# SAP on AWS Overview and Planning
*SAP specialists, Amazon Web Services*
* [Last updated](overview-revisions.md): January 2023*
This guide provides overview and planning information for SAP customers and partners who are considering implementing or migrating SAP environments or systems to the Amazon Web Services Cloud.
This guide is intended for users who have previous experience installing, migrating, and operating SAP environments and systems on traditional on-premises infrastructure. It consists of three main sections:
+ An [overview of the AWS Cloud and AWS services](overview-aws.md), for readers who are new to the cloud.
+ An [overview of SAP on AWS](overview-sap-on-aws.md), including software and licenses, support options, and partner services.
+ [Technical considerations](overview-sap-planning.md) that will help you plan and get the most out of your SAP environment on AWS.
**Note**
To access the SAP notes referenced in this guide, you must have an SAP One Support Launchpad user account. For more information, see the [SAP Support website](https://support.sap.com/en/my-support/knowledge-base.html).
## About this Guide
This guide is part of a content series that provides detailed information about hosting, configuring, and using SAP technologies in the AWS Cloud. For the other guides in the series, ranging from overviews to advanced topics, see [SAP on AWS documentation](https://aws.amazon.com/sap/docs/).
# AWS Overview
AWS offers a broad set of global, cloud-based services, including compute, storage, networking, Internet of Things (IoT), and many others. These services help organizations move faster, lower IT costs, and support scalability. AWS is trusted by the largest enterprises and popular start-ups to power a wide variety of workloads, such as web and mobile applications, game development, data processing and warehousing, storage, and archiving.
## AWS Services
AWS provides over 200 cloud services that you can use in combinations tailored to your business or organizational needs. For information about all AWS services, see the [Amazon Web Services Cloud Platform](https://docs.aws.amazon.com/aws-technical-content/latest/aws-overview/amazon-web-services-cloud-platform.html#services) documentation.
This section introduces the AWS services that are most relevant for the deployment and operation of SAP solutions. The following list provides a high-level description of each service and its use for SAP systems. To view features, pricing, and documentation for an individual service, follow the *details*link after the description.
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/sap/latest/general/overview-aws.html)
## AWS Global Infrastructure
The AWS Cloud infrastructure is built around Regions and Availability Zones. An AWS Region is a physical location that provides multiple, physically separated and isolated Availability Zones. Each Availability Zone consists of one or more data centers that are connected with low-latency, high-throughput, and highly redundant networking. These Availability Zones offer an easier and more effective way to design and operate your applications and databases, making them more highly available, fault tolerant, and scalable than traditional single or multiple data center infrastructures.
For a list of the available AWS Regions and to learn more about the AWS global infrastructure, see [Global Infrastructure](https://aws.amazon.com/about-aws/globalinfrastructure) on the AWS website.
## AWS Security and Compliance
### Security
At AWS, security is our top priority. As an AWS customer, you will benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations. Security in the cloud is much like security in your on-premises data centers—only without the costs of maintaining facilities and hardware. In the cloud, you don’t have to manage physical servers or storage devices. Instead, you use software-based security tools to monitor and protect the flow of information into and out of your cloud resources.
As an AWS customer you inherit all the best practices of AWS policies, architecture, and operational processes built to satisfy the requirements of our most security-sensitive customers, and get the flexibility and agility you need in security controls.
The AWS Cloud enables a shared responsibility model. While AWS manages security **of** the cloud, you are responsible for security **in** the cloud. This means that you retain control of the security you choose to implement to protect your own data, platform, applications, systems, and networks no differently than you would in an on-site data center.
To learn more about AWS security, see [AWS Cloud Security](https://aws.amazon.com/security) on the AWS website.
### Compliance
AWS provides robust controls to help maintain security and data protection in the cloud. As systems are built on top of AWS Cloud infrastructure, compliance responsibilities will be shared. By tying together governance-focused, audit-friendly service features with applicable compliance or audit standards, AWS compliance enablers build on traditional programs and help you operate in an AWS security control environment.
The IT infrastructure that AWS provides to its customers is designed and managed in alignment with best security practices and a variety of IT security standards. The following is a partial list of assurance programs with which AWS complies:
+ SOC 1/ISAE 3402, SOC 2, SOC 3
+ FISMA, FIPS, DIACAP, and FedRAMP
+ PCI DSS Level 1
+ ISO 9001, ISO 27001, ISO 27017, ISO 27701, ISO 27018
For more information, see [AWS Compliance Programs](https://aws.amazon.com/compliance/programs/).
