Next Gen SAP Operations on Azure

To ensure that an SAP system landscape functions smoothly, efficiently, and securely at all times, it must be permanently monitored, carefully maintained, and consistently updated and enhanced as part of an application lifecycle. This generates increasing costs in traditional operations and ties up personnel from the IT departments.

The aim is to relieve customers of the additional work involved in operations so that they can concentrate fully on their core business and continue to develop their corporate processes. A range of automated tools and services are also used to ensure permanent and smooth operations. This starts with monitoring, which supports the operation of the system landscapes - from administration and security to business process monitoring at the application level. Some of these services will also be available directly from the Microsoft Azure Marketplace in the future.

In addition, automatically available dashboards and services are used, which actively provide information about the current utilization of resources and system performance and deliver maximum transparency for the customer. This allows ad hoc opportunities for cost reduction to be identified and implemented. Periodic system health checks and further optimization potentials of the system landscape are also supported.

In addition, security features such as simple remote administration, detailed security management, user, permission and access management continue to be found within Operations on Azure.

Contemporary automation relies on tools such as HashiCorp's Terraform or RedHat's Ansible. Terraform has emerged in recent years as the tool of the hour (Infrastructure as Code). With its own language, which is based on Javascript, complete cloud IaaS environments can be created, right down to the running virtual machine. Complete SAP system landscapes, including database and S/4 application, can be provisioned automatically in just a few hours.

However, the advantages of this automated setup are not only the enormous speed, but also the human configuration errors avoided by the standardization, which can occur during the manual setup of such a landscape. Due to the infrastructure-as-code approach, the method scales from smaller to very large landscapes.

For orchestration on the running operating system, modern tools like Ansible are recommended. Ansible is an orchestration tool that can be used to bring a system into a unified state. This state can map, for example, that a complete base configuration with hardening, tuning and other best practices should be applied on the operating system or that a Hana database should be installed and configured. The advantage of Ansible's so-called idempotent approach is that even existing systems can always be brought up to the current state of automation.

One of the new challenges of Security Operations is to keep pace with a high degree of agility and flexibility. For this to succeed, visibility is the most important success factor. Visibility is achieved in the Azure landscape primarily through the Azure Security Center (ASC).

The ASC is a standard component in the Azure landscape and enables monitoring of resources. With the help of the Compliance Manager, it is possible to get a quick overview of whether the infrastructure is compliant or not. In combination with previously created policies, the fear of not passing audits is a thing of the past.

In addition to visibility, the topic of threat detection and response - reacting to security events - plays an important role. To detect threats, it is necessary to bring together various data sources and collect information. By correlating this data, it is possible to identify complex attack patterns, record them in the form of a ticket, and initiate appropriate protective measures. As a cloudnative SIEM, Azure Sentinel offers all the necessary features for these security operations tasks.