Dear Ivan-san,

Thank you for your prompt reply; it was indeed helpful and has provided clarity for us.

To confirm my understanding of your explanation, it seems that it may be possible to establish a connection with S4H Cloud from the customer's private domain on AWS using Tier3 Classic ABAP technology while adhering to the core clean restriction, albeit not being recommended.

Additionally, I would like to inquire about networking and security technologies below the application layer perspective. Specifically, how can we establish connections with lower layers such as the session layer, the network layer, and other layers beneath the application layer?

I am concerned that this may necessitate some form of specialized technical arrangement between both SAP's gateway and the customer's gateway.

Thank you once again for your assistance.
Regards,
Takashi

Hi @focustakashi,

"To confirm my understanding of your explanation, it seems that it may be possible to establish a connection with S4H Cloud from the customer's private domain on AWS using Tier3 Classic ABAP technology while adhering to the core clean restriction, albeit not being recommended."

A: S/4HANA Cloud has two deployment options: Public or Private. Public Cloud is very limited in terms of what customers can do. Tier 1 and Tier 2 are the only options that entitle a customer to be considered as using a 'Clean Core' system. If you opt to use Tier 3, it is no longer adhering to the 'Clean Core' concept. At the end of the day this means the customer will be implementing something that is going to make it hard for them to adopt newer SAP releases and perform upgrades. This is something SAP is recommending customers to avoid as much as possible.

Furthermore, a Private edition means that SAP is managing the system for the customer on a private cloud. But the customer may request any changes in their system just as if it were running as an On-Prem system. At the end of the day, customers should be able to explain what is required in terms of connectivity, etc. to SAP so that they can configure it according to best practices and to what is allowed or not in terms of security. As the system is running on a managed cloud DC, it is possible that some requirement infringes what SAP will allow them to do - which should be properly aligned when purchasing such solution during the negotiation phase.

If give me a concrete example of what is required in terms of inter-connectivity between the customer's private domain on AWS and the S4H system, I could give you a more concise answer.

"Additionally, I would like to inquire about networking and security technologies below the application layer perspective. Specifically, how can we establish connections with lower layers such as the session layer, the network layer, and other layers beneath the application layer?"

A: If you are talking about S4H Public Cloud edition, nothing of the sorts are allowed. If you are talking about S4H Private edition, the same information given above is still valid as answer here. You ought to give me a more concrete example of what is required in terms of data integration so we can get better answers to you. It might be the case that there is no need to have such low layer integration (or even impossible in Private Edition). We do have several data and process integration solutions  available on BTP (Business Technology Platform) that would tackle their specific problem, without ever having to deal with complicated networking setup that would be dedicated to a single customer. BTP is the go-to PaaS solution from SAP for all extensibility scenarios required by customers that do what to adhere to the 'Clean Core' strategy. For instance, BTP has a service called "Integration Suite" which is a message broker service that allows them to do data integration between any S4H system (be it on-prem, public or private) and any other system running elsewhere over the most common standard internet protocols (like HTTP, OData, REST, FTP, MQTT, and many more adapters). We do have other service like Event Mesh to capture system events that can be consumed by Integration Suite or any other message client. SAP also has a what we call SAP Cloud Connector - which is a secure tunnel between a customer's SAP system and BTP. So, any application or services running on BTP is able to easily communicate with the customer's landscape without infringing any security rules imposed by firewalls, etc.

Therefore, if you give me a concrete use-case, I can point to an integration scenario using BTP and all related connectivity that would required without bothering with networking layers of the private domain in AWS.

Best regards,
Ivan

Dear Ivan-san,

Thank you very much for your prompt reply and detailed explanations. Your insights have provided me with a clear understanding of our service limitations.

It's evident to me that we are constrained in terms of what we can offer, except in the "side by side" development fields, in response to customer requirements within the "Public Cloud".

Currently, We have only S4H Public Cloud license seller alliance with SAP Japan. As our Q&A with you, I now fully grasp that delivering S4H Public Cloud solutions necessitates a distinct sales approach compared to other SAP products, such as Private cloud and On-premise solutions.

Your guidance has been invaluable in clarifying our strategy moving forward.
I look forward to further collaboration and refinement in our approach to serving our clients.

Warm regards,
Takashi