SAP S/4HANA Private Cloud Edition

Customer Checklist for AWS v1.8

INTERNAL - This document is classified as INTERNAL. It may be made available to SAP S/4HANA private cloud edition
customers subject to the confidentiality terms under the agreement which customer purchased SAP S/4HANA private
cloud edition services (or under a valid non-disclosure agreement if no such contract exists yet with the receiving party).
This document and the information contained wherein is not intended for general public disclosure and should not be
shared, disseminated, or republished. The receiving party shall handle this document and the information it contains as
SAP confidential information.

The processes and details as described in this document are only valid for SAP S/4HANA private cloud edition services
operated by SAP as the delivery organization. These processes and details may be different if the services are delivered
by an SAP Partner / supplier.

Version: 1.8 Confidentiality: Internal | External Parties Under NDA Page 1

Table of Contents
1. Overview--------------------------------------------------------------------------------------------------------------------------------- 4
2. Customer Input------------------------------------------------------------------------------------------------------------------------- 5
3. Installation Number-------------------------------------------------------------------------------------------------------------------- 6
4. S-User for PCE Technical Team------------------------------------------------------------------------------------------------------ 6
5. SAP SIDs, Clients, Time Zone and Planned Downtime-------------------------------------------------------------------------7
5.1 SAP SIDs..........................................................................................................................................8
5.2 ABAP Clients...................................................................................................................................9
5.3 Languages.....................................................................................................................................10
5.4 Time Zone.....................................................................................................................................10
5.5 Planned Downtime Window.........................................................................................................10
5.6 Financial Relevance......................................................................................................................11
6. Best Practices Activation------------------------------------------------------------------------------------------------------------ 12
7. Internet Protocol (IP) Range-------------------------------------------------------------------------------------------------------- 14
8. AWS Network Connectivity Options---------------------------------------------------------------------------------------------- 15
8.1 Overview......................................................................................................................................15
8.2 AWS VPN......................................................................................................................................15
8.3 AWS Direct Connect.....................................................................................................................15
8.4 AWS VPC Peering..........................................................................................................................16
9. DNS configuration-------------------------------------------------------------------------------------------------------------------- 17
10.Customer Contacts------------------------------------------------------------------------------------------------------------------- 18

Version: 1.8 Confidentiality: Internal | External Parties Under NDA Page 2

1. Overview
The SAP S/4HANA private cloud edition (PCE) Support team requires information from you before we can begin the
installation of your systems. Please review the information below carefully. Any changes to the information after the
build process has begun can cause delays in the process.

The first section of this document contains the form which must be completed by you and returned to your Cloud
Architect in order to begin the build process of your systems. In the event you need further clarification or guidance on
any of the data being collected, please refer to the referenced section number for a more detailed description and
guidance.

Please note, SAP S/4HANA private cloud edition will be delivered on SAP HANA Enterprise Cloud (HEC) infrastructure.
Some documents in this checklist refer to “HANA Enterprise Cloud” or “HEC”, however these documents are also valid
for your S/4HANA private cloud edition installation.

Version: 1.8 Confidentiality: Internal | External Parties Under NDA Page 3

2. Customer Input
Reference
Deliverable Customer Input
Chapter
3 Installation number 0021254698
S-user for PCE
Customer: 0002690052
4 S0024121008
Login:
Password: Send to your Cloud Architect under separate email
5 SAP SIDs, clients, planned downtime Please fill in the table below.
SAP SID/ Planned Downtime Financially
SAP Solution Tier Clients*
SID for HANA System DB Window Relevant
S/4HANA DEV DS4/HD4 100 <e.g. First Tuesday (Y/N)
110 each month 06:00 –
050** 10:00 CET>
QAS QS4/HQ4 100 (Y/N)
PRD PS4/HP4 100 (Y/N)
Webdispatcher DEV WS1 n/a (Y/N)
PRD WS3/WS4 n/a (Y/N)
Cloud Connector DEV DCL n/a (Y/N)
PRD PCL n/a (Y/N)
5.3 Languages Click or tap here to enter text.
6 Best Practices Activation? Choose an item
Primary Data Center IP Range
/22 for primary network Click or tap here to enter text.
7
DR Data Center IP Range (if DR included)
/22 for primary network Click or tap here to enter text.
AWS VPN Questionnaire Please email to your Cloud Architect along with this
8
completed form.
DNS Configuration *.sap.[customer].[*]
9 IP for primary DNS Server on premise X.X.X.X
IP for secondary DNS Server on premise Y.Y.Y.Y
Main project coordinator (Project lead) Customer contact (e-mail, t: +)
SAP BASIS contact Customer contact (e-mail, t: +)
Network expert Customer contact (e-mail, t: +)
10
DNS Expert Customer contact (e-mail, t: +)
Migration expert Customer contact (e-mail, t: +)
Partner/SI contact Contact (e-mail, t: +)

