Skip to Content
Technical Articles
Author's profile photo Nestor Lara

Infrastructure as Code, DevOps, and the Future of Enterprise

$ ./ vm-1217
$ docker-compose up

The first time I installed SAP, I failed at it. I had been trying for about three months before giving up. It seemed impossible. 

A few years later, a more tenacious team member got as far as starting the installation via SWPM, but it failed due to system requirements. He shared everything he had learned with me, and I set out to try again. 

I worked on my next attempt for about one month before seeing that wonderful screen load.


After that, I kept running through the installation process and iterating on it, learning a ton along the way, including that SAP offers a method to perform an unattended installation. I got to the point where I could install SAP ERP in about one day.

One day was not fast enough.

Modern DevOps relies on spinning up a server in minutes to run automated tests and ensure the code is safe to move to production. We needed a better way. 

This article is a follow-up to A Practical Guide to DevOps for SAP ERP

One of the advantages of working on a cross-disciplinary team is that you’re not bound by the old way of doing things and instead can share better ways of accomplishing a task. Our team includes non-SAP developers who had no idea of the existing limitations and underestimated the task’s difficulty. This turned out to be a great thing. 

Infrastructure as Code (IaC)

Today we can prepare a machine to run SAP in about 2 minutes by running one command. 

$ ./ vm-1217

A lot is happening here. This command makes a call to a hyperscaler to create a virtual machine with the proper system requirements to run SAP ECC in a container. Once the VM is provisioned, it installs all dependencies required, including Docker, docker-compose, npm, VPN, nano, configures hostnames, and more. 

$ docker-compose up

The second command is also dense. If you’re not familiar with Docker, it uses images as a type of snapshot to run nearly any application. In our case, it downloads an image of an SAP system that runs on Docker. It contains production-quality data and points to virtualized or non-production interfaces. Creating the image is no easy task, and it requires a significant understanding of containers and SAP to complete an installation that works in a container environment. Once the container is created, it can be reused as many times as you want from that point on. For example, you can load it with three years or one month of data from a production environment. The command above triggers the image’s initial download and extraction, which is the slowest part of the process to provision a new VM with SAP. The process takes around 30 minutes (depending on the system size). The next step is to start a container from this image, and this takes about 3 minutes which is the time for SAP to start. 

The VM’s we found work for our system are 4 vCPU, 32768 RAM (MiB), and 500 GB SSD. We use technologies compatible with any hyperscaler, such as AWS, GCP, or Azure.

Automate Everything

Now that your infrastructure can be deployed with code, the possibilities are endless. 

You can integrate IaC with a nice frontend. The frontend allows employees or contractors to access a self-service portal to provision VM’s and start, stop, and delete containers. You can set limits on their access (e.g., number of VMs, what images they can download, etc. ) through configuration and create a dashboard to manage resources. Development of this self-service portal goes through a CI/CD pipeline, of course! 


Another possibility is to manage your IaC in your CI/CD pipeline. Since it’s code, you can test like you usually do with your pipelines. Part of this is possible because of the use of artifacts. In the context of IaC, artifacts are your Docker images or VM images. If you make code changes to your infrastructure, such as reducing your VM’s disk space and RAM, you can test your artifacts deploy correctly after the changes. Even though the test process is long, it’s scalable and automated, so it’s worthwhile to do. 

Practical Example 

I want to test 5 different variations of the RAM and disk space. I create five branches and assign the different test values to each, then run automated testing. I can check back later that day to see which variations had errors. If any of them were successful, I conclude that SAP runs without issues on a more affordable machine. I can then submit a PR for the branch that worked. The next time the command to provision a VM is executed, it uses the latest code (i.e., with the more affordable machine). This test took about 15 minutes of my time and a few hours of machine test time. If you use infrastructure as code, you can test that infrastructure as code! 

Change Management

For most people using a solution like this, the changes are reasonably transparent. They still connect to SAP in the same way as before and only need to learn how to click a few buttons to manage their SAP system. 

Developers have a bit more upskilling to do but nothing unreasonable. They need to learn the basics of abapGit and GitHub or whatever git tool you use. They also need to become more familiar with unit tests and implement an adequate test suite. 


Access control is still restricted, and traffic goes through a VPN. Production data can be sensitive, so the copy should include synthetic data or data obfuscation. These tools maintain the integrity of the data while creating completely fake records.

Looking to the Future


There are still some unknowns with this approach, but one thing is for sure, enterprise technology has fallen behind. I understand that some challenges are more nuanced, but software development is decades ahead of where we currently are with ERP systems. 

Projects should not take years. 

Code freezes belong with floppy disks. 

Repetitive tasks are best left to the machines.

Deploying code to production should take hours and be nearly risk-free. 

Enterprise IT modernization isn’t happening overnight, but companies need to get serious about it or risk becoming obsolete. I hope sharing our experience provides some value to others and helps move us forward.


If you enjoyed this post please hit the like button and add a comment. 🙂 Happy to answer any questions and continue sharing our journey with DevOps.



Photo by Drew Beamer on Unsplash

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Lars Hvam
      Lars Hvam

      Cool, thanks for sharing

      Real systems will give correct results, but the downside is the speed and cost, waiting half an hour or to "later that day", increases iteration time. So we need a combination of fast feedback and real systems, the fast feedback for static analysis can be done with abaplint and also running some unit tests fast is possible.

      For a practical example see abapGit, static analysis feedback is reported in ~40 seconds, and 270+ unit tests in ~50 seconds.

      Author's profile photo Nestor Lara
      Nestor Lara
      Blog Post Author

      I completely agree. The faster the test response, the easier it is to develop high-quality code. Companies/developers should find the combination that works for them.

      I think the long wait time is acceptable for the initial setup of a VM and SAP image. We'd like it to be faster, but it's a substantial improvement to the current 3-10 day wait times. IaC also makes the logistics of implementing this approach possible.

      Author's profile photo Joachim Rees
      Joachim Rees

      Wow, very interesting! Thanks for introducing Infrastructure as Code!

      Author's profile photo Boris Zarske
      Boris Zarske

      As there has been a very high interest in the topic in our DevOps community, I am happy to announce that Nestor will host an SAP Community Call together with his colleague Mary Murphy next week on February 9, 2022 - 10:00 AM EST/ 04:00 PM CET:

      DevOps for SAP ERP | Boost your productivity with CI/CD pipelines (live on YouTube)

      They will offer a presentation incl. a short demo and a long Q&A part, so bring all your questions with you!

      Author's profile photo Ian Stubbings
      Ian Stubbings

      Hi Nestor

      Very interesting blogs and Community Call. Great to see the theory turned into reality!

      One of the biggest blockers we will have to containerising ECCs is the size of the DB due to the large volume of data. You mention that you can time slice this. How is this achieved?