Network Infrastructure for SAP Application-based Landscapes
The “Network”, the Big Unknown
“The “network” is coming out of a little wall socket in my office, like electrical power. Why should I care? I’m busy finding out why end users in some branch offices are complaining about the performance of our applications.”
Well think again. Since end users are more often physically moving away from the location of an application’s datacenter, the network is not only a local area network (LAN) but also a wide area network (WAN), which can be a beast. It introduces new obstacles for the delivery of applications to end users and might often be the root cause of a problem rather than the application. Unattended, the WAN can introduce latency time delays, transmission delays if bandwidth is low, and a number of new errors caused from the network side. If you use the Internet as a WAN, your application web site is also open to attack and overall application security becomes a concern.
Add to this mix the rise of enterprise service-oriented architecture (enterprise SOA)-based application landscapes. When an enterprise SOA is in use, applications do not only receive requests from end users through the web or other user interfaces, but they also receive requests from other applications, often through web service calls. Enterprise SOA is a means for application integration. Many companies are now facing the task of integrating applications that are housed in different locations, such as business scenarios, which span multiple companies in a supplier scenario. Application-to-application (A2A) network traffic often has to be routed over a WAN in these cases and similar concerns for end-user-related traffic exist.
Now that I have scared you, I have good news share. There are many technical solutions available to counter the WAN constraints that impact SAP applications. First of all, the SAP NetWeaver Application Server has a lot of strong, built-in features that can help reduce the negative impacts of a WAN. Some of those features are gzip compression to reduce the data transfer volume and use of https protocol for encrypted secure communications. In addition, a large number of network vendors have come up with new technologies that can help applications in many different ways. If you follow the developments in the network industry, you might notice a lot of innovations, mergers, acquisitions and growth. It is a very vibrant industry, which is driven by the networking demands of globalization.
Figure 1 provides an overview of the basic elements of a distributed enterprise SOA landscape embedded in a network infrastructure. There might be multiple data centers which host application components (1). Among each other and to end users they are connected via a WAN (6).
The network appliances (or hosted network services, which also exist) sit as proxies in front of the application servers in a so-called “demilitarized zone” or DMZ. End users located in branch offices might also have a small DMZ on the side of their WAN. The network functions in a DMZ are like an electrical power transformation station. In the case of a network, the DMZ transforms network traffic between a LAN and an outside WAN so it is optimized on either side for the very different properties required of both. Main features of a DMZ might include a load balancer (2), a key feature for scalability and high availability of applications; a special compression and caching appliance or WAN accelerator, which is deployed symmetrically at both WAN end points (3,7); and a security gateway (4), which filters out malicious incoming requests by analyzing the content of message requests. In addition, a firewall appliance (5) functions as a first layer of defense for blocking unwanted network protocol connections, such as telnet and more.
SAP’s Network Vendor Ecosystem
Through the evolution of SAP applications – from real-time business solution to web-enabled application to enterprise SOA-based landscape – the use of wide area networks increases exponentially. In many cases, the older application end-user community, which can reach applications through a local network, became a fast-shrinking minority. Therefore, it is only natural for network vendors and SAP to collaborate first on the development of joint blueprints for an overall application/network infrastructure and then to research further joint application/network optimization opportunities to include co-innovation.
A little more then one year ago, network vendors and SAP came together under the Enterprise Services Community (ES Community) umbrella.
The Enterprise Services Community (ES Community) is a program to gather customers, systems integrators, ISVs and infrastructure vendors around business themes so they can define enterprise services and other solutions that will service enable and support the SAP platform.
The first ES Community advisory group was launched by seven network vendors and SAP. It had the modest goal of producing an overview white paper for customers’ network and application IT groups. The paper provides detailed information about network technologies and their benefits to SAP applications. Click on the following link to access this white paper: http://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/805d8c2d-0e01-0010-a694-a94109e88f2a.
Another important outcome of this advisory group was the launch of two new groups, one of which organized a joint test lab facility at SAP Labs in Palo Alto, Calif. Establishing this lab jointly, sponsored by network vendors and SAP, allowed us to test network solutions quickly, efficiently and at a tremendous cost savings. All network vendors and SAP are very grateful to HP and Shunra for their contributions to the lab. HP has allowed the use of its LoadRunner tool and Shunra has provided its Virtual Enterprise WAN emulation appliance. The WAN emulator literally allowed us to test intranets and the Internet without leaving our lab room.
