SAP S4 Rise / Private Cloud
This information is based on SAP's current best practices for connectivity:
The following three options are recommended for connectivity to S/4HANA Cloud, Private Edition / S/4 Rise.
- VPN (IPSEC)
- VPC or VNET Peering
- Internet Based Firewall Access (Content Server Only)
The connectivity architecture between AWS, Azure and Google Cloud are analogous, with minor variances in implementation
In this scenario, a Virtual Private Network (VPN) Gateway client is deployed in the GimmalLink Tenant and is configured to connect to the SAP RISE Tenant VPN Gateway. Traffic for the SAP communications are routed through this secured connection.
Azure and AWS provide options for Highly Available connections as an option.
Virtual Network Peering is a mechanism that connects two virtual networks between Tenants in a Virtual Private Cloud (VPC).
Microsoft calls their implementation VNET and AWS/Google use the term VPC Peering.
In all cases, Peering provides a virtual, internal, low latency, high bandwidth network connection between Tenants in the same VPC provider.
In this scenario, a Web Application Firewall (WAF) is configured to allow specific traffic connectivity into the SAP RISE Tenant.
AWS, Google and Azure all offer WAF as a service within the tenant.
NOTE: The WAF solutions only supports HTTPS outbound connections from SAP RISE deployments (i.e. Content Server only)
