Skip to Content
Technical Articles
Author's profile photo Denys van Kempen

Data Storage and Network Security for the SAP HANA Service – by the SAP HANA Academy

LATEST UPDATE: September 1, 2020 =========================================

The SAP Cloud Platform, SAP HANA Service will be retired in 2021. For more information, see

For the latest information about SAP HANA database-as-a-service, visit our blog post series about SAP HANA Cloud:


We do not have access to the file system or the operating system for the SAP HANA Service, so how we control data storage encryption and network security works differently compared to on-premise SAP HANA.

Root key management, however, still works the same, and to stay in control of how your system is encrypted, it is important to understand encryption root key management. In particular, because if you do not manage your data volume and backup encryption root keys properly, it may be difficult if not impossible to recover your database. Cloud or not.

Encryption is always On for the data and log volume, and for backups.

Tutorial Video

In the video tutorial below, we show how you can create encryption root key backups and how to access your keys. Network security and the Instance and SystemPKI SSFS are also covered.


Manage Keys

You can use the Manage Keys app to change the root encryption keys, make a backup, or change the root key backup password.

There are encryption root keys for the data and log volume, for backups, and for the application encryption service. These keys are stored inside the Instance SSFS managed by the cloud provider. The password-protected backup of the root keys is stored and managed by you.

The certificates stored in the system PKI SSFS are also managed by the cloud provider. These certificates are used to encrypt communication between different server processes (indexserver <-> nameserver) or between different sites in case of system replication.

YouTube Playlist(s)

The tutorials has been posted to the following playlists:


For the documentation, see

Thank you for watching

The SAP HANA Academy provides free online video tutorials for the developers, consultants, partners and customers of SAP HANA.

Topics range from practical how-to instructions on administration, data loading and modeling, and integration with other SAP solutions, to more conceptual projects to help build out new solutions using mobile applications or predictive analysis.

For the full library, see SAP HANA Academy Library – by the SAP HANA Academy.

For the full list of blogs, see Blog Posts – by the SAP HANA Academy.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Gregor Wolf
      Gregor Wolf

      Hi Denys,

      unfortunately the documentation link Managing Server-Side Data Encryption. Can you please update the link. The only pointer I've found regarding encryption was in the Feature Scope Description for SAP Cloud Platform, SAP HANA Service.

      But as SAP HANA Cloud is the way to go can you share some light how encryption is handled there?

      Best regards

      Author's profile photo Denys van Kempen
      Denys van Kempen
      Blog Post Author

      Thanks Gregor,

      Updated the URL to point to the LATEST version; I have been informed these URLs remain alive.


      Server-side encryption falls under SAP's responsability and is activated for data, log, and backup.

      At the time, I recorded some video about the delta on-premises versus cloud (versus service) but never got around the security aspects before other priorities surfaced...