TCO in innovation

Processing the data using in-memory computing requires significantly more RAM, corresponding CPUs and cores as well as very fast flash memory for the Hana database.

The usual mechanisms of availability in virtualization are also reaching their limits and many existing SAP customers are once again having to think about dedicated and certified appliances.

This means that technologically we are actually moving away from virtualization, which had its triumphant advance over ten years ago - towards rigid, inflexible physical machines.

Hana Data Center Integration

Anyone who wants to run Hana on their existing virtual IT infrastructure must strictly adhere to the SAP specifications and use compatible hardware such as servers, storage, network and virtualization in accordance with the "Hana Tailored Data Center Integration Guide".

Although the new Hana TDI guide now offers the option of further reducing the CPU cores and, in particular, virtualization allows you to use the unallocated resources elsewhere, you are always dependent on the underlying hardware and the depreciation for IT hardware and software is usually set at five years.

Which, by today's standards and the speed of innovation, is already old news after three years. Who today can claim to be planning the sizing of their IT infrastructure and SAP landscape for five years into the future?

IT managers and CIOs have the constant task of balancing cost awareness, flexibility, agility and innovation.

In the traditional data center, more and more customers are coming up against insurmountable limits, including massive investments that would actually have to be made in order to implement the next innovation in IT, which in turn keeps IT staff busy with projects for several months and may prevent the business from introducing a product or service.

The dilemma here is that the specialist departments now know how to consume cloud services by credit card, and they don't wait until someone has ordered and installed a server.

A comparison to the car: actually, we just want to drive a car and not build new roads, bridges and e-charging stations beforehand. Infrastructure is a necessary evil, but the real innovation and added value should be in the software (car), the processes and the knowledge of the employees and not in the sheet metal (road). Right?

Dead metal versus cloud

What does all this have to do with TCO and SAP on Azure? Quite a lot, actually! In the next few paragraphs, we will look at why it is important to move away from "dead" metal to a software platform such as Microsoft Azure and why there are interesting TCO aspects for the operation and integration of SAP landscapes.

How does SAP operation on Azure differ from my data center? Operation and hosting cannot differ from a classic data center compared to the Microsoft Azure cloud platform.

But: I deploy a virtual machine with the necessary size and SAP certification via Azure, assign it the appropriate storage, install a virtual network including VPN gateway beforehand and start installing the operating system, the Hana database and the empty S/4 base stack.

Ideally, I'm finished in two to three days and then integrate monitoring, the backup and hand over the system for the three-month test project that the colleagues from the USA have asked for. Have you noticed the difference?

Without my data center

At no time did the data center check whether resources such as CPU, RAM or disk were still available. In this scenario, we could have installed an Mv2 machine with 12 TB RAM and 416 vCPU. Would this also be possible in your data center?

Microsoft guarantees the almost infinite scalability it promises with its data centers worldwide. Of course, we don't have to fool ourselves, Microsoft also has to install and maintain these systems somewhere, but you as a customer no longer have to!

How quickly would you have found a data center provider in the USA that would have provided you with the VM in the quality, SAP certification and integration in your existing Microsoft landscape?

Most customers have existing contracts with Office 365 and can therefore also use the Azure platform. However, it is important to define the right target architecture (landing zone) with a service provider in advance and not just blindly go for it.

Change from capex to opex and almost infinite scalability: The exact allocation of resources to current demand means that no empty resources need to be kept and paid for.

In the above scenario, we were able to provide a test system for our colleagues in the USA for three months and did not have to purchase or install a server. This also means that there are no lead times for purchasing, shipping and installation and no installation costs. After three months, we simply delete the machine and reduce the costs to zero.

Electricity, rent, maintenance, licenses

If you compare traditional data centers with Microsoft Azure and really calculate all operating expenses and costs such as electricity, cooling, rent, maintenance, hardware, software, licenses, IT services and personnel, our experience shows that highly optimized data centers usually offer savings potential of around five to ten percent.

In contrast, distributed, inhomogeneous and non-optimized data centers offer potential savings of up to 30 percent and more. In this scenario, we compare one-to-one, i.e. lift & shift without optimizing the landscape or changing to PaaS and SaaS services.

By using PaaS and SaaS services, further optimizations can be made here, for example the use of Azure SQL services or serverless computing with Kubernetes.

Short-term and flexible allocation of IT resources: If I now also use the pay-as-you-go concept and switch off the test system during the night and at weekends, I can save even more costs.

Pay-as-you-go means that I only pay for the resources that I actually use. In this case, it would be the virtual machine and the included OS license. However, I still have to pay for the reserved memory.

The SAP system and database are coordinated and switched off by an automation engine such as Ansible and started at the defined time. A self-service portal allows me to reduce this effort and complexity and hand over control to internal customers.

Breathing systems

For project periods and uncertain market situations, I can flexibly increase or reduce demand and thus remain close to actual requirements. By analyzing the consumption data, the necessary resources can be determined in the future and proactively booked in advance for seasonal business.

However, this should not give the impression that this is only possible for test systems. Productive instances can also be flexibly scaled and switched off if required.

The use of self-service and a high level of automation can further significantly reduce the costs of operating SAP systems. Requests for system copies, sandbox systems, a backup or virtual machines can be handled fully automatically and billed transparently to the specialist department using a cost allocation logic. This gives IT back control over operations and compliance.

