You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Next »

Status

  Approved

Owner

MUTHUSAMY-ext, Kunalan 

Stakeholders


Introduction

Purpose

The purpose of the document is to outline the application architecture of S/4HANA instance deployed in Europe region. 

Scope & Objectives

This document describes the high-level architecture design for S/4HANA and the supporting systems that are deployed together in the RISE environment. It will cover the following topics:

  • Landscape overview
  • Application and components
  • Application security and access
  • Operational architecture

Out of scope:

  • Detailed architecture designs that are managed by SAP RISE.
  • RISE operating model.

Key Decisions and Requirement

DescriptionRationale
SAP Private Cloud deployment model was selected for S/4HANA deploymentPlease refer to KDD026 - SAP S/4HANA Deployment Model.
SAP GTS will be co-deployed with S/4HANA as a separate client.Please refer to KDD074 - Architecture of SAP GTS
Embedded Fiori deployment model - SAP Fiori front-end server is deployed on S/4HANA

S/4HANA will be the only backend system for Fiori and there is a strict dependency between Fiori and S/4HANA version. Hence an embedded deployment will be preferred and it also optimizes hosting and maintenance costs.

Embedded deployment option is also recommended for S/4HANA by SAP

SSL and SNC will be configured for S/4HANA to encrypt web and RFC traffic

Synesqo cybersecurity requires all data in transit to be encrypted.

Configure SSO for S/4HANA

As part of SyWay project, a common authentication mechanism (e.g., SAML) will be adopted for ease of access and unified user experience.

99.9% SLA and SAP RISE short distance disaster recovery for production systems. 

Based on Syensqo existing non-functional requirements.

Application Architecture

Overview

SAP RISE application architecture is represented in the diagram below. 

SAP RISE Details

The table below summaries SAP RISE details. 

Customer SID

YSQ

Customer Number

3008440

Installation Number

21360356

S-User for PCE

S0026961840

Cloud Provider

Azure

Cloud Region

North Europe (Ireland - Dublin)

Planned Downtime

First Tuesday each month, 15:00 - 19:00 UTC

Application Components

S/4HANA

S/4HANA is an Enterprise resource planning solution based on SAP HANA database and SAP ABAP platform. It is a core component in SyWay landscape. SAP Fiori and GTS components will be co-deployed with S/4HANA. A two tier deployment approach will be adopted for S/4HANA systems: Application and DB. 

  • For Sandbox, Development, Integration testing and Training S/4HANA systems, 1 application and 1 DB server will be deployed.

  • For UAT and Parallel Testing S/4HANA systems, multiple application servers will be deployed with 1 DB server.

  • For Production, high availability is in scope and S/4HANA components (like message server, app and DB) are deployed across 2 availability zones with pacemaker clusters to ensure no single point of failure. 

CI - Central Instance, SCS - SAP Central Services, PAS - Primary Application Server, AAS - Additional Application Server

SAP Web Dispatcher

SAP Web dispatcher acts as a web proxy for S/4HANA systems. It facilitates and load balances incoming HTTP traffic. 

  • For all non-PRD landscape, one web dispatcher will be deployed 
  • For PRD, two web dispatchers will be deployed for HA purposes and Azure load balancer will used to load balance HTTP traffic to the 2 PRD web dispatchers.

SAP Cloud Connector

The SAP Cloud connector acts as a reverse invocation proxy to establish network connection between SAP RISE systems and SAP BTP services (Integration suite, API management, SAP Analytics Cloud etc.) and Ariba Cloud Integration Gateway (CIG). Due to its reverse invoke capabilities, the network traffic originates from SAP Cloud connector to SAP BTP and once the link as been established, data can be exchanged between SAP RISE systems and BTP. HTTPS or RFC protocols are used between SAP Cloud Connector and S/4HANA, and HTTPS protocol is used between Cloud Connector and S/4HANA.

To enable outbound internet traffic from SAP RISE, SAP has provisioned a customer gateway server (CGS) with a forward internet proxy installed on it.

A 2 tier landscape will be adopted for SAP cloud connector: non-PRD and PRD. The non-PRD cloud connector will be shared across all non-PRD landscape. 

 

Data Provisioning Agent

Data Provisioning Agent (DPA) is used to integrate S/4HANA and SAP Datasphere. The network connection to SAP Datasphere is initiated by DPA and CGS is used to facilitate the internet connection to SAP Datasphere. 

DPA uses the HTTPS or RFC protocols to communicate with S/4HANA and uses the HTTPS protocol to communicate with SAP Datasphere.   

A 2 tier landscape will be adopted for DPA: non-PRD and PRD. The non-PRD instance will be shared across all non-PRD landscape. 

SAP Analytic Cloud (SAC) Agent

SAC Agent facilitates secure data connectivity and data transfer from S/4HANA to the SAP Analytics Cloud. It leverages SAP Cloud connector connection to BTP to transmit data from S/4HANA to SAC. The HTTPS protocol is used for communication S/4HANA, SAC agent and SAC. 

A 2 tier landscape will be adopted for SAC agent: non-PRD and PRD. The non-PRD SAC agent will be shared across all non-PRD landscape. 

OpenText Connector

OpenText connector facilitates the connection between S/4HANA and the OpenText cloud. The connection is initiated from S/4HANA to the OpenText connector and to OpenText cloud via CGS. The HTTPS protocol is used for communication between all components. 