*SAP clients will be delivered per default and can’t be changed prior system deployment
** only applicable if Best Practice Activation is in scope

Version: 1.8 Confidentiality: Internal | External Parties Under NDA Page 4

3. Installation Number
Your SAP S/4HANA private cloud edition landscape will have a single installation number to identify these systems
separately from any On Premise solutions that you may still be utilizing. This installation number will be created under
the same customer number as your SAP PCE contract. Please identify if you require any changes to this policy.

Note: Only for GxP compliant PCE contracts. It’s important to involve GxP certified Cloud Architect and Advisory
specialist early enough to cover GxP relevant aspects, which might lead to a segregation of the Installation numbers, due
to the GxP/internal compliance and governance reasons and other points, which could affect delivery delays.

Back to Top

4. S-User for PCE Technical Team

When you license your SAP Solution, SAP sends the software recipient on file an Administrative user for the SAP Service
Marketplace. This is referred to as a “Super Administrator”. Your company uses this account to create additional S-user
IDs for the employees within your company that will be able to access the SAP Service Marketplace (SMP).

To create and operate your SAP S/4HANA private cloud edition systems, SAP requires an S-user that is assigned to your
software license/subscription for technical team. The SAP Team will be responsible for requesting license keys for new
systems, system data maintenance, entering Service and Incident requests as needed, and opening the Support
Connection (with prior approval) for application related support. Please refer to this link, if you want to learn more
about the authorizations concept.

Your company's Super Administrators can manage your S-users and S-user authorizations themselves. Note that for
security reasons, SAP is not allowed to create SAP Service Marketplace S-users for customers or assign authorizations to
such S-users besides the initial user.

Note: If your Super Administrator is not known, left the company or should be reassigned to another person, please
refer to the SAP Note 2596214 to get an information on how to solve this issue.

To create new S-users, the Super Administrator chooses the following path in the SAP Support Portal: Launchpad → User
Management → Request Users. Please fill in the information in the pop-up window and complete the form with
“Submit” button. Please assign the first name “SAP” and last name “Service” to this new S-user. When assigning
additional contact data such as phone number and/or e-mail address please DO NOT assign contact data of an SAP
employee. A customer email address is to be used for the initial activation of the Service S-User, recommendation is to
use a shared email account. The creation of the user can take up to 24 hours. Once the user has been created, the
administrator assigns the authorizations.

Note: When the PCE Service is initiated, a unique Installation Number for PCE is generated. This number may not be
available when you are creating the S-user for PCE. Therefore, create the S-user and assign the Authorizations at the
Customer level. Your PCE Engagement Lead (EL) will notify you when the Installation Number has been generated,
afterwards you can reassign the Authorizations based on your company’s policy.

