Virtualization Technology News and Information
SAP on Azure: Everything You Need to Know

cloud binary 

In October 2019, SAP and Microsoft Azure announced a new three-year cloud partnership. SAP is now available on Azure, with offerings including simplified migration from on-premise to the Azure cloud, collaborative support, and a new breakdown of cloud-based SAP solutions. In this article, you will learn about the main benefits of migrating SAP to Azure, and crucial migration and security concerns.

Why Migrate SAP to Azure?

Migrating your SAP workloads to Azure can provide a number of benefits, depending on your implementation and needs. The following are some of the most common:

Hybrid deployments

Azure provides support for hybrid infrastructures, granting greater flexibility for your deployments and workloads. This support includes application development, identity management, and security capabilities. In hybrid deployments, you can access a range of integrations and configure services for consistent access controls and data management.

Bare-metal support

Azure offers bare-metal deployment support for SAP HANA in conjunction with SAP-certified virtual machines (VMs) for your applications. These resources are dedicated, single-tenant infrastructures that provide greater security and performance than standard offerings. These servers include networking, compute, and storage resources. You can also use these servers to deploy a HANA Tailored Data Center Integration (TDI) for greater flexibility.

Easy integration

Microsoft and SAP have long been partners, with Microsoft hosting its own SAP implementations on Azure infrastructure. This means that Azure compatibility issues and configuration tasks have already been determined and refined, making integration easier. For example, you can smoothly integrate a variety of Microsoft services with SAP, including Office365 and PowerBI.

Additionally, SAP offers a managed service, called SAP Cloud Platform (SCP), which can be hosted on Azure. The service is based on Cloud Foundry and provides ready to use SAP services with significantly less effort from you.

High availability

Azure provides high availability for most services, including SAP deployments. This is accomplished with data replication across resources and availability zones. You also have the option of replicating data across regions for disaster recovery and protection against hardware failure or regional outage. This availability helps you avoid downtime and can strengthen your existing data protection strategies.

SAP on Azure Migration Tactics

There are several ways you can migrate your existing data and workloads to an Azure deployment. Below are the most commonly used methods:

Export and import

Exporting data from an existing system and importing it into your target system is the traditional way of performing a migration. This method is highly customizable since you directly choose exactly what data is moved and when. This enables you to avoid or minimize downtime. Additionally, exported data typically consumes only 20-40% of the space required by uncompressed data, making transfer significantly faster.

Database backup and restore

This method enables you to use existing or newly created backups to migrate data. It has the benefit of enabling you to transfer configuration and system state information in addition to data. Keep in mind, however, that backups are typically large files and require significant bandwidth resources to transfer.

A variation of this method includes log shipping. You still transfer your backup as above but maintain your on-premises system until you are ready to completely migrate. Any changes made in the meantime are recorded in the logs and transferred to your Azure deployment. This variation enables you to minimize downtime by syncing changes between on-premises and cloud-hosted systems.

Key Security Considerations for Deploying SAP on Azure

SAP systems contain a wealth of valuable data that you need to secure both during and after migration. The following considerations are a good place to start.

Role-based access control (RBAC) and resource locking

RBAC is a utility that enables you to restrict user permissions and resource access according to user roles. When using RBAC you can segregate permissions and reduce the risk created if credentials are compromised. You can also use it to apply permissions in a standardized and easily manageable way.

Resource locking enables you to prevent resources from being accidentally modified or deleted. After your migration is complete, you can lock resources to ensure that your efforts are not accidentally undone. In combination, RBAC and resource locking can help you ensure that your data remains viable and that resources stay correctly configured.

Secure authentication

Single-sign-on (SSO) is the accepted standard for integrating Azure and SAP solutions. SSO enables users to access multiple systems with a single set of credentials, minimizing the risk of forgotten credentials and speeding sign in time. SSO is accomplished with Kerberos tokens provided by Azure Active Directory (Azure AD).

To set up this process, you need to incorporate a third-party security product that can pass authentication information to your SAP solutions. This prevents SAP from having to re-authenticate.

Hardening the operating system

In Azure, the same as any cloud provider, security is a shared responsibility. While Microsoft secures your infrastructure, you are responsible for applying security controls to your operating systems, databases, and SAP applications. This includes hardening your systems and ensuring that all vulnerabilities are patched.

To ensure that your vulnerabilities are covered, you need to adopt a system for staying aware of vulnerability and patch release information. This is especially important if you are using open-source components since updates and information are not pushed out like with proprietary components.

To help you with this process, Azure provides an Update Management solution that you can use to automate your OS updates. However, you should take care that any updates you apply do not cause breaking changes in your system. To avoid this, it is best to adopt a strategy that prioritizes critical updates and restricts non-critical updates to regularly scheduled periods.


Now that the two companies have partnered, migrating and running SAP on Azure is simpler and easier. You can scale as needed, choosing to opt for one SAP service rather than the full package typically deployed on-premise. Or you could extend your on-premise operation to the cloud, and easily run a hybrid ecosystem using the easy APIs offered by Azure.

However, do not forget that cloud vendors run on a shared-responsibility model. That means you still need to take care of the ecosystem, including the configuration of data and security processes. Azure provides RBAC capabilities, but you will need to set this up in order to maintain visibility over user access and privileges.


About the Author


Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Samsung NEXT, NetApp and Imperva, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership.
Published Monday, March 02, 2020 7:53 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<March 2020>