By Navjot Sharma, Senior Manager at Deloitte Consulting LLP
By Manas Srivastava, Sr. Partner Solutions Architect at AWS
Migrating from an on-premises SAP environment to SAP S/4HANA on Amazon Web Services (AWS) can appear intimidating, particularly for organizations that have little experience with cloud infrastructure. There’s good reason for caution: shifting mission-critical workloads without proper planning can disrupt your business.
Fortunately, a suite of powerful tools from AWS and Deloitte can help you complete a migration or greenfield deployment efficiently and with minimal disruption.
These tools give you the benefits of SAP S/4HANA’s transactional and analytical capabilities, plus access to a rich ecosystem of cloud-based applications and development tools.
Deloitte is an AWS Partner Network (APN) Premier Consulting Partner with AWS Competencies in SAP, DevOps, and Migration, among others. Deloitte is also a member of the AWS Managed Service Provider Partner Program.
In this post, we provide a glimpse into our comprehensive migration playbook, and how the recommendations it contains can give you the quickest, clearest path to SAP cloud migration.
We also show you how enterprise DevOps built on SAP S4/HANA helps your organization deliver applications and services at high velocity.
Deloitte’s Cloud Operating Model
It’s important to understand the cloud journey is more than just a technical exercise. It may also involve significant changes in your organization’s operating model.
Deloitte believes you must consider three elements in particular:
- Identify gaps in existing SAP and AWS skill sets, and create corresponding learning plans.
- Create SAP and cloud Centers of Excellence (CoE) teams, and define interaction and engagement model between them.
- Conduct stakeholder analysis.
- Conduct regular people review and training sessions, as required.
- Conduct SAP landscape operational process discovery and analysis to facilitate migration plan.
- Verify existing governance procedures, and identify relevant processes for SAP landscape migration and operations.
- Establish end-to-end processes for continuous integration/continuous deployment (CI/CD) across all phases; for example, when performing system copies.
- Devise a reusable automation framework for SAP landscape operations on AWS.
- Assess existing SAP environment and tooling architecture.
- Identify gaps in SAP service delivery, and recommend tools and procedures to address them.
- Develop an integrated roadmap overlaid with in-flight projects and ongoing technology operations.
- Build a foundational architecture on AWS before performing a full scale migration.
- Conduct pilots and proofs of concept (PoC), and validate technology and processes.
Figure 1 – Successful cloud journeys are dependent upon thorough considerations of people, processes, and technologies.
A cloud operating model helps deliver these changes by providing guidance on how value is created by an organization and by whom. Deloitte’s cloud operating model framework is outlined in Figure 2 below.
Figure 2 – Deloitte’s cloud operating model framework.
Your operating model evolves over time in alignment with your cloud adoption journey. Developing a mature model is a step-by-step process that proceeds as follows:
- In phase one, create a minimally viable operating model for essential services, pilot scenarios, and DevOps capabilities.
- Phase two implements that model and also enhances the service catalog, establishes service operations, and develops business alignment around a full-scale cloud adoption.
- Phase three adds automation and self-service controls along with optimized regulatory compliance, security controls, and operations.
- In the final phase, your organization realizes full maturity with optimized service operations, service orchestration, and the right channels to drive innovation.
In our experience, for your migration to succeed, it must get these four things right:
- Connectivity and security
- Agile development
- Migration aids
- Post-migration optimization
Connectivity and Security Considerations
A good practice for SAP S/4HANA migration is to build a foundational architecture on AWS before performing a full-scale migration. This enables your IT team to become familiar with the nuances of operating in the cloud, administrative tooling, and any tweaks to the organization and skill sets that are necessary.
Two critical factors worth considering at the technology planning stage are connectivity and security.
There are numerous options for setting up dedicated network connections between customer networks and AWS Direct Connect locations. One option is dedicated connections with up to 10 Gbps capacity. Another is hosting connections via regional partners. A third is hosted virtual connections that give customers access to all the available capacity on the network between a partner and the AWS Direct Connect location.
You can also use the fully managed AWS Client Virtual Private Network (AWS VPN) service to give your customers the ability to securely access AWS and on-premises resources from any location using OpenVPN-based clients. You can facilitate connectivity from remote users to AWS and on-premises resources by providing this highly available, scalable, and pay-as-you-go service.