Monitoring and self-healing

Self-healing during operation can be achieved by linking monitoring and automation. In the simplest case, this is the expansion of a hard disk up to the restart of the faulty log backup.

Intelligent automation can achieve deployment times in the range of minutes. In our example above, we need two to three days to manually install an empty S/4 Hana landscape.

SAP and Microsoft partner Scheer was able to reduce the deployment of an empty S/4 landscape "from-the-scratch" to a few hours through automation on Azure. With a golden image, this can even be further reduced to a few minutes.

In operation, the combination of Ansible and Azure, for example, can be used to realize almost completely automated patching and thus further reduce operating costs. Microsoft Azure offers various tools and services to help you orchestrate this.

The added value of the Azure Cloud for the business department is speed and innovation. New services and functions can be made available to the business department in a coordinated and controlled manner by IT.

This further reduces IT costs and employees can be assigned to higher-value tasks. Thanks to new software innovations in the cloud overnight, they can be made available to the specialist department immediately and do not have to be updated first.

With the Embrace program from Microsoft and SAP, Azure services can now be consumed seamlessly through the SAP Cloud Platform in SAP products, for example S/4 or cloud products such as SuccessFactors. Here, real innovation is not created in the server, but in software.

In addition to its own services, the Azure cloud platform offers an almost infinite software marketplace that expands the SAP landscape with services and functionality and makes it accessible.

In addition to the platform services, Azure offers a programming platform for complex software projects, which can then be seamlessly integrated into SAP. Serverless computing with Kubernetes allows you to deploy and scale your own software architecture almost infinitely and flexibly.

However, the challenge is to address the actual problem through technology and not the other way around, where the technology is still looking for the problems. Many customers pursue a multi-vendor strategy together with Microsoft and SAP in order to avoid vendor lock-in. Both providers are usually well-known and can complement each other well with their portfolios.

In addition to all the flexibility, speed and cost reduction, there are soft and invisible effects that are only felt when it matters. It is difficult to evaluate these in monetary terms, but most customers have enormous budget challenges when it comes to security.

Service SLAs and compliance

It's like insurance, I only need it when things have gone wrong. Microsoft spends around one billion dollars a year on security and protects the Azure platform from attacks and misuse.

Customers always receive this as an inclusive service with the platform. In addition, services such as Azure Sentinel, encryption with Key Vault and single sign-on with Azure AD can be booked and the individual security level defined for each landscape or VM.

With the Azure Security Center, all security-relevant parameters and accesses can be controlled and compliance monitored. For example, for a company that processes credit cards, we have set up a completely closed PCI DSS compliance landscape that runs separately from the non-compliant landscape, so the increased costs for certain security measures only apply to these systems.

DR and HA scenarios

For single-instance VMs, Microsoft offers a standard SLA of 99.9 percent availability per month, which is a very high value for most own and hosting data centers.

With availability sets and the use of additional regions, this value can be increased to up to 99.99%. Real geo-redundant architectures can also be set up in the DR scenario.

Using the example of an automotive customer, an always-on architecture with an HA scale-out cluster on Hana with 6 TB in the Amsterdam region and with Hana replication in the Dublin region was implemented.

The backups are also replicated to Dublin and the customer has a redundant network connection in both regions. This architecture covers both local failures in the data center and regional failures in Amsterdam.

Optionally, the backups can be encrypted and mirrored to another continent, for example to the USA or Singapore.

Furthermore, compliance on Azure increases significantly compared to SAP's own data center and in-house operation. Over 90 compliance frameworks have been implemented on Azure to enable almost every industry to process its customers and data on Azure.

Scheer has a proven track record of bringing customers from the finance and insurance industry with Bafin compliance, from the pharmaceutical industry with GxP compliance and from the travel sector with PCI DSS credit card compliance onto the Azure platform with their SAP systems and is operating these very successfully today.

The example of SAP/Microsoft partner Datavard shows how intelligently the Azure Services HDInsight Hadoop with Azure Data Lake Store can be used to outsource "lower value" and old data that is no longer required to inexpensive storage in order to reduce the Hana database size and thus also increase performance again.

Over the past two and a half years, we have seen through various projects that a holistic TCO in the range of ten to forty percent is possible. A highly optimized IT infrastructure with hardly any change and growth will benefit less from the Azure Cloud than an agile and disruptively changing environment that is perfectly suited to a cloud platform.

In this environment, real cost savings can be achieved and innovation can be driven at the same time. In particular, when introducing S/4 in an early assessment phase, when the sizing and architecture are not yet clear, we were able to determine the best added value and the best TCO and put together a ready-made "S/4 Project Service" package at an attractive price on a monthly basis.

ROI, but when?

The innovation effect of a new S/4 landscape and the resulting change requests from the specialist department, which can be handled immediately and flexibly on an Azure platform, then becomes apparent again during subsequent operation.

Due to the complex new S/4 architecture, I sometimes need new separate systems for additional products and services. If the project drivers are compliance, standardization and modernization, ROI effects can sometimes be seen after nine months.

The TCO also includes the migration costs, which are surprisingly very low. With Azure Migrate and Site Recovery, virtual landscapes can be analyzed and migrated very quickly at the weekend, for example.

In the fastest case, a complete S/4 landscape in the validated pharmaceutical context GxP was migrated to Azure within four weeks from project start to go-live.

In this scenario, the downtime is only the time for switching off and on as well as the adjustments for IP, DNS and interfaces, which can be prepared in advance.