Mitigating controls are a great way to reduce SOD conflict risks. But if you’re not careful, you can mitigate yourself out of compliance. SAP SOX compliance in your company may be such a routine activity that you’ve lost track of why you’re doing it, beyond being told to. And, you may not realize that there could be ways to do it better. It’s not enough to assign a compensating control to a risk and call it a day. Advances in Governance Risk Management and Compliance (GRC) solutions offer new methods for handling SOX aspects in the SAP audit, especially concerning Segregation of duties (SoD).
First, What Is SOX Again?
SOX is short for “The Sarbanes-Oxley Act,” a federal securities law affecting publicly-traded companies. Sarbanes and Oxley were both Senators who sponsored the legislation in 2002. The law arose from a realization that public companies needed to do a better job creating accurate financial statements. Such a need became glaringly apparent in the wake of massive frauds at Enron, WorldCom and Global Crossing.
If you haven’t heard of those three companies, that’s sort of the point here. These were among the biggest and most famous businesses in the world, and they all went under after they were caught cooking the books. Investors lost billions. Thousands lost their jobs and retirement plans. The “Big Five” accounting firm of Arthur Andersen collapsed under indictment, which was another consequence of this malfeasance. Now, it’s the Big Four… It was a bad time. Equity markets needed reassurance that a company’s financial reporting was correct – hence the law.
The SOX law is lengthy and complicated. Two of its sections are relevant to the IT department and SAP administrators. SOX Section 302 covers a company’s financial reporting. The CEO and CFO must personally certify that all the company’s records are complete and accurate. These two executives must confirm that they accept personal responsibility for all internal controls and have reviewed these controls in the past 90 days. The law even calls for criminal penalties for willful violations of SOX. This has not actually occurred in 17 years, but the idea of the top people going to jail over the configuration of your SAP landscape is pretty intense.
SOX 302 definitions of internal controls include IT infrastructure affecting accounting and financial reporting. For example, SAP. Section 404 lays out addition requirements for monitoring and maintaining internal controls related to a company’s accounting and financials. SOX 404 requires an annual audit of these controls, and it need to be performed by an outside firm.
Translation: the SAP audit is part of SOX compliance. A federal law mandates your CEO and CFO to put their signatures on your work product. Further translation: You better know what you’re doing if you value your job.
SAP SOX Compliance and Internal Controls
SOX is big on internal controls, with good reason. Internal controls are processes that ensure the accuracy of financial statements. Say you have an internal control specifying that two separate people handle the processes of invoicing and making bank deposits, respectively. This is known as Segregation of Duties (SoD).
This control prevents a single person from being able to easily commit fraud. An example could be sending an invoice, stealing the payment and then deleting the invoice. The risk here is that the company’s cash flow would not equal its reported sales revenue. Accounting audits are supposed to catch such tricks, but as the Arthur Andersen example shows, auditors can be misled. Alternatively, the SoD control prevents a single person from sending a fake invoice, which overstates the company’s revenues and earnings, ultimately enabling executives to collect unearned bonuses. This fraud is perpetrated by insiders, and is similar to what happened at Enron and the others.
Given that SAP is typically the main financial and accounting system at a business, the SOX audit often focuses on internal controls configured into the SAP landscape. The SoD controls described above, and many more, are set up and governed inside SAP. The SAP audit verifies that they’re effective.
How to Reduce SoD Conflicts in SAP SOX Compliance
When two SAP system users have access privileges that allow them to violate an SoD control, that is known as an SoD conflict. To pass an SAP audit that fulfills the needs of SOX, you have to identify and get rid of SoD conflicts.
The SAP audit process will ask you to answer two basic questions about your controls.
Are they valid?
Do they actually work?
For your controls to be valid, they need to mitigate the entire risk, not just a piece of it. You need to prove your success to the auditor.
Common Pitfalls with Mitigating Controls
Setting up new vendors is an activity that can lead to fraud if a single SAP user can set up a new vendor, submit invoices from this new vendor and then approve those invoices for payment. Unfortunately, real life experience has shown the potential for costly and embarrassing frauds using this exact technique. So let’s say you want to reduce SoD risks in vendor management. One way to overcome an SoD risk like this is creating what’s known as a “mitigating control.”
Mitigating controls might state that you review all Vendor Master Changes on a weekly basis for appropriateness. As you might imagine, this is a potentially faulty practice. It’s an adequate control to have someone skim the changes and search for potential SoD problems. In our experience, excessive reliance on mitigating controls is risky.
It won’t matter to the auditor if you’ve said you are going to execute a potential process. You have to make the actual mitigating control work. Instead, you should have a process in place to define what you’re looking for and how to address suspicious activity. A procedure should document the workflow so it’s reviewed and signed off by the appropriate party each week. You would also have to reaffirm the control. This way you can ensure it actually addresses all the SoD risks it’s supposed to cover.
Manual Processes Are Impractical for Reducing SoD Conflict
You have to automate your internal controls, especially SoD. It’s just too difficult to use mitigating controls successfully without automation. The process is time-consuming and complicated. Using manual review results in a patchwork of poorly-maintained controls, and won’t reduce SoD conflicts or other obstacles to SAP SOX compliance. Even if the manual process leads to controls that work, it is usually hard to maintain the review process. Compliance staff wastes time getting signatures and documentation.
Automated processes enable you to continuously monitor your controls. GRC software like our ControlPanelGRC can provide this functionality. It can spot issues instantly and then drill down to reduce SoD conflict. This saves everyone on the audit team and SAP admin teams a lot of time.
Finding the Right SAP Access Control Solution
Symmetry’s ControlPanelGRC tool augments SAP’s native capabilities to enable streamlined SOX audits. It defines and analyzes risks in the SAP software, and ControlPanelGRC also provides rulebooks that help with SoD management. It works on a highly granular level and facilitates risk modeling and “what if” scenarios.
ControlPanelGRC Access Control provides continuous control monitoring in a single solution. It automatically executes compensating control reporting. A self-documenting workflow follows, allowing for review and signoff. These capabilities let you reduce SoD conflict and cut down on uncertainty in your SAP SOX compliance efforts.
Learn how Symmetry can support your SAP SOX compliance processes. If you would like to receive a free SAP GRC Risk Assessment, please contact us.
If you’re thinking of moving some or all of your SAP landscape to the public cloud, Amazon Web Services (AWS) is a worthy choice. They have multiple options for SAP in the public cloud. In addition to preset SAP solution packages, AWS is providing bigger instances, more extensive customization and automation, improved stability and better third-party support. It’s not an easy decision, though. While it is becoming harder to justify the cost of running a data center, putting SAP onto AWS is not without its challenges. Having worked with many clients on SAP migration to AWS, though, we can recommend best practices that help ensure a smooth transition.
SAP Migration to AWS Overview
Migrating SAP to AWS is going to be a major transformation, no matter how simple it may look at the outset. The process involves moving your most business-critical assets to a hosting platform you don’t completely control. You’ll be in a multi-tenant environment, and own the responsibility for architecting a high-performing, redundant SAP landscape.
Before you dive in headfirst, it’s worth asking yourself why you’re contemplating an SAP migration to AWS. Do you want to consolidate your SAP assets in the public cloud to gain operational efficiency? Is it a risk mitigation move? Is it part of an SAP upgrade?
