Internet of Things - General SAP Guides
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Internet of Things

Internet of Things (IoT) refers to a network of interconnected physical devices, vehicles, home appliances, and other items embedded with electronics, software, sensors, and network connectivity, enabling these objects to collect and exchange data. IoT allows objects to be sensed and controlled remotely across existing network infrastructure, creating opportunities for direct integration between the physical world and computer-based systems.

Amazon IoT provides a comprehensive suite of services to connect, manage, and secure IoT devices at scale. At its core, Amazon IoT Core serves as the foundation, enabling secure device connectivity and message routing. Amazon IoT Device Management helps register, organize, monitor, and remotely manage IoT devices throughout their lifecycle. Amazon IoT Greengrass extends cloud capabilities to edge devices, allowing them to act locally on data while still maintaining cloud connectivity. Other complementary services in the Amazon IoT family include IoT Events, IoT TwinMaker, IoT ExpressLink, and IoT FleetWise, each serving specific IoT use cases and requirements.

Amazon IoT with SAP

IoT with SAP

The combination of Amazon IoT services and SAP business applications creates a powerful platform for digital transformation, enabling organizations to implement smart solutions across various domains - from connected products to smart city applications. This integration helps organizations harness real-time data for improved operational visibility, enhanced customer experiences, and innovative business models, driving efficiency and accelerating innovation across the enterprise ecosystem.

In Smart Products & Services scenarios, Amazon IoT services enable intelligent operations through Amazon IoT SiteWise and other services, delivering real-time insights that integrate seamlessly with SAP business modules. Amazon IoT Device Management provides comprehensive monitoring across connected devices, with continuous data streams enriching SAP systems for informed decision-making. Edge computing capabilities through Amazon IoT Greengrass ensure efficient data processing at the source, enabling rapid response times and optimal performance, particularly valuable for remote operations.

Amazon IoT services can integrate with SAP Business Technology Platform (BTP) to create powerful end-to-end IoT solutions. Through SAP BTP event-driven architecture and Enterprise Messaging services, IoT data from Amazon can be efficiently consumed by SAP applications in real-time. The Cloud Application Programming (CAP) model in SAP BTP enables rapid development of IoT-enabled business applications that can process and act on IoT data from Amazon. The integration can be achieved through various methods, such as using SAP Cloud Integration , API Management, or direct REST APIs. For example, sensor data collected through Amazon IoT Core can trigger events in SAP BTP, which can then be processed by CAP applications to update business processes, generate alerts, or trigger automated workflows in SAP systems.

Amazon IoT Security

While Amazon maintains robust cloud security mechanisms to protect data movement between Amazon IoT and other Amazon services, customers are responsible for managing device credentials (including X.509 certificates, Amazon credentials, Amazon Cognito identities, federated identities, or custom authentication tokens) and implementing appropriate access policies.

Amazon IoT implements comprehensive security measures to ensure secure device connectivity and data transmission. Devices can connect to Amazon IoT using X.509 certificates or Amazon Cognito identities over Transport Layer Security (TLS) connections, with additional authentication options available for development and specific API-based applications. The Amazon IoT message broker handles device authentication and manages access permissions through Amazon IoT policies, while custom authentication can be implemented using custom authorizers.

Furthermore, the Amazon IoT rules engine securely forwards device data to other devices or Amazon services based on user-defined rules, utilizing Amazon Identity and Access Management (IAM) to ensure secure data transfer to intended destinations. Customer may leverage Amazon IoT Device Defender, a fully managed service that helps you secure your fleet of IoT devices.

You can find out more of Security in Amazon IoT.

Amazon and SAP Joint Reference Architecture for Internet of Things

JRA architecture below shows the combination of Amazon IoT services and SAP BTP services to build loosely coupled Edge-to-Business Process architectures.

JRA for Internet Of Things

IoT events - Edge locations can be environments like factories or shop floors where IoT devices such as cameras, PLCs, SCADA systems, IoT sensors or industrial assets collect data including temperature, vibration, and other metrics. The collected data is transmitted to Amazon IoT services in the cloud using appropriate connectors running on edge runtime environments like Amazon IoT Greengrass, with protocols specific to each device type. Customers have the option to sanitize data at the edge using Amazon Edge computing services before transmission to the cloud. Amazon IoT SiteWise Edge extends cloud capabilities to industrial edge environments, while Amazon IoT Greengrass serves as a general-purpose edge framework. This edge processing helps reduce noise in data, improves data quality, and optimizes costs.

IoT Data Processing on Amazon - Data received from edge locations is first processed by Amazon services such as Amazon Rekognition for computer vision use cases or other Amazon services for data analysis, where IT (Information Technology) and OT (Operational Technology) data insights are combined to trigger intelligent workflow automation. Amazon Lambda then triggers an event to SAP BTP for the next course of action

SAP Business Workflow on BTP - Control is transferred to SAP BTP services like Event Mesh, which allows applications to communicate through asynchronous events and Events-to-Business-Actions-Framework. This framework responds to and integrates events generated from different sources like industrial production processes, warehouses, etc., into enterprise business systems. Based on the events category and type, respective actions are triggered in SAP applications. The processor module leverages the decisions capability of SAP Build Process Automation to initiate business actions and also supported by other BTP services, such as HANA Cloud for storing application data. Customers can leverage private connectivity between SAP BTP and SAP RISE on Amazon environment through SAP Private Link and Amazon PrivateLink service.

Business Actions on RISE with SAP - Finally, based on the business rules, appropriate SAP business processes are triggered on the RISE with SAP systems like creation of maintenance order for predictive maintenance or creation of a safety observation for EHS.

JRA for Internet Of Things and Genenerative AI

This is an alternative architecture to the one discussed in the previous section, with the following differences.

IoT events – Same as Figure 1.

IoT Data Processing on Amazon – Data received from edge locations is forwarded directly to the SAP BTP layer for subsequent actions, including data transformation. In this case, we are using SAP Integration Suite, Advanced Event Mesh, which has an out-of-the-box connector for S3.

IoT Data Processing on SAP BTP – Control is transferred to SAP BTP services like SAP Integration Suite, Advanced Event Mesh and Events-to-Business Actions Framework. Data transformation on SAP BTP is handled using GenAI services like Generative AI Hub, which leverages Amazon Generative Foundation Models such as Amazon Nova to derive insights from the data for further processing. Based on the processed data, event categories and types, respective actions are triggered in SAP applications. The processor module, part of the Events-to-Business-Action framework, leverages the Decisions capability of SAP Build Process Automation to initiate business actions. Additionally, SAP HANA Cloud can be used as a vector engine for Retrieval-Augmented Generation (RAG) framework and Knowledge Graph, in addition to storing application data.

This integration enables scenarios such as predictive maintenance, real-time asset monitoring, and supply chain optimization by combining Amazon's robust IoT and Generative AI capabilities with SAP’s enterprise business processes and data models.

You can find out more from SAP Architecture Center under Build Events-to-Business Actions Scenarios with SAP BTP and Amazon IoT SiteWise.