SD-WAN and SAP HANA Enterprise Cloud in 2022

Image Source 

What Is SAP HEC (HANA Enterprise Cloud)?

SAP HANA Enterprise Cloud (SAP HEC) is a managed service that privately hosts SAP HANA and related applications in the cloud. SAP manages this service and provides its infrastructure. 

You can use SAP HEC to host SAP Business and SAP NetWeaver Business Warehouse tools on one instance of SAP HANA, an in-memory database framework. This service offers an alternative to deploying HANA on-premises, providing a more robust and easier way to leverage SAP HANA. 

You can use SAP HEC for SAP-owned global data centers or data centers co-located with other providers. Once you deploy SAP HEC, SAP assesses your technological landscape and migrates all applications, extensions, and related elements to the HEC infrastructure.

Once your application is hosted in SAP HEC, SAP takes charge of all ongoing application management and support, performing tasks such as backups, upgrades, patches, infrastructure monitoring, event detection, recovery, and restoration.

What Is SD-WAN?

Software-defined wide area network (SD-WAN) is a software-based technology used to connect distributed locations such as branch offices to data centers, Software as a Service (SaaS) resources, and various cloud applications. SD-WAN provides centralized network control, automating and abstracting tasks traditionally configured manually on edge devices. 

The SD-WAN architecture establishes a network overlay that lets you remotely configure, monitor, secure, and manage most WAN aspects, including traffic flows and edge devices. It abstracts the transport layer to software (instead of hardware) to facilitate traffic prioritization. This abstraction enables you to use lower-cost private and public links like wireless and broadband alongside more costly multiprotocol label switching (MPLS) connections.

SD-WAN offers the centralization, flexibility, and automation needed to create an agile WAN environment for midsize organizations and large enterprises. It provides redundancy for WAN connections and automatically fails over to a second path when a primary one is unavailable or fails. It also uses load balancing across several connections to improve network and application performance.

Many vendors offer cloud-based SD-WAN options that place the controller in the cloud. Extracting this controller from the data center enables network scalability and flexibility and improves overall management. These benefits have led many organizations to adopt cloud-based SD-WAN.

How SD-WAN and the Cloud Helps SAP HEC

Cloud computing has revolutionized how businesses build IT teams, and SAP HEC has changed how companies think about SAP. It provides SAP benefits in an SAP-supported private cloud. On the other hand, adopting SAP HEC often requires IT to reevaluate the network architecture. 

SAP HEC supports Internet connectivity with IPsec or MPLS tunnels. However, MPLS connections can be expensive, while IPsec often results in poor performance by creating a single point of failure. With IPsec, companies must adapt their existing wide area network (WAN) architecture to enable Internet connectivity. 

Many organizations are looking for a more reliable alternative to IPsec and MPLS. With a growing focus on FinOps and cloud cost optimization, the high costs of bandwidth are a major concern for most organizations. One such alternative is the combination of the cloud and a software-defined wide area network (SD-WAN).

The Problem with Traditional Networking

Traditionally, an enterprise network architecture follows a hub-and-spoke design. A central hub, usually a data center or the headquarters, receives traffic from distributed locations such as branch offices or factories. The SAP HANA instance usually resides in the hub alongside the enterprise firewall to secure public Internet access. 

Theoretically, an organization could connect HEC and the data center via IPsec tunnels through the firewall (SAP supports IPsec tunnel pairs to private IPs). However, this approach is problematic because the firewall becomes a potential single point of failure, jeopardizing overall performance. 

Depending on the distance of HEC from the data center and the traffic congestion, this setup could impact the user experience for everyone. It can be especially frustrating for mobile users, who might need to reconnect to a location and the firewall whenever they try to access HEC. 

Another issue with this architectural approach is that HEC does not support more than two IPsec tunnels to an IP address. It is thus impossible to address performance and reliability issues in this way (i.e., by maintaining a firewall in each branch location with IPsec tunnels providing an Internet connection with other locations and SAP HEC). In short, it is not possible to send traffic from all sites directly to HEC. 

The IT team might address this issue by establishing a firewall close to the HEC instance. Each location could connect to this firewall, and the firewall will have an IPsec connection to HEC. However, not all companies have regional data centers where they could establish such a firewall. The firewall remains a potential single point of failure, and deploying new data centers is complex and expensive.

Why SD-WAN is the Solution

A good solution is to use a cloud-based SD-WAN or SD-WAN as a service. The cloud provider builds the SD-WAN in its network core over several Tier 1 backbones. The provider has multiple points of presence (PoPs), allowing websites to send traffic to the nearest PoP via encrypted tunnels. 

Each PoP has software to route traffic via the best path to the nearest PoP to the HEC instance. This instance has an IPsec tunnel pair connecting to the HEC cloud. The cloud-based SD-WAN architecture eliminates the need for backhaul communication and solves the problem of a single point of failure. The cloud provider ensures the best network connectivity, routing, and resiliency. 

Some implementations allow mobile users to access SAP via the cloud SD-WAN without connecting back to an intermediate location. SAP’s role is too critical to run over a compromised network. Cloud-based infrastructure is the most cost-effective solution to enable secure, resilient, and highly performant networking.