Your migration should align with your broader SAP goals and overall cloud strategy. It doesn’t matter if you’re doing a “lift and shift,” a backend database migration or a full SAP S/4HANA upgrade. Each has its own complex considerations. Working with a partner can help. A partner who’s been through it before can work with you throughout the process—all the way from identifying goals to choosing a migration strategy, handling the migration itself, making the transition to steady-state operation and performing the ongoing maintenance and support that is required.
A Recommended First Step: AWS for SAP HANA
It’s usually a wise move to start with a move from SAP ECC or SoH to SAP HANA. This way you can focus on the back end database migration first. Deal with the front end application at a later stage of your migration project. This way, you can clean up your data and code, realizing database efficiencies without changing the business processes. Then, you can plan to upgrade to S/4HANA on AWS.
At the same time, certain qualities that make SAP HANA innovative can make it more complicated in the public cloud. As an in-memory database, SAP HANA requires a significant amount of dedicated RAM in order to function property. AWS has special virtual instances specifically designed and certified to support HANA workloads, but right sizing these systems, and eventually tight sizing these systems is not typically as cut and dry as you may think. This is where the value in both public cloud and SAP expertise really comes into play.
SAP on AWS Implementation Guide
Running SAP on AWS is more than just a change in your hosting provider. It’s really an entirely new phase of SAP operations. Remember—AWS is just a platform. You’re still in charge of your SAP landscape and responsible for how it works. AWS is infrastructure. As they themselves will tell you in their SAP FAQ, “AWS manages the physical infrastructure up to the virtualization layer. The operating system and any SAP applications and databases running above the virtualization layer are managed by the customer.”
In our case, we approach SAP on AWS as if it were in a private cloud. For instance, if something goes wrong with a VM, we shift workloads away from it. We transfer new workloads to a different VM. However, we keep the VMs operating long enough to avoid any disruptions. We’re also proactive about performance tuning and monitoring so your organization doesn’t miss a step. We leverage all that the public cloud offers while still maintaining eyes on the screen and hands on the keyboard. After all, this is SAP we are talking about.
Planning, including extensive gathering and review of technical and business requirements, details for personnel assignments and roles for partner firms
Architecting the solution on AWS, including failover and backup along with VM memory and processor configurations
For some, building a proof of concept environment, followed by testing, and “lessons learned” evaluation
Preparing existing SAP assets for migration, including data cleanup and modifications to the existing application code required for cloud hosting
Building your AWS Landing Zone
Installing, configuring and deploying SAP on AWS, including the all-important “go live” moment when you roll the old system over to the cloud
Mapping out and then implementing security and disaster recovery plans
Taking over Basis in the new landscape
Running Governance Risk Management and Compliance, e.g. Segregation of Duties (SoD)
Best practices for SAP on AWS include many of the best practices for running SAP anywhere. For AWS in particular, though, a few distinct practices are worthwhile to pursue:
Create a dedicated AWS support team, or at least a dedicated AWS person in your IT department. AWS is extensive and complex enough that someone will need to master all of its workings and stay on top of the continual changes that affect the platform.
Implement daily maintenance. Steady state SAP Basis operation doesn’t stop in the cloud. If anything, it becomes more urgently needed.
Pay attention to performance tuning. SAP performance tuningis critical to keeping your landscape healthy in the public cloud. Things can change quickly in AWS, as new tenant “neighbors” can affect the way AWS’s internal networks and server loads function.
Keep people in touch with each other, especially if you are continuing to run some of your SAP landscape on premises or in a private cloud. More deployments and connections create a greater need for communication and coordination between people and teams. Missing this practice is a common pitfall we have seen. Poor communication and internal coordination can lead to trouble with your SAP on AWS deployment.
Consider having one vendor to hold everyone and everything together. This is a role we are accustomed to playing.
Working with the Right Partner for SAP on AWS
It pays to work with a good AWS partner when performing an SAP migration to AWS, one that has a depth of talent among its SAP consultants. These people should be SAP certified, with the company part of the AWS Partner Network. For example, SAP HANA is sensitive to configuration and performance nuances in both hardware and network. Generally, you cannot fix problems with SAP HANA on AWS by spinning up more VMs. To get the best results, your partner should offer application performance monitoring capabilities along with appropriate management tools.
Similarly, watch out for limited or overly reactive service offerings. Sometimes, a company moving SAP to AWS will select a partner with a “Break/Fix” approach to support. The problem with Break/Fix is that the service provider waits until there’s a problem, causing delays as they figure out how to solve it. Sometimes the people at the service provider take an excessively long time to solve the problem because they’re not familiar with your AWS instance of SAP, lack training or both. This can be highly disruptive and costly to an organization. The right partner for running SAP on AWS should ideally have a dedicated team that’s continually maintaining and tuning your landscape.
We have extensive experience helping companies migrate SAP to AWS, or even helping them choose not to, if that’s the right call. If you want an expert opinion on AWS as an option for your SAP landscape, and then proven experience in rolling out the migration and post go-live support, let’s talk today.
We get asked all the time: what is SAP Basis? People know, but they ask anyway. That’s because SAP Basis is a deceptively simple aspect of the SAP universe. As its very name suggests, it’s basic. It’s fundamental. It’s essential. In reality, SAP Basis is an absolutely critical element of success with SAP. And, while SAP Basis is simple in concept, there’s actually a lot to it.
So what is SAP Basis? At one level, Basis is about basic maintenance, staying on top of database administration and upkeep. Think of SAP® Basis as the glue holding your SAP landscape together. A Basis administrator’s job is to make sure that all of your SAP components and applications can communicate with one another—and make this happen without any performance degradation for end users.
SAP Basis Support Overview
SAP Basis deals with the technical layers of the SAP landscape and is tasked with keeping it all healthy, including SAP enterprise cloud, database and applications. Basis administrators install updates and monitor systems for errors. They’re constantly tweaking elements of your SAP landscape so they can be faster and more reliable. Solid SAP Basis support prevents costly outages. Indeed, without effective and regular Basis work, your SAP landscape can fail.
What follows is a comprehensive guide to Symmetry’s top SAP Basis insights that IT leaders need to know. These links allow you to jump to specific sections:
SAP Basis support administrators have the responsibility for keeping all your SAP environments stable and secure. They’re tasked with meeting your end users’ needs. This means checking system logs on a daily basis, differentiating between minor issues and serious problems. For example, SAP has locks that temporarily restrict access to business objects when they’re undergoing a change. The SAP Basis admin can manually release a lock that fails to release automatically. This failure to release, however, may reveal a problem with app configuration, sizing or scheduling. A good SAP Basis admin can find and fix the root cause of the issue before it leads to problems in performance that affect end users.
Ideal Skill Sets to Look for in Your SAP Basis Administrator
Having solid SAP Basis support is key for not only preventing costly outages but also enabling your business to continually improve. Your Basis administrators should not only be able to run SAP installation and upgrades but also have extensive experience working with various scenarios.
Ensure your company has the right Basis administrator by checking for these top four skills: real-world experience in resolving problems, end-user focused approach in implementing process improvements, ability to aid new SAP upgrades and installations, and diverse skills and experience with SAP NetWeaver, JAVA system administration, SAP Solution Manager 7.2 or higher, and ABAP programming. Each organization requires its own unique SAP Basis admin support, but all need Basis support that can identify your particular SAP landscape and maintenance needs. Extensive, hands-on experience will help differentiate issues that need to be escalated versus troubleshooted, saving your company huge costs.