Version: 1.8 Confidentiality: Internal | External Parties Under NDA Page 5

The SAP support team will require the following authorizations:

Incidents Remote Support System Data

 Report an incident
 Close incidents
 Send incidents to SAP
 Display all incidents
 Display incidents
SSCR Keys
 Register Object Keys
 Register Object and Developer
Keys
Cloud
 Display Cloud Data
 Edit my Login Data  Display System Data
 Open Remote Connections  Edit System Data
License Keys Reserve Namespace
 Request License Key  Reserve Namespaces
Software Download Service Requests
 Software Download  Display Service Request
 Create Service Request
 Create Billable Service Request
(optional)*

Please set the authorizations “Display all incidents”, “Edit my Login Data”, “Software Download” for this S-User on a
Global authorization level, so SAP delivery and operating colleagues can use it. Please set all remaining authorizations
for this S-User on a Customer authorization level (or Installation if Installation Number is already available).

For a guidance of how to set authorizations to a S-User please check SAP Note 1511008.

*NOTE: If you want the PCE Technical S-User to process billable service requests on your behalf, please also assign this
authorization. You can add this right anytime if you see a requirement for this during the term of your contract.

Back to Top

5. SAP SIDs, Clients, Time Zone and Planned Downtime

To be able to deploy and operate the appropriate infrastructure components and SAP systems for your SAP PCE
landscape, we would like to ask you for the following information about Planned downtime window and Financial
relevance. For SAP SIDs and SAP clients delivered you will find an appropriate information.

Please find a detailed description regarding each of the items and deliver the requested information.

Version: 1.8 Confidentiality: Internal | External Parties Under NDA Page 6

5.1 SAP SIDs
Each system in your PCE landscape will have a System Identifier (SID). The table below shows the default SID’s for the
currently supported solutions in PCE and does not necessarily represent the list of solutions in your landscape.  SAP will
provision only those systems specified in your order form using the default SID’s from this table.

PCE Template Product DEV DEV QAS QAS PRD App PRD
App DB SID App DB SID SID DB SID
SID SID
Additional Tenant S/4HANA SSx (1- HSx (1- n/a n/a n/a n/a
9) 9)
Additional Tenant Web Wxx n/a n/a n/a n/a n/a
Dispatcher (01-99)
Analytics BOBJ DBD n/a n/a n/a PBO n/a
Analytics Lumira DLU n/a n/a n/a PLU n/a
BW/4HANA BW/4HANA DBW HDB n/a n/a PBW HPB
BW/4HANA Web WB1 n/a n/a n/a WB2 / WB3 n/a
Dispatcher
CAR CAR DCA HDC QCA HQC PCA HPC
Cloud Connector Cloud DCL n/a n/a n/a PCL n/a
Connector
Convergent Charging Convergent DCC HCD QCC HCQ PCC HCP
Charging
DS-Agent CPI-DS Agent DSD n/a n/a n/a PDS / PDD n/a
EIM DP Agent EIM DP Agent DDP n/a n/a n/a PDP n/a
EWM EWM DEW HDW QEW HQW PEW HPW
EWM Web WW1 n/a WW2 n/a WW3 / n/a
Dispatcher WW4
Fiori Hub Fiori DFH n/a QFH n/a PFH n/a
Fiori Hub Web FW1 n/a FW2 n/a FW3 / FW4 n/a
Dispatcher
GTS GTS DGT HDG QGT HQG PGT HPG
Optimizer for S/4HANA Optimizer DOS n/a n/a n/a POS n/a
Embedded TM
PO PO DOP n/a QOP n/a POP n/a
S/4HANA S/4HANA DS4 HD4 QS4 HQ4 PS4 HP4
S/4HANA Web WS1 n/a n/a n/a WS3 / WS4 n/a
Dispatcher
SAC Agent SAC Agent DSA n/a n/a n/a PSA n/a
SLT SLT DSL n/a QSL n/a PSL n/a
Solution Manager Solman ABAP NSD HDS n/a n/a n/a n/a
Documentation
Solution Manager Solman JAVA DSJ n/a n/a n/a n/a n/a
Documentation
Solution Manager Full Solman ABAP DFS HFD n/a n/a PFS HFP
Solution Manager Full Solman JAVA DFJ n/a n/a n/a PFJ n/a
Transportation TM DPM HDP n/a n/a PTM HPP
Management
Transportation Web n/a n/a n/a n/a n/a n/a
Management Dispatcher
Transportation Optimizer DOE n/a n/a n/a POE n/a
Management