## AWS Provisioning and Management
The provisioning and management of AWS services and resources use a self-service model managed by the customer or a partner. For an overview of the tools available for provisioning and management, see the management tools in the [AWS Services](#overview-aws-services) section.
Figure 1 shows the services managed by AWS and the services managed by the customer or partner for SAP.
**Figure 1: Managed services for SAP on AWS **
![\[Managed services for SAP\]](http://docs.aws.amazon.com/sap/latest/general/images/sap-overview-managed-services.png)
# SAP on AWS Overview
AWS has been working with SAP since 2011 to help customers deploy and migrate their SAP applications to AWS, and SAP supports running the vast majority of available SAP applications on AWS.
## SAP Software and Licenses on AWS
This section describes the options available for SAP software and licenses on AWS.
### Bring Your Own Software and License
The majority of SAP solutions that can be run on AWS use a bring-your-own-software and bring-your-own-license (BYOL) model. Running SAP systems on AWS doesn’t require special or new SAP licenses. If you’re an existing SAP customer, you can use your existing SAP licenses when running SAP on AWS. You are responsible for obtaining a valid SAP license, and you must ensure that you are in compliance with the SAP licensing policies. AWS does not provide or sell SAP licenses.
### AWS Marketplace
[AWS Marketplace](https://aws.amazon.com/marketplace) is a digital catalog with thousands of software listings from independent software vendors that makes it easy to find, test, buy, and deploy software that runs on AWS. To view SAP-related offerings available in AWS Marketplace, follow this link: [SAP in AWS Marketplace](https://aws.amazon.com/marketplace/search/results?searchTerms=SAP).
### SAP Trial and Developer Licenses
The [SAP Cloud Appliance Library](https://www.sap.com/products/technology-platform/cloud-appliance-library.html) provides access to an online repository of the latest preconfigured SAP solutions. You can quickly deploy these solutions on AWS by using a launch wizard that automates deployment. Some of the solutions available in the SAP Cloud Appliance Library are provided with free trial or developer edition licenses.
#### SAP Hardware Key Generation
SAP hardware key generation on EC2 instances uses a specific process that is dependent on the SAP kernel patch level. If a hardware key is generated before patching the SAP kernel to the proper level, and the kernel is updated at a later time, the hardware key may change, making the installed license invalid. For details on how the SAP hardware ID is generated on EC2 instances and the required SAP kernel patch levels see the following SAP notes (SAP One Support Launchpad access required):
+ [SAP Note 2327159](https://me.sap.com/notes/2327159) – SAP NetWeaver License Behavior in Virtual and CLoud Environments
+ [SAP Note 1178686](https://me.sap.com/notes/1178686) – Linux: Alternative method to generate a SAP hardware key
+ [SAP Note 2327159](https://me.sap.com/notes/2327159) – SAP NW License Behavior in Virtual and Cloud Environments
+ [SAP Note 1697114](https://me.sap.com/notes/1697114) – Determination of hardware ID in Amazon clouds
+ [SAP Note 2113263](https://me.sap.com/notes/2113263) – Additional public key for AWS Hardware ID
+ [SAP Note 2823805](https://me.sap.com/notes/2823805) – Additional public keys for AWS Hardware ID
+ [SAP Note 2319387](https://me.sap.com/notes/2319387) – Adjustment of the license check for AWS China
## SAP Support on AWS
AWS and SAP have worked together closely to ensure that you receive the same level of support via the same support channels, whether you’re running your SAP systems on AWS or on premises.
### SAP Solutions Supported on AWS
The majority of SAP solutions that run on traditional on-premises infrastructure are fully supported by SAP on AWS. For the complete list of SAP solutions supported on AWS, see [SAP Note 1656099](https://me.sap.com/notes/1656099) and the other notes referenced within that note.
### SAP Support on AWS
To ensure full support of your SAP on AWS environment from SAP and AWS, you must follow the guidelines and requirements in [SAP Note 1656250](https://me.sap.com/notes/1656250). Here are the primary requirements you must follow to ensure support of your SAP on AWS environment:
+ Enable detailed monitoring for **Amazon CloudWatch** on each EC2 instance to ensure that the required AWS metrics are provided in one-minute intervals. For additional information on Amazon CloudWatch, see [Amazon CloudWatch](https://aws.amazon.com/cloudwatch).