SAP Basis Administrator Responsibilities
Going beyond the monitoring, analyzing and troubleshooting of SAP Basis, the Basis admin has numerous other duties. These include:
Architecting the Environment: SAP Basis admins identify the resources (such as personnel, hardware and/or software) needed for successful installations and upgrades, as well as to keep up with future use patterns.
Implementing Best Practices: Business and Basis tasks intersect in complex ways that can affect the way your organization runs. Basis staff streamline these tasks to promote efficiency and ease of use.
User administration: Users are given roles in SAP corresponding to job functions. An SAP Basis administrator fulfills user and role management requests, such as provisioning roles to new hires, rescinding permissions when workers leave, and spotting SOD conflicts between roles.
Managing SAP Transports: SAP transports (i.e. updates) need to be carefully tested before they’re migrated to production. Admins must review transport requests, configure and test transports, gather signatures and install transports in the correct order.
Scheduling Background Jobs: SAP background jobs are what they sound like — routine processes that run in the background. An SAP Basis administrator schedules and runs these jobs during times of low demand, so that they don’t overburden system resources.
SAP Tuning: The best SAP administrators spend more time on performance tuning than troubleshooting. By analyzing system performance, user demand and other factors, an SAP administrator can ensure consistent performance and avoid the need for heroics.
Disaster Recovery/High Availability: An SAP administrator is responsible for backing up and restoring the environment, and testing the backup systems. These SAP Basis administration tasks are often outsourced to a cloud disaster recovery partner, who can generally improve reliability and lower costs.
Requirements for SAP Basis
Each company’s SAP Basis requirements will be different. However, they share certain common elements. The requirements are always focused on keeping systems updated, secure and performing at their full potential. Requirements for SAP Basis cover both non-production and production environments. They deal with performance, new installations, patch application, parameter changes, upgrades and reorganizations. Requirements delve into availability in the SAP ecosystem, covering troubleshooting and monitoring systems on a regular basis.
What is the Role of SAP Basis in Upgrades?
Typically, Basis experts take the technical lead in SAP upgrades and migrations. When a business upgrades or migrates to new SAP hosting or cloud provider, business doesn’t stop. The team needs to migrate the business data, configure, and test the new installation, all while keeping the former, source system running. As you can imagine, the business continues generating new data during the migration, which in turn, needs to be migrated to as well. In addition, the business may decide to change the database and/or O.S. platform to a newer technology like SAP S/4HANA, adding extreme complexity. These landscapes are incredibly intricate and can take several months to complete for a large organization. Without a highly-qualified SAP Basis team, the project can run into costly delays, or fail entirely.
Do I Need a Dedicated SAP Basis Administration Team?
We recommend that you know your SAP Basis support staff. If you don’t work in IT, you’ve probably never met them, but you might want to. While they tend to have a pretty low-profile job, these are the people who are more or less responsible for keeping your entire business running smoothly. They keep the SAP landscape running behind the scenes.
Your enterprise ecosystem is complex.
Inexperienced SAP Basis administrators often run into issues they’ve never seen before. This isn’t a problem in and of itself — that’s how you learn, right? — but a developer who does SAP on the side is much more likely to make costly mistakes that impact system performance, security and stability than an SAP certified Basis administrator with extensive training and experience.
An SAP Basis administrator needs to resolve issues quickly.
When SAP starts to break, quick response time can mean the difference between a minor glitch and a major outage. A dedicated SAP Basis team is immersed in solving SAP issues 24/7/365, so they’ll be able to solve the problem quickly.
A dedicated SAP Basis admin is more economical.
Loading down your IT staff with SAP Basis administration tasks has high operational costs. It may be wise to consider outsourcing SAP Basis support to a trusted vendor. Why? Because, it’s not a 9-to-5 job. People need time off. They get sick. Yet, you need them to be available for your SAP system at all hours. An outsourced team, which is part of a deep “bench,” can provide the kind of consistency and reliability that you need.
It is About Much More Than Just Tech
Anyone can study the technical fundamentals of SAP Basis, but without business insight and soft skills, they can’t meet the needs of an evolving company. An experienced, well-trained SAP Basis administrator will take the time to communicate with executives, managers and end users. They do this so they can engineer the system to meet the company’s unique business needs, and is the Symmetry approach to Basis. We are an SAP Basis Support and Managed Services provider that trains its people to engage in communication and collaboration with all levels of our customer’s organization, from IT admins to the C-suite. That keeps everyone on the same page, so complex cloud and IT infrastructure projects stay on-schedule and free of costly setbacks.
Understand SAP HANA with SAP Basis Insight
We help many of our clients adopt SAP HANA and SAP S/4HANA. This has become a sub-specialty for Basis admins. If you’re running SAP HANA, there are certain things you need to know from an SAP Basis perspective. SAP HANA acts as a backend for SAP BW and SAP Business Suite. If you combine the duality of SAP HANA’s flexibility with SAP BW’s features, this may require a more extensive Basis skill set. SAP HANA acts as an RDBMS for SAP Business Suite. To make this work, in Basis terms, you have to know SAP NetWeaver platform and SAP HANA repository objects. The complexity of SAP HANA use cases, architecture and scaling requires an SAP Basis administration skill set that is unique and varied.
Enhance Your SAP Service with SolMan
SAP Solution Manager or SolMan can help improve not only your SAP Basis team’s efficiency but also productivity. Its tools help monitor system health, as well as manage the life cycle of your SAP implementation. SolMan enables you to perform all testing in one place to easily track results. This actually helps speed up the overall preparation and execution of system testing. It also acts as a template for your implementation projects so that you can reuse content in a variety of formats.
While SolMan in SAP Basis improves efficiencies across the board, it’s important to consider one main issue that companies face during set up: they simply don’t have enough Basis team members to set up and manage SolMan effectively. Therefore, making sure you have enough Basis support for proper set up will help you reduce costs and achieve positive ROI.
Finding a Technical Managed Services Partner
With SAP Technical Basis support providing the glue that holds your business together, it’s crucial that your IT department is not torn between providing SAP Technical Basis support and aiding your business’ strategic goals. A dedicated SAP Basis managed services partner like Symmetry can strengthen your IT department, leading to increased productivity, cost savings and even happiness on the job. Our Basis managed services help you avoid delays. We have a proven track record of keeping your IT department on task. When an emergency issue arises, we have the resources to dedicate time to mitigating its impact. We support your IT department so it can focus more on business-facing issues and less on dealing with minute-to-minute “firefighting.”
As the cloud and outsourcing grow in popularity, many firms are presenting themselves as SAP managed service providers (MSPs). However, this is not a designation that all firms are equally entitled to claim. What does it take to be a great SAP managed service provider? In our experience, earning this title requires a combination of certification, proven experience and specific service offerings.
SAP Managed Service Providers: An Overview
An MSP is a company that provides IT services on an outsourced basis. This usually means delivering services at their location and within their data center, a co-location facility or in a private cloud they run on their premises. Some work in the public cloud. Others perform services at your location, a so-called “insourced” MSP. Wherever they are though, the essence of an MSP is that they take on tasks so that your people can focus on other things.
An SAP managed service provider specializes in supporting SAP landscapes on an outsourced basis. Given the depth of the SAP solution set, there are a wide variety of SAP MSP service offerings on the market. Some SAP MSPs focus on technical or functional work (and sometimes a combination of the two). Others work on applications like SAP HANA or support software development for SAP and so forth.
