Extensions - General SAP Guides
PerformanceData lakeApplication integrationDocument managementDevelopment and extension

Extensions

You can extend RISE with SAP by using AWS services to improve performance, security, agility, and reduce costs. The following table provides recommended AWS services based on use case.

Category Use case AWS services
Performance SAP Fiori launchpad and global access Amazon CloudFront
Data lake Analytics Amazon AppFlow, AWS Glue, and Amazon QuickSight
Application integration Integration AWS Lambda and Amazon API Gateway
Document management Archiving Amazon S3 Glacier, Amazon S3 File Gateway, and SAP BTP - Document Management Service
Development and extension Development AWS SDK for SAP ABAP

Performance

Deploy Amazon CloudFront in your VPC to increase performance and reduce latency of SAP Fiori launchpad in RISE with SAP. CloudFront create a cache for the static content and accelerates dynamic content through edge computing. For more information, see Improving SAP Fiori Performance with Amazon CloudFront and AWS Global Accelerator.

Optimize performance for SAP Fiori

You can create a CloudFront distribution in your AWS account, and connect it via Transit Gateway to the SAP systems. In addition, you can attach AWS WAF to strengthen the security at edge. The following image shows this scenario.

Request routing with Amazon CloudFront

User flow

  1. User accesses SAP Fiori launchpad via Internet browser or mobile device.

  2. The request is routed through Amazon CloudFront.

  3. The request is filtered by AWS WAF to prevent passage of malicious traffic, before it is processed by Amazon CloudFront.

  4. SAP Fiori launchpad is served from RISE with SAP VPC and presented to the user via AWS Transit Gateway.

Optimize performance with accelerated VPN connections

To improve user experience in the application, you can use Accelerated Site-to-Site VPN connections . Traffic is routed from your on-premises network to an AWS edge location that is closest to your gateway device. AWS Global Accelerator optimizes the network path, using the AWS global network to route traffic to the endpoint that provides the best application performance.

Data lake

Deploy Amazon AppFlow to extract data out of SAP S/4HANA via OData protocol which can also be based ODP framework. The extraction result is stored in Amazon S3 data lake. This data can be further processed with AWS Glue, Amazon Redshift, and Amazon Athena. Users can consume this data with Amazon QuickSight. The following image shows this scenario.

Data flow with Amazon AppFlow

Data flow

  1. RISE with SAP VPC is connected to your AWS account not managed by SAP, via AWS Transit Gateway and Network Load Balancer.

  2. Amazon AppFlow extracts data out of SAP S/4HANA via OData protocol.

  3. Raw data is stored in an Amazon S3 bucket.

  4. AWS Glue performs transformation and cleansing of data.

  5. Transformed results are stored in another Amazon S3 bucket.

  6. Amazon Redshift is used to further process the data through its data warehousing capability.

  7. Amazon Athena is used to query the transformed data in Amazon S3.

  8. User accesses data through Amazon QuickSight.

For more information, see Guidance for DataLake with SAP and non-SAP data on AWS.

Application integration

Deploy Amazon API Gateway to extract data out of SAP S/4HANA via HTTP API. API Gateway can consume data from IDOC, BAPI, and RFC. These need to be translated to a web service call. For more information, see AWS blogs. The following image shows this scenario.

Data flow with Amazon API Gateway

Data flow

  1. RISE with SAP VPC is connected to your AWS account not managed by SAP, via AWS Transit Gateway.

  2. Amazon API Gateway is configured to route the authentication to AWS Lambda and Amazon Cognito

  3. Amazon Cognito authenticates the session.

  4. Once authenticated, Amazon API Gateway routes the package to AWS Lambda.

  5. AWS Lambda stores the data in an Amazon S3 bucket.

Document management

Deploy an SAP Content Server that is integrated with Amazon S3, to archive SAP documents and data. The following image shows this scenario with AWS services.

Data flow to archive SAP documents and data

Data flow

  1. RISE with SAP VPC is connected to your AWS account not managed by SAP, via AWS Transit Gateway.

  2. SAP Content Server is installed in SAP S/4HANA as target storage for document and data archiving.

  3. Amazon FSx File Gateway enables Amazon S3 to be mounted as NFS on SAP Content Server.

  4. Amazon S3 bucket stores the required archive files.

  5. You can move files to different Amazon S3 storage classes. For more information, see Using Amazon S3 storage classes.

You can also deploy SAP BTP - Document Management Service on AWS to archive documents and data. The following image depicts this scenario:

Data flow to archive SAP documents and data

Data flow

  1. RISE with SAP VPC is connected to your BTP through Cloud Connector.

  2. The cloud connector reaches the BTP public endpoint on AWS.

  3. SAP BTP Document management stores the required archive files from RISE with SAP.

Development and extension

Deploy AWS SDK for SAP ABAP on RISE with SAP VPC to avail AWS services using the ABAP language. For more information, see What is AWS SDK for SAP ABAP?

You can authenticate AWS SDK for SAP ABAP with IAM access key. The following image shows this scenario.

Data flow AWS SDK for SAP ABAP

Data flow

  1. AWS SDK for SAP ABAP is installed via a set of transports in SAP S/4HANA within RISE with SAP VPC.

  2. SAP S/4HANA is configured with IAM access key for authenticating access to AWS services. For more information, see Managing access keys for IAM users.

  3. Access to AWS services with AWS SDK for SAP ABAP has been established.