA
Today Future
HANA
BW
HANA
ECC
HANA
CRM
HANA
SCP
HANA BW
ECC CRM SCP Other
Business Objects
HANA HANA HANA HANA
Business Objects
HANA BW
Big Problems to be solved:
1. Achieving performance
2. DR & HA w/out slowing performance
3. Requiring VERY BIG memory space
Big Problems to be solved:
1. Supportability of multiple applications
2. In-memory Data Management (value, age)
3. Requiring HUGE memory space
Over 75% of Businesses Plan to Use Cloud*
Public Cloud
54% are or will use public cloud within the
next 12 months
Private Cloud
65% are or will use private cloud within the
next 12 months next 12 months
Hybrid Cloud
79% are or will use hybrid cloud within the
next 12 months
Other surveys have similar results
*Source: TNS Infratest Online Survey 1Q2012 for SAP with large enterprises US, UK, Germany, Brazil
SAP has split out on-premise and cloud
Software-as-a-Service
(SaaS)
Business Process-as-a-Service
(BPaaS)
SAP cloud applications
SuccessFactors
Ariba
JAM
Travel & Expense
Carbon Credits
And more
Deploy Design Consume
Infrastructure-as-a-Service
(IaaS)
Platform-as-a-Service
(PaaS)
SAP on-premise applications:
ECC
BW
Solution Manager
CRM
PLM
SCM
And more
All SaaS Is Growing including SAPs SaaS
SAP AG SaaS growth
SAP Scale
$1B cloud revenue run rate
20+M cloud users
6K+ customers
1M companies on Ariba network
by EOY 2013
7
9
11
13
SaaS Apps*
by EOY 2013
SAP Momentum
14x revenue growth
92% SuccessFactors YoY growth
300% BusinessByDesign growth
$314B Euros on Ariba network
*Source: Forrester, November 2012 Cloud Keys An Era Of New IT Responsiveness And Efficiency
1
3
5
7
2010 2011 2012 2013
You must be asking yourself:
How do we put it together?
What is our Enterprise Architecture look like? What is our Enterprise Architecture look like?
What are the areas for concern?
You will need an internal & external strategy
Corporate Data Center External IaaS / PaaS / SaaS
Physical
Year 1 Virtual Cloud
Year 2 Physical Virtual Cloud
Year 3
Physical Virtual Cloud
Year 4
Phys.
Virtual
Cloud
Year 5
Virtual Cloud
Start with SAP on-premise applications with
limited commitment to cloud
Development &
Test
Exploration Testing Peak Utilization
- Hybrid
EWM SBX
ECC DEV
ECC QA
BW DEV
BW QA
BWSBX
ECC SBX
CRM DEV
CRM QA
Internal
ECC DEV
ECC QA
BW DEV
BW QA
BWSBX
ECC SBX
CRM DEV
CRM QA
Available
EWM SBX
External
ECC
DEV
ECC
QA
ECC
PRD
ECC
DEV
ECC
QA
N
N+1
ECC
DEV
ECC
QA
ECC
PRD
ECC
QT1
ECC
QT2
BW
QT2
ECC HR
E
S
S
/
M
S
S
P
o
r
t
a
l
E
S
S
/
M
S
S
P
o
r
t
a
l
E
S
S
/
M
S
S
P
o
r
t
a
l
E
S
S
/
M
S
S
P
o
r
t
a
l
E
S
S
/
M
S
S
P
o
r
t
a
l
E
S
S
/
M
S
S
P
o
r
t
a
l
E
S
S
/
M
S
S
P
o
r
t
a
l
Development Training Peak Utilization
- Internal
Seasonal
ECC
DEV
ECC
QA
ECC
PRD
ECC
TR1
ECC TRN
Image
ECC
TRN
Master
APO DEV
APO SBX
BW DEV
BW SBX
ECC DEV
ECC SBX
CRM DEV
CRM SBX
External Internal
CRM
QA
CRM
PRD
ECC
QA
ECC
PRD
BW
QA
BW
PRD
APO
QA
APO
PRD
CRM
QA
CRM
PRD
ECC
QA
ECC
PRD
BW
QA
BW
PRD
APO
QA
APO
PRD
CRM
SBX
CRM
DEV
ECC
SBX
ECC
DEV
BW
SBX
BW
DEV
APO
SBX
APO
DEV
ECC DEV
ECC QA
BW DEV
BW QA
BWSBX
ECC SBX
CRM DEV
CRM QA
ECC APP4
ECC APP3
ECC APP2
ECC APP1
ECC
DB/CI
ECC DEV
ECC QA
BW DEV
BW QA
BWSBX
ECC SBX
CRM DEV
CRM QA
ECC APP4
ECC APP3
ECC APP2
ECC APP1
ECC
DB/CI
ECC APP7
ECC APP6
ECC APP5
At Peak Before Peak
Other Other
Other Other
Making a production size commitment
Heavy off-premise Heavy on-premise
Ariba HCM
Other Other
Other Other
Ariba HCM
Business Objects
HANA
BW
DB2
ECC
DB2
SCM
SAP Portal
Business Objects
HANA
BW
DB2
ECC
DB2
SCM
SAP Portal
Corporate Data Center
Corporate Hold-overs
Real Time Legacy
IaaS/PaaS SaaS
Covered in this session
Managing the new enterprise
Securing the new enterprise
Renovation for Innovation (Social, Mobile, Cloud, Big Data, etc.)