+ Install, configure, and run the [AWS Data Provider for SAP](data-provider-intro.md) on each EC2 instance. The AWS Data Provider collects the required performance and configuration data from a variety of sources, including the Amazon EC2 API, Amazon EC2 instance metadata, and Amazon CloudWatch, and shares it with SAP applications, to help monitor and improve the performance of business transations.
+ Any AWS account that you use for running SAP systems must have an [AWS support plan](https://aws.amazon.com/premiumsupport/plans) for either Business Support or Enterprise Support.
## Deploying SAP Systems on AWS
The section describes different options available for provisioning AWS infrastructure and installing SAP systems on AWS.
### Manual Deployment
The majority of SAP solutions supported on AWS can be installed by manually provisioning the required AWS infrastructure resources and then following the relevant SAP installation document on AWS.
### Automated Deployment
AWS Launch Wizard for SAP is a service that guides you through the sizing, configuration, and deployment of SAP applications on AWS. AWS Launch Wizard reduces the time it takes to deploy SAP applications on AWS. You input your application requirements, including SAP HANA settings, SAP landscape settings, and deployment details on the service console, and AWS Launch Wizard identifies the appropriate AWS resources to deploy and run your SAP application.
For more information, see [How AWS Launch Wizard for SAP works](https://docs.aws.amazon.com/launchwizard/latest/userguide/how-launch-wizard-sap-works.html).
### Prebuilt Images
Some SAP solutions are available on AWS as a prebuilt system image that contains a preinstalled and preconfigured SAP system. A prebuilt SAP system image enables you to rapidly provision a new SAP system without spending the time and effort required by a traditional manual SAP installation.
Prebuilt SAP system images are available from the following sources:
+ [AWS Marketplace](https://aws.amazon.com/marketplace/search/results?searchTerms=SAP)
+ [SAP Cloud Appliance Library](https://www.sap.com/products/technology-platform/cloud-appliance-library.html)
| SAP solution | Deployment option(s) |
| --- | --- |
| **SAP Business Suite (ERP, CRM, etc.)** | Manual \$1 [SAP CAL](https://cal.sap.com/) |
| **SAP NetWeaver** | [Manual](https://aws.amazon.com/sap/docs/#SAP_NetWeaver-based_solutions) \$1 [AWS Launch Wizard for SAP](https://aws.amazon.com/quickstart/architecture/sap-netweaver-abap) \$1 [SAP CAL](https://cal.sap.com/) |
| **SAP S/4HANA** | Manual \$1 AWS Launch Wizard for SAP \$1 [SAP CAL](https://cal.sap.com/) |
| **SAP BW/4HANA** | Manual \$1 [SAP CAL](https://cal.sap.com/) |
| **SAP HANA** | [Manual](https://docs.aws.amazon.com/sap/latest/sap-hana/std-sap-hana-environment-setup.html) \$1 AWS Launch Wizard for SAP \$1 [SAP CAL](https://cal.sap.com/) |
| **SAP BusinessObjects BI** | [Manual](https://aws.amazon.com/sap/docs/#SAP_BusinessObjects) \$1 [AWS Marketplace](https://aws.amazon.com/marketplace/search/results?searchTerms=SAP+BusinessObjects+BI) \$1 [SAP CAL](https://cal.sap.com/) |
| **SAP Commerce (Hybris)** | Manual |
| **SAP Business One, version for SAP HANA** | Manual \$1 [SAP CAL](https://cal.sap.com/) |
| **SAP Business One, version for Microsoft SQL Server** | Manual |
### Getting Assistance from APN Partners
There are AWS Partner Networks (APN) partners who are experienced in deploying and operating SAP solutions, and can help you with your SAP workloads on AWS. For additional information see the following section.
## Partner Services for SAP on AWS
The [AWS Partner Network (APN)](https://aws.amazon.com/partners) is a community of companies that offer a wide range of services and products on AWS. APN SAP partners can provide SAP-specific services to help you fully maximize the benefits of running SAP solutions on AWS.
### Types of Partner Services and Solutions for SAP on AWS
+ **Cloud assessment services** – Advisory services to help you develop an efficient and effective plan for your cloud adoption journey. Typical services include financial/TCO (total cost of ownership), technical, security and compliance, and licensing.