SAP Basis Managed Services
As its name implies, SAP Basis is the foundational level of SAP support that ensures SAP landscapes run as well as they possibly can. It’s a collection of tools and practices that enable your SAP landscape to function effectively as a whole. SAP Basis may not be the most glamorous, but it’s absolutely critical. When things aren’t going right in an SAP environment, it’s almost always a lack of proper SAP Basis support.
To be a technical SAP Managed Service Provider, a firm needs to offer SAP Basis as a managed service. An SAP Basis MSP, a role that Symmetry has delivered since 1996, takes care of things like tuning server compute resources, configuring hardware and software, implementing system upgrades, patches and so forth. A credible SAP Basis MSP provides experienced Basis administrators who can perform all necessary functions for a complete SAP Basis support team.
SAP Cloud Managed Services
Some SAP MSPs offer SAP solutions on a Software-as-a-Service (SaaS) basis, hosted in a cloud environment. We do this. In fact, we consider this kind of service offering fundamental to the SAP MSP business. Using the SaaS model is the essence of leveraging managed services to benefit your business. You do basically nothing, but still get to make use of a first-class SAP landscape.
With SaaS SAP cloud managed services, you don’t have to worry about keeping up with multiple commercial relationships for responsibilities like SAP licensing, maintenance, support and hosting. The MSP does all of that. At the same time, the MSP usually provides additional services. This can include security monitoring and more to further free your team from SAP responsibilities.
Public Cloud SAP Managed Services
The public cloud, meaning services like Amazon Web Services (AWS) and Microsoft Azure, make SAP software available on their platforms. In theory, it’s easy to open an AWS account and spin up an instance of SAP ERP or SAP HANA. The low costs might be stunning to anyone familiar with the standard budgets for running an SAP instance on-premises. However, running SAP in the public cloud can be quite challenging. This is especially true if you need the performance, security and reliability most SAP customers are accustomed to. That’s where a public cloud SAP MSP demonstrates its value.
Not all SAP MSPs can competently handle the public cloud. One reason a service provider, or a highly experienced in-house staff member, is needed for the public cloud comes from the inevitable use of hybrid cloud architectures. Despite the wide acceptance of cloud architecture today, many customers are unable to move 100% of their SAP landscape to the cloud. At least not at the first go-round. Many organizations today continue to run some SAP assets on-premises or in private cloud environments. This may be due to in-house requirements, security concerns, or other factors.
An SAP managed service provider will help you oversee this generally complex architecture. In our experience working with SAP in the public cloud, a finely tuned SAP landscape needs harmonization between its infrastructure, operating system and application layers. As a public cloud SAP MSP, we blend automation, practical experience and technology together to deliver reliable operations and constant support. No matter where your landscape is hosted.
SAP HANA Managed Services
Managed services for SAP can be a good choice for companies that want to take advantage of the SAP HANA in-memory database. This is because SAP HANA can be challenging to implement and manage, and this is true of the S/4HANA suite as well. It takes experience and expertise to successfully implement and keep it running well. When you put SAP HANA in the cloud, the need for outside help increases.
SAP HANA and S/4HANA instances are now prevalent enough that any serious SAP MSP offers some level of SAP HANA managed services. In addition to being a certified SAP HANA Operations managed services provider, we built a next-generation cloud platform. This platform is optimized for SAP HANA workloads but can also be leveraged for basic SAP ERP workloads. The provides an easy path to upgrade when customers are ready to harness the right-sizing, performance and throughput needed for big data applications.
Working with the Right SAP MSP
The right SAP MSP for your business will be one who can meet your current and future needs. It will offer a combination of proven skills and specific services like private cloud hosting and SAP HANA managed services. A competent SAP MSP will be your long-term partner for your evolving SAP needs.
Symmetry has a strong track record as an SAP managed service provider. For over two decades, we have been deploying, tuning and managing complex SAP technical environments. Our cross-functional team of experts will support your SAP landscape across its complete lifecycle. With Symmetry, you get a range of managed service options. We can also create a custom managed service offering for your specific business requirements.
For the public cloud, we are certified as an AWS Advanced Consulting Partner with SAP Competency, and are a Microsoft partner. Conversely, our managed private cloud services let you to take advantage of our experience with multiple platforms. These include core business systems as well as integrated third-party applications. With our virtual private cloud, we do the work while you reap all the benefits. That service is delivered on dedicated Symmetry-owned equipment. Our data center solutions are built and supported by industry-leading teams of engineers with specializations in network, infrastructure, security and applications.
Now that you understand what it takes to be an SAP MSP, learn how Symmetry can play this role in your business. To learn how our SAP managed services can help your IT department become more productive, contact our team today.
Companies that use SAP to run their businesses are facing a wealth of new choices for how they host and manage their SAP landscapes. This can include a private cloud, public cloud or a hybrid cloud mix. In the public cloud arena, it is now possible to run mission critical applications like SAP HANA on Azure. This may, or may not, be the right choice for your business. Many factors should influence your choice to place your SAP HANA in-memory database and data platform on Microsoft’s Azure public cloud infrastructure.
Defining Microsoft Azure and SAP HANA
Should you run SAP HANA on Azure? First, two quick definitions. Azure is Microsoft’s cloud platform, notable for its immense depth of capacity and breadth of service offerings. It’s a global platform. It enables you to run virtually any software stack you can imagine for a wide array of use cases. Azure naturally aligns with the Windows stack, but it is not at all limited by it.
SAP HANA, in turn, is a relational database platform that’s based on in-memory technology. With SAP HANA, data resides in the computer’s solid-state Random Access Memory (RAM). This architecture leads to dramatic improvements in database performance over traditional disk-optimized databases. The CPU can access directly for workloads like Business Intelligence (BI), ERP and other enterprise applications.
You can run SAP HANA on-premises on your own dedicated hardware, in a private cloud, at a co-location facility or in the public cloud. When you launch an SAP HANA certified Virtual Machine (VM) or bare metal server, you’re getting a system that is pre-configured specifically to run SAP HANA workloads in Azure. This means the servers will have a required amount of memory allocated to it for the purposes of operating the SAP HANA database.
There are a number of pros and cons to putting SAP HANA on Azure. On the pro side, you save on the capital investment required to stand up SAP HANA infrastructure yourself. The elastic nature of the public cloud allows customers to scale at cloud speed. Public Cloud removes some of the dependencies associated with on prem solutions and breaks the procurement cycle once and for all. Furthermore, Public Cloud allows Enterprises to utilize the latest and greatest infrastructure, ending the dreaded hardware refresh cycle. Ironically, it is the same hardware that some consider the downside. Commodity infrastructure has a stigma that suggests a lack of resiliency. Furthermore, some IT leaders aren’t comfortable losing visibility and control of the underlying Azure hypervisors.
Getting Started with SAP HANA on Azure
Running SAP HANA on Azure is not a “set it and forget it” proposition. It’s simply another deployment option for SAP HANA, and like all options it requires knowledge, training and focus. Plus, as we have seen many times, a migration to HANA, particularly S/4HANA, may involve a data migration to SAP HANA in the cloud – especially if the implementation is not greenfield. This takes work.