Amazon Virtual Private Cloud (Amazon VPC) lets your customers provision a logically isolated section of the AWS Cloud where AWS resources can be provisioned in a virtual network. Your customers have full control over such elements as IP address ranges, subnets, and the configuration of routing tables and network gateways. This enables them to isolate databases and applications, for example, with their own security settings.
You can use Amazon Transit Gateway to connect multiple existing VPCs, data centers, remote offices, and remote gateways. This enables customers to create a fully managed network that can span multiple AWS accounts. AWS Transit Gateway can simplify network architecture, reduce operational overhead, and enhance security. Your customers get the dual advantages of local control of private clouds and centralized management.
Connecting to a remote cloud service may involve communication over longer distances and additional network hops. Because of latency concerns, most enterprises do not want to use the public internet. Amazon CloudFront can minimize delays by applying a global network of 216 points of presence in 84 cities across 42 countries.
Amazon CloudFront’s content delivery network is scalable and programmable. It also supports security features like AWS Shield distributed denial of service protection, and custom Secure Sockets Layer (SSL) certificates.
You can also configure AWS Site-to-Site VPN to enable customers to access a remote network from their Amazon VPC.
AWS infrastructure features world-class security that ranges from physical controls and disaster recovery plans to identity and access management (IAM), and even a pandemic response plan.
Some of the many available advanced security controls include:
- Amazon Macie uses machine learning (ML) to automatically discover, classify, and protect sensitive data, as well as to identify personally identifiable information and intellectual property.
- Amazon GuardDuty continuously scours machine logs to look for malicious activity and unauthorized behavior around accounts and workloads. The service applies a combination of ML, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats. It thereby reduces the need for security teams to continually analyze log data.
- Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. It outputs a detailed list of security findings prioritized by severity level.
Agile Development is a New Approach to Application Development
Before moving to the cloud, also rethink your approach to development, and consider moving to an agile approach using DevOps.
Deloitte believes agile techniques are becoming critical to doing business in a climate in which change is accelerating. New regulations, software as a service solutions, and integration tools are constantly being introduced.
Traditional waterfall methods of application development are typically slow, inflexible, and can’t keep pace with the need for adaptability. The ability to evaluate and integrate new functionality is a source of competitive advantage.
DevOps is a new approach to application development, but also a new way of doing business. The discipline emphasizes modularity, continual iteration, and quick releases of new code, as frequently as once per day. It also involves users closely in the development process to create a constant feedback loop. A DevOps approach can improve security by integrating security practices into your software development lifecycle.
Putting DevOps into place before beginning a migration to SAP S/4HANA gives your organization the agility to take advantage of tools that can help in the process. On an ongoing operational basis, a DevOps model helps development teams quickly test and adopt new functionality. This functionality can be delivered through preconfigured applications and native services from AWS, the SAP cloud platform, or a combination of the two.
Because DevOps is a significant departure from the traditional waterfall approach to building applications, implement it in a staged manner. Start with a small number of pilot teams, and ramp up over several months.
Deloitte believes that a successful agile approach involves these eight steps:
- Categorize the application portfolio into types, such as systems of innovation, systems of differentiation, and systems of record.
- Select one or two pilot teams for each application type, based on business and technology readiness, stage of development, and level of complexity.
- Create cross-functional teams structured around different types of deliverables, and conduct boot camp training on agile practices.
- Define roles and responsibilities, select preferred tools, and define configurations and practices that must be developed during the pilot.
- Measure outcomes against predefined metrics, and adjust accordingly.
- Capture knowledge gained into a playbook and revise the operating model as necessary.
- Once you have successfully transitioned a few pilots into production, spend the next 6-18 months scaling the operation and replicating the operating model across other teams.
- Put in place an ongoing training and community building program.
These steps are the core of Deloitte’s larger DevOps transformation executive approach.
Figure 3 – Deloitte’s DevOps transformation executive approach.
Several powerful tools and services are available to automate and optimize deployment and migration to a cloud-based SAP S/4HANA environment.
