Third-Party Solutions usage in RISE with SAP S/4HANA Cloud, private edition

INTRODUCTION

Although lots of customers are starting their digital transformation journey with SAP S/4HANA Cloud there are still some customers that for many different reasons would require cloud-like services but additional flexibility and extensibility options for their SAP S/4HANA solution. For those customers (existing or new) RISE with SAP S/4HANA Cloud, private edition has become the main deployment option.

During the last couple of years supporting those customers in their transition to SAP S/4HANA Cloud, private edition through the SAP S/4HANA Early Adopter Care program I have seen some common customer/partner questions or requests for further clarifications regarding the usage of third-party solutions in such a deployment approach. Talking to my fellow colleagues that also shared their customers experiences I´ve decided to consolidate the main information that should be generally considered about such topic in this blog post and hopefully help customers/partners/consultants or anyone involved in an SAP S/4HANA Cloud, private edition transition project to understand the concepts and requirements regarding third-party solutions in this approach.

And starting with the very first question that comes to anyone´s mind about third-party solution in RISE with SAP S/4HANA Cloud, private edition: “do they need to be previously certified?”.

Using Certified/Non-Certified third-party solutions in SAP S/4HANA Cloud, private edition

I bet some of you have already heard something like “although it is highly recommended that customers deploy certified solutions (mainly ABAP Add-ons) it is actually not mandatory/required”. But let´s take a moment to clearly understand what this means.

“Certified by SAP” is usually a common reference to our SAP Integration and Certification Center certification process for SAP partners and third-party vendors solutions. These can be found in our Certified Solutions Directory. One important aspect to understand is that SAP certifies third-party solutions based on the evaluation and validation of different pre-defined criteria. For instance, the third-party Add-on solution is checked for syntactical correctness, correct deployment, uninstallation possibility and even if a solution release and versioning strategy is in place. This does not mean that SAP certifies and approves all partner solution functionality itself and even more, that SAP will directly be responsible for supporting this solution in case of product issues. These are still responsibilities of the third-party solution vendor since they are the solution owners and experts. On the other hand, being SAP certified is a great way to acknowledge that important topics from the third-party solution were checked successfully, thus increasing its reliability and avoiding some known situations that could negatively impact the solution. As already valid for the on-premise world, even in SAP S/4HANA Cloud, private edition customers can use their third-party solution either if they are previously Certified by SAP Integration and Certification Center or not. In both cases the third-party solution support for product issues is done by the external solution vendor and the solution implementation (configuration, adjustments, business validation) must be considered in your transition to SAP S/4HANA Cloud, private edition.

For further information about ABAP Add-ons certified for SAP S/4HANA Cloud, private edition, please check Christoph Claus’s blog post:
https://blogs.sap.com/2021/03/11/list-of-certified-abap-add-ons-for-sap-s-4hana-cloud-private-edition.

Now, some of you may be asking: “what about third-party solutions on the SAP pricelist?”. Yeah, these are additional offerings where the third-party solution is resold by SAP and SAP will also be the primary support contact. This means that customers can actually raise the third-party solution issue to SAP Support and SAP will check it and, if necessary, further contact the external solution vendor.

For the list of Solution Extensions provided by a partner solution (SAP partner solutions resold by SAP) released for SAP S/4HANA Cloud, private edition, please check the relevant SAP note for the desired SAP S/4HANA version, such as:

Finally, for specific previously unknown third-party solutions or versions our SAP Enterprise Cloud Services team may conduct additional architectural and security evaluations to further validate and confirm their usage compatibility within RISE with SAP S/4HANA Cloud, private edition.

But wait a minute, is this all just about ABAP Add-ons? No, unfortunately it is not.

Overall Third-party solutions rather than just ABAP Add-ons in SAP S/4HANA Cloud, private edition

Although ABAP add-ons are a very common way of delivering third-party solutions in an SAP system, when we think of SAP S/4HANA Cloud, private edition it is necessary to also consider the need for other types of SAP external solutions. These solutions should not require the installation of any customer/partner/third-party software (e.g. shell-scripts, executables, agents, …) onto the SAP S/4HANA application or database server or any other server managed by SAP.

In SAP S/4HANA Cloud, private edition the goal “to keep a clean core” is also valid for SAP S/4HANA application and database servers. This means that any other SAP software running on the SAP managed server should not impact or degrade the performance, system availability, sizing, operability, or security of the Cloud service. This is crucial for delivering the contracted system availability SLAs and providing further security measures for each managed server (let´s keep in mind that security is not only related to external access to the server; it also relates to any additional software installed onto the servers and which actions they can actually execute, encryption level for sensitive data and so on).

