Repository Specific Guides
...
Link Enterprise for S3
Technical Overview

SAP S4 Rise / Private Cloud

4min

This information is based on SAP's current best practices for connectivity:

The following three options are recommended for connectivity to S/4HANA Cloud, Private Edition / S/4 Rise.

  • VPN (IPSEC)
  • VPC or VNET Peering
  • Internet Based Firewall Access (Content Server Only)

The connectivity architecture between AWS, Azure and Google Cloud are analogous, with minor variances in implementation

VPN (IPSEC)

In this scenario, a Virtual Private Network (VPN) Gateway client is deployed in the GimmalLink Tenant and is configured to connect to the SAP RISE Tenant VPN Gateway. Traffic for the SAP communications are routed through this secured connection.

Azure and AWS provide options for Highly Available connections as an option.



Document image


VPC (AWS/Google) or VNET (MS) Peering

Virtual Network Peering is a mechanism that connects two virtual networks between Tenants in a Virtual Private Cloud (VPC).

Microsoft calls their implementation VNET and AWS/Google use the term VPC Peering.

In all cases, Peering provides a virtual, internal, low latency, high bandwidth network connection between Tenants in the same VPC provider.



Document image


Internet Based Firewall Access

In this scenario, a Web Application Firewall (WAF) is configured to allow specific traffic connectivity into the SAP RISE Tenant.

AWS, Google and Azure all offer WAF as a service within the tenant.

NOTE: The WAF solutions only supports HTTPS outbound connections from SAP RISE deployments (i.e. Content Server only)



Document image