F5 Distributed Cloud's Secure Multi-Cloud Networking (MCN) and SAP S/4 HANA: The perfect match

F5's secure multi-cloud networking (MCN) using Distributed Cloud (XC) moves away from the traditional networking ideology (and headaches) of hobbling together dispersed sites and functions towards a cohesive, simplified enforcement and management structure all from one console. F5's secure MCN solution using XC network connect simplifies network management inside and between clouds, which unifies operations with consistent policy enforcement with detailed analytics. Secure MCN's app connect is the sister service which delivers applications via load balancing, allowing for workload discovery, connectivity, and security between apps, wherever they live.

So how does this relate to SAP S/4 HANA?

SAP is a market leader in enterprise application software, yet deployments are known to be complex. S/4 HANA is the latest in their current enterprise resource planning system with deployment models being on-premise, in the cloud or a hybrid instance and is also available as software-as-a-service (SaaS). Beyond the traditional relational database, it runs in-memory with data stored in columns, which allows for faster and almost real-time computation and metrics capabilities. SAP business applications are made up of a suite of software products. Commonly structured in a three-tier configuration (presentation, application and database layers) with modules containing specific application and associated data. To make it more end-user friendly, a new interface was created, called Fiori, which is the web front-end for SAP S/4 HANA. Compounding the issue is, for on-premise deployments (data centers), moving F5 technology into cloud providers (AWS, Azure, GCP) where the networking design piece is different for each cloud provider makes connectivity even more complex. Interestingly, SAP even recommends a reverse proxy to protect internet-facing deployments. By 2025, all legacy customers are required to upgrade to S/4 HANA.

This is where F5 XC comes into play to help legacy SAP customers and newly-adopted S/4 HANA customers seamlessly stitch together their SAP deployments. All of this speaks directly to XC's secure MCN solution. Multi-cloud networking can have a litany of challenges ranging from disparate priorities of respective Ops teams, various configuration and management restrictions, policy misalignments and inconsistencies. XC's secure MCN can solve all these inherent challenges (L3-L7) by being cloud agnostic, offering secure connectivity with automated control of native cloud services like Amazon's Transit Gateway, Azure's Peering, and Google's Cloud Interconnect with a proxy architecture which avoids IP address overlap. Because XC is a simple and easy-to-deploy single-pane-of-glass solution consumed as a service, there is no need for separate overlay software installations for control and data plane functions.

XC Network Connect (connecting networks)

The beauty of secure MCN begins with the deployment of a Customer Edge (CE) node/site which runs the same software as the globally distributed F5-maintained Regional Edges (RE) that serve as the data plane backbone of XC. Through automated provisioning and orchestration of cloud provider connectivity, a virtual network is created from the deployed CEs and the REs. The customer deployed CEs mesh with the REs through 'call-home' IPSEC or SSL tunnels. So wherever SAP lives, a CE node/site can be deployed!

XC Application Connect (connecting applications)

  Through XC, the proxy-based architecture allows applications to connect securely to other distributed applications with end-to-end encryption and observability. With the configuration of a load-balancer, the dispersed instances of the three-tiered SAP application suite can talk 'app' to 'app' without having any kind of manual NAT or IP overlap concerns. Through the use of labels, adding and removing deployments becomes ridiculously easy. Same with additional security policies, they are easy too! 

The idea here is that whatever Ops persona, the same XC console is used, from connecting, deploying, securing and visualizing any application. Also, the F5 global backbone can handle connecting all the different sites with multi-path routing so there isn't the typical concern for additional backhaul overhead and provisioning. F5 offers a complete best-in-class overall security and connectivity solution for SAP S/4 HANA across cloud-based, on-premise and hybrid environments by providing a secure multi-cloud networking solution with rich telemetry data from a single console. 

Published Dec 21, 2023
Version 1.0

Was this article helpful?

No CommentsBe the first to comment