Additionally, there may also be a couple of solutions that require communication from/to SAP S/4HANA with a central external solution server (for instance, some external job scheduling tools). Such cases should also be understood in detail, so a proper migration/upgrade strategy could be designed. This could be something from just redirecting the connectivity from/to the external server, up to checking if such a solution could be already on the SAP S/4HANA Cloud, private edition price list, already previously allowed (in case of some specific OS/DB known libraries for instance) or even also requiring a version upgrade from the external solution to keep up with the new target SAP S/4HANA version.

Now, let me get back to the well-known ABAP add-ons. For customers who already have an SAP ERP solution and would like to transition to SAP S/4HANA Cloud, private edition using an SAP S/4HANA system conversion or even by performing a new implementation where current available add-ons should also be there in the new target system, tools like SAP Readiness Check for SAP S/4HANA and maintenance planner are very useful to get further information about the currently used add-ons and could be a good starting point for your evaluation of current needs.

The following sections of the SAP Readiness Check for SAP S/4HANA lists the add-ons installed in the system and shows whether they are compatible with the SAP S/4HANA target release. The check is performed via the maintenance planner. In addition, you can see whether the identified add-ons were provided by SAP or a third-party vendor.

© Copyright 2022 SAP SE. Source: https://help.sap.com/docs/SAP_READINESS_CHECK >> Key Feature Overview for SAP Readiness Check

© Copyright 2022 SAP SE. Source: https://help.sap.com/docs/SAP_READINESS_CHECK  >> Key Feature Overview for SAP Readiness Check

We may remember that these tools check the ABAP add-ons for technical feasibility/compatibility with the technical SAP S/4HANA target version regardless of systems deployment approach (on-premise or in SAP S/4HANA Cloud, private edition). That said it is still necessary to share such information with the SAP Enterprise Cloud Services team as soon as possible during the customer engagement (I will explain that in further details in couple of minutes).

Now that I may have my third-party solution checked and allowed in SAP S/4HANA Cloud, private edition it is necessary to understand “who does what”.

Third-party solutions installation, implementation and support in SAP S/4HANA Cloud, private edition

Third-party solutions are generally managed by and in the responsibility of the customer. This means that customers should identify their third-party solution needs, scope and estimated tasks/effort during the transition project.

If a customer does not have all necessary skills to manage a specific solution, in many cases additional resources from an external solution vendor or vendor implementation partner should be considered during the project planning and added in the project. They usually help in the external solution transition planning activities including specific solution version needs (especially in SAP S/4HANA conversion projects), adjustments, additional necessary configuration and support for issues raised by the customer during the transition project. Support for product issues should also be provided directly by the external solution vendor.

Regarding installation on SAP managed servers, SAP Enterprise Cloud Services team may execute technical tasks that are not directly accessible to customers (usually when OS level access or further actions are required). Eventually, for pure ABAP add-ons solutions customers could also request temporary access to client 000 for the installation. It is also important to say that the customer/solution vendor are responsible for providing the SAP Enterprise Cloud Services team with the necessary software files also during future SAP S/4HANA upgrades, which may also include an Attribute-Change-Package (ACP) file for conflict resolution with other SAP system software components, if relevant.

As briefly explained before, there are SAP partner solutions resold by SAP (also known as Solution Extensions) available for RISE with SAP S/4HANA Cloud, private edition. Such solutions are managed by SAP. This means that the necessary infrastructure and/or files for installation/upgrade can be obtained/delivered directly by SAP and the technical procedures would be executed by SAP Enterprise Cloud Services team. It is important to notice that customers/partners should still be responsible for the overall procedure planning, additionally required custom configuration (if any) and solution validation.

For a complete and detailed list of SAP S/4HANA Cloud, private edition services information and Roles and Responsibilities description I recommend checking the R&R document that can be found under the following link:

RISE with SAP S/4 HANA CLOUD, private edition, PCE Roles and Responsibilities

So, what happens if, for any reason, a specific third-party solution does not comply with the architecture or security criteria required by SAP S/4HANA Cloud, private edition?

Alternatives for a third-party solution not allowed in SAP S/4HANA Cloud, private edition

With the increasing number of customers and consequently third-party solutions in RISE with SAP S/4HANA Cloud, private edition it is very rare that an external solution would not be allowed.

For instance, third-party solutions delivered as ABAP add-ons only (without OS level access) are generally allowed and tolerated. Even so, especially for solutions with further components or infrastructure needs it could happen that the external solution does not fit to the mandatory SAP Enterprise Cloud Services architectural and security criteria needs. And security is of course a main priority for SAP Cloud based solutions. For example, SAP external software should not require passwords to be saved in configuration files, should not execute tasks directly on OS level (running custom scripts, operating other software on the SAP managed system) and obviously shouldn´t need root privileges at OS level or snoop network traffic.

