Bypassing the Internet when connecting to SAP Cloud Platform on Hyperscalers
Many customers ask us how they can create a dedicated connection to our SAP Cloud Platform offerings, running on hyperscalers like AWS, Microsoft Azure or GCP.
In this blog post, we aim to help our customers in identifying the right course of action to reach the highest possible reliability for the connection to our services on hyperscaler platforms, while trying not to increase the complexity of the setup and not adding any additional dependencies to the interconnectivity in the cloud.
Image #1: Overview of an interconnected eco-system
In image #1 we’ve depicted the interconnected eco-system of such interconnect providers. Interconnect providers’ primary business is to enable connectivity between cloud providers, the internet and customers. There is a wide variety of interconnect providers to choose from. So direct cloud connectivity might still be an option, even if you are bound to a specific hyperscaler.
Once you’ve chosen which interconnect provider to use, established physical connectivity and peered with the provider, you are ready to order the connectivity towards the cloud solution of your choice. Since the interconnect business recognized the requirement for resilient connectivity to Cloud Providers long ago – most of interconnect providers even offer a self-service portal to set up connections towards cloud providers (including SAP, AWS, Azure and many more).
Obviously, every hyperscaler choses a different name for their product. We’ll touch on the most prominent ones: AWS, MS Azure and GCP.
All of these offerings are hyperscaler-region based setups. Therefore, it is not necessary to configure a specific connection directly to the hyperscaler account of the target SAP solution, as the account information is primarily required for the billing of the service and configuring the network connection to your on-premise datacenter.
Connecting to SAP Cloud Platform, Cloud Foundry via AWS Direct Connect
AWS Direct connect is a secure and reliable way to connect to AWS. It allows you to connect to a public virtual interface via your own AWS account without going through the public internet. It offers more bandwidth and physical links directly to the Amazon Network at Direct Connect PoPs via interconnect providers. For further information to the product itself and how to set it up, click here.
Once you’ve setup a public virtual interface and the respective peering – AWS will send all their public prefixes of the peered regions. Based on your DMZ infrastructure, this might not always be what you want. So in case your goal is not to enable great Amazon Prime Video or Netflix performance but rather reliability for business critical services, you should consider filtering these routes at least to the regions where your SAP Cloud Platform instances are deployed.
You can find the respective AWS Regions and IPs here. AWS allows you to retrieve the ranges in different formats so that you can automate the filter configuration within your infrastructure. AWS describes the whole procedure in more detail here.
Connecting to SAP Cloud Platform, Cloud Foundry via Microsoft Azure Express Route’s Microsoft Peering
Microsoft offers a very similar solution, called Microsoft Peering. Microsoft Peering is an offering to peer with Microsoft’s publicly available services explicitly. It will route all of Microsoft’s Cloud based products like Office365, Dynamics365 and of course public Azure services via an Express Route curcuit. More details about the product can be found on the official product page from Microsoft here.
Just like AWS’ Direct Connect – Microsoft Peering allows for a public IP Peering with MS Azure and therefore allows peering via interconnect providers. It also provides the same advantage of allowing you to use your own Azure subscription so no third-party contracts are included.
However, Microsoft will not just send you all their global prefixes. They implemented a router filtering feature, which lets you control which services should be routed via the direct links. When creating a filter you can select the MS based services that you want to route via the peering. To be able to route SAP Cloud Platform traffic, you’ll have to add respective Azure Regions, where you’ve deployed your services.
In case you would like to learn more about these filters, please check out Microsoft’s Route Filtering Documentation.
Connecting to SAP Cloud Platform, Cloud Foundry via Google Peering or Cloud Interconnect
Google also has a very similar offering. Although they offer a bit more flexibility than their competitors.
Basically, there are two products: Peering and Cloud Interconnect. Both come in two flavors: Direct or Carrier based.
Cloud Interconnect is part of GCP and can only be used in case you already have an active GCP account. It can be best compared to AWS’ Direct Connect. If you already have an active GCP account – this might be the most interesting solution for you.
However, if you would like to keep the connectivity on a more simpler layer or don’t want to think about a GCP account at all – there is also the option to Peer with Google directly.
This allows you to directly connect your edge network to Googles edge network. However, this requires an elaborate physical network setup and a team to support this. Not every company might have these resources. Therefore, there is also Carrier Peering available, which let’s you again bring in a third-party interconnect providers, like Equinix, Megaport, etc.
In case you want to know more about the options for Google connectivity, please check out Google’s hybrid connectivity documentation here.
I hope this helps you to decide the best interconnect strategy to connect to your SAP Cloud Platform Solutions on Hyperscalers.