Amazon Overview
Amazon offers a broad set of global, cloud-based services, including compute, storage, networking, Internet of Things (IoT), and many others. These services help organizations move faster, lower IT costs, and support scalability. Amazon is trusted by the largest enterprises and popular start-ups to power a wide variety of workloads, such as web and mobile applications, game development, data processing and warehousing, storage, and archiving.
Amazon Services
Amazon provides over 200 cloud services that you can use in combinations tailored to your business or organizational needs. For information about all Amazon services, see the Amazon Web Services Cloud Platform documentation.
This section introduces the Amazon services that are most relevant for the deployment and operation of SAP solutions. The following list provides a high-level description of each service and its use for SAP systems. To view features, pricing, and documentation for an individual service, follow the detailslink after the description.
| Area | Service | Description | SAP uses |
|---|---|---|---|
| Compute | Amazon Elastic Compute Cloud (Amazon EC2) | Secure, resizable compute capacity in the cloud. (details |
Virtual and bare metal servers for the installation and operation of SAP systems. |
| Storage | Amazon Elastic Block Store (Amazon EBS) | Persistent block storage volumes for use with EC2 instances. (details |
File systems for SAP software (e.g., /usr/sap), SAP database log
and data files, and SAP local backups. |
| Amazon Simple Storage Service (Amazon S3) | Object storage service that offers an extremely durable, highly available, and
infinitely scalable data storage infrastructure. (details |
Highly durable storage for file backups, database backups, archiving data, data lakes, and more. | |
| Amazon Elastic File System (Amazon EFS) | Simple, scalable, elastic file system for Linux-based workloads for use with
Amazon Cloud services and on-premises resources. (details |
Shared file system for SAP application servers (e.g.,
/sapmnt). |
|
| Amazon FSx for Windows File Server | Fully managed, highly durable, and available native Microsoft Windows file
system. (details |
Shared file system for SAP application servers (e.g.,
/sapmnt). |
|
| Amazon FSx for NetApp ONTAP | Fully managed, highly reliable, scalable, high-performing file storage built on NetApp ONTAP file system(details) | Shared file system for SAP application servers (e.g.,
/sapmnt). |
|
| Networking | Amazon Virtual Private Cloud (Amazon VPC) | Logically isolated section of the Amazon Cloud where you can launch Amazon
resources in a virtual network that you define. (details |
Network for SAP resources. You can control the level of isolation of your EC2 instance from other networks, instances, and on-premises network resources, such as those in production and non-production environments. |
| Amazon Site-to-Site VPN | Enables you to securely connect your on-premises network or branch office site
to your VPC. (details |
Network connectivity between on-premises systems/users and SAP systems on Amazon. | |
| Amazon Direct Connect | Lets you establish private network connectivity between Amazon and your data
center, office, or co-location environment. (details |
Private network connectivity between on-premises systems/users and the SAP system or environment on Amazon. | |
| Amazon Route 53 | Highly available and scalable cloud Domain Name System (DNS) web service.
(details |
Name and address resolution for SAP systems running on Amazon. | |
| Amazon Time Sync | Highly accurate and reliable time reference that is natively accessible from EC2 instances. (Linux | Windows) | Time synchronization for your SAP systems on EC2 instances. | |
| Management and operation tools | Amazon Web Services Management Console | Simple web interface to provision and manage Amazon resources. (details |
Provisioning and management of Amazon resources for your SAP environment on Amazon. |
| Amazon Command Line Interface (Amazon CLI) | Command-line tool set to provision and manage Amazon resources. (details) | Creation of scripts to automate the provisioning and management of Amazon resources for your SAP environment on Amazon. | |
| Amazon CloudFormation | An easy way to create a collection of related Amazon resources and provision
them in an orderly and predictable fashion. (details |
Automated provisioning of Amazon resources for new SAP landscapes, disaster recovery environments, and other use cases. | |
| Amazon CloudWatch | Monitoring for Amazon Cloud resources and the applications you run on Amazon:
collect and track metrics, collect and monitor log files, and set alarms. (details |
Monitoring SAP systems running on Amazon using Amazon CloudWatch Application Insights. | |
| Amazon CloudTrail | Records activity made on your account and delivers log files to your S3 bucket.
(details |
Audit capabilities within your Amazon Web Services account, such as use of the Amazon EC2 API. | |
| Amazon Launch Wizard for SAP | Amazon Launch Wizard for SAP is a service that guides you through the sizing, configuration, and deployment of SAP applications on Amazon. (details) | Setup and configuration of resources required for your SAP deployment. | |
| Amazon Backint Agent for SAP HANA | SAP certified solution to backup and restore SAP HANA database to and from Amazon S3. (details) | Backup solution to store SAP HANA database backups to Amazon S3. | |
| Security, identity, and compliance | Amazon Identity and Access Management (IAM) | Manages access to Amazon services and resources securely. Using IAM, you can
create and manage Amazon users and groups, and use permissions to allow and deny
their access to Amazon resources. (details |
Fine-grained access control using a least privileged security model to access specific Amazon services and actions; e.g., to allow SAP BASIS resources to launch, to stop and start EC2 instances without terminating them. |
Amazon Global Infrastructure
The Amazon Cloud infrastructure is built around Regions and Availability Zones. An Amazon Region is a physical location that provides multiple, physically separated and isolated Availability Zones. Each Availability Zone consists of one or more data centers that are connected with low-latency, high-throughput, and highly redundant networking. These Availability Zones offer an easier and more effective way to design and operate your applications and databases, making them more highly available, fault tolerant, and scalable than traditional single or multiple data center infrastructures.
For a list of the available Amazon Regions and to learn more about the Amazon global
infrastructure, see Global
Infrastructure
Amazon Security and Compliance
Security
At Amazon, security is our top priority. As an Amazon customer, you will benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations. Security in the cloud is much like security in your on-premises data centers—only without the costs of maintaining facilities and hardware. In the cloud, you don’t have to manage physical servers or storage devices. Instead, you use software-based security tools to monitor and protect the flow of information into and out of your cloud resources.
As an Amazon customer you inherit all the best practices of Amazon policies, architecture, and operational processes built to satisfy the requirements of our most security-sensitive customers, and get the flexibility and agility you need in security controls.
The Amazon Cloud enables a shared responsibility model. While Amazon manages security of the cloud, you are responsible for security in the cloud. This means that you retain control of the security you choose to implement to protect your own data, platform, applications, systems, and networks no differently than you would in an on-site data center.
To learn more about Amazon security, see Amazon
Cloud Security
Compliance
Amazon provides robust controls to help maintain security and data protection in the cloud. As systems are built on top of Amazon Cloud infrastructure, compliance responsibilities will be shared. By tying together governance-focused, audit-friendly service features with applicable compliance or audit standards, Amazon compliance enablers build on traditional programs and help you operate in an Amazon security control environment.
The IT infrastructure that Amazon provides to its customers is designed and managed in alignment with best security practices and a variety of IT security standards. The following is a partial list of assurance programs with which Amazon complies:
-
SOC 1/ISAE 3402, SOC 2, SOC 3
-
FISMA, FIPS, DIACAP, and FedRAMP
-
PCI DSS Level 1
-
ISO 9001, ISO 27001, ISO 27017, ISO 27701, ISO 27018
For more information, see Amazon
Compliance Programs
Amazon Provisioning and Management
The provisioning and management of Amazon services and resources use a self-service model managed by the customer or a partner. For an overview of the tools available for provisioning and management, see the management tools in the Amazon Services section.
Figure 1 shows the services managed by Amazon and the services managed by the customer or partner for SAP.
Figure 1: Managed services for SAP on Amazon