A 2 tier landscape will be adopted for OpenText Connector: non-PRD and PRD. The non-PRD instance will be shared across all non-PRD landscape. 

Supporting Components (SAP Router and DNS)

These are components deployed to SAP RISE landscape and are managed by SAP. Syensqo users will not have access to these applications and can raise requests to SAP to manage any changes. 

  • SAP Router: Single instance deployed in SAP RISE to manage SAP support's connection to Syensqo RISE systems.
  • DNS: Two instances deployed in SAP RISE to manage SAP RISE domain and will be integrated with Syensqo DNS using Conditional DNS Forwarding.

System Landscape

The table below describes the environment and the corresponding application & SID deployed. 

Region

Landscape

Systems

S/4HANA (HANA DB)

Web Dispatcher

SAP Cloud connector

SAP Data Provisioning Agent

SAC Agent

OpenText Connector

Europe

Sandbox

ERS (HRS)

WRS

N/A

N/A

N/A

N/A

Development

ERD (HRD)

WRD

CRD1

DRD1

SRD1

ORD1

Integration Testing

ERT (HRT)

WRT

N/A

N/A

N/A

N/A

Training

ER2 (HR2)

WR2

N/A

N/A

N/A

N/A

UAT

ERQ (HRQ)

WRQ

N/A

N/A

N/A

N/A

Parallel Testing

ER1 (HR1)

WR1

N/A

N/A

N/A

N/A

Production

ERP (HRP)

WRP & WRH

CRP

DRP

SRP

ORP

The following sections describes the system details for each tier. 

Sandbox

ApplicationPrimary RoleSIDInstancePhysical HostnamePhysical IPVirtual hostnameVirtual IPPorts
S/4HANACentral InstanceERS

ASCS01

D00






HANA DBHRS

ERS (tenant DB)

HRS (system DB






Web DispatcherWeb DispatcherWRS00




Development 

ApplicationPrimary RoleSIDInstancePhysical HostnamePhysical IPVirtual hostnameApp Virtual IPPorts
S/4HANACentral InstanceERD

ASCS01

D00

hec42v303048.irl.sap.eu.cloud.syensqo.com172.16.33.48

vhysqerdci.irl.sap.eu.cloud.syensqo.com

vhysqerdcs.irl.sap.eu.cloud.syensqo.com

172.16.33.49

172.16.33.50

HTTP - 8000

HTTPS - 44300

RFC - 3300

Dispatcher - 3200

Message server - 3601

HANA DB

HRD (system DB)

ERD (tenant DB)

06



vhysqhrddb01.irl.sap.eu.cloud.syensqo.com172.16.33.42

System DB - 30615

Tenant DB- 30641

Web DispatcherWeb DispatcherWRSW80

vhysqwrdwd01.irl.sap.eu.cloud.syensqo.com172.16.33.44

HTTP - 8080

HTTPS - 44380

SAP Cloud connectorSAP Cloud connectorCRDN/A

vhysqcrdcc01.sap.eu.cloud.syensqo.com172.16.33.46

HTTP - 8080

HTTPS - 44380

Data Provisioning AgentData Provisioning AgentDRD





SAC AgentSAC AgentSRD





OpenText ConnectorOpenText ConnectorORD





Integration Testing


UAT


Training


Parallel Run


Production


S/4HANA Client and Transport Strategy

Please see S/4HANA Client Strategy for client details in S/4HANA.

Application Security

User Access

SAP Fiori (web access) will be the primary mode of access for S/4HANA for business users. 

Support users will access S/4HANA via web and SAPGUI.

Authentication

SAML SSO - Fiori 

Identity Authentication Services within SAP Cloud Identity Services will be configured to act as a Identity provider proxy as shown below.


Authorization

Communication Security

Data Security

Other Controls


Operation Architecture

Change and Configuration Management

Transport Management

Release Management

Monitoring

Application Monitoring

System Monitoring

Sizing

High Availability

Disaster Recovery

Backup/Restore

Maintenance Plan


Exceptions


See also


  File Modified
No files shared here yet.

Change log

Version Published Changed By Comment
CURRENT (v. 14) Mar 10, 2026 08:28 MUTHUSAMY-ext, Kunalan
v. 71 Feb 04, 2026 07:54 MUTHUSAMY-ext, Kunalan
v. 70 Feb 04, 2026 07:53 MUTHUSAMY-ext, Kunalan
v. 69 Jan 15, 2026 14:15 MUTHUSAMY-ext, Kunalan
v. 68 Jan 14, 2026 03:41 MUTHUSAMY-ext, Kunalan
v. 67 Dec 03, 2025 10:46 MUTHUSAMY-ext, Kunalan
v. 66 Dec 03, 2025 10:45 MUTHUSAMY-ext, Kunalan
v. 65 Nov 06, 2025 08:31 MUTHUSAMY-ext, Kunalan
v. 64 Nov 05, 2025 15:59 MUTHUSAMY-ext, Kunalan
v. 63 Nov 05, 2025 12:31 MUTHUSAMY-ext, Kunalan

Go to Page History

Workflow history

Title Last Updated By Updated Status  
There are no pages at the moment.

  • No labels