You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

Status

  Approved

Owner

KUMAR-ext, Anit 

Stakeholders
LeanIX Link

Introduction

This section provides the background, scope, and key requirements for SyWay’s adoption of SAP Business Technology Platform (BTP) as the cornerstone of its global SAP landscape.

Purpose

The purpose of this Application Architecture document is to define a single, authoritative blueprint for how SAP BTP services will be organized, secured, integrated, and managed across all programme phases and regions. It serves as the reference for solution architects, development teams, operations, and audit stakeholders when designing or reviewing any BTP‑based workload


Scope & Objectives

The architecture covers the full BTP footprint required for the SyWay programme, including— but not limited to—Integration Suite, Build Work Zone, Datasphere, PaPM Cloud, Sustainability solutions, Asset Performance Management, Advanced Financial Closing, Global Track & Trace, Document Reporting Compliance, Cloud Identity services, Observability tooling, and SAP Cloud Transport Management.
Primary objectives are to:

  1. Provide scalable and resilient platform services that meet a 99.9 % SLA for production.

  2. Ensure end‑to‑end security and compliance with EU GDPR, US SOX, and China cybersecurity regulations.

  3. Enable efficient DevSecOps with automated transport, continuous integration, and central logging.

  4. Minimise total cost of ownership through sub‑account consolidation, quota pooling, and auto‑suspend for non‑prod runtimes.

  5. Deliver a governed naming and role model that supports audit‑ready change control and segregation of duties.


Key Decisions and Requirements

The following table lists the core requirements that the BTP architecture must satisfy.


DescriptionRationale

Configure SSO for all BTP apps via SAP IAS (region-specific) federated to Microsoft Entra ID

Ensures a unified user experience and centralised policy enforcement; SSO is enforced in trust and application configurations.

Mandate encryption-in-transit (HTTPS/TLS for all web endpoints; SNC for SAPGUI/RFC)

Aligns with SyWay’s security standard to protect confidentiality and integrity; disable/redirect HTTP and require TLS 1.2+.

Operate three BTP Global Accounts with regional/environment segregation (EU, CN, US Sovereign; shared DEV in EU20; region-specific INT/TRN/UAT/PAR/PRD)

Supports regional sovereignty and service availability.

Govern change via central Cloud Transport Management (cTMS) with gated approvals

Delivers predictable, auditable promotions across BTP artefacts and enforces separation of duties.

Use Cloud Connector with Location IDs and principal propagation; secure Destinations (OAuth2/x509)

Provides controlled, audited access to SAP RISE endpoints, avoids embedded credentials, and preserves user identity across hops for fine-grained authorisation. Outbound access is restricted to approved destinations.

Use region-appropriate service placement and tenancy (e.g., Sustainability apps in Azure EU20; Finance/IAG/DRC/GTT in AWS EU10; China in CN20; US in NS2; DRC dev for all non-prod; DRC prod for production)

Reflects SAP service availability and sovereignty constraints; simplifies compliance boundaries and lifecycle management.

Use IPS (connectivity plan) co-hosted with the IAG subaccount for S/4HANA provisioning

Meets IPS plan constraints, centralises sensitive provisioning, and aligns governance with IAG while keeping application subaccounts lightweight.


Application Architecture

Architectural Decisions

Below Table provides the details of the architectural decisions made based on the rationale.

Architectural DecisionDescriptionRationale









Application Architecture Design

Application Architecture Components

Web Dispatcher

Gateway Server

S/4HANA

ADFS

Application Security

Classification

Authentication

Authorisation

Communication Security

Data Security

Other Controls


System Landscape

Development Environment

Project Test Environment

Quality Environment

Production Environment


Operation Architecture

Change and Configuration Management

Transport Management

Release Management

Monitoring

Application Monitoring

System Monitoring

Sizing

High Availability

Disaster Recovery

Backup/Restore

Maintenance Plan


Service Introduction

Application Category

Support Team

Skill required

Checklist


Exceptions


See also


  File Modified
No files shared here yet.

Change log

Version Published Changed By Comment
CURRENT (v. 11) Feb 03, 2026 06:42 KUMAR-ext, Anit Remove CUI instance - CR0279
v. 73 Feb 03, 2026 06:35 KUMAR-ext, Anit Removed CUI instance - CR0279
v. 72 Dec 05, 2025 10:44 WENNINGER-ext, Sascha added ToC
v. 71 Oct 15, 2025 17:00 WENNINGER-ext, Sascha
v. 70 Oct 04, 2025 06:19 KUMAR-ext, Anit
v. 69 Oct 04, 2025 06:04 KUMAR-ext, Anit
v. 68 Oct 04, 2025 05:50 KUMAR-ext, Anit
v. 67 Oct 04, 2025 05:42 KUMAR-ext, Anit
v. 66 Oct 02, 2025 08:36 KUMAR-ext, Anit
v. 65 Oct 02, 2025 08:26 KUMAR-ext, Anit

Go to Page History

Workflow history

Title Last Updated By Updated Status  
There are no pages at the moment.

  • No labels