Already a reality: SAP systems in the cloud

In many companies, cloud computing is already deployed and consistently used, for example, in software-as-a-service offerings such as Salesforce. In addition, however, there is also the opportunity for companies to take advantage of the far greater potential of infrastructure-related services from the cloud. Particularly in the area of technical operation of SAP systems, companies are still hesitant to take advantage of the attractive offerings from the cloud.

If SAP systems are currently operated in a cloud, companies initially opt for a private cloud. In the private cloud model, the SAP systems are operated in an exclusive cloud that is only accessible to one customer.

This offers maximum security for the data and the customer. In contrast, there is the public cloud. In a public cloud (Amazon, Microsoft), the SAP systems are operated in an environment that is available to many customers.

When private and public clouds are combined, this is generally referred to as a hybrid cloud. In this model, companies use the services of their own private cloud with services from a public cloud and combine this with services from their own data center.

The use of cloud offerings for the operation of SAP systems is already a reality at some companies, but is not yet widespread. Infrastructure-as-a-Service (IaaS) offerings are increasingly being used here.

The best-known IaaS offerings are probably Amazon's Elastic Cloud Computing and Microsoft's Azure Cloud. SAP systems can already be operated productively in the cloud via both offerings and important cost advantages can also be exploited. The operating costs of SAP systems can be significantly reduced via public cloud offerings. This is seen as the main motivation for using public cloud offerings.

Data Privacy

However, before a company can take this decisive step, a few points must be considered and evaluated before using the cloud. These points are data privacy, safety and security, technical limitations, support, service level agreements and the topic of target operating model and governance.

In many companies, customer-related data is collected, stored and processed. The company must ensure that sovereignty over the data is always guaranteed. It must be ensured where and how the data is processed by whom at any given time.

This is elementary for cloud-based SAP systems if a cloud is not located on site at the company or is even located abroad. In such a scenario, the data protection guidelines of the country must be observed and complied with.

This applies not only if the data is already in the cloud, but also in the case of cross-border use. Example: For German companies, operating an SAP system outside Germany's borders is problematic because personal data would leave Germany.

The company must ensure that it always has sovereignty over the data. Since cloud providers do not always have their data centers in Germany, the company would also have to ensure that the sovereignty and integrity of the data is given outside of Germany.

Safety and security

The security of a company's data must always be guaranteed. In a company's own data center, the security of the data can be determined by the company itself. However, as soon as SAP systems are operated in the cloud, it must also be possible to follow the guidelines and regulations in the cloud.

It is elementary that such scenarios are evaluated before the cloud is used. For example, it must be checked which methods of data encryption can be offered and applied.

Example: When using public cloud offerings, a company should ensure that the SAP system in the cloud is protected as best as possible and that all data traffic between the company and the public cloud is secured.

Although all cloud providers keep coming up with new technical dimensions, in reality there are often technical restrictions that can make use impossible. These can be, above all, the sizes of the SAP systems.

A productive SAP ERP system can quickly become a system with several terabytes of data and with many end users working in parallel. Some points can be addressed by a suitable architecture, but especially with the size of servers (virtual/physical) one may be limited in the cloud.

For example, although higher availability systems can also be hosted in the cloud, operating clusters for high availability and disaster recovery is still difficult to implement.

Official SAP Support

There is one decisive factor for operating an SAP system in a cloud. This is the official support from SAP for the SAP system. Here, it is irrelevant whether the SAP system is productive or non-productive.

Every company needs the certainty that the SAP systems are officially supported. So before a cloud can be used, the official support from SAP as well as the manufacturers of other software should be evaluated.

Example: An SAP system operated by the company with an old kernel (for example, 4.7) is not supported by SAP in the public cloud.

SAP systems form the backbone of every company and are accordingly secured via high service level agreements. 24/7 operation over 265 days is nothing unusual here.

If the company operates in its own data center, such high SLAs can be created and guaranteed itself. But if the company ventures into the cloud, the cloud provider's SLAs must also be able to map the company's SLAs.

A potential shortfall, especially in support structures, must be identified by a company before the first deployment. Example: If the cloud provider does not offer 24/7 support, it will be difficult for the customer to create SLAs with such a support level.

Target Operating Model and Governance

The future operation of SAP systems in a cloud can represent a change in the operating model and must be addressed by the company at an early stage. The service cut between the cloud provider and the company's own IT must be clarified in advance.

Furthermore, there is the aspect of governance of new cloud services. Here, the adaptation of cloud services to the company's specifications is essential. Example: If internal IT previously operated all services on its own, it is now in a position to hand over some points, such as provisioning and actual operation, to the cloud provider.

Before deploying public cloud offerings, an assessment is ideally conducted to fully address the issues. This is not about identifying hurdles to cloud deployment, but rather early identification of potential issues.

Once all issues have been identified and addressed, companies can move their SAP systems to the cloud. In addition to the general points above, SAP-specific points, such as integration in STMS, also need to be clarified. This is the subject of the second part of this series of articles.