Version: 1.8 Confidentiality: Internal | External Parties Under NDA Page 7

 Trade Management BW/4HANA DBW HDB QBW HQB PBW HPB
Trade Management CRM CRD HDT CRQ HQT CRP HPT
Trade Management Web WDT n/a n/a n/a WDP/WDQ n/a
Dispatcher
Trade Management CAR DCA HDC QCA HQC PCA HPC
BusinessObjects Data Data Services DDS n/a QDS n/a PDS n/a
Services
BusinessObjects Data Information DIS n/a QIS n/a PIS n/a
Services Steward
Manufacturing Integration MII MID HMD MIQ HMQ MIP HMP
& Intelligence (MII)
Content Server Content Server DCS n/a QCS n/a PCS n/a
Convergent Mediation Convergent DCM HDD QCM HDQ PCM HDP
Mediation

NOTE - Any change of SAP SIDs after provisioning will incur additional cost and downtime.

Back to Top

5.2 ABAP Clients

The default client structure will be as follows:

DEV – 3 Clients QAS – 1 Client PROD – 1 Client

100 – Development Client (BW Client) 100 – QA Client (BW Client) 100 – PROD Client (BW Client)
110 – Test & Validation Client
050 - Created from 000 for BP
activation *

NOTE:
 Production system will be the transport domain controller.
 BW to be embedded in the production client as this is required for embedded analytics. Fiori will be activated on
production client (100).
 Additional clients can be requested after system provisioning by raising a Service Request.

Back to Top

* only applicable if Best Practices Activation is in scope

Version: 1.8 Confidentiality: Internal | External Parties Under NDA Page 8

5.3 Languages
The standard PCE installation includes up to eleven (11) language. English and German are installed by default. Please
select up to nine (9) additional languages from the following list of choices:

 DE – German
 EN - English
 FR - French
 ES – Spanish
 IT - Italian
 PT - Portuguese
 RU – Russian
 ZH – Chinese (simplified)
 KR – Korean
 JP – Japanese
 AR – Arabic

Additional languages can be deployed after system setup by raising a service request.

Note! If you have chosen “Option 2 - USE BP activation during initial build” for Best Practice activation, you can add
additional system languages in the list above, so that they all will be installed during initial system provisioning.

Languages deployed after BestPractices activation will NOT be automatically available for already activated
BestPractices. It is highly recommended to define the languages prior BestPractices activation

5.4 Time Zone

Your PCE systems will be deployed with Time Zone setting UTC (Coordinated Universal Time). If you want to have this
setting changed, you can raise a service request after system deployment.

5.5 Planned Downtime Window

SAP technical team performs scheduled maintenance activities for different infrastructure, services, application and
proactive tasks. Please define 4 hours blocks per each SID with the reference to the local time, that SAP service and
operations teams can utilize it for the maintenance purpose with a downtime, whether it’s relevant.

For NON-PRODUCTIVE instances the provided downtime window must be specified as a one concrete day from Monday
to Friday in the month, e.g.: first Monday of a month, Third Friday each month, but once per month and not for the
weekends for DEV/QAS/TST/SBX Computing Environments.

For PRODUCTIVE instances the provided downtime window must be specified as a one concrete day on the weekends in
the month, e.g.: first Saturday of each month, third Sunday of each month etc., but once per month and only for
weekends for PROD Computing Environment.

Please fill in the information per SID to the matrix below or in case you want to have the same timeframe for all NON-
PROD instances and for all PROD the same as well, please describe it generally.

Version: 1.8 Confidentiality: Internal | External Parties Under NDA Page 9

Example:
 Planned downtime for all NON-PROD instances - First Tuesday each month 06:00 – 10:00 CET
 Planned downtime for all PROD instances - Second Saturday each month 00:00 – 04:00 CET

5.6 Financial Relevance

Identify whether the system contains Financial Relevant information. This is required for auditing purposes. All
Production systems that process or contain customer financial information must be identified and will be included in the
SOC1 audit of controls once the system is considered Business Live.

