You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Status

  Approved

Owner

KUMAR-ext, Anit 

Stakeholders
LeanIX Link

Introduction

This section provides the background, scope, and key requirements for SyWay’s adoption of SAP Business Technology Platform (BTP) as the cornerstone of its global SAP landscape.

Purpose

The purpose of this Application Architecture document is to define a single, authoritative blueprint for how SAP BTP services will be organized, secured, integrated, and managed across all programme phases and regions. It serves as the reference for solution architects, development teams, operations, and audit stakeholders when designing or reviewing any BTP‑based workload


Scope & Objectives

The architecture covers the full BTP footprint required for the SyWay programme, including— but not limited to—Integration Suite, Build Work Zone, Datasphere, PaPM Cloud, Sustainability solutions, Asset Performance Management, Advanced Financial Closing, Global Track & Trace, Document Reporting Compliance, Cloud Identity services, Observability tooling, and SAP Cloud Transport Management.
Primary objectives are to:

  1. Provide scalable and resilient platform services that meet a 99.9 % SLA for production.

  2. Ensure end‑to‑end security and compliance with EU GDPR, US SOX, and China cybersecurity regulations.

  3. Enable efficient DevSecOps with automated transport, continuous integration, and central logging.

  4. Minimise total cost of ownership through sub‑account consolidation, quota pooling, and auto‑suspend for non‑prod runtimes.

  5. Deliver a governed naming and role model that supports audit‑ready change control and segregation of duties.


Key Decisions and Requirements

The following table lists the core requirements that the BTP architecture must satisfy.


Requirement IdentifierRequirement Description

Configure SSO for all BTP applications via SAP IAS (proxied to Microsoft Entra ID)

As part of SyWay, a common authentication mechanism (SAML/OIDC via IAS) ensures unified user experience, centralised policy enforcement, and reduced credential sprawl. SSO is enforced in the trust and application configurations.

Enforce HTTPS/TLS for all endpoints; use SNC for SAPGUI/RFC where applicable

In line with SyWay’s “encrypt-in-transit” approach, HTTP is disabled or redirected. TLS 1.2+ is mandated with managed certificate lifecycle; RFC/SAPGUI channels use SNC to maintain end-to-end confidentiality and integrity

Segregate environments and regions with dedicated BTP subaccounts

Clear isolation between DEV/INT/TRN/UAT/PAR/PRD and Europe/China/US Sovereign prevents cross-environment impact, simplifies access control, and supports per-region operations and data handling

Standardise change & transport using Cloud Transport Management (cTMS) with gated approvals

Ensures predictable, auditable promotion of BTP artefacts (e.g., iFlows, APIs, UI apps). Aligns with SyWay release governance, reduces drift, and supports rollback/traceability.

Use Cloud Connector with Location IDs and principal propagation; secure Destinations (OAuth2/x509

Provides controlled, audited access to SAP RISE endpoints, avoids embedded credentials, and preserves user identity across hops for fine-grained authorisation. Outbound access is restricted to approved destinations






Application Architecture

Architectural Decisions

Below Table provides the details of the architectural decisions made based on the rationale.

Architectural DecisionDescriptionRationale









Application Architecture Design

Application Architecture Components

Web Dispatcher

Gateway Server

S/4HANA

ADFS

Application Security

Classification

Authentication

Authorisation

Communication Security

Data Security

Other Controls


System Landscape

Development Environment

Project Test Environment

Quality Environment

Production Environment


Operation Architecture

Change and Configuration Management

Transport Management

Release Management

Monitoring

Application Monitoring

System Monitoring

Sizing

High Availability

Disaster Recovery

Backup/Restore

Maintenance Plan


Service Introduction

Application Category

Support Team

Skill required

Checklist


Exceptions


See also


  File Modified
No files shared here yet.

Change log

Version Published Changed By Comment
CURRENT (v. 8) Feb 03, 2026 06:42 KUMAR-ext, Anit Remove CUI instance - CR0279
v. 73 Feb 03, 2026 06:35 KUMAR-ext, Anit Removed CUI instance - CR0279
v. 72 Dec 05, 2025 10:44 WENNINGER-ext, Sascha added ToC
v. 71 Oct 15, 2025 17:00 WENNINGER-ext, Sascha
v. 70 Oct 04, 2025 06:19 KUMAR-ext, Anit
v. 69 Oct 04, 2025 06:04 KUMAR-ext, Anit
v. 68 Oct 04, 2025 05:50 KUMAR-ext, Anit
v. 67 Oct 04, 2025 05:42 KUMAR-ext, Anit
v. 66 Oct 02, 2025 08:36 KUMAR-ext, Anit
v. 65 Oct 02, 2025 08:26 KUMAR-ext, Anit

Go to Page History

Workflow history

Title Last Updated By Updated Status  
There are no pages at the moment.

  • No labels