+ **Proof-of-concept services** – Services to help you test SAP on AWS; for example: SAP ERP/ECC migration to SAP HANA or SAP S/4HANA, SAP Business Warehouse (BW) migration to SAP HANA or SAP BW/4HANA, SAP OS/DB migrations, new SAP solution implementation.
+ **Migration services** – Services to migrate existing SAP environments or systems to AWS; for example: all-on-AWS SAP migrations (PRD/QAS/DEV), hybrid SAP migrations (QAS/DEV), single SAP system (e.g., SAP BW) migrations.
+ **Managed services** – Managed services for SAP environments on AWS, including: AWS account and resource administration, OS administration/patching, backup and recovery, SAP Basis and SAP NetWeaver.
+ **Packaged solutions** – Bundled software and service offerings from SAP Partners that combine SAP software, licenses, implementation, and managed services on AWS, such as SAP S/4HANA, SAP BusinessObjects BI, and many others.
+ **ISV software solutions** – Partner software solutions for the migration, integration, and operation of SAP solutions on AWS; for example: system migration, high availability, backup and recovery, data replication, automatic scaling, disaster recovery.
### How to Find Partner Solutions for SAP on AWS
The ** AWS SAP Partner Solutions** provides a centralized place to search, discover, and connect with trusted APN partners who offer solutions and services to help your business achieve faster time to value and maximize the benefits of running SAP solutions on AWS. For more information, see [AWS SAP Competency Partners](https://aws.amazon.com/sap/partner-solutions/).
# SAP on AWS Planning
If you are an experienced SAP Basis or SAP NetWeaver administrator, there are a number of AWS-specific considerations relating to compute configurations, storage, security, management, and monitoring that will help you get the most out of your SAP environment on AWS. This section provides guidelines for achieving optimal performance, availability, and reliability, and lower total cost of ownership (TCO) while running SAP solutions on AWS.
## SAP Notes
Before migrating or implementing an SAP environment on AWS, you should read and follow the relevant SAP notes. Start from [SAP Note 1656099](https://me.sap.com/notes/1656099) for general information and follow the links to other relevant SAP notes (SAP One Support Launchpad access required).
## SAP on AWS Architectures
This section describes the two primary architectural patterns for SAP on AWS: all systems on AWS and hybrid.
### All-on-AWS Architecture
With the SAP All-on-AWS architecture, all systems and components of your SAP environment are hosted on AWS. Example scenarios of such an architecture include:
+ Implementation of a complete, new SAP environment on AWS
+ Migration of a complete, existing SAP environment to AWS
Figure 3 depicts an SAP all-on-AWS architecture. The SAP environment running on AWS is integrated with on-premises systems and users via a VPN connection or a dedicated network connection via AWS Directs Connect. SAProuter is deployed in a public subnet and assigned a public IP address that is reachable from the internet to enable integration with the SAP OSS network via a secure network communications (SNC) connection. A [network address translation (NAT) gateway](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-gateway.html) enables instances in the private subnet to connect to the internet or other AWS services, but prevents instances from receiving inbound traffic that is initiated by someone on the internet. For additional information, see the [Configuring Network and Connectivity](#overview-network-connectivity) section.
### Figure 3: SAP all-on-AWS architecture
![\[An example SAP architecture\]](http://docs.aws.amazon.com/sap/latest/general/images/sap-overview-all-on-aws.png)
### Hybrid AWS Architecture
With an SAP hybrid AWS architecture, some SAP systems and components are hosted on your on-premises infrastructure and others are hosted on the AWS infrastructure. Example scenarios of such an architecture include:
+ Running SAP test, trial, training, proof-of-concept (PoC), and similar systems on AWS
+ Running non-production SAP landscapes (for example, DEV and QAS) on AWS, integrated with an SAP production landscape running on premises
+ Implementing a new SAP application on AWS and integrating it with an existing SAP on-premises environment
Figure 4 depicts an SAP hybrid AWS architecture with SAP DEV and QAS landscapes and SAP test, training, and PoC systems running on AWS. These systems are integrated with SAP systems and users on the corporate network. Connectivity between the VPC and the corporate network is provided with either a VPN connection or an AWS Directs Connect connection. The existing SAProuter and SAP Solution Manager running on the corporate network are used to manage the SAP systems running within the VPC.
