Connecting to RISE from on-premises networks
Connectivity to RISE with SAP on AWS from on-premises is supported using AWS VPN or AWS Direct Connect or a combination of the two.
Topics
Connecting to RISE with SAP VPC using AWS VPN
Enable access to your remote network from RISE with SAP VPC using AWS Site-to-Site VPN. Traffic between AWS cloud and your on-premises location is encrypted via Internet Protocol security (IPsec) and transferred through a secure tunnel on internet. This option is efficient, and faster to implement when compared to AWS Direct Connect. For more information, see Connect your VPC to remote networks using AWS Virtual Private Network.
You can get a maximum bandwidth of up to 1.25 Gbps per VPN tunnel. For more information, see Site-to-Site VPN quotas.
To scale beyond the default maximum limit of 1.25 Gbps throughput of a single VPN
tunnel, see How can
I achieve ECMP routing with multiple Site-to-Site VPN tunnels that are associated with a
transit gateway?
When using this option, SAP requires the following details:
-
BGP ASN
-
IP address of your device
You can obtain these details from your AWS VPN device on-premises.
When connecting your remote network directly to RISE using AWS Site-to-Site AWS VPN, the cost for the AWS VPN Connection and the cost for data transfer out are included in the RISE subscription.
For more information see:
AWS Site-to-Site AWS VPN Pricing
Note: Because the cost associated with the lifecycle and operation of a “Customer gateway device” (a physical device or software application on your side of the Site-to-Site AWS VPN connection) varies, this is not taken into consideration in this document.
Connecting to RISE with SAP VPC using AWS Direct Connect
Use AWS Direct Connect if you require a higher throughput or more consistent network experience than an internet-based connection. AWS Direct Connect links your internal network to an AWS Direct Connect location over a standard Ethernet fiber-optic cable. You can create different types of virtual interfaces (VIFs) to connect with various AWS services. For example, you can create a Public VIF to communicate with public services like Amazon S3 or a Private/Transit VIF for private resources such as Amazon VPC, while bypassing the internet service providers in your network path. For more information, see AWS Direct Connect connections.
You can choose from a dedicated connection of 1 Gbps, 10 Gbps, 100 or 400 Gbps or an
AWS Direct Connect Partner's hosted connection where the Partner has an established
network link with AWS cloud. Hosted connections are available from 50 Mbps. 100 Mbps, 200 Mbps,
300 Mbps, 400 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, 5 Gbps, 10 Gbps, and 25 Gbps. You can order hosted
connections from an AWS Direct Connect Delivery Partner approved to support this model. For
more information, see AWS Direct Connect Delivery Partners
To connect, use a virtual private gateway in AWS account managed by SAP or a Direct Connect gateway in your AWS account associated with a virtual private gateway in AWS account managed by SAP. For more information, see Direct Connect gateways. Direct Connect gateway can also connect to a AWS Transit Gateway. For more information, see Connecting to RISE using your single AWS account.
You must acquire a Letter of Authorization from SAP to setup a AWS Direct Connect dedicated connection in the AWS account managed by SAP.
When connecting your remote network directly to RISE using AWS Direct Connect,
the cost for data transfer out (egress) is included in the RISE subscription. Costs
associated to the capacity (the maximum rate that data can be transferred through
a network connection) and the port hours (the time that a port is provisioned for
your use with AWS or an AWS Direct Connect Delivery Partners
For more information, see: AWS Direct Connect Pricing
