Extensions - General SAP Guides
PerformanceData lakeApplication integrationDocument managementDevelopment and extensionUser front-end
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Extensions

You can extend RISE with SAP by using Amazon services to improve performance, security, agility, and reduce costs. The following table provides recommended Amazon services based on use case.

Category Use case Amazon services
Performance SAP Fiori launchpad and global access Amazon CloudFront
Data lake Analytics Amazon AppFlow, Amazon Glue, and Amazon QuickSight
Application integration Integration Amazon Lambda and Amazon API Gateway
Document management Archiving Amazon S3 Glacier, Amazon S3 File Gateway, and SAP BTP - Document Management Service
Development and extension Development Amazon SDK for SAP ABAP
User front-end Front-end Amazon WorkSpaces and Amazon AppStream 2.0

Performance

Deploy Amazon CloudFront in your VPC to increase performance and reduce latency of SAP Fiori launchpad in RISE with SAP. CloudFront create a cache for the static content and accelerates dynamic content through edge computing. For more information, see Improving SAP Fiori Performance with Amazon CloudFront and Amazon Global Accelerator.

Optimize performance for SAP Fiori

You can create a CloudFront distribution in your Amazon Web Services account, and connect it via Transit Gateway to the SAP systems. In addition, you can attach Amazon WAF to strengthen the security at edge. The following image shows this scenario.

Request routing with Amazon CloudFront

User flow

  1. User accesses SAP Fiori launchpad via Internet browser or mobile device.

  2. The request is routed through Amazon CloudFront.

  3. The request is filtered by Amazon WAF to prevent passage of malicious traffic, before it is processed by Amazon CloudFront.

  4. SAP Fiori launchpad is served from RISE with SAP VPC and presented to the user via Amazon Transit Gateway.

Optimize performance with accelerated VPN connections

To improve user experience in the application, you can use Accelerated Site-to-Site VPN connections . Traffic is routed from your on-premises network to an Amazon edge location that is closest to your gateway device. Amazon Global Accelerator optimizes the network path, using the Amazon global network to route traffic to the endpoint that provides the best application performance.

Data lake

Deploy Amazon AppFlow to extract data out of SAP S/4HANA via OData protocol which can also be based ODP framework. The extraction result is stored in Amazon S3 data lake. This data can be further processed with Amazon Glue, Amazon Redshift, and Amazon Athena. Users can consume this data with Amazon QuickSight. The following image shows this scenario.

Data flow with Amazon AppFlow

Data flow

  1. RISE with SAP VPC is connected to your Amazon Web Services account not managed by SAP, via Amazon Transit Gateway and Network Load Balancer.

  2. Amazon AppFlow extracts data out of SAP S/4HANA via OData protocol.

  3. Raw data is stored in an Amazon S3 bucket.

  4. Amazon Glue performs transformation and cleansing of data.

  5. Transformed results are stored in another Amazon S3 bucket.

  6. Amazon Redshift is used to further process the data through its data warehousing capability.

  7. Amazon Athena is used to query the transformed data in Amazon S3.

  8. User accesses data through Amazon QuickSight.

For more information, see Guidance for DataLake with SAP and non-SAP data on Amazon.

Application integration

Deploy Amazon API Gateway to extract data out of SAP S/4HANA via HTTP API. API Gateway can consume data from IDOC, BAPI, and RFC. These need to be translated to a web service call. For more information, see Amazon blogs. The following image shows this scenario.

Data flow with Amazon API Gateway

Data flow

  1. RISE with SAP VPC is connected to your Amazon Web Services account not managed by SAP, via Amazon Transit Gateway.

  2. Amazon API Gateway is configured to route the authentication to Amazon Lambda and Amazon Cognito

  3. Amazon Cognito authenticates the session.

  4. Once authenticated, Amazon API Gateway routes the package to Amazon Lambda.

  5. Amazon Lambda stores the data in an Amazon S3 bucket.

Document management

Deploy an SAP Content Server that is integrated with Amazon S3, to archive SAP documents and data. The following image shows this scenario with Amazon services.

Data flow to archive SAP documents and data

Data flow

  1. RISE with SAP VPC is connected to your Amazon Web Services account not managed by SAP, via Amazon Transit Gateway.

  2. SAP Content Server is installed in SAP S/4HANA as target storage for document and data archiving.

  3. Amazon FSx File Gateway enables Amazon S3 to be mounted as NFS on SAP Content Server.

  4. Amazon S3 bucket stores the required archive files.

  5. You can move files to different Amazon S3 storage classes. For more information, see Using Amazon S3 storage classes.

You can also deploy SAP BTP - Document Management Service on Amazon to archive documents and data. The following image depicts this scenario:

Data flow to archive SAP documents and data

Data flow

  1. RISE with SAP VPC is connected to your BTP through Cloud Connector.

  2. The cloud connector reaches the BTP public endpoint on Amazon.

  3. SAP BTP Document management stores the required archive files from RISE with SAP.

Development and extension

Deploy Amazon SDK for SAP ABAP on RISE with SAP VPC to avail Amazon services using the ABAP language. For more information, see What is Amazon SDK for SAP ABAP?

You can authenticate Amazon SDK for SAP ABAP with IAM access key. The following image shows this scenario.

Data flow Amazon SDK for SAP ABAP

Data flow

  1. Amazon SDK for SAP ABAP is installed via a set of transports in SAP S/4HANA within RISE with SAP VPC.

  2. SAP S/4HANA is configured with IAM access key for authenticating access to Amazon services. For more information, see Managing access keys for IAM users.

  3. Access to Amazon services with Amazon SDK for SAP ABAP has been established.

User front-end

Deploy Amazon WorkSpaces and/or Amazon AppStream 2.0 to enhance user experience. With these Amazon services, you can improve user experience by tackling the high network latency for SAPGUI and browsers to access SAP S/4HANA within RISE with SAP VPC.

The following image shows this scenario with Amazon WorkSpaces.

User experience with Amazon WorkSpaces

User flow

  1. User accesses WorkSpaces via Internet.

  2. WorkSpaces handles user access with Streaming and Authentication gateways.

  3. WorkSpaces is integrated with Domain Controller.

  4. User's SAPGUI request is routed through Amazon Transit Gateway.

  5. User's request reaches SAP S/4HANA within RISE with SAP VPC.

The following image shows this scenario with Amazon AppStream 2.0.

User experience with Amazon AppStream 2.0

User flow

  1. User accesses Amazon AppStream 2.0 via Internet.

  2. AppStream 2.0 handles user access with Streaming gateway.

  3. AppStream 2.0 is integrated with Domain Controller.

  4. User's SAPGUI request is routed through Amazon Transit Gateway.

  5. User's request reaches SAP S/4HANA within RISE with SAP VPC.