Service Organization Controls (SOC1) are a series of accounting standards that measure the control of financial
information for a service organization. They are covered under both the SSAE 16 and the ISAE 3402 professional
standards.

Back to Top

Version: 1.8 Confidentiality: Internal | External Parties Under NDA Page 10

6. Best Practices Activation
For every greenfield private cloud edition contract, the customer is eligible to leverage SAP Best Practices for S/4HANA
content. In PCE the customer has the following options described below to use S/4HANA Best Practices and the option
must be chosen and signed off by the customer 1 before the build process starts if they want to activate Best Practices.

The options to employ S/4HANA Best Practices are the following:

1. Option 1 – Decision is whether NOT CLEAR YET to use Best Practice Activation or NOT TO USE Best Practice
activation at all
That means that the customer does not include BP activation steps into initial system build process and a
standard system build will be foreseen. Empty freshly installed systems will be handed over to the customer.
If customer decides not to use BP content in their implementation project at all, no further steps required.
If the customer decides to activate Best Practices later 3, the customer needs to take into account that:
a. All required additional languages are installed in the systems 2 (if not, raise a Service Request via the
Service Request catalog)
b. BP questionnaire is filled in and raised as a Service Request via the Service Request catalog
c. The impact of these actions is that additional language installation and BP activation activities will lead
to deletion and recreation of working clients in the different tiers (e.g. DEV, QAS, PRD) in order to
enable proper translations of BF activated and of BP content imported and to adhere to the
requirements of S/4HANA BP Admin Guide. Clients deletion may result in any
configurations/developments done so far in the business clients being lost and need to be recreated.

2. Option 2 – Decision is CLEAR TO USE Best Practice activation during initial system build
That means that the customer has decided to include BP tech preparation steps into initial system provisioning
(like additional language installation, business functions activation, client creations) as it’s prescribed in
S/4HANA BP Admin Guide. Thus, the customer must:
a. chose properly all additional languages2 to be used (see section 5.3 Languages)
b. fill in the Best Practices questionnaire prior to the start of the build process (attached below)

S/4HANA Best Practices questionnaire:

The following questionnaire must be filled in and signed off by customer if BP activation is requested. The document has
the following tabs:

1. "Business function Requirements" tab – obligatory to filling in

2. “Client configuration” tab – obligatory to filling in
3. “BP Scope items” tab – this sheet can be left unfilled, if customer plans to import BP packages by themselves/ by
implementation partner instead of SAP Delivery.

Version: 1.8 Confidentiality: Internal | External Parties Under NDA Page 11

1
It's very important to understand the decision to be taken from customer-side, as it’s one of the most important strategic choices to be made
during each implementation project for a customer together with their consulting party who will implement the project. Some customers will
benefit from Best Practice activation while others will not, depending on the scope of the project.

2
If Best Practice Activation is required, then it’s a prerequisite for SAP to activate the respective Business Functions related to it during the system
build of the landscape.  At its turn, the prerequisite for activating Business Functions, is that all language packs have been installed upfront. Please
note that the decision on the required languages for the entire implementation project is also very important: while you can still add language
packs after Business Function activation, the Business Functions and Best Practices related to those Business Functions will not receive the language
translations for these languages. That’s the reason why language packs must be installed upfront for all languages the implementation project will
need to include. (for more prerequisites of BP activation see S/4HANA BP Admin Guide)

3
In many cases the decision about BP activation cannot be taken during contract signature, or the consulting party has not been selected yet,
hence the decision cannot be based on input by the consulting party. In this case, SAP recommends to not fill in the BP questionnaire for Best
Practice activation yet, select “Option 2” and let the system build go through as a standard build. The freshly installed systems will be handed over
to the customer.

Back to Top

Version: 1.8 Confidentiality: Internal | External Parties Under NDA Page 12

7. Internet Protocol (IP) Range
The PCE Delivery team will set up your environment using an IP range that defines a specific IP subnet that exists within
your network and is currently not in use. When you connect to SAP S/4HANA private cloud edition environment, your
systems will be visible to you as an extension of your existing network.