Covered in other Sapphire/ASUG sessions
Maturation of Cloud for on-premise SAP
LVM Landscape Virtualization Manager
Areas of Concern
LVM Landscape Virtualization Manager
Other third-party products
Maturation of HANA
With Business Suite
For virtualization / cloud
Beyond our scope
Reliability of Cloud and APIs
Shift from CapEx to OpEx (cash flow)
Managing the New Enterprise
Cloud Security Reference Model
Security in the New Enterprise (1 of 3)
Cloud Governance
Cloud-specific security governance
including directory synchronization
and geo locational support
Security Governance, Risk Management
& Compliance
Security governance including maintaining
Discover, Categorize, Protect
Data & Information Assets
Strong focus on protection of data at rest or in
transit
Information Systems Acquisition, Development,
and Maintenance
Management of application and virtual Machine
You need to develop or adapt your Foundational Security Controls
Security governance including maintaining
security policy and audit and compliance
measures
Problem & Information
Security Incident Management
Managing and responding to expected
and unexpected events
Identity and Access Management
Strong focus on authentication of
users and management of identity
Management of application and virtual Machine
deployment
Secure Infrastructure Against Threats and
Vulnerabilities
Management of vulnerabilities and their
associated mitigations with strong focus on
network and endpoint protection
Physical and Personnel Security
Protection for physical assets and locations
including networks and data centers, as well as
employee security
Design Deploy Consume
Establish a cloud
strategy and
implementation plan
to get there.
Build cloud services, in
the enterprise and/or
as a cloud services
provider.
Manage and optimize
consumption of cloud
services.
Security Aligns with Each Phase of a Cloud Project
Security in the New Enterprise (2 of 3)
Example
security
capabilities
Cloud security
roadmap
Secure development
Network threat
protection
Server security
Database security
Application security
Virtualization
security
Endpoint protection
Configuration and
patch management
Identity and access
management
Secure cloud
communications
Managed security
services
Secure by Design
Focus on building
security into the
fabric of the cloud.
Workload Driven
Secure cloud
resources with
innovative features
and products.
Service Enabled
Govern the cloud
through ongoing
security operations
and workflow.
Cloud
Security
Approach
Virtual infrastructure
Hypervisor-based isolation with customer configurable firewall rules
Firewall and IPS/IDS between guest virtual machines (VMs)
and Internet
Optional virtual private network (VPN) and virtual local area network (VLAN)
isolation of account instances
Connections are encrypted and are isolated from VMs by design (SSH keys)
Customer has root access to guest virtual machines, allowing further
hardening of VMs
Your servers, PCs, and
mobile
Cloud Services
Your
firewall
Security should be built into the cloud offering
Security in the New Enterprise (3 of 3)
hardening of VMs
Shared images patched and scanned regularly
Management infrastructure
Access to the infrastructure is only enabled using Web identity through the
user interface portal or APIs
Complies with strong corporate security policies
Controlled and audited administrative actions and operations
Delivery centers
Customer data and VMs are kept in the data center where provisioned
Physical security identical to hosted clients
Strong security and
authentication model
Provider firewall
Optional VPN gateway
Guest VMs and
data
Tier 3 or 4
delivery centers
Private and
Shared
VLANs
Cloud Services
Management
infrastructure
Renovation for Innovation
Social
Mobile
Connected
Big Data
Cloud
I
n
n
o
v
a
t
e
NEW New
NEW
Without simplification:
Budgets disappear
Innovation/transformation
becomes more expensive and
time consuming
Adapted From: PACE Layering, Gartner, 2010
Systems of Record
Systems of Differentiation
Systems of Innovation
S
i
m
p
l
i
f
y
I
n
n
o
v
a
t
e
S
u
p
p
o
r
t
S
u
p
p
o
r
t
S
u
p
p
o
r
t
Year 1 Year 2 Year 3
NEW
NEW
New
Support
New
Support
Plan for cloud inside and outside of your data center
Look to leverage of cloud services for on-premise and
SaaS capabilities
Develop management capabilities for the new
enterprise
Adapt your security for the new cloud world
BEST PRACTICES
Adapt your security for the new cloud world
Renovate and reduce your legacy including SAP to allow
for innovation
KEY LEARNINGS
Change is not new in SAP, but seems to be accelerating
SAP and all applications are becoming cloudified
HANA is evolving, spreading, and virtualizing
On-premise SAP can run on a cloud, but is not cloud
native
SaaS is fact for almost all businesses, accept and
manage it
Your Security needs to be formulated for the new
enterprise
Look to renovate to lower maintenance costs and allow
budge for all this new innovation
THANK YOU FOR PARTICIPATING
Please provide feedback on this session by
completing a short survey via the event mobile
application. application.
SESSION CODE: 2309
For ongoing education on this area of focus,
visit www.ASUG.com