### Figure 4: SAP hybrid AWS architecture
![\[SAP hybrid architecture\]](http://docs.aws.amazon.com/sap/latest/general/images/sap-overview-hybrid.png)
## Choosing an AWS Region and Availability Zone
See the [AWS Global Infrastructure](overview-aws.md#overview-global-infrastructure) section of this guide for information about AWS Regions and Availability Zones.
### Choosing a Region
When choosing the AWS Region to deploy your SAP environment in, consider the following factors:
+ Proximity to your on-premises data center(s), systems, and end users to minimize network latency.
+ Data residency and regulatory compliance requirements.
+ Availability of the AWS products and services you plan to use in the region. For a detailed list of AWS products and services by region, see the [Region Table](https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/) on the AWS website.
+ Availability of the EC2 instance types you plan to use in the region. To view AWS Region availability for a specific instance type, see the [Amazon EC2 Instance Types for SAP](https://aws.amazon.com/sap/instance-types/) webpage.
### Choosing an Availability Zone
No special considerations are required when choosing an Availability Zone for your SAP deployment on AWS. All SAP applications (SAP ERP, CRM, SRM, and so on) and systems (SAP database system, SAP Central Services system, and SAP application servers) should be deployed in the same Availability Zone. If high availability (HA) is a requirement, use multiple Availability Zones. For more information, see [Architecture guidance for availability and reliability of SAP on AWS](https://docs.aws.amazon.com/sap/latest/general/architecture-guidance-of-sap-on-aws.html).
## Network and Connectivity
### Amazon VPC
Amazon VPC enables you to define a virtual network in your own, logically isolated area within the AWS Cloud. You can launch your AWS resources, such as instances, into your VPC. Your VPC closely resembles a traditional network that you might operate in your own data center, with the benefits of using the AWS scalable infrastructure. You can configure your VPC; you can select its IP address range, create subnets, and configure route tables, network gateways, and security settings. You can connect instances in your VPC to the internet. You can connect your VPC to your own corporate data center, and make the AWS Cloud an extension of your data center. To protect the resources in each subnet, you can use multiple layers of security, including security groups and network access control lists. For more information, see the [Amazon VPC User Guide](https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html).
For detailed instructions for setting up and configuring a VPC, and connectivity between your network and VPC, see the [Amazon VPC documentation](https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html).
### Network Connectivity Options
Multiple options are available to provide network connectivity between your on-premises users and systems with your SAP systems running on AWS, including a direct internet connection, hardware VPN, and private network connection.
#### Private Network Connection
[AWS Directs Connect](https://aws.amazon.com/directconnect) makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Directs Connect, you can establish private connectivity between AWS and your data center, office, or co-location environment. In many cases, this can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than internet-based connections. For additional information, see the [AWS Directs Connect User Guide](https://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html).
Use cases: Recommended for customers who require greater bandwidth and lower latency than possible with a hardware VPN.
For more information, see [Amazon Virtual Compute Cloud Connectivity Options](https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/welcome.html).
#### Direct Internet Connection
The quickest and simplest way to connect to your SAP systems running on AWS involves using a VPC with a single public subnet and an internet gateway to enable communication over the internet. For additional information, see [Scenario 1: VPC with a Public Subnet Only](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario1.html) in the *Amazon VPC User Guide*.
Use cases: Most suitable for SAP demo, training, and test type systems that do not contain sensitive data.
#### Site-to-Site / Hardware VPN
[AWS Site-to-Site VPN](https://aws.amazon.com/vpn) extends your data center or branch office to the cloud via Internet Protocol security (IPsec) tunnels, and supports connecting to both virtual private gateways and AWS Transit Gateway. You can optionally run Border Gateway Protocol (BGP) over the IPsec tunnel for a highly available solution. For additional information, see [Adding a Hardware Virtual Private Gateway to your VPC](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html) in the *Amazon VPC User Guide*.
Use cases: Recommended for any SAP environments on AWS that require integration with on-premises users and systems.
#### Client VPN
[AWS Client VPN](https://aws.amazon.com/vpn) provides a fully-managed VPN solution that can be accessed from anywhere with an internet connection and an OpenVPN-compatible client. It is elastic, automatically scales to meet your demand, and enables your users to connect to both AWS and on-premises networks. AWS Client VPN seamlessly integrates with your existing AWS infrastructure, including Amazon VPC and AWS Directory Service, so you don’t have to change your network topology.
