AWS Overview
AWS offers a broad set of global, cloud-based services, including compute, storage, networking, Internet of Things (IoT), and many others. These services help organizations move faster, lower IT costs, and support scalability. AWS is trusted by the largest enterprises and popular start-ups to power a wide variety of workloads, such as web and mobile applications, game development, data processing and warehousing, storage, and archiving.
AWS Services
AWS provides over 200 cloud services that you can use in combinations tailored to your business or organizational needs. For information about all AWS services, see the Amazon Web Services Cloud Platform documentation.
This section introduces the AWS services that are most relevant for the deployment and operation of SAP solutions. The following list provides a high-level description of each service and its use for SAP systems. To view features, pricing, and documentation for an individual service, follow the detailslink after the description.
Area | Service | Description | SAP uses |
---|---|---|---|
Compute | Amazon Elastic Compute Cloud (Amazon EC2) | Secure, resizable compute capacity in the cloud. (details |
Virtual and bare metal servers for the installation and operation of SAP systems. |
Storage | Amazon Elastic Block Store (Amazon EBS) | Persistent block storage volumes for use with EC2 instances. (details |
File systems for SAP software (e.g., /usr/sap ), SAP database log
and data files, and SAP local backups. |
Amazon Simple Storage Service (Amazon S3) | Object storage service that offers an extremely durable, highly available, and
infinitely scalable data storage infrastructure. (details |
Highly durable storage for file backups, database backups, archiving data, data lakes, and more. | |
Amazon Elastic File System (Amazon EFS) | Simple, scalable, elastic file system for Linux-based workloads for use with
AWS Cloud services and on-premises resources. (details |
Shared file system for SAP application servers (e.g.,
/sapmnt ). |
|
Amazon FSx for Windows File Server | Fully managed, highly durable, and available native Microsoft Windows file
system. (details |
Shared file system for SAP application servers (e.g.,
/sapmnt ). |
|
Amazon FSx for NetApp ONTAP | Fully managed, highly reliable, scalable, high-performing file storage built on NetApp ONTAP file system(details) | Shared file system for SAP application servers (e.g.,
/sapmnt ). |
|
Networking | Amazon Virtual Private Cloud (Amazon VPC) | Logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. (details) | Network for SAP resources. You can control the level of isolation of your EC2 instance from other networks, instances, and on-premises network resources, such as those in production and non-production environments. |
AWS Site-to-Site VPN | Enables you to securely connect your on-premises network or branch office site
to your VPC. (details |
Network connectivity between on-premises systems/users and SAP systems on AWS. | |
AWS Direct Connect | Lets you establish private network connectivity between AWS and your data
center, office, or co-location environment. (details |
Private network connectivity between on-premises systems/users and the SAP system or environment on AWS. | |
Amazon Route 53 | Highly available and scalable cloud Domain Name System (DNS) web service.
(details |
Name and address resolution for SAP systems running on AWS. | |
Amazon Time Sync | Highly accurate and reliable time reference that is natively accessible from EC2 instances. (Linux | Windows) | Time synchronization for your SAP systems on EC2 instances. | |
Management and operation tools | AWS Management Console | Simple web interface to provision and manage AWS resources. (details |
Provisioning and management of AWS resources for your SAP environment on AWS. |
AWS Command Line Interface (AWS CLI) | Command-line tool set to provision and manage AWS resources. (details) | Creation of scripts to automate the provisioning and management of AWS resources for your SAP environment on AWS. | |
AWS CloudFormation | An easy way to create a collection of related AWS resources and provision
them in an orderly and predictable fashion. (details |
Automated provisioning of AWS resources for new SAP landscapes, disaster recovery environments, and other use cases. | |
Amazon CloudWatch | Monitoring for AWS Cloud resources and the applications you run on AWS:
collect and track metrics, collect and monitor log files, and set alarms. (details |
Monitoring SAP systems running on AWS using Amazon CloudWatch Application Insights. | |
AWS CloudTrail | Records activity made on your account and delivers log files to your S3 bucket.
(details |
Audit capabilities within your AWS account, such as use of the Amazon EC2 API. | |
AWS Launch Wizard for SAP | AWS Launch Wizard for SAP is a service that guides you through the sizing, configuration, and deployment of SAP applications on AWS. (details) | Setup and configuration of resources required for your SAP deployment. | |
AWS Backint Agent for SAP HANA | SAP certified solution to backup and restore SAP HANA database to and from Amazon S3. (details) | Backup solution to store SAP HANA database backups to Amazon S3. | |
Security, identity, and compliance | AWS Identity and Access Management (IAM) | Manages access to AWS services and resources securely. Using IAM, you can
create and manage AWS users and groups, and use permissions to allow and deny
their access to AWS resources. (details |
Fine-grained access control using a least privileged security model to access specific AWS services and actions; e.g., to allow SAP BASIS resources to launch, to stop and start EC2 instances without terminating them. |
AWS Global Infrastructure
The AWS Cloud infrastructure is built around Regions and Availability Zones. An AWS Region is a physical location that provides multiple, physically separated and isolated Availability Zones. Each Availability Zone consists of one or more data centers that are connected with low-latency, high-throughput, and highly redundant networking. These Availability Zones offer an easier and more effective way to design and operate your applications and databases, making them more highly available, fault tolerant, and scalable than traditional single or multiple data center infrastructures.
For a list of the available AWS Regions and to learn more about the AWS global
infrastructure, see Global
Infrastructure
AWS Security and Compliance
Security
At AWS, security is our top priority. As an AWS customer, you will benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations. Security in the cloud is much like security in your on-premises data centers—only without the costs of maintaining facilities and hardware. In the cloud, you don’t have to manage physical servers or storage devices. Instead, you use software-based security tools to monitor and protect the flow of information into and out of your cloud resources.
As an AWS customer you inherit all the best practices of AWS policies, architecture, and operational processes built to satisfy the requirements of our most security-sensitive customers, and get the flexibility and agility you need in security controls.
The AWS Cloud enables a shared responsibility model. While AWS manages security of the cloud, you are responsible for security in the cloud. This means that you retain control of the security you choose to implement to protect your own data, platform, applications, systems, and networks no differently than you would in an on-site data center.
To learn more about AWS security, see AWS
Cloud Security
Compliance
AWS provides robust controls to help maintain security and data protection in the cloud. As systems are built on top of AWS Cloud infrastructure, compliance responsibilities will be shared. By tying together governance-focused, audit-friendly service features with applicable compliance or audit standards, AWS compliance enablers build on traditional programs and help you operate in an AWS security control environment.
The IT infrastructure that AWS provides to its customers is designed and managed in alignment with best security practices and a variety of IT security standards. The following is a partial list of assurance programs with which AWS complies:
-
SOC 1/ISAE 3402, SOC 2, SOC 3
-
FISMA, FIPS, DIACAP, and FedRAMP
-
PCI DSS Level 1
-
ISO 9001, ISO 27001, ISO 27017, ISO 27701, ISO 27018
For more information, see AWS
Compliance Programs
AWS Provisioning and Management
The provisioning and management of AWS services and resources use a self-service model managed by the customer or a partner. For an overview of the tools available for provisioning and management, see the management tools in the AWS Services section.
Figure 1 shows the services managed by AWS and the services managed by the customer or partner for SAP.
Figure 1: Managed services for SAP on AWS