For example, to migrate a database to SAP HANA on Azure, you need to build a reference architecture first. Chances are, you won’t be doing a simple “lift and shift.” Depending on your use case, this may require some customizations to the preset SAP HANA VMs available on Microsoft Azure. Indeed, some of the customizations may occur to your data before you migrate it.
Microsoft makes cloud engineering services available to help you figure out your best approach. As a Microsoft partner, we have worked hand-in-glove with these teams to ensure an optimal transition for SAP landscapes. Tasks may include things like upgrading and changing their SAP Kernel on the Azure VM.
Running SAP on Azure vs. AWS
The rich selection of application and platform options on Azure is partly the result of competition between Microsoft and Amazon over dominance in the cloud. Amazon is the primary cloud player with its massive Amazon Web Services (AWS) business. Microsoft is catching up, though. It’s a battle between two tech titans, each with very deep pockets. They’re investing billions of dollars into infrastructure and specialized service offerings—all the better for you.
We’re not going to take a side here. We support SAP HANA on both AWS and Azure. Each platform can do a superb job, assuming you approach the migration and deployment process the right way. In fact, the answer to “which is better for SAP HANA, AWS or Azure?” the answer is basically, “It’s up to you.” Some companies have an existing commitment to one platform or the other. If that’s the case, then it makes sense to follow this. If your team already knows it way around AWS, it might make sense to use that platform for SAP HANA.
Best Practices To Consider
The most fundamental best practice for SAP on Azure is to work with the right implementation partner. Azure’s self-provisioning is seductive. It looks easy, but you can find yourself in trouble right away with the best practice of optimizing your environment size for today. Right-sizing your environment means allocating the correct resource pool for your SAP HANA environment, and tight-sizing means paying for exactly what you are using. Azure makes memory, storage and compute available in big blocks only, meaning if you’re just over one threshold you could end up paying for nearly double the resources necessary. This may prevent you from getting the allocation correct, leading to sluggish performance and even instability.
SAP HANA workloads are performance-sensitive. Thus, the best practice is to collect data from relevant compute, networking and storage resources used by SAP HANA. Then, you’ll understand what your SAP HANA instance needs on Azure. This can be a challenge, though, because Azure runs commoditized hardware and only offers limited monitoring tools. It can be hard to gather sufficient insights into underlying infrastructure issues that could affect performance.
Beyond these measures, based on our experience, we recommend the following best practices:
Automation of all possible SAP HANA deployment workflows on Azure
Custom, automated reporting covering resource usage, configuration, performance and capacity
Limitations of SAP HANA on Azure
In addition to configuration and potential performance issues already discussed, the Azure stack has several limitations that may affect the success of an SAP HANA deployment. Azure is considered good for what is known as “any-to-any” computing. It can easily link applications and data from a variety of hosting environments, including other cloud providers and on-premises infrastructure. This is good, but it comes with a few problems.
For example, there are constraints on moving resources around. Your ability to respond to changes may be limited by the infrastructure. Nor will you automatically have visibility into your landscape. This can be remedied by use of monitoring software. Similarly, it may be challenging to meet cloud compliance goals on Azure unless you deliberately segregate sensitive information. While Azure meets all compliance standards and can offer access to their Government Cloud for enterprises that meet the criteria, little or none of this is done on an “as-is” basis.
Finding the Right Public/Private Cloud Mix for SAP HANA
In our experience, the best approach is to extend SAP HANA into Azure in a hybrid deployment, rather than place the entire solution in the public cloud. Ideally, your SAP HANA cloud solution on Azure will accommodate your current stack and your future business strategy. This hybrid cloud architecture is an area where we can help. Our managed SAP HANA cloud and expert services teams are available to work with you on configuration, administration and security in addition to hosting a hybrid cloud for SAP HANA that involves Microsoft Azure.
Contact us to learn more about how Symmetry can help deploying SAP HANA in the Microsoft Azure public cloud.
Working with hundreds of business customers over the years, we have learned that if a company is large enough and complex enough to need SAP for ERP, it’s more than large enough to require Segregation of Duties (SoD) controls. SoD is designed to prevent a single person from performing multiple duties that allow him or her to violate a regulation, and is often used to prevent fraud. SoD also applies to activities like environmental inspections, healthcare processes and more. Compliance schemes, with Sarbanes Oxley (SOX) being the most prominent, require minimizing SoD risks in SAP.
A Brief Overview of Segregation of Duties (SoD)
SoD is tied to transactional workflows. For example, if your company hires a vendor to perform a service, someone in your company needs to set up that vendor in SAP so the vendor can get paid for invoices you receive. Your employees are responsible for drafting and approving purchase orders (POs), receiving and approving payments (Payables) and finally, issuing and signing checks to pay vendors.
For each step in this transaction workflow, there’s a person and a software function on the SAP platform. There’s also the potential for SoD risks in SAP and ultimately fraud. If one employee can set up the vendor in SAP, write the PO, approve the invoices and sign checks, that employee has the means to embezzle funds. This may not be a pleasant topic, and in general, most people perform these duties with care and integrity. However, as experience has shown, when there’s the potential for abuse, there is abuse more often than people want to admit. To prevent fraud, accounting principles hold that you should separate, or segregate the various duties involved in a transaction workflow.
SoD Roles and Responsibilities
SoD works by means of role-based responsibilities in the transaction workflow. In the vendor-PO-invoice flow, the roles would correspond to each critical portion of the job function. Each portion (e.g. approve the PO) should correspond to a role with specific duties, aligning with a suitable SAP security model that satisfies the separation of these duties.
Each role then needs to correspond to a specific system usage capability. Someone who can set up vendors should only be able to access the “vendor set up” function in SAP. A user with this role would be prohibited from accessing the “PO approval” function, and so forth. By limiting employees to such defined roles, it is possible to reduce SoD risks in SAP.
What are SoD Risks in SAP and SoD Violations?
When we look at SoD in the context of a finite, familiar transaction like paying a vendor, it makes inherent sense. What could be so hard about it? The problem arises from organizational and transactional complexity. Big organizations, as well as small organizations with a lot of locations and teams, tend to create complicated SoD scenarios.
There could be thousands of users in an SAP system, with a role roster that spans dozens of access rights. Figuring out who should be able to do what can be a difficult task. Not to mention that things are continually changing. An admin could establish a new role with too many access privileges without understanding its impact on SoD. This is known an example of SoD risks in SAP. If a role allows for actual SoD problems, it’s called an SoD violation. These need to be remediated or the company will be at risk for fraud and non-compliance with laws like SOX, ultimately resulting in failed audits.
SoD Risk Review
SoD Risk Review is the process of inspecting an organization’s users, their roles and the underlying SAP system for situations where SoD violations are occurring. It’s a daunting task. One that involves defining the organizational structure, mapping out transaction steps and correlating them with user roles. Done by hand, it’s a big chore, so an automated solution can be highly beneficial.
What is an SoD Matrix?
One traditional approach to reviewing SoD risks in SAP was to map out roles and responsibilities graphically in a matrix. An SoD Matrix plots transaction permissions on the X and Y axes of a matrix. By eye, it is then possible to inspect the matrix and discover places where two roles have an SoD conflict. Though once considered a best practice, the SoD matrix is now obsolete. A rulebook or ruleset, implemented with (and oftentimes included with) a GRC solution, is far more efficient and effective.
