SAP Private Link in Action: How FrieslandCampina safeguards their integration flows with Azure Storage Account
SAP and Microsoft have a long history of partnership and co-engineering activities. With extensive customer overlap, serving many enterprises, the partnership has been able to deliver innovative solutions that address common customer needs and provide enhanced security and resiliency for critical business operations.
SAP Private Link service is one of many co-engineering activities which enables common customers and partners to establish secure connectivity between the SAP Business Technology Platform and Microsoft Azure workloads.
In this blog, I would like to share a real-life example of SAP Private Link Service in action, as experienced by FrieslandCampina.
FrieslandCampina is a leading dairy company based in the Netherlands, known for producing high-quality dairy products. With a global presence, FrieslandCampina is committed to sustainable and better nutrition for the world.
In order to streamline its critical business processes, FrieslandCampina has implemented the SAP Integration Suite across several areas including Sales, Procurement, Delivery, Manufacturing, and HR.
Due to the critical nature of these processes, it is essential that the integrations are not only efficient and stable but also secure and highly available. A failure in any of these areas could lead to a critical situation where production is unable to continue.
SAP is a core system for FrieslandCampina and an important partner in their efforts to execute these vital processes. By utilizing SAP Cloud Integration, FrieslandCampina has been able to seamlessly integrate these processes and Private Link is helping them to bridge the gap for organizations that are on the journey to migrate towards the cloud.
Questions to FrieslandCampina
To get an insider’s perspective on the implementation of Private Link, I spoke with Hiren Asher, an Enterprise Integration Architect at FrieslandCampina who was leading this implementation.
Firstly, I would like to express my gratitude to Hiren and the entire team for their great collaboration and trust.
Hiren, what motivated you to adopt the SAP Private Link service for your Azure storage account and how has it affected your organization’s security posture?
We have SAP and Microsoft as two strategic partners and have a clear policy around “Platform First” as an approach. The use of a Private Link would also activate/lead to the use of various other services from SAP BTP and MS Azure platform. The SAP Private Link Service also enables to keep data transmission within the realms of MS Azure DC. This will imply additional security when we extend our connections between the core Financial system or any integration which have sensitive and confidential data. This also reduces dependency on the network team and enables the Integration team to deliver things faster.
Could you share your overall experience with implementing SAP Private Link for your storage account?
Overall experience was very good. Support provided by SAP was great which eased the process of implementing the change and the documentation provided (via GitHub) is sufficient to enable this service easily
FrieslandCampina relied on a reference architecture provided by SAP to link SAP Cloud Integration with Azure Blob storage by enabling the easy exchange of massive amounts of unstructured data. This integration provided them with a secure solution for their business to transfer unstructured data between the two platforms.
To get a more detailed understanding of this implementation, you can refer to the following GitHub repository. The repository provides step-by-step guidance, including code samples and configuration files, for setting up SAP Private Link service with Azure Storage Account and integrating it with SAP Cloud Integration.
The real-life example of FrieslandCampina demonstrates the effectiveness of SAP Private Link in enabling secure connectivity between the SAP Business Technology Platform and Microsoft Azure workloads. As more businesses move towards cloud-based solutions, SAP Private Link provides a valuable tool to help ensure secure and reliable operations.
I encourage our readers to learn more about SAP Private Link and its potential benefits for their businesses.
- You can check the SAP Private Link service roadmap for the latest product features.
- More blog series about SAP Private Link service you can find here.
- Finally, the help document of the SAP Private Link service
#Kudos to Gowrisankar M, Martin Pankraz, Michiel D. and the entire team for outstanding contribution.
While it is good to see an example of the SAP Private Link service with Azure, it would be helpful if you could also provide some context on FrieslandCampina's business use case being implemented for this integration. From the diagram it looks like data is being transferred from Azure Blob Storage and posted into an S/4HANA system via an iFlow. Is that correct? Some questions that arise are:
Unfortunately, due to the involvement of a third-party SaaS solution, I can't provide extensive details on the use case. However, prior to the Private Link, their SaaS provider faced communication conflicts while attempting to install the solution within the same Azure DC.
So explicitly to allow communication between SAP BTP and the SaaS service on Azure there was break-out point and network rule required to be created in different zone like Azure Ireland or expose both the end points publicly.
This is not anymore the case with help of Private Link:
On-Prem SAP System -> BTP (Azure AMS) -----Private Link-----> Azure AMS (SaaS)
The Diagram you are referring is a sample reference architecture, which FrieslandCampina used as a reference for implementation. The iFlow is just an example of how to CRUD from Azure Blob and S/4HANA is not part of it.
Thanks for the clarification, Harutyun. That helps.