Please provide a network segment with a /22 network mask. For backup purposes an additional /27 network segment is
required.

NOTE: The following IP ranges cannot be assigned to your PCE network and must NOT be used in customer’s remote
network environment to avoid potential routing issues.

Reserved IP ranges
147.204.0.0 /161
169.145.0.0 /162
100.64.0.0 /103
198.18.0.0 /154

IMPORTANT! The provided IP range:

 Must not be in use on premise or by any other connected partner.

 Must be blocked by the customer for HEC use immediately once noted down in the checklist.
 Cannot be changed after deployments started, unless SAP rebuilds all affected systems from scratch (results into
additional EMS effort).
 Needs to be a valid subnet, for example 10.0.2.0/23 is a valid subnet and 10.0.3.0/22 is not. In case subnetting
concepts are not well known please use any online subnet calculator (https://lmgtfy.app/?q=subnet+calculator)

Back to Top

1
Global SAP reserved IP range
2
Global SAP reserved IP range
3
Reserved for ISPs Carrier-Grade NAT (CGN) purposes. RFC6598
4
Allocated for network tests. RFC5735

Version: 1.8 Confidentiality: Internal | External Parties Under NDA Page 13

8. AWS Network Connectivity Options
The SAP system landscape for SAP S/4HANA private cloud edition can be supplied from various of Data Centers and in a
partnership with the certified providers each of which may have different requirements and options when it comes to
network connectivity. The following information is specific to the provider chosen for your specific deployment.

NOTE: To make sure that your network firewalls don’t block outbound traffic towards SAP systems, located in PCE,
please configure your network devices and security policies to allow connectivity on the ports relevant to your project.
This Link provides an information about SAP specific ports. By default, PCE doesn’t filter/restrict any inbound traffic for a
private connectivity from customer’s network.

8.1 Overview
The following section describes the connectivity options to the PCE VPC running at Amazon AWS. There are different
options how to establish a connection to your PCE@AWS environment. Please have a look on the attached document
and provide the necessary information, according to your PCE@AWS project.

NOTE: A process of configuring network integration requires to exchange certain information between SAP and a
customer.

Please follow the questionnaire for your preferred connectivity option, fill it in and share with your
EL.

This is very crucial to accomplish as soon as possible, to secure the timelines for network connectivity.

8.2 AWS VPN

There are multiple options for establishing VPN connectivity with AWS VPCs. Details can be gathered at official Amazon
documentation.

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpn-connections.html

To connect to PCE environment running at AWS cloud via VPN, Site-to-Site VPN is a supported option. Please follow the
link to get more details about this possibility.

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html

Hint: Amazon also provides configuration snippets for each of the well-known VPN devices. These snippets can be
provided to simplify the configuration on customer side. The list is available here:

Version: 1.8 Confidentiality: Internal | External Parties Under NDA Page 14

https://docs.aws.amazon.com/vpc/latest/adminguide/Introduction.html#CGRequirements

8.3 AWS Direct Connect

Access to the PCE VPC can also be established using Amazon AWS Direct Connect. Detailed information can be found
here.
http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

To use AWS Direct Connect in an AWS Direct Connect location, some options are possible and need to be decided.

 Is your network collocated with an existing AWS Direct Connect location?

SAP can then provide AWS LOAs for physical cross connects. All SAP will need is the location and port speed.
Connections to AWS Direct Connect require single mode fiber, 1000BASE-LX (1310nm) for 1 gigabit Ethernet, or
10GBASE-LR (1310nm) for 10 gigabit Ethernet. Auto Negotiation for the port must be disabled. Customer must
support 802.1Q VLANs across these connections.
 Are you working with an AWS Direct Connect partner who is a member of the AWS Partner Network (APN)?
SAP will provide the AWS account ID to be used at the chosen partner to establish the AWS Direct Connect link
 Are you working with an independent service provider to connect to AWS Direct Connect?
The independent service provider should approach SAP to align the required information

In addition, customer’s network must meet the following conditions:

 Customer network must support Border Gateway Protocol (BGP) and BGP MD5 authentication.
 Optionally Bidirectional Forwarding Detection (BFD) can be configured. Asynchronous BFD is automatically
enabled for AWS Direct Connect virtual interfaces however, will not take effect until configured on customer’s
router.