SAP GRC Access Risk Analysis
SoD is a subset of the broader Governance, Risk Management and Compliance (GRC) functions of a business. GRC is partly a board- and c-suite executive level responsibility that covers how well they’re governing the corporate entity. As part of GRC responsibilities, the IT department (or security team) will conduct a GRC access risk analysis. Access risks relate to the danger that an unauthorized outsider could access the company’s digital assets. It also deals with controlling which digital assets, and software tools, an employee can access one he or she has logged into the network.
Access Risk Analysis and SoD Risk Analysis are linked. Access controls and user roles are typically governed by the same system. A User role dictates what he or she can do on the system. Thus, GRC Access Risk Analysis is usually part of SoD Risk Analysis.
SAP GRC Risk Management
Access Risk Analysis and SoD Risk Review does the hard work of mapping user roles to SAP software functions. This way, it prevents SoD violations and reduces SoD risks in SAP. If you’re using an automated tool like ControlPanelGRC, it is also able to monitor for SoD risks continually. This is a big advantage over a periodic approach, which can easily miss SoD problems that arise between risk reviews—which, in some companies, occur on an annual basis. To learn how ControlPanelGRC can help you with SoD risks in SAP, contact us today.
Most of us are capable of mowing our own lawns. Yet, a lot of us don’t. Rather, we outsource that job to a lawn service. When asking yourself what is managed services in IT, think of the team caring for your servers like landscapers bringing in the necessary equipment to expertly care for your lawn.
What Is Managed Services?
Before we get into this, a little grammar. For those of us who survived 6th grade English, the words “managed services” constitute a plural. The question “What are managed services?” is correct English, while “What is managed services” would seem to be wrong. However, as is so often the case in technology, rapid shifts in the business lead to some awkward linguistic constructions. Managed services, as a collective noun, is correctly used in the singular form. It refers to a group of services as a single unit, much as you would use in a sentence like, “Professional sports is a competitive field.” Okay, enough grammar!
Managed services in tech refers to the outsourcing of a wide range of IT services that were previously handled by in-house personnel. For example, you could employ people full time to set up and manage an SAP instance running on public cloud infrastructure. This might be a bit expensive, though. As an alternative you could contract with an SAP Managed Services Provider (MSP) to take care of all the work involved in managing your SAP landscape.
There are virtually no limits on what can be arranged as a managed service. MSPs come in a wide variety of sizes and specializations. They offer security monitoring, database management, hardware maintenance, data center operations management, backup and disaster recovery, SAP Basis admin and more. The need for your company to recruit, hire and retain skilled IT employees drops as you engage with MSPs.
What is Managed Services? The Definition by Gartner
Gartner offers an authoritative definition of managed services. According to Gartner, “A managed service provider (MSP) delivers network, application, system and e-management services across a network to multiple enterprises, using a ‘pay as you go’ pricing model.” Gartner makes a distinction between companies that offer managed services as part of a broader IT consultancy and “pure play” MSPs, for whom management services are their core offerings. Gartner also broadens the definition of MSPs to include other comparable businesses like application service providers, Web hosting companies and network service providers that supplement basic offerings with management services.
What is Managed Services – Two Types Explained
Broadly speaking, two main types of managed services predominate. One is IT services. The other is application support. IT managed services work like a bridge between IT infrastructure and the workforce who uses it. This could be things like an internal help desk or new employee onboarding. In contrast, managed services for application support are on the backend. They are meant to administer and maintain IT infrastructure. Application Support also helps with the installation and running of complex applications. This is what we do with SAP Basis, for example.
Another variant of managed services is what is known as IaaS enablement. Infrastructure-as-a-Service (IaaS) enablement is typically an add-on managed service for companies electing to move their infrastructure to an IaaS provider. These managed service models range from hyperscale clouds which were designed with developers in mind, to managed application providers who run mission-critical production environments.
Services to Suit Your Needs
MSPs offer a variety of services, usually specializing in a distinct competency. Symmetry, for example, focuses on SAP Basis work and managed services for SAP in the cloud. This includes application support to help companies install, run, maintain and upgrade the mission-critical applications they rely on. These services range from day-to-day software administration and monitoring to upgrades and implementations.
Our command center, which runs all-day, every day, continuously watches the network bandwidth between the systems we manage for you and your customers. This involves monitoring network performance, but our approach goes further to offer proactive assessments of your SAP landscape. By analyzing report trends, we can quickly identify and remediate performance degradations, regardless of where they occur in the customer’s system. This ensures users experience quick, consistent performance.
We track multiple carriers along with the networks that transfer data between them. As a result, we can spot causes of performance problems quickly. If there is a slowdown in your hybrid cloud, spanning your on-premises servers as well as those we host for you, we can tell if the problem is with the server onsite, the one we’re hosting or on the network.
What Is Managed Services in the Cloud?
The cloud is no longer considered a “new” concept for enterprises running SAP. Many of our customers move some, or even all, of their SAP landscapes into the cloud. Cloud managed services is a natural outgrowth of this trend. A cloud migration itself is a form of MSP outsourcing. The cloud provider, not an internal team, manages the infrastructure changes. Many SAP companies want to go further, and they want an MSP to ensure the cloud runs optimally.
Poor cloud performance negatively affects the business. Analytics become sluggish. Customer experience suffers. Administrative work slows down. A cloud MSP can help alleviate these problems.
Working With an MSP for SAP
A reliable MSP tries to solve problems before they occur. They should analyze your system to predict and prevent looming performance issues. As an experienced MSP, Symmetry also continuously tunes your ERP environment, producing regular health reports that include a wide array of data. In our experience, it may emerge that a specific workload is affecting performance by overburdening your system. Alternatively, we may see seasonal or monthly trends that require attention to avoid strains on ERP assets.
Working with a managed application provider can be an ideal way to stay on top of demanding production environment like SAP. As your SAP partner, we have the ability oversee your enterprise landscape and inform you about your systems using automated alerts and a self-service portal.
Our managed services also deliver flexible support models. This can help companies wanting to supplement their in-house talent with outside expertise. In some cases, it’s simply a matter of helping out when your employees are sick or on vacation.
Contact us to learn what our managed services can do for your organization.
As the system of record that’s arguably at the heart of a company’s operations, SAP applications are routinely subject to various kinds of audits. These may range from internal audits that check for accuracy in financial reporting and potential fraud to mandatory, compliance-based audits. SAP Audits are a fact of life for virtually all companies that run SAP. The process can be challenging and resource-intensive, but it doesn’t have to be.
What is an SAP Audit?
People in IT and audit talk about the “SAP audit” as if it were one single activity. It’s not. The term refers to a collection of audit processes. Some are performed together, others on an individual basis. SAP audits check for different issues and have their own unique work processes. Some are strictly focused on security while others are meant to verify that the company is compliant with applicable laws. These can include Sarbanes Oxley and other regulations that rely on access controls and Segregation of Duties (SoD) in an SAP environment.
Why SAP Audits are Important for a Business
SAP audits are often perceived as a hassle. While there’s some validity to this perspective, audits are critical for running a successful business. For one thing, who wants to operate without sound financial systems in place? You need accurate financial data to run your business successfully. While compliance audits can be tedious affairs they’re both legally necessary and good for business. Not only do you want to avoid the penalties for non-compliance, the regulations help to protect your business from fraud and errors that would be damaging if they occurred.