Use cases: Provides quick and easy connectivity to your remote workforce and business partners.
## Following Security Best Practices
In order to provide end-to-end security and end-to-end privacy, AWS builds services in accordance with security best practices, provides appropriate security features in those services, and documents how to use those features. In addition, AWS customers must use those features and best practices to architect an appropriately secure application environment. Enabling customers to ensure the confidentiality, integrity, and availability of their data is of the utmost importance to AWS, as is maintaining trust and confidence.
### Shared Responsibility Environment
There is a shared responsibility model between you as the customer and AWS. AWS operates, manages, and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the services operate. In turn, you assume responsibility and management of the guest operating system (including updates and security patches), other associated application software, Amazon VPC setup and configuration, as well as the configuration of the AWS-provided security group firewall. For additional information on AWS security, visit the [AWS Cloud Security](https://aws.amazon.com/security) page and review the various [Security Resources](https://aws.amazon.com/security/security-resources) available there.
### Amazon VPC
The foundation for security of an SAP environment on AWS is the use of Amazon VPC for providing the overall isolation. Amazon VPC includes security details that you must set up to enable proper access and restrictions for your resources. Amazon VPC provides features that you can use to help increase and monitor the security for your VPC:
+ **Security groups** act as a firewall for associated EC2 instances, controlling both inbound and outbound traffic at the instance level.
+ **Network access control lists (ACLs)** act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level.
+ **Route tables** consist of a set of rules, called routes, that determine where network traffic is directed. Each subnet in your VPC must be associated with a route table; the table controls the routing for the subnet.
+ **Flow logs** capture information about the IP traffic going to and from network interfaces in your VPC.
For detailed documentation about how to set up and manage security within a VPC, see the [Security](https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security.html) section of the *Amazon VPC User Guide*.
## EC2 Instance Types for SAP
Amazon EC2 provides a wide selection of instance types optimized to fit different use cases. Instance types comprise varying combinations of CPU, memory, storage, and networking capacity and give you the flexibility to choose the appropriate mix of resources for your applications. Each instance type includes one or more instance sizes, allowing you to scale your resources to the requirements of your target workload.
SAP systems deployed on AWS that will require support from SAP must be run on an EC2 instance type that has been certified with SAP. This section describes where you can find details about the EC2 instance types that have been certified with SAP and additional information for specific SAP solutions.
### SAP NetWeaver-based Solutions
SAP solutions based on the SAP NetWeaver platform and that use [SAP Application Performance Standard (SAPS)](https://www.sap.com/about/benchmark.html) for sizing must be run on a specific subset of EC2 instance types in order to receive support from SAP Support. For details, see:
+ [SAP Note 1656099](https://me.sap.com/notes/1656099)
+ [Amazon EC2 Types for SAP](https://aws.amazon.com/sap/instance-types)
### SAP HANA
The SAP HANA platform and SAP solutions that run on top of an SAP HANA database—for example, SAP Suite on HANA, SAP S/4HANA, SAP Business Warehouse (BW) on HANA, SAP BW/4HANA-- require specific EC2 instance types that have been certified for SAP HANA. For more information, see [Amazon EC2 instance types for SAP on AWS](https://docs.aws.amazon.com/sap/latest/general/ec2-instance-types-sap.html).
### SAP Business One, version for SAP HANA
For information about the EC2 instance types that are certified for SAP Business One, version for SAP HANA, see:
+ [SAP Note 2058870](https://me.sap.com/notes/2058870)
+ [SAP Business One on AWS](https://aws.amazon.com/sap/solutions/business-one)
## Operating Systems
### Supported Operating Systems
EC2 instances run on 64-bit virtual processors based on the Intel x86 instruction set. The following 64-bit operating systems and versions are available and supported for SAP solutions on AWS.
+ [SUSE Linux Enterprise Server (SLES)](https://aws.amazon.com/partners/suse)
+ [SUSE Linux Enterprise Server for SAP Applications (SLES for SAP)](https://aws.amazon.com/partners/suse)
+ [Red Hat Enterprise Linux (RHEL)](https://aws.amazon.com/partners/redhat)
+ [Red Hat Enterprise Linux for SAP Solutions (RHEL for SAP)](https://aws.amazon.com/partners/redhat)
+ [Microsoft Windows Server](https://aws.amazon.com/windows)
+ [Oracle Enterprise Linux](https://aws.amazon.com/oracle)
For additional information regarding SAP-supported operating systems on AWS, see [SAP Note 1656250](https://me.sap.com/notes/1656250).
