It’s become a common question, about the integration of a corporate network to the variety of Cloud platform options. In hybrid scenarios, this topic should be considered in detail while planning for a cloud journey.
With this article, I would like to give you a summary of the possible integration scenarios with SAP HANA Enterprise Cloud. This overview covers communication possibilities utilizing SAP Data Centers.
SAP HANA Enterprise Cloud supports the most proven and standardized connectivity options to get customer’s corporate network integrated with the private managed cloud environment. Three alternatives are available today: VPN (IPSec site-to-site), Direct connection (e.g. termination of the MPLS network) and SAP Cloud Peering.
The diagram below provides an overview of the aforementioned options and gives an understanding of the network segregation (SAP, Customers) and responsibilities of the involved parties.
In addition to the integration with a corporate network, SAP HANA Enterprise Cloud provides the capability to expose required Applications or Web services (HTTPS based) directly to the public Internet through LoadBalancers. This is delivered on demand.
Let’s take a closer look at every option.
VPN (IPSec site-to-site)
This is one of the most well-known and fastest ways to build up a secure connection over Public Internet. It allows connectivity to different network segments within a short time frame and eliminates significant investments (e.g. renting dedicated network channels).
This connectivity brings a lot of benefits, here are a few:
1) Quick implementation. Establishing a secure (AES-256 encryption) tunnel via VPN appliances (like Cisco ASA, Cisco ASR, Palo Alto Network Firewalls etc.) or even software VPN gateways (e.g. FreeSWAN)
2) Small investments. Most or even all customers already have access to public Internet and their network architecture allows extending the current network with additional VPN connectivity
3) No bandwidth costs. No additional traffic fees, for PoCs (non-PROD) makes for a good benefit.
As IPSec VPN utilizes the public Internet channel, the customers should take in consideration that it might not have bandwidth or latency guarantees. This is an important topic to account for during planning.
Considering all of the above, I’m concluding that this is a great option to run non-PROD workload (like Proof of Concepts, Project implementations without Productive systems) or for a time period, while the customers are establishing more reliable solutions (see below) for a Production usage.
Direct connection (like MPLS, telco provided VPN)
Direct connection represents one of two recommended options for connecting to a productive business-critical environment. From the diagram below you can see that choosing this type of connectivity, SAP HANA Enterprise Cloud customers (together with their Telco providers) can utilize different types of the network communication channels (MPLS, VPN) and create a high-available solution.
This scenario gives customers freedom of choosing their preferable Telco provider (or several) and brings a great possibility to create a failover solution for the Network connectivity. This comes by having redundant L3 Network routers on SAP HANA Enterprise Cloud side along with HSRP (Hot Standby Routing Protocol), in order to make an automatic and transparent failover solution for End-users.
Direct Connection is recommended for Production usage.
SAP Cloud Peering
SAP Cloud Peering is a reliable and secure connectivity option for customer to SAP Cloud Services leveraging SAP’s global interconnection provider ecosystem. SAP Cloud Peering is a highly secure connectivity option, because the traffic goes through the Telco supplier’s network and never comes across the public Internet. It combines the advantages of a fast deploying solution as well as the security and reliability of dedicated channels. It perfectly fits for the customers who already use network solutions by one of the global interconnection providers (e.g. Verizon, Equinix etc).
You can check the availability of a particular provider in a Data Center location here.
In addition, the details about SAP Cloud Peering connectivity option can be found via the following link.
SAP Cloud Peering is recommended for Production usage an give a great flexibility and advantages leveraging Multi-Cloud environment.
Thanks for reading.