Let’s start with the first part of going through Domain 1 in exam blueprint.
Domain 1: Design of SAP workloads on AWS
1.1 Design the AWS account structure and connectivity patterns for SAP workloads on AWS
- Check out the previous blog on Why do you need to start running SAP on AWS
- Account strategy for SAP workloads; you can have account for Production and another for development or per business unit.
- Organizing Your AWS Environment Using Multiple Accounts
- Automate the setup of new AWS multi-account environments using Control Tower
- Secure your AWS account best practices
- VPC patterns for SAP workloads
- SAP connectivity strategies
- AWS Direct Connect, AWS VPN
- SAProuter is typically deployed in a public subnet to control and log the connections between SAP and your customer’s network
- Amazon AppStream 2.0 can easily grant user access to connect to SAP systems over Https, Amazon AppStream 2.0 is a fully managed application streaming service that provides users with instant access to their desktop applications from anywhere.
1.2 Design a secure solution for hosting SAP workloads on AWS
- AWS Shared Responsibility Model
- AWS Identity and Access Management (IAM)
- Route tables, security groups, and network ACLs
- Understand traffic flows of SAP workloads. check section 1.4 below.
- design solution based on SAP specific requirements like SAP support vis SAPRouter
- Encryption options for data at rest and data in transit
- Encrypt Data in Transit (enforce Transport Layer Security for application traffic – network level encryption between sites)
- Encrypt Data at rest (Encrypt EBS volume – AMI’s – S3)
- Define encryption methods and key management store like AWS Key Management Service
- AWS service endpoints
- consider using VPC Endpoint to eliminate the traffic joint through the internet when accessing AWS services like S3
Also refer to security pillar in Well-Architected SAP lens and Best Practices
- consider using VPC Endpoint to eliminate the traffic joint through the internet when accessing AWS services like S3
1.3 Define optimized and cost-effective infrastructure solutions for SAP workloads on AWS
- Certified operating system releases for SAP
- Certified database release versions for SAP
- All the database platforms and versions supported by SAP for an on-premises infrastructure are also supported by SAP on AWS. For details about the databases supported with specific SAP solutions on AWS, see SAP Note 1656099.
- Amazon Aurora support for SAP Hybris Commerce
- Amazon RDS support for SAP BusinessObjects BI and SAP Commerce (previously known as SAP Hybris Commerce)
- Certified block storage solutions for SAP
- EBS (Block storage) for SAP Application and database data, logs and backup volumes
- EFS (File storage) also supported FSx for Windows File Server and # FSx for NetApp ONTAP
- S3 (Object Storage) for backup and S3 Glacier for long term backup
- Certified instance types
- For production workload, Check SAP Note 1656099 for more information and also see https://aws.amazon.com/sap/instance-types/
- For non-production workload, refer to AWS Blog
- Best practices to define shared storage solutions
- AWS pricing models
- SAP transport strategy
1.4 Design highly resilient solutions for SAP workloads on AWS
- High-availability solution options for SAP workloads on AWS
- Disaster recovery solution options for SAP workloads on AWS
High Availability and Disaster Recovery Options for SAP HANA on AWS
**Also refer to the Reliability pillar in Well-Architected SAP lens and Best Practices
Solutions Architect – Cloud & Infrastructure