#### SLES for SAP and RHEL for SAP
SUSE and Red Hat offer SAP-specific versions of their operating systems that provide the following benefits:
+ Configuration and tuning for SAP
+ Extended release support
+ High availability extension for SAP
+ Dedicated support channel
**Note**
Because of these benefits, we strongly recommend using SLES for SAP or RHEL for SAP with High Availability (HA) and Update Services (US) for your SAP on AWS deployments.
To learn more about SUSE’s and Red Hat’s operating system versions for SAP, see the following information on the SLES and Red Hat websites.
SLES for SAP
+ [General information](https://www.suse.com/products/sles-for-sap/features/)
+ [SUSE on AWS for SAP Applications](https://www.suse.com/promo/cloud/public/aws/sap-hana/)
RHEL for SAP
+ [Red Hat Enterprise Linux for SAP Solutions](https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/sap)
+ [Red Hat Cloud Access](https://www.redhat.com/en/technologies/cloud-computing/cloud-access)
+ [How to Locate Red Hat Cloud Access Gold Images on Amazon EC2](https://access.redhat.com/articles/2962171)
+ [What is the Difference between Red Hat Cloud Access and Red Hat Enterprise Linux On-Demand Subscriptions in the public cloud?](https://access.redhat.com/articles/2041283)
### Operating System Licenses
These operating system licensing options are available for SAP systems on AWS:
+ **On-demand** – The operating system software and license are bundled in an Amazon Machine Images (AMI). The fee for the operating system license is included in the On-Demand Instance hourly fee or Reserved Instance fee for the instance type.
+ **Bring Your Own License/Subscription (BYOL)** – Bring your existing operating system license or subscription to the AWS Cloud.
+ ** AWS Marketplace** – Purchase operating system licenses and subscriptions from AWS Marketplace.
The following table lists the licensing options available for each operating system and version. To learn more about each option, follow the link in the table.
| Operating system | License/subscription options |
| --- | --- |
| **SLES** | On-demand \$1 [BYOL](https://www.suse.com/promo/cloud/public/aws/) |
| **SLES for SAP** | [AWS Marketplace](https://aws.amazon.com/marketplace/search/results?x=0&y=0&searchTerms=SUSE+SAP+Applications) \$1 [BYOL](https://www.suse.com/promo/cloud/public/aws/sap-hana/) |
| **RHEL** | On-demand \$1 [BYOL](https://aws.amazon.com/partners/redhat) |
| **RHEL for SAP with HA and US** | [AWS Marketplace](https://aws.amazon.com/marketplace/pp/prodview-puvcki5kgypyy) \$1 BYOL |
| **Windows** | On-demand \$1 [BYOL](https://aws.amazon.com/windows/resources/licensing) |
| **Oracle Linux** | [BYOL](https://aws.amazon.com/oracle) |
## Databases
### Supported Databases
All the database platforms and versions supported by SAP for an on-premises infrastructure are also supported by SAP on AWS. For details about the databases supported with specific SAP solutions on AWS, see [SAP Note 1656099](https://me.sap.com/notes/1656099).
### Database Installation and Administration
#### Customer-Managed Database on Amazon EC2
The majority of SAP solutions use a customer-managed model on Amazon EC2. Installation, configuration, administration, and backup and recovery of the database are done by either the customer or a partner.
The following SAP solutions use a self-managed database model on Amazon EC2:
+ SAP Business Suite and SAP NetWeaver-based applications
+ SAP HANA
+ SAP S/4HANA
+ SAP BW/4HANA
+ SAP BusinessObjects BI
+ SAP Business One
#### Amazon RDS
[Amazon Relational Database Service (Amazon RDS)](https://aws.amazon.com/rds) is a managed service that makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity, while managing time-consuming database administration tasks, freeing you up to focus on your applications and business. Amazon RDS is currently supported for the following SAP solutions:
+ SAP BusinessObjects BI
+ SAP Commerce (previously known as SAP Hybris Commerce)
#### Amazon Aurora
[Amazon Aurora (Aurora)](https://aws.amazon.com/rds) is a MySQL and PostgreSQL-compatible relational database built for the cloud. It combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open source databases. Aurora MySQL is currently supported for the following SAP solution:
+ SAP Commerce (previously known as SAP Hybris Commerce)
### Database Licenses
These database licensing options are available for SAP systems on AWS:
+ **On-demand** – The database software and license are bundled in an Amazon Machine Image (AMI). The fee for the database license is included in the On-Demand Instance hourly fee or Reserved Instance fee for the instance type.
