Week 4: Advanced Concepts of SAP BTP and AWS

Unit 2: Secure Connectivity Between SAP BTP

and AWS
Secure connectivity between SAP BTP and AWS
Agenda

What we will cover in this unit

▪ Motivation and introduction to SAP Private Link service
▪ Potential scenarios
▪ Supported AWS services
▪ Use cases:
– Business process extensibility by establishing secure connectivity
with SAP S/4HANA
– Business process extensibility by establishing secure connectivity
with AWS Services
▪ Demo

© 2023 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 2

Secure connectivity between SAP BTP and AWS
Motivation

Data breaches are COSTLY Complexity

▪ Complex setup with gateways, NAT
devices, ExpressRoute or VPN
connections, or public IP addresses
▪ Complex access controls with
multilayers of permissions or roles
Global average total cost of a data breach

Average data breach cost in organization Current connectivity
with public clouds
solutions are
UNSATISFACTORY
“Cost of data breach 2022” by IBM
© 2023 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC
Performance issues
▪ Increased latency
▪ Instability during high loads
Data exposure in public internet
Have to set up public peering or use
public Internet when migrating to cloud
or connecting SAP BTP and
hyperscaler accounts
3
Secure connectivity between SAP BTP and AWS
What is SAP Private Link service?

Amazon Web Services

Customer SAP BTP account Customer AWS account
SAP Private Link service

Application Private Endpoint Service

Access services privately Transfer data privately

▪ Enable access to private service endpoints and avoid ▪ Transfer data over private networks and avoid data
public endpoints exposure to the public Internet
▪ Guarantee privacy for private service endpoints, i.e.
access only works within the customer space where
private endpoints are created

© 2023 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 4

Secure connectivity between SAP BTP and AWS
Benefits

Unified experience
Simplified network
across PaaS & your
architecture
owned services

Protection against Improved

data leakage performance

© 2023 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 5

 Secure connectivity between SAP BTP and AWS
SAP Private Link service: potential scenarios on AWS

Scenario 1: Consume service from customer AWS account on SAP BTP Scenario 2: Consume SAP BTP service in customer
Scenario 1.1: Consume AWS native service on SAP BTP AWS account

Customer Customer
BTP BTP
Application, e.g.
Private IP Private IP ▪ SAP
Private Link
AWS service, e.g.:
▪ DynamoDB ▪ AWS native
▪… ▪ Other 3rd party

Private Link
Application Application ▪ Custom
Runtime PrivateLink Runtime PrivateLink
Scenario 1.3: Consume 3rd party service on SAP BTP
…
Customer
BTP
SAP HANA
Private IP

Private Link
Cloud
Scenario 1.2: Consume SAP S/4HANA service on SAP BTP 3rdparty/custom
service …
Customer/SAP HEC Application
BTP
Runtime PrivateLink
Private IP …
Private Link

Scenario 3: Consume SAP BTP service in SAP BTP

Application SAP S/4HANA
Runtime PrivateLink … Scenario 1.4: Consume SAP S/4HANA service via Cloud BTP BTP
… Connector via SAP Connectivity service on SAP BTP
Private IP

Private Link
Customer/SAP HEC
BTP SAP HANA
Application
Private IP PrivateLink
Cloud

Private Link
Runtime
…
…
Application SAP S/4HANA
Runtime PrivateLink Cloud …
Connector
… SAP Connectivity
service
…

© 2023 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 6

Secure connectivity between SAP BTP and AWS
Business process extensibility by establishing secure connectivity with SAP S/4HANA

© 2023 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 7

Secure connectivity between SAP BTP and AWS
Business process extensibility by establishing secure connectivity with AWS Services

© 2023 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 8

Secure connectivity between SAP BTP and AWS
Demo

© 2023 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 9

Secure connectivity between SAP BTP and AWS
Further Reading

EXPLORE
Roadmap | AWS PrivateLink

GET STARTED
SAP Discovery Center | Tutorial

LEARN
Blogs | SAP Help

© 2023 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 10

Secure connectivity between SAP BTP and AWS
What you’ve learned in this unit

▪ Overview of secure connectivity between AWS and

SAP BTP
▪ Possible scenarios for AWS
▪ Supported AWS services

© 2023 SAP SE or an SAP affiliate company. All rights reserved. ǀ PUBLIC 11

Thank you.
Contact information:

open@sap.com
Follow all of SAP

www.sap.com/contactsap

© 2023 SAP SE or an SAP affiliate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of
SAP SE or an SAP affiliate company.
The information contained herein may be changed without prior notice. Some software products marketed by SAP SE and its
distributors contain proprietary software components of other software vendors. National product specifications may vary.
These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or
warranty of any kind, and SAP or its affiliated companies shall not be liable for errors or omissions with respect to the materials.
The only warranties for SAP or SAP affiliate company products and services are those that are set forth in the express warranty
statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional
warranty.
In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or
any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation,
and SAP SE’s or its affiliated companies’ strategy and possible future developments, products, and/or platforms, directions, and
functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason
without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or
functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ
materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, and they
should not be relied upon in making purchasing decisions.
SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered
trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product and service names
mentioned are the trademarks of their respective companies.
See www.sap.com/trademark for additional trademark information and notices.