- AWS Quick Starts are effectively “migration in a box” solutions. The AWS Quick Start for SAP S/4HANA is the fastest way to set up a proof of concept for HANA migration. It automatically deploys an SAP S/4HANA environment on the AWS Cloud.
The environment includes an application tier, HANA database tier, secure network, and optional Remote Desktop protocol within a VPC. The Quick Start uses data you provide so you can quickly see what your live environment looks like when it’s fully deployed in the cloud. You can usually complete the process in less than two hours.
- The SAP Rapid Migration Test program provides a set of processes, procedures, and tools co-developed by SAP and AWS. They help customers running SAP ERP Critical Component (ECC) and SAP Business Warehouse applications migrate to S/4HANA.
During the migration, data is automatically converted from any SAP-supported database to HANA. It carries OS migrations, upgrades, and Unicode conversions at the same time. You can typically complete migrations in as little as 48 hours and for as little as $1,000 in infrastructure costs.
- The FAST/4 program from AWS and Deloitte is intended specifically to accelerate enterprise migrations to SAP S/4HANA. It delivers a complete migration from any ECC environment to SAP S/4HANA, often in less than a week at production scale. The service includes data pre-analysis using Deloitte’s D-DASH data migration accelerator, and technical pre-analysis using Deloitte’s Platform Analyzer.
- Deloitte’s Platform Analyzer looks at the source and target S/4HANA environments and identifies required modifications by process area and usage. It also provides recommendations for how to implement them most effectively.
- Deloitte’s ATADATA cloud management platform includes the ATASphere suite of management and migration solutions. It can be used to map, migrate, and manage enterprise databases and workloads among any combination of on-premises hypervisors, including public and private cloud environments.
An important post-migration step is for organizations to adopt continuous integration and continuous delivery (CI/CD) processes that build upon SAP S/4HANA without changing it. In previous implementations of ERP, the ERP itself was used as an application development platform. Modifications to the standard solution in the ERP were considered a source of competitive advantage.
Cloud environments offer a much richer foundation for innovation because of their high levels of automation and ecosystems of third-party applications. Configuration and policy distribution rules can be defined in “cookbooks,” which defines a scenario and contains all the scripts, templates, and policies needed to support it. Cookbooks can be stored, reused, and shared to make common tasks highly reliable and repeatable.
You typically develop cloud applications using services and development frameworks available in the AWS and/or SAP cloud platform. Because these services and frameworks reside outside the SAP S4HANA core, you don’t need to customize your SAP S4HANA application.
This helps you reduce your technical debt and upgrade to newer versions without disruption. You are no longer handcuffed by customizations that restrict your ability to upgrade. Instead, you gain competitive advantage by creatively extending the platform through third-party enhancements and modifications that use published APIs.
Examples of these extensions are Deloitte’s SAP-based preconfigured solutions for horizontal disciplines. These disciplines include customer relationship management, human capital management, and supply chain management, as well as vertical solutions such as food and beverage, and life sciences.
These preconfigured solutions extend SAP S/4HANA functionality safely while giving customers rapid access to functionality that is relevant to their business, compliant, and customizable.
If your organization takes advantage of the opportunity to modernize, it can realize the transformational advantages of scalable, reliable, and automated cloud infrastructures while reducing technical debt.
Deloitte calls these organizations “kinetic enterprises,” and they are defined by an ability to quickly adapt to change by overcoming the operational inertia that can occur when technology holds back progress.
Moving to SAP S/4HANA is more than just a code shift. Adopt DevOps, continuous integration, and tools like Deloitte’s Platform Analyzer and the Kinetic enterprise methodology. Move your organization to a clean code base, and learn how to take full advantage of the wide range of tools available to you on AWS.
Learn what Deloitte and AWS can do for your business, including the FAST/4 program for accelerating your SAP S/4HANA transformation journey.
Deloitte – APN Partner Spotlight
Deloitte is an APN Premier Consulting Partner and MSP. Through a network of professionals, industry specialists, and an ecosystem of alliances, they assist clients in turning complex business issues into opportunities for growth, helping organizations transform in the digital era
Contact Deloitte | Practice Overview
*Already worked with Deloitte? Rate this Partner
*To review an APN Partner, you must be an AWS customer that has worked with them directly on a project.