+ **Bring Your Own License (BYOL)** – Bring your existing database licenses to the AWS Cloud.
+ ** AWS Marketplace** – Purchase database software and licenses from AWS Marketplace.
The following table lists the licensing options available on AWS for each database. For additional information, follow the links in the *Licensing options* column.
| Database | Licensing options |
| --- | --- |
| **SAP HANA** | [BYOL](https://aws.amazon.com/sap/solutions/saphana) |
| **SAP Adaptive Server Enterprise (ASE) (SAP ASE)** | [BYOL](https://aws.amazon.com/marketplace/seller-profile?id=0454efec-e5ad-4b7b-a23f-766e9e910dbc) |
| **Microsoft SQL Server** | [BYOL](https://aws.amazon.com/windows/resources/licensing)\$1 |
| **IBM DB2** | [BYOL](https://aws.amazon.com/ibm) |
| **Oracle** | [BYOL](https://aws.amazon.com/oracle) |
| **Amazon Aurora** | [On-demand](https://aws.amazon.com/rds/aurora) |
+ SQL Server runtime licenses purchased from SAP require either Microsoft Software Assurance or Amazon EC2 Dedicated Hosts to bring these licenses to AWS. For additional information, see:
+ [SAP Note 2139358 - Effect of changes in licensing terms of SQL Server](https://launchpad.support.sap.com/services/pdf/notes/2139358/E)
+ [Microsoft Licensing on AWS](https://aws.amazon.com/windows/resources/licensing)
## SAP Installation Media
The majority of SAP solutions on AWS use a bring-your-own-software model. There are two primary options for copying SAP installation media to AWS:
+ **Download from the SAP Software Download Center to Amazon EC2.** From your EC2 instance, connect to the [SAP Software Download Center](https://support.sap.com/en/my-support/software-downloads.html) and download the required installation media. This option will most likely be the fastest method for getting SAP installation media to AWS, because EC2 instances have very fast connections to the internet. You can create a dedicated Amazon EBS volume to store installation media, and then attach the volume to different instances as needed. You can also create a snapshot of the Amazon EBS volume and create multiple volumes that you can attach to multiple instances in parallel.
+ **Copy from your network to Amazon EC2.** If you already have the required SAP installation media downloaded to a location on your network, you can copy the media from your network directly to an EC2 instance.
# SAProuter and SAP Solution Manager
The following sections describe options for SAProuter and SAP Solution Manager when running SAP solutions on AWS.
## For SAP All-on-AWS Architecture
When setting up an SAP environment on AWS, you will need to set up an SAP Solution Manager system and SAProuter with a connection to the SAP support network, as you would with any infrastructure. See the all-on-AWS architecture diagram ([Figure 3: SAP all-on-AWS architecture](overview-sap-planning.md#figure-3)) for an illustration.
When setting up the SAProuter and SAP support network connection, follow these guidelines:
+ Launch the instance that the SAProuter software is installed on into a public subnet of the VPC and assign it an Elastic IP address.
+ Create a specific security group for the SAProuter instance with the necessary rules to allow the required inbound and outbound access to the SAP support network.
+ Use the Secure Network Communications (SNC) type of internet connection. For more information, see [SAP Remote Support & Connections](https://support.sap.com/en/tools/connectivity-tools/remote-support.html).
# For SAP Hybrid AWS Architecture
When using AWS as an extension of your IT infrastructure, you can use your existing SAP Solution Manager system and SAProuter that are running in your data center to manage SAP systems running on AWS within a VPC. See the hybrid architecture diagram ([Figure 4](overview-sap-planning.md#figure-4)) for additional information.
# Document Revisions
| Date | Change | Location |
| --- | --- | --- |
| January, 2023 | Update | Changes throughout guide |
| May, 2019 | Update | Changes throughout guide |
| August, 2018 | Initial publication | – |