SAP on AWS – Specialty (PAS-C01) exam Prep part-2

Let’s start with the first part of going through Domain 1 in exam blueprint.

Domain 1: Design of SAP workloads on AWS

1.1 Design the AWS account structure and connectivity patterns for SAP workloads on AWS

  • SAP connectivity strategies
    • AWS Direct Connect, AWS VPN
    • SAProuter is typically deployed in a public subnet to control and log the connections between SAP and your customer’s network
    • Amazon AppStream 2.0 can easily grant user access to connect to SAP systems over Https, Amazon AppStream 2.0 is a fully managed application streaming service that provides users with instant access to their desktop applications from anywhere.

1.2 Design a secure solution for hosting SAP workloads on AWS

  • AWS Shared Responsibility Model
  • AWS Identity and Access Management (IAM)
  • Route tables, security groups, and network ACLs
    • Understand traffic flows of SAP workloads. check section 1.4 below.
    • design solution based on SAP specific requirements like SAP support vis SAPRouter
  • Encryption options for data at rest and data in transit
    • Encrypt Data in Transit (enforce Transport Layer Security for application traffic – network level encryption between sites)
    • Encrypt Data at rest (Encrypt EBS volume – AMI’s – S3)
    • Define encryption methods and key management store like AWS Key Management Service
  • AWS service endpoints

1.3 Define optimized and cost-effective infrastructure solutions for SAP workloads on AWS

  • Certified operating system releases for SAP
  • Certified database release versions for SAP
    • All the database platforms and versions supported by SAP for an on-premises infrastructure are also supported by SAP on AWS. For details about the databases supported with specific SAP solutions on AWS, see SAP Note 1656099.
    • Amazon Aurora support for SAP Hybris Commerce
    • Amazon RDS support for SAP BusinessObjects BI and SAP Commerce (previously known as SAP Hybris Commerce)
  • Certified block storage solutions for SAP
    • EBS (Block storage) for SAP Application and database data, logs and backup volumes
    • EFS (File storage) also supported FSx for Windows File Server and # FSx for NetApp ONTAP
    • S3 (Object Storage) for backup and S3 Glacier for long term backup
  • Certified instance types
    • For production workload, Check SAP Note 1656099 for more information and also see
    • For non-production workload, refer to AWS Blog
  • Best practices to define shared storage solutions
  • AWS pricing models
  • SAP transport strategy

1.4 Design highly resilient solutions for SAP workloads on AWS

Leave a Reply

Your email address will not be published. Required fields are marked *