That said, if a third-party solution is not directly allowed to be executed in SAP managed servers there could be other alternatives, such as:

A) Installing the necessary software into the customer’s on-premise landscape (or even into a hyperscaler if one is already in place) and just connecting it in a secure way to the SAP Cloud managed servers (if the third-party solution architecture technically allows to do so).

B) Customers may subscribe to SAP Enterprise Cloud Services in an IaaS (Infrastructure as a Service) model, which would be similar to the first option, but having the provided infrastructure delivered by the SAP Enterprise Cloud Services team. Thus, customers can install and operate freely the external solution on this specifically provided server if its communication to SAP applications hosted in SAP Enterprise Cloud Services under the RISE with SAP S/4HANA Cloud, private edition happens without any additional software installed on those managed application hosts (like SAP S/4HANA application servers or DB hosts).

C) Use a SaaS (Software as a Service) model for the third-party solution if available. That option could securely connect to SAP S/4HANA Cloud, private edition managed servers either directly or using a connector. For this last alternative it would also be necessary to comply with security criteria required from SAP Enterprise Cloud Services, but there is less chance of not being allowed since it usually provides only connectivity services and ideally has already been designed to comply with cloud-like deployment models.

Here you will find a graphic overview of possible alternatives:


Alternative options for 3rd Party Solutions not directly allowed in SAP Cloud managed servers

Finally, as we´ve seen so far, there are different types of third-party solutions, ABAP Add-ons, evaluation process and even architectural alternatives. For most solutions all this can be very straightforward but we should avoid finding out new necessary third-party solutions only during project time since depending on the solution complexity or even readiness, this could impact the timelines. So, how to avoid such situation?

Sharing your third-party solution requirements with SAP Enterprise Cloud Services team

Ideally customers transitioning to SAP S/4HANA Cloud, private edition should carefully check their third-party solution needs (again, either ABAP add-ons or any additional necessary software) in the very early stage of their RISE with SAP S/4 Cloud, private edition engagement cycle with SAP. During this initial stage, even before the final contract is signed or the project starts, customers will be in touch with the SAP Enterprise Services Cloud team who will guide them through the relevant information to understand the required solution scope and finally initiate the onboarding process.  The SAP Enterprise Cloud Services contact during this initial engagement moment should be aware of all customers’ needs including the required/desired third-party solutions before handing over to the SAP Enterprise Cloud Services delivery team.

With the increasing adoption of RISE with SAP S/4HANA Cloud, private edition, the number of known and allowed third-party solutions is also increasing. That said, although less frequent, there could be cases where further evaluation of the third-party solutions would be necessary by the SAP Enterprise Cloud Services team. It could take just a couple of days up to some weeks depending on the external solution complexity and findings during the SAP internal architecture and security evaluation.

The recommendation for customers is really taking the time to do a thorough check of third-party solutions needs/details and sharing with the SAP Enterprise Cloud Services team as soon as possible at an early stage to avoid surprises during the transition project execution and possibly negative impacts in its delivery timelines or even eventually in the Go-Live date. Having such information already checked even before the project starts would help reduce this risk and consider any SAP external vendors restrictions/recommendations in the transition project planning activities and timelines.

CONCLUSION:

Although the usage of third-party solutions in RISE with SAP S/4HANA Cloud, private edition is generally allowed, they must comply with some architecture and security requirements to guarantee the stability and especially security levels necessary for such a deployment option and should not be underestimated in your SAP S/4HANA transition project.

That said here are some key takeaways to consider in your transition to SAP S/4HANA Cloud, private edition regarding third-party solutions:

  • Execute a thorough evaluation of your third-party solution needs (these should include not only ABAP add-ons, but any other software that should be installed/connected to SAP managed systems)

 

  • Share your needs with the SAP Enterprise Cloud Services team in a very early stage of your engagement to avoid or decrease the risk of impacting your SAP S/4HANA transition project

 

  • Understand the roles/responsibilities for managing and implementing such external solutions, so the necessary resources are already considered in your transition project planning

I really hope the provided information clarifies some initial questions about third-party solutions usage in RISE with SAP S/4HANA Cloud, private edition and hopefully help our customers in a smoother transition to such deployment approach.

I would also encourage you to share your feedback or thoughts in the comment section below and take a look in further information about RISE with SAP topics in SAP Community (https://blogs.sap.com/tags/1e76886f-86ac-4839-9833-8bf95f5eb775/).

Stay tuned for future content about SAP S/4HANA solution and SAP S/4HANA Cloud, private edition experiences at Fernando Moreira in SAP Community.