As an SAP HANA Enterprise Cloud, Architect and Advisor to customers finding their way into the cloud, I often come across customers wanting to understand how is SAP HANA Enterprise Cloud Private? In this blog, I will try to shed some light on the “Privateness” of SAP HANA Enterprise Cloud and how SAP’s Private Managed Cloud is best suited for SAP customers ready to embark on their digitalization journey with minimal disruption, high flexibility, low risk and above all, at their own pace of innovation.
What is SAP HANA Enterprise Cloud (HEC)
For those of you who don’t know it yet, SAP HANA Enterprise Cloud (HEC) is SAP’s Private Managed Cloud to simplify adoption of SAP S/4 HANA and other solutions powered by SAP HANA.
SAP HANA Enterprise Cloud has fast become a popular choice with customers looking to quickly leverage new innovations in SAP S/4 HANA or customers who wish to lift, shift & consolidate their existing SAP workloads into the cloud.
SAP HEC is extremely valued by existing SAP customers who desire the flexibility of the cloud but at the same time want to retain their custom developments & direct control over their environments in a fully scalable, secure and private cloud-based service model.
What is exactly a Private Cloud?
As per Gartner’s definition, “Private cloud computing is a form of cloud computing that is used by only one organization, or that ensures that an organization is completely isolated from others”.
SAP HEC provides the required isolation to guarantee privacy & security across different levels of the stack but more importantly offers a private set of individualized managed services to meet customer specific requirements without trade-offs in performance, integration & business continuity.
Let’s take a look at some of the key factors contributing to this “private-ness” in the SAP HANA Enterprise Cloud.
SAP HEC Private Managed Cloud Deployment Model
As a private managed cloud SAP HEC leverages efficiencies to manage many customer landscapes by sharing commonly used resources between customers. At the same time dedicated resources are provided to customers to ensure data isolation and strict separation.
Central infrastructure such as data center facilities, virtualization platform, backup environments, landscape management & monitoring services are shared between customers to allow competent common management and administration by SAP.
Dedicated Infrastructure. To meet the customer’s individual performance needs and ensure each customer can choose their software solutions, each of the customer’s SAP solutions are installed on customer dedicated infrastructure instances of application servers, ASE database & HANA systems.
Based on customer’s needs SAP HEC also leverages Hyperscalers like Microsoft Azure, Amazon Web Services or in the future Google Cloud as the underlying IaaS layer.
Customers can choose their software versions of the SAP solutions operated at SAP HEC to suit their brownfield or greenfield landscapes. Generally, all SAP Software solution versions in maintenance as per SAP’s maintenance strategy are supported in SAP HEC. The customer is also provided guidance on the to be installed solution versions based on SAP’s future solution roadmaps.
Private Network & Private Connection:
In SAP HEC each customer’s landscape is isolated from other customers by placing the customer’s systems in dedicated private networks. Network isolation is achieved using Virtual LAN environments (VLAN). A customer connects to his network in HEC through his own dedicated secure connection by using multiple connectivity options like SAP Cloud Peering, MPLS or VPN. Each customer, therefore, has his own private secure connection to his private network in SAP HEC.
Through this dedicated connection, the customer’s private network in SAP HEC effectively becomes an extension of the customer’s existing on-premise network i.e. the customer systems in HEC are privately visible to the customer’s existing systems in their on-premise network. This opens a world of possible integration scenarios allowing API Calls, data flows and process integrations between the systems across these networks in a secure private environment. This allows the customer to mitigate their risks by taking advantage of the Hybrid Cloud model where he can keep selected systems in his own existing on-premise environment and move the rest to SAP HEC.
On the other end, customer networks are also securely isolated from the SAP corporate network. Authorized SAP personnel who manage the customer landscapes in HEC also require a two-factor authorization to get access over jump hosts to the common administration tools to manage the customer’s landscapes in SAP HEC. General SAP employees have no access to the SAP HEC networks ensuring data protection and privacy.
SAP HEC also supports multi-cloud setups, where customers can take full advantage of innovations in SAP’s other public cloud offerings such as SAP Cloud Platform, SAP’s PaaS for building innovative extensions or SAP SaaS solutions like Ariba, SuccessFactors, Concur etc. which can be easily integrated with customer systems in HEC.
For a more technical information on the different SAP HEC connectivity options have a look at this valuable blog: Connecting to SAP HANA Enterprise Cloud.
Cloud Security: Cyber Security is one of the pillars of SAP’s Cloud strategy. SAP’s Cloud Security Framework provides an end-to-end approach to security, covering all aspects like Data center security, Cyber-Security & Data Privacy, Compliance & Certifications. You can find more details on SAP Cloud Security at the SAP Cloud Trust Center.
This allows SAP HEC to benefit from a holistic, multi-dimensional approach to establish and maintain state-of-the-art Privacy & Compliance.
Service Model – Individualized Private Managed Services to suit a customer’s specific needs
Every customer has specific service requirements depending on his enterprise goals, planned solution roadmaps and operation modes. Meeting the individual needs of each customer is the key to customer success and the essence of SAP HEC.
SAP HEC offers a comprehensive, flexible and scalable service portfolio to plan, implement, manage and operate customer’s SAP solutions. The mixed service portfolio of mandatory and optional services across the stack allows the customer the choice to have certain tasks carried out by SAP and to keep certain tasks in their own responsibility. This offers the flexibility to the customer to retain the required degree of control on their systems even when they run in SAP HEC.
The SAP HANA Enterprise Cloud, Roles & Responsibilities Document provides extensive service description of the services offered in SAP HEC service model.
Here is a short summary of the services categories offered inside HEC.
- HEC Standard Services: A Mandatory set of standard technical services included in the HEC offering which are required to run SAP landscapes. To name a few
- System provisioning based on our unique Reference Architecture. Which is derived from SAP’s years of product experience & expertise in running SAP solutions.
- SAP HANA Database Management & Backup services.
- Infrastructure, network and operating systems management & monitoring
- HEC Enhanced Management Services (EMS): An Optional set of non-functional services which cover technical tasks which may be required by certain customers but not by all customers. Customers can flexibly choose to request these services on-demand based on their needs & preferences. Customers can use these services to perform additional tasks which go beyond standard services such as for e.g.
- request an SAP version upgrade in a quick and effective manner.
- Request SAP System copies or copy and deletion of additional clients
- Perform additional disaster recovery tests
- HEC Application Managed Services (AMS): These are optional functional services which customers can leverage to have SAP manage their applications at a functional level. These services also offer seamless integration with SAP Global support. SAP HEC Standard Services, EMS and AMS together provide a “SaaS-like” experience to HEC customers. Some of the services include for e.g.
- Application evolution and application change management
- Root-cause analysis & resolution of application incidents
- Software lifecycle management and deployment of Innovative releases
- Proactive continuous business improvement services.
A combination of the technology deployment model and service model coupled with world-class security standards makes SAP HANA Enterprise Cloud a personalized secure “private” experience. The personalized experience enables customers to reach their defined business goals at their own personal pace, safeguarding them from risks and guiding them on their journey to digitization.
Hope this helps clarify a bit.
Follow me on Twitter: @dhairyawan