Staying secure is another reason audits are worth the time and effort. Cyber threats are at an all time high, and no one wants to fall victim to a breach. Audits help identify vulnerabilities that could leave your business exposed to cyberattacks. A good SAP security audit might highlight inadequate FireFighter controls, misaligned controls over applications, poor custom object controls, risk exposure in the infrastructure itself and inadequate security covering vendors and contractors. You will want to discover these problems before they explode into a serious incident.
Challenges in the SAP Audit Process
SAP audits are challenging, but the difficulties and stresses they bring about are often the result of sub-optimal audit processes. For example, your SAP audit might rely on document-centric review processes along with manual remediation of deficient controls. Your audit team may need weeks or even months to sample audit logs. Then, more time is required for the team to examine inadequately-updated change logs to decipher the security model.
SAP audits also require validating approvals on various steps in the process. That can be time consuming. It can also take time to analyze the obscure, and frankly confusing language in the regulations. It’s not uncommon to eat up cycles searching for missing or incomplete documentation as well.
The Role of SAP Audit Management in the SAP Audit
To help with the audit process, there are many tools available. The SAP Audit Management with AutoAuditor module from ControlPanelGRC helps you substantially reduce the time and effort of audit preparation by automating the execution, delivery and validation tracking of your SAP audit reports. Used internally or by your auditors, it relieves many manual tasks and features an intuitive User Interface (UI) for ease of use.
AutoAuditor enables your organization to generate valuable reports on audit-required items. This includes users with invalid logon attempts, vulnerable passwords, user and role changes, and more. Furthermore, it integrates with other ControlPanelGRC modules for your SAP system. This helps internal auditors schedule, execute, deliver and track customized created by the business, avoiding gaps and overlaps in the process.
Evaluating Risks in SAP S/4HANA
As more enterprises adopt the SAP S/4HANA platform and the Fiori UI, maintaining compliance becomes more complex. SoD analyses output must be actionable and provide remediation options based on usage – whether you have traditional SAP GUI transactions, Fiori Applications or a combination of the two. Within Fiori apps, traditional transaction authorizations are replaced by service authorizations. Unfortunately, many “out of the box” OData service authorizations then need to be translated into business functions, and mapped to usage data so that reviewers can tell if the SAP Fiori application is in use or if it can be removed.
ControlPanelGRC® developed a simplified concept to include SAP Fiori applications into SoD rules. It was the first toolset to release an SAP S/4HANA SoD ruleset, available for all users at no additional cost. This provides an automated discovery process, captures usage of SAP Fiori applications, and pushes SoD analysis data to the appropriate business users for review and removal.
The Value of Automated Access Control in Passing an SAP Audit
SAP audits for GRC can benefit from automation. Our ControlPanelGRC® SAP Access Control Suite helps in this regard. It continuously monitors your SAP landscape, detecting (SoD) conflicts as well as other issues in real time. This saves time spent sampling transaction logs during the audit by providing essentially instantaneous visibility. The suite generates SAP audit reports automatically and routes them to the correct stakeholders for review and approach.
Learn more about how ControlPanelGRC can help your organization become Always Audit Ready by requesting a free demonstration or SAP Risk Assessment today.
There’s a persistent myth in enterprise IT that moving an application out of the data center and into the cloud makes it “someone else’s problem.” There is a shred of truth to this. You won’t have to service the hardware it’s running on or worry about the network. However, when you put your app in the cloud, it is still very much your responsibility. If you don’t have the time or resources to handle the responsibility, you can assist yourself by utilizing a managed services provider. Today, you can get managed services for almost any solution, including SAP products like SAP HANA. To understand how SAP HANA managed services work, it’s first necessary to be familiar with the various SAP HANA cloud solutions that are available today.
SAP HANA Cloud Solutions
SAP HANA can run either on-premises or in a cloud environment. Cloud deployments of SAP HANA can fall anywhere along a spectrum of management complexity. At one end, you can run SAP HANA on public cloud infrastructure like Amazon Web Services (AWS). This option is very economical, but you are 100% responsible for your cloud-based instance of SAP HANA. Public cloud providers only supply the infrastructure.
There are companies, like Symmetry, who offer cloud hosting services for SAP HANA that are purpose-built for the application. In our case, we provision and tune hardware that suits the unique characteristics of the SAP HANA in-memory database. We can also run SAP HANA in our private cloud, while working in tandem with your on-premises or public cloud applications.
SAP HANA Managed Services
SAP HANA managed services vary in scope. Some service providers will simply run, manage and monitor your SAP HANA cloud instance. Going up the scale of service depth, you can get managed service plans for SAP HANA that include security monitoring and performance Service Level Agreements (SLAs) as well as advisory and professional services. Indeed, most companies are putting SAP HANA in the cloud as part of a much broader portfolio of SAP system needs. Many times we find these companies are in need of guidance on how to do so and then help in actually implementing the cloud deployment.
The rationale for SAP managed services is striking. Industry research reveals 60% of end users prefer the cloud over on-premise. When you factor in the need for SAP support, security, compliance, cloud integration, DR and other services, it’s not hard to see why customers end up with multiple vendors to run SAP in the cloud. However, this is far from optimal. This type of set up increases overhead and complexity, threatening SAP system reliability and opening you up to security risks.
Simplified managed services support
Symmetry addressed the need for SAP HANA managed services by building a next-generation cloud platform. We support on-premise and public cloud platforms while integrating onsite and offsite servers in a purpose-built hybrid cloud solution. Along with our SAP certified hosting platform we supply the right sizing, performance and throughput needed for your big data applications backed by expert support 24x7x365, if that is required. Our approach is security-conscious, with a focus on reliability and great customer support.
In addition to having your systems backed by expert SAP resources, most likely you’ll know each of them by name as they’re dedicated to your landscape. This helps to minimize “learning lag” if an issue comes up. Additionally, our SAP Basis consultants not only run all installation, upgrade and support stacks of SAP software, but they have thousands of hours of experience in doing so. They’ve “seen it all” or can easily turn to a Symmetry colleague who has experienced the good, bad and even not-so-narrowly averted destruction at some of the most well-respected IT outfits in the world. In our view, these are the hallmarks of a great SAP HANA managed service provider.
The need for high-touch SAP HANA managed services
SAP HANA requires constant upkeep. For instance, if a task fails to run properly or if your performance slows down, your managed service provider should deal with the issue before it affects other areas of your SAP landscape. This is where you begin to see that not all SAP HANA managed services providers operate in the same way. Some rely on helplines and escalation-based service. With this approach, you might be waiting a while before anyone can figure out your problem, let alone solve it in practical terms.
We take a different approach. Our SAP HANA managed service gives you direct access to support personnel who are familiar with your specific landscape. You get assigned to a dedicated team of SAP support staff and a client manager. With this, you can have access 24/7. We provide you with a team of HANA Certified SAP Basis Consultants. They deliver constant care and support for your SAP HANA instance. You will be able to get issues resolved quickly at any time of day or night.
Security and compliance concerns
Security and compliance are mandatory today. We take these enterprise needs into account with our SAP HANA managed services offerings. We have some of the most comprehensive security and compliance offerings in the industry. They encompass the full range of managed cyber security and regulatory compliance services.
Our security and compliance services complement our other enterprise cloud offerings (e.g. SAP Basis Support, Cloud Hosting and Disaster Recovery) providing a comprehensive solution. We perform tasks such as compliance monitoring and risk remediation. We also offer change control and penetration testing along with physical security of the data center.
