Product Information
SAP Private Link Service for AWS (Beta) is Available
| Update (2023-09-08): The SAP Private Link service on AWS is now Generally Available (GA)! Read all about it in this blog post. |
The SAP Private Link service establishes a private connection between selected SAP BTP services and selected services in your own IaaS provider accounts. By reusing the Private Link functionality of SAP’s partner IaaS providers, the service lets you access your services through private network connections to avoid the need for public endpoints or data transfer via the public internet. In addition to the functionality that is already generally available for the SAP Private Link service on Azure, we’re happy to announce that we now offer Beta support for SAP Private Link service on AWS. See also the announcement from AWS on this.
What does the Beta include?
With SAP Private Link service, Cloud Foundry applications running on SAP BTP with Amazon AWS as IaaS provider can communicate with services that support AWS PrivateLink via a private connection. This ensures that traffic is not routed through the public internet, but stays within the AWS network infrastructure.
For the Beta, the SAP Private Link service supports connections to custom AWS Endpoint Services as well as the following AWS Services:
- Simple Storage Service (S3)
- Simple Queue Service (SQS)
- Simple Notification Service (SNS)
- Simple EMail Service (SES)
- Relational Database Service (RDS) – Aurora Data API
The Beta will be initially available on the following SAP BTP Cloud Foundry regions:
- cf-eu10 – Europe (Frankfurt)
- cf-us10 – US East (VA)
We plan to provide support for additional SAP BTP Cloud Foundry regions running on AWS over the course of the Beta.
Connection from SAP BTP, Cloud Foundry environment to AWS using Private Link service
What are possible use cases?
One possible use case is to use the SAP Private Link service to communicate with an SAP S/4HANA system or other SAP or non-SAP systems running on a VM in your own AWS account privately from within SAP BTP, Cloud Foundry environment.
This connection can be established by creating an AWS Endpoint Service that exposes an AWS Network Load Balancer which routes traffic to the SAP S/4HANA system. The service name of that AWS Endpoint Service must then be used to create an SAP Private Link service instance. As soon as the connection is established successfully, the SAP Private Link service provides a private hostname pointing to your AWS Endpoint Service.
You can also find the end-to-end S/4HANA extension scenario with step-by-step instructions, both for AWS and Azure, in this repository.
Connection from SAP BTP, Cloud Foundry environment to an AWS Load Balancer
The second use case is to use the service name of one of the supported services offered by AWS instead of a custom service name. The basic functionality is the same, but instead of a connection to a custom endpoint exposed via an AWS Endpoint Service, the connection will be established to a service natively provided by AWS, such as the Simple Queue Service.
Connection from SAP BTP, Cloud Foundry environment to AWS SQS using Private Link service
How can I use it?
Check out our tutorials about how to
- Set Up SAP Private Link Service on Amazon Web Services (Beta)
- Connect SAP Private Link Service to AWS PrivateLink Service
Besides that, we also provide a collection of sample apps that demonstrate how the AWS SDK has to be configured so that the traffic goes over Private Link.
What to expect after Beta?
Currently, we support custom AWS Endpoint Services as well as a selection of services natively provided by AWS.
In the future, we plan to support the following:
- Google Cloud as IaaS provider and the corresponding Google Cloud Private Service Connect
- Connections to other selected native AWS services, e.g. AWS Lambda
- Connections initiated from within AWS to SAP BTP, Cloud Foundry environment or other SAP BTP services
- Connections from or to other SAP BTP services, e.g. to SAP HANA Cloud
Please understand that SAP does not commit to, promise to, and is under no legal obligation to deliver these features in the future. This list of features may be changed or withdrawn by SAP at any time for any reason without notice, and business decisions shoult not be based on this.
Important Links
Conclusion
Now you know that the SAP Private Link service on AWS has to offer for its initial Beta release, with support for the SAP BTP, Cloud Foundry environment on AWS and several selected AWS services.
Get started with the Beta! We’re eager to receive your feedback!
Hello Mr. Becker,
many thanks for the article.
Is then still a HANA Cloud Connector necessary ?
VG
Damian
Hi Damian,
I assume that with "HANA Cloud Connector" you mean the SAP Cloud Connector? That depends on your concrete scenario. The SAP Private Link service is not a general replacement for the SCC, but can make the SCC obsolete in some scenarios. Also the scope of both solutions is slighly different. The SAP Private Link service provides L3 network connectivity with the guarantee that the data will stay within the IaaS providers network backbone, whereas the SCC has other functionality included like, e.g., RFC filtering.
So providing a general statement on whether the SAP Cloud Connector is still necessary is not possible.
Best regards,
Philipp Becker
Hello Mr. becker,
great many thanks
Hi Damian Tometzki,
I maintained a comparison here.
KR
Martin
great many thanks
Long wait is finally over. When can we expect this in mainstream support?
Hi.
If by "mainstream support" you mean on whether the SAP Private Link service on AWS will leave the beta and become ready for production: We're currently planning to have this in H1/2023. As with all such dates, please be aware that at the moment we cannot rule out that this date might change again without further notice, but we're working hard on making this possible.
Best regards,
Philipp
Can we use the "Sap Private network service" to connect the IoT service that is hosted on AWSÂ with Kafka service that is hosted on SAP Cloud foundry ? if not , are these services planned in future.
Hi,
At the moment we unfortunately do not yet have plans to support connections to Kafka hosted on SAP BTP CloudFoundry, although that might change in the future.
Best regards,
Philipp
Dear Philipp,
is it intended that we also can use that for cloud services / products like SAP Analytics Cloud & SAP Data Warehouse Cloud?
For example it could be interesting for us to couple our DWC tenant with a BTP proved HANA Cloud system.
Thanks and regards
Hakan
Dear Hakan,
Providing Private Link support for other SAP offerings like, e.g. SAP Analytics Cloud or SAP DWC is something we're currently looking into to see whether and how we can provide this. But please be aware that for your target scenario (couple DWC tenant with HANA Cloud) we need to first have support for both these services, so that will take time.
Best regards,
Philipp