| Status |
| |
| Owner | ||
| Stakeholders | ||
| LeanIX Link |
Introduction
PurposeThe purpose of this document is to
outline the detailed design of the BlackLine application, components, configurations and landscape.Scope & Objectives
This document willdescribe the
high-levelarchitecture of BlackLine application and
integration with other components.the systems it will be integrating with.
Out of Scope:
- Since BlackLine is a SaaS aaplicationapplication, network and infrastructure architecture will be considered as out of Scope.
- Information related to product documentation and can be found online will not be documented here.
| Info |
|---|
User provisioning (IdM) and Emergency access management (EAM) designs are not finalized for Blackline. This document will be updated after the designs are finalized. |
Key Decisions and Requirement
| Description | Rationale |
|---|
| Single Sign-On (SSO) | As part of SyWay project, a common authentication mechanism (e.g., SAML) |
| is adopted for ease of access and unified user experience. |
| Users must access BlackLine using HTTPS. |
| As part of SyWay standards, all data in transit |
| must be encrypted. |
| Data stored in BlackLine must be encrypted. |
| As part of SyWay standards, all data at rest to be encrypted. | |
| BlackLine must have appropriate data protection. | BlackLine performs data backups regularly so that point in time recovery can perform to recover data. Additional, backups must be replicated to another site to protect against a site disaster. |
Application Architecture
Application Architecture Design
Application Architecture Components
Web Dispatcher
Gateway Server
S/4HANA
ADFS
Application Security
Classification
Authentication
Authorisation
Communication Security
Data Security
Other Controls
System Landscape
Development Environment
Project Test Environment
Quality Environment
Production EnvironmentOverview
SAP Account Substantiation and Automation by Blackline solution is be used to automate account reconciliations, centralizing period-end tasks, and enforcing internal controls.
Financial Close BlackLine SaaS instance is provisioned for Syensqo. This solution leverages Blackline Core and Blackline Connector S/4HANA add-ons to integrate S/4HANA and Blackline application. Blackline is also configured to perform SAML SSO with Syensqo's Entra ID.
draw.io Diagram border true diagramName Untitled Diagram-1756186316702 simpleViewer false width links auto tbstyle top lbox true diagramWidth 931 height 281 revision 7
Hosting Details
| Region | Cloud Provider | Disaster Recovery Region |
|---|---|---|
| Frankfurt, Germany | St. Ghislain, Belgium |
System Landscape
The BlackLine landscape consists of 2-tiers: Non-Production and Production. The non-PRD system is integrated with all non-PRD S/4HANA instances.
Following are the URLs for BlackLine instances:
- Non-Production: https://sapsyensqo.sbeu3.blackline.com
- Production: https://sapsyensqo.eu3.blackline.com
Application Security
User Access
BlackLine is a SaaS application and can be accessed by users over the internet via HTTPS using their web browser. No Syensqo infrastructure or application is required to access BlackLine.
User must have their IDs created and assigned with the correct role before they can login to BlackLine.
Authentication
BlackLine is configured to perform SAML SSO with Syensqo Entra ID. The use of SSO is mandatorily enforced via configuration, and users cannot bypass SSO to log in with a password.
Communication Security
Data in transit is encrypted using secure TLS protocols (v.1.2 or greater) with 2048-bit keys.
Data Security
The following controls are implemented to ensure data security:
- Client files and databases at rest are protected using 256-bit AES encryption.
- To ensure system and client data availability, production data is replicated to the DR site every hour.
- Backups are encrypted and have ransomware protection enabled with audit logging.
Other Controls
Blackline is covered by standard availability SLA for SAP Cloud Services - 99.7%
Operation Architecture
Change and Configuration Management
Transport Management
Release Management
Monitoring
Application Monitoring
System Monitoring
Sizing
High Availability
Disaster Recovery
Backup/Restore
Maintenance Plan
Service Introduction
Application Category
Support Team
Blackline does not have a transport tool. Users will need to replicate configurations manual from non-PRD to PRD.
Monitoring
Blackline performs the following monitoring:
- Information Security monitoring: Network intrusion detection and unauthorized access.
- Cloud and Data Center Operations: Monitoring of critical hardware, software and performance.
- Backup: Monitoring of backup processes.
Blackline system availability can be monitored via Trust Blackline.
Sizing & Capacity Management
Blackline tenants allocates 2GB of storage per users and monitors the usage for the whole instance.
High Availability & Disaster Recovery
Blackline has implemented high availability throughout its environment to prevent single points of failure.
It has the following DR targets:
- RPO - 2h
- RTO - 24h
BlackLine conducts disaster recovery tests on an annual basis.
Backup/Restore
BlackLine does backups of Production and non-Production instances daily from 9pm to 1am Pacific Standard Time. Backups are retained for 30 days and this can be increase to a maximum of 90 days by opening a support ticket.
Users can request for their Blackline instance to be restored using the daily backups for the last 30 days
Maintenance Plan
Blackline maintenance schedule can be found in Trust Blackline. Syensqo BlackLine tenants are deployed to the following regions:
- Non-PRD: sbeu3
- PRD: eu3
Skill required
Checklist
Exceptions
See also
| Attachments | ||||||
|---|---|---|---|---|---|---|
|
Change log
| Change History | ||
|---|---|---|
|
Workflow history
| Workflow Report | ||||||
|---|---|---|---|---|---|---|
|