Every network vendor in this group had a chance to test solutions in the lab. By late spring of 2007, a total of eight vendors had participated in this program. You might only see results from seven vendors because one vendor decided to acquire one of the other ones (something which I’ve seen happen before!). As noted previously, the network industry is very much in motion, which is exciting to watch and be a part of.
Many outstanding outcomes have resulted from the work of SAP’s network vendor ecosystem – results that benefit you and our customers. You might have seen a number of the press releases issued by vendors highlighting the positive improvements in network response times. The reported 90+% response time improvements of WAN performance are indeed possible for some cases.
As of today, the following papers have been completed and co-published on SDN and on the vendors’ ownweb sites. More papers are planned to be issued during the next weeks. Current ones can be found at the following direct links:
- F5 Application Ready Network for Enterprise Service-Oriented Architecture (engl. version, click here for Japanese version )
- Testing Secure Enterprise SOA Applications Across Wide Area Networks without Leaving the Lab (by HP, Shunra, SAP)
- SAP and Citrix: Deployment Best Practices Delivering Performance, Security, Availability, and Cost Benefits Enterprise Wide
- Transform the Internet into a Business-Ready Application Delivery Platform for Enterprise SOA based SAP Deployments (by Akamai and SAP)
If you would like to learn more about our lab testing results, please visit the TechEd ’07 presentation LCM 222 in Las Vegas or Munich, Germany in October.
Due to the success of the joint test lab, SAP decided to establish a much larger and permanent test lab facility for business software and infrastructure technology vendors. This lab was launched in June 2007 and was named the Co-Innovation Lab or COIL. Additional information can be found in the launch press release: http://www.sap.com/company/press/press.epx?pressid=7860.
With the great support from our COIL sponsors, this lab targets to demonstrate the most modern datacenter technologies available today for the operation of enterprise SOA-based solutions and other SAP applications. With network vendors on board with COIL, many new tests and solution blueprints about networks for use with SAP solutions can be expected to flow continuously.
In anticipation of the publication of many more blueprints and white papers in the future, we decided to establish a new top-level SDN Wiki section called “Enterprise SOA Infrastructure” (http://www.sdn.sap.com/irj/sdn/wiki), under which you will find the two branches – Virtualization and Network: the two infrastructure subjects for enterprise SOA that currently get the most attention and see most innovations. Expect the network wiki (http://www.sdn.sap.com/irj/sdn/wiki?path=/display/esoainfrastructure/networks+for+enterprise+soa+based+solutions&)to grow fast during the next several months. I’ll link all published network-related papers into this wiki section as a permanent repository of all network technology for SAP solution-related information.
At this point, we do not have a discussion forum about network and/or application-related questions. Maybe we can start with this blog. If you send me your comments and like the idea of a network/application forum, I’ll see if I can convince my SDN colleagues to open one.
Certification: It was mentioned above that from the first advisory group of the ES Community, two new groups were launched. I’ve already discussed the second group above. The third group was established to address network product and services certifications administered by SAP. As I suggested this new group, the network vendors’ interest and support was great right from the beginning. Together we were certain that customers would appreciate certification, which provides proof of the integration capabilities between networks and SAP applications.
The result of this group was the definition of certification terms and rules as well as test scenarios that have been developed and implemented in a test landscape by SAP. The experiences from the second group’s lab tests were a great help in designing this program too.
To date, five pilot network product certifications have been completed and many more are scheduled. The certification process has been handed over to the SAP Integration and Certification Center (SAP ICC). Network vendors can now apply for certification through the ICC.
The SAP ICC and COIL continue close cooperation for the network certification program. The COIL facility maintains the landscape for the certification tests. For more information about the SAP ICC, please check the following link: http://www.sdn.sap.com/irj/sdn/icc.
An always up-to-date list of certified network products can be found at:
Search for the SAP-Defined Integration Scenarios ESOA-AW-PO (network performance certification), ESOA-AW-RA (Reliability&Availability) and ESOA-AW-SEC (network security). “AW” stands for “Application delivery and WAN optimization”, the two network technology segments for which SAP offers this certification. When the TechEd conferences have concluded, we will try to publish some more details about the network certification testing.
I hope you like this blog and encourage you to send your comments. The network vendors and SAP have made a start to provide you with a lot of application-network integration information, which helps to optimize user-to-application as well as typical enterprise SOA application-to-application connectivity. Your feedback and input from the SDN and BPX community side will help to steer our next big network/SAP application activities. Surely together the network vendors and SAP will continue to use ES Community, the Co-Innovation lab, certification, the SDN and BPX to provide further valuable information and solutions to benefit your IT and business.