SAP Cloud Platform – Thoughts on Cloud Architecture
In this blog series, I want to write about SAP Cloud Platform (SAP CP) from a (cloud) architect’s perspective. I will focus on topics like user and access management, transports, application lifecycle management, landscape design, and many more topics that I typically discuss with customers around SAP CP.
In my projects, I found that there was much confusion about architectural topics like user and access management, account structure, and recommended application design on SAP CP. I experience that many tutorials and documents available today discuss small scale applications but there is only few information about large-scale corporate SAP CP landscapes and architectures.
So for people and companies who are using or want to use SAP CP in larger scale production environments and not only for “playing around”, hopefully the content of these articles help you in understanding and managing your SAP CP landscapes and application architectures as I have designed and recommended them in actual customer projects.
During this series, I want to cover the following topics and explain them in my own words and material, which I use every day to explain the Cloud Platform:
- Understanding SAP CP Global Accounts and Sub-Accounts and what this concept means to corporate SAP CP architectures
- Understanding the difference between SAP CP members, application users, and database users
- Identity Providers for SAP CP in Practice
- Understanding concepts for user management with regards to application architecture
- BETA SAP CP Member Provisioning via Microsoft ADFS
- Transport Approaches in SAP CP
- SAP Cloud Platform Architecture Library
- Understanding how secure applications can be designed from an architectural perspective with regards to user management
- Understanding how large scale system landscapes with SAP CP could look like
So stay tuned for those articles, which I plan to release over time from now on. Feel free to ask me questions about my projects or request new articles about topics that are of interest to you. If I am capable of answering your questions/issues/needs, I will be most pleased to help you understanding cloud architectures around the SAP Cloud Platform.
Disclaimer and a word of caution: The recommendations that I am giving in my blogs and the information I am presenting are collected and developed in a careful manner by myself with the help of my fellow colleagues. However, they are not “official” guidelines released by SAP (although I am a SAP consultant). Also, the information can be outdated as the platform is developed further. So I personally cannot guarantee for the correctness of everything I am writing about in these articles and I do not speak for SAP when I am giving you recommendations. However, it is my highest aim to lower your potential confusion in SAP CP topics so if you find anything contradicting or striking, contact me and let’s have an open discussion!
Last but not least I want to say thank you to my fellow colleagues, especially from product management, who are always very informative, helpful, and patient when I disturb them with my stupid questions. 🙂
Thanks and cheers, Jakob
Thanks Jakob for preparing all of this great content! I know a lot of people are going to be eagerly watching this series!
Jakob I can't await to read the first in depth blog of this series.
In my discussions with colleagues and other consultants I notice that most of them work in a small scaled environments, either at small customers or in dedicated projects. Some of my customers however are large enterprises and ask if and how hcp scales if it passes the boundaries of projects.
I hope and think that your blogs will give some answers or at least ideas to this question .
Really excited to see this series coming alive! It's always good to hear lessons & learned and experiences from real-life projects - thanks Jakob for taking the time to share your insights with the rest of us. Truly appreciated!
Interesting source of wisdom 🙂
Happy to share experience with you.
Very interested in the topic, thanks for sharing! Especially in "Understanding how applications, also consisting of multiple stacks, can be transported in HCP landscapes" as we are in a situation at a costumer where we only learned that there is CTS+ what is not implemented yet there and we struggle how to to transport management in HCP-environment. Maybe you could give a hint already what possibilities are there in HCP, thanks.
yes, transporting is an interesting topic. With the CTS+ integration, you can transport MTA applications through your landscape. However, your HANA delivery units cannot be part of those MTAs (at least today), so you'll have to transport them separately (either attach them to the same transport in CTS+ or transport them with the HANA Lifecycle Manager). Either way, it's not fully automatic and synchronized as you might expect it when you come from the ABAP world, but I would recommend that you look at the CTS integration at your customer. If you prefer a more quick and dirty solution, you can also "transport" the Java and HTML5 stack between your git repositories with your own scripts. Also keep in mind that SolMan has to be at a certain release to support the HCP/CTS+ integration (please consult your SAP contacts for the exact version number). Cheers, Jakob
Thanks for your blog! This seems to cover a lot of really interesting topics that are left out of most of the common slide decks :-).
Especially the whole topic of transportation issues and how to manage destination in a Dev-QA-Prod-Environment (each for gateway and backend) is still a bit of a mystery for me. Looking forward to get this illuminated!
Nice article! The explanation on accounts - global and sub accounts were quite useful. Apart from transport management, I would also be interested to know more on the topic of release management in the context of continuous delivery/DevOps. Looking forward to read more on that in the best practices part.
Very nice compendium (added to bookmark for reference!).
I'm looking forward to see the Cloud Connector article. I'd like to understand the one-connector-per-account limitation and how bigger scenarios apply. E.g. A Shared database on the cloud and several on-premise system spread throughout the country.
thanks for your comment! The one-connector-per-account limitation is not current anymore. Today, you can have multiple CCs per subaccount (I mention this in the related article I guess).
This series help getting a better understanding on certain SCP aspects.
I will certainly make some colleagues aware about them. Understanding basic principles like these will help to take the right decisions when deploying functionality on SCP and avoid maintenance and support issues in the future.
I look forward to the rest of the blogs.
Thanks for your blog it looks fantastic.
I am learning about Cloud architecture taking a training on SCP operations and I have the following doubt:
Case a customer has a full Public Cloud solutions landscape (no on-prem, no SolMan), is it possible to carry on advanced operations such as Continuous Integration and Delivery without SolMan? SolMan is required to perform CTS and it is not clear whether it is possible to perform CI/CD without CTS.
Many thanks in advance,
thanks for asking!
I highly recommend you to read the following to understand more about CI/CD: https://www.sap.com/developer/tutorials/ci-best-practices-intro.html
You will see that for CI/CD, SolMan is not required for most CI/CD scenarios (in fact, it's only required if you depend on the audit-safe processes (4-eye principle etc.) to transport from TEST to PROD or when you "synchronize" transports with your ABAP systems (so when you transport ABAP and SAP CP artifacts in one transport request)). CI/CD depends more on your build tools (such as Jenkins) and automated pipelines. Those build tools can also be in the cloud (which is also described in the link that I just gave you).
Also refer to my blog series (https://blogs.sap.com/2017/06/30/part-6-transport-approaches-in-sap-cp/) to see a comparison between SolMan-transports and CI/CD approaches. And finally, the OpenSAP course "Cloud Native Operations" also dealt with this topic pretty nicely, highly recommend you to also look at these...
Hope that helped and best regards,