SAP S/4HANA Service Management
Many of our customers are placing SAP HANA in the cloud as a first step in migrating to SAP S/4HANA. Our SAP HANA managed services are a large part of this migration process. Moving S/4HANA to the cloud can be challenging. Our advisory and implementation services establish a smooth foundation for the transition, and then can keep your new S/4HANA instance running smoothly post go-live.
Finding the Right SAP HANA Managed Cloud Provider
What should you look for in an SAP HANA managed service provider? Experience is a big differentiator among service providers. We have a proven track record of making the implementation of an SAP HANA cloud solution affordable and stress free. In addition, our “pay as you grow” model lets you take advantage of HANA’s speed, agility and real-time processing without having to invest in physical hardware or people to support an on-premises SAP HANA instance.
To learn more about Symmetry’s SAP HANA managed services offerings, contact us today.
As more companies engage with providers of SAP managed services, a number of practices and parameters are emerging to define what is, and what isn’t, a good customer experience. Occasionally, the service provider is incompetent and the service delivery is an utter failure. Most of the time, though, the difficulties are more subtle, but still potentially serious. Alternatively, a provider can know what it’s doing, but still fail as a business partner.
As an SAP managed service provider, we have seen how things can go wrong. Many times, customers come to us after a disappointing experience elsewhere. Specifically, SAP Managed Services fails customers in three ways: poor customer support, lack of proactive monitoring as well as communication and project management issues.
Why Companies Opt for SAP Managed Services
Before getting into the causes of failure, it’s worth taking a moment to review why companies opt for
SAP Managed Services in the first place. There are two main drivers of this trend. One is complexity. The other is cost. Together, the cost and complexity of maintaining an SAP landscape on-premises can be overwhelming.
High costs for self-managed SAP come from factors like specialized personnel, dedicated hardware and software licenses. Skilled SAP Basis administrators are hard to find, in any event. Data management, application integration, backup and disaster recovery, among many other factors add to complexity and administrative overhead. Moving SAP to the cloud and having a trusted managed service provider (MSP) take over the heavy lifting of running the landscape starts to make a lot of sense.
Common Pitfalls of SAP Managed Services
Your SAP MSP is, or should be, more than just another vendor. That’s the basis of the relationship, of course, but in order to achieve success with SAP Managed Services, the MSP must be a true business partner. You are running your business on SAP. The MSP must treat the responsibility for managing your SAP landscape with the utmost seriousness. The pitfalls we see in SAP Managed Services are technical in nature, but most of them are rooted in a breakdown in that sense of responsibility on the part of the MSP.
1. Insufficient support and sub-optimal SAP IT service management
If you see a flexible, smooth-running SAP landscape in the cloud, you should know that a team of people are working hard to make that a reality. Little details matter. A seemingly minor issue can explode into a system-wide outage in a few hours if the MSP is not providing adequate support.
Unfortunately, many SAP managed services providers still rely on the call center model for customer service. Here, untrained operators handle incoming support issues and escalate them to a small crew of SAP experts that is consistently overburdened. Low pay and poor employee morale exacerbate an already problematic situation for the customer.
Call center support, which is based on “queuing theory,” is a common way to handle things like a credit card account or PC help desk tickets, but it’s totally unsuited for the kind of business-critical issues that can arise with SAP. After all, SAP tends to be highly customized. On top of customization, you then have complicating factors such as multi-tiered hybrid clouds, legacy data, custom apps, Business Process Integration (BPI) and on and on.
Under queuing theory, your issue will be assigned to a random SAP consultant, who has no idea what your system looks like. Even a skilled SAP consultant might need hours just to become familiar enough with your system to solve whatever your problem happens to be. The consultant, trying to stabilize your environment, might do a “Band-Aid” type fix that fails to address any root causes. This will only delay the onset of an inevitable follow-on problem.
If you work with an MSP for SAP, it’s necessary to find one who is as serious about customer service quality as it is about issues like hardware sizing and SAP Basis support. Minimally, the MSP should provide direct, round-the-clock access to qualified SAP consultants. Ideally, these consultants should be familiar with your specific SAP landscape.
2. Reactive monitoring
SAP managed services providers who wait for a ticket to appear and then scramble to meet a service-level agreement (SLA) are not doing what it takes to keep your system running right. This is known as reactive monitoring. It’s hard on the support staff, as they are often scrambling trying to fix problems that appear out of nowhere. It’s also bad for you. You could be experiencing outages and slowdowns.
A better approach is to work with an MSP that reviews your system health regularly (i.e. daily/hourly) to review and troubleshoot potential issues before they cause real problems. They might want to assess capacity reports and usage trends. This way the SAP managed services provider makes recommendations before alerts are triggered, and spot things alerts won’t show. This can include demand surges indicating the need for more capacity, or performance deviations that indicate developing hardware failures or to avoid an outage.
3. Poor communication, planning and project management
Delivering SAP as a managed service involves a great deal of communication with the customer. It also means working together to plan changes to the landscape and then managing the change process itself. All three of these areas create vulnerability to the failure of SAP deployments.
This is where the MSP needs to think like a business partner, not just a vendor. ERP decisions are nothing less than strategic business decisions. They rely on customer satisfaction, revenue, productivity and more. Given their importance, the MSP has to communicate effectively—and honestly—with the customer.
Ideally, the MSP will communicate effectively with each level of the customer’s organization. With SAP Basis managed services in particular, the MSP’s client managers and technical consultants should understand how the customer’s business processes interact. They will then configure an ERP landscape that enables competitive advantage.
When it comes to managing change projects in SAP Managed Services, we see difficulties across several key areas, including:
A lack of a strategic plan – This scenario might include problems like plunging into a project without thinking about the results of similar efforts in the past. It might mean starting a project without input from major stakeholders, minimizing complexity of various processes involved and so forth.
Poor time estimates for project completion – MSPs who know what they’re doing can usually provide a comprehensive schedule for the project. Failure-prone MSPs, in contrast, base estimates on guesses, or even wishful thinking, without consulting key people or previous experiences.
Insufficiently defined project scope – A project’s scope is the amount of work it will take to achieve the planned objectives. Scoping errors arise from a lack of definitions and clarity, a lack of project team leadership and unplanned changes in scope. “Scope creep” is a common problem in
SAP Managed Services. For example, if a migration calls for keeping an existing legacy database, but a decision is suddenly made to migrate to SAP HANA at the same time, that represents a major “creeping” of the project’s scope and the addition of a lot of extra work—which needs to be scheduled and budgeted for.
Not enough risk management – SAP Managed Services projects come with risks. That’s just reality. An effective, professional MSP helps identify risks, assess their likelihoods and impacts and devise ways of mitigating them.
Insufficient testing – Testing is an absolute requirement for a managed SAP landscapes. Everyone tests new configurations, but not all MSPs do a robust enough testing regimen. This means providing (i.e. paying for) sufficient testing resources, hiring the right kind of testers and documenting the results before moving to production.
Working with an SAP MSP
The right SAP managed services provider does more than just run your ERP. The MSP runs a helpline. It manages incident response. It serves as a consultant and a strategic partner. This is a role we have played many times, and continue to play with clients in a variety of industries. Click here to learn more about how Symmetry can help you achieve success with SAP Managed Services.