8.4 AWS VPC Peering

Connectivity between AWS VPCs within Amazon network. The connectivity can be established between customer’s VPC
and PCE VPC. The customer should take care of setting up a network connectivity from on-premise-networks to PCE VPC,
because transitive routing is not possible in AWS.

Details can be found on this page.

http://docs.aws.amazon.com/AmazonVPC/latest/PeeringGuide/Welcome.html

The AWS account ID that will be connected needs to be provided and after accepting the peering the VPC routing table
must be updated for this option.

Back to Top

Version: 1.8 Confidentiality: Internal | External Parties Under NDA Page 15

9. DNS configuration
The DNS service a key service in every IT landscape. It resolves Hostnames to IP addresses and vice versa. Using DNS in a
PCE customer landscape allows implementing basics for the solutions like Disaster Recovery, SSO, using certificates and
so on. Each customer`s landscape contains 2 DNS servers at PCE Data Center. If a customer ordered Disaster Recovery
solution (optional), SAP will deploy two DNS servers also at the Disaster Recovery Site. The DNS configuration requires
efforts on the both side (customer and SAP Support team).

The following documents provides an overview of the supported DNS options and DNS integrations scenarios for the SAP
S/4HANA private cloud edition

Key DNS principals:

 All servers/services in the PCE customer landscape have specific hostnames within customer’s DNS subdomain
(*.sap.customer.*), provided by the customer. It is mandatory the DNS zone for PCE is “non-overlapping” with
the ones from the customer on premise network. We ask for DNS subdomain.
 Inbound Communication (from on-premise Network to PCE)
o DNS Zone Transferring is the only supported scenario , to exchange DNS data between customer’s
internal DNS servers and PCE DNS servers.
 Outbound Communication (from PCE to on-premise Network)
o DNS Zone Forwarding is the PCE scenario.
o Customer’s internal DNS server. Customer is responsible for these servers and for administrating
customer domain (*.[customer].[*]) except the PCE Customer subdomain.
o PCE Customer DNS. SAP is responsible for the PCE DNS subdomain (*.sap.[customer].[*]) along as
managing PCE DNS servers.

NOTE: SAP PCE Support will configure outbound connectivity to the default customer domain if you provide the IP
addresses of your DNS servers as mentioned above. Also, if you have other on-premise domains you are already aware
of, that require outbound access from PCE. This can save time as we can configure these during the Onboarding process

NOTE: Customer must open port 53 for bi-directional communication on customer owned firewall for VPN/MPLS
connectivity between customer network and PCE.

Back to Top

Version: 1.8 Confidentiality: Internal | External Parties Under NDA Page 16

10. Customer Contacts
Please provide contact information of the respective experts to have a direct connection between SAP and customer’s
colleagues.

Back to Top

Version: 1.8 Confidentiality: Internal | External Parties Under NDA Page 17

 www.sap.com/contactsap

© 2020 SAP SE or an SAP affiliate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company.

The information contained herein may be changed without prior notice. Some software products marketed by SAP SE and its distributors contain proprietary software components of
other software vendors. National product specifications may vary.

These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP or its affiliated companies
shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP or SAP affiliate company products and services are those that are set forth in the
express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.

In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any
functionality mentioned therein. This document, or any related presentation, and SAP SE’s or its affiliated companies’ strategy and possible future developments, products, and/or
platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason without notice. The information in
this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and
uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, and they
should not be relied upon in making purchasing decisions.

SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany
and other countries. All other product and service names mentioned are the trademarks of their respective companies. See www.sap.com/copyright for additional trademark
information and notices.

Version: 1.8 Confidentiality: Internal | External Parties Under NDA Page 18