Status
Owner	The person responsible for driving this decision and documenting it. Type @ to mention people by name
Stakeholders	The business stakeholders involved in making, reviewing, and endorsing this decision. Type @ to mention people by name
LeanIX Link	Insert the name of the LeanIX Application Factsheet and hyperlink to the factsheet.

Introduction

Purpose

The purpose of this document is to outline the application architecture of SAP Cloud Integration as deployed by SyWay

Scope & Objectives

This document will describe the high-level architecture of the SAP Cloud Integration application.

Out of Scope:

Since SAP Cloud Integration is a SaaS application, network and infrastructure architecture will NOT be covered.
Product documentation and information that can be found online will not be documented here, but referenced using hyperlinks.
Implementation details such as Integration Design or API Management Design may have different architectures.

Requirements

Below table provides the list of non-functional requirements.

Requirement Identifier	Requirement Description

Application Architecture

Overview

Application Architecture Design
Insert the Architecture design below. Architecture can be designed in either Visio or word or another format.

Application Architecture Components

Component	Acronym	Description
Business Accelerator Hub		Business Accelerator is a centralized resource for developers and partners to build integrations and extensions for SAP solutions, access pre-built integration content, and accelerate digital transformation efforts. The key features of the hub is enabling the discovery of API, ability to use existing integration content provided by SAP and partners.
Cloud Integration	CI, CPI	Formally known as Hana Cloud Integration (HCI), CI is the core capability enabling the integration design and execution wtih SAP and non-SAP, cloud, and on-premise applications. CI enables Integration design via web based User Interface, providing orchestration of integration processes, connectivity to SAP, non-SAP, Cloud and On-Premise systems and Data Transformation.
API Management	APIM	APIM provides governance, security and monitoring of API, enabling exposure, management and monetization of APIs. APIM brings together all components necessary to expose and consume APIs providing capabilities for complete lifecyle of APIs, including, discovery, security, mediation, traffic management, analytics and documentation.
Event Mesh ( & Advanced Event Mesh )	EM ( & AEM )	EM provides the core infrastructure for enterprise-grade broker for event-driven architecture. It allow asynchronous communication between SAP and non-SAP.
Open Connectors		A Central Hub to access configurable connectors for over 170 non-SAP applications through harmonised APIs, enabling simplification and acceleration of integrations.
Integration Advisor & Trading Partner Management	IAE & TPM	IAE & TPM accelerate the development of business-oriented interfaces and mappings, generate runtime artifacts quickly, and significantly reduce efforts. Combined with AI-assisted tool for mapping and defining message interfaces, it provides industry-specific content based on standards like EDI, cXML, and assists in accelerated B2B/EDI mapping activity. A Central cockpit provides the ability centrally manage trading partner relationships.
Integration Assessment		Integration Assessment capability is a methodology and toolset for deciding when to use different integration techniques and patterns and provides guidance on integration strategy and helps standardize integration patterns across projects.
Migration Assessment		Migration Assessment is helps organizations transition from legacy SAP Process Orchestration environments.
Graph		Graph provides the ability centralise and manage APIs to provide a unified Enterprise API exposing data from multiple SAP sources

Application Security

User Access

User Access to Integration Suite is via Web, and limited to technical user (developers, system administrators, support teams etc).

Authentication

User Authentication to Cloud Integration is via Single Sign-on (SSO) using Syensqo EntraID federated to IdP. Username and Password logon are not permitted.
System Authentication options include
- OAuth 2.0 - access tokens issued via XSUAA
- Basic Authentication
Cloud Connector - for outbound traffic from Cloud Integration to On-Premise system - provides a TLS connection and authenticates via Principle Propagation

Authentication Flow

User accesses CPI tenant URL
The request gets redirected to SAP IdP configured in SAP BTP subaccount for Cloud Integration
User is re-directed to Corporate Identity Provider (IdP) logon page - Microsoft
User authenticates to Microsoft using EntraID, if not already authenticated.
IdP validates and issues SAML 2.0 assertion back to BTP
SAP BTP maps the Role Collections assigned to the User
User accesses Cloud Integration

Authorisation

Standard Roles and Role Collections are assigned for User Access to Cloud Integration Components. Roles are assigned via SAP BTP Cockpit

System	Administrator	Developer	General Access
Cloud Integration	PI_Administrator	PI_Integration_Developer	PI_Read_Only, PI_Business_Expert
API Management	APIPortal.Administrator, APIManagement.SelfService.Administrator, AuthGroup.SelfService.Admin, AuthGroup.API.Admin	APIPortal.Configurator, APIPortal.Developer, APIPortal.Tester, APIPortal.Service.CatalogIntegration	APIPortal.Guest

Communication Security

For System-to-system communication, all data transfers are encrypted via a suitable mechanism - for example:

HTTP Adapter which uses TLS 1.2 as the standard (HTTPS)
FTP Adapter which uses SSH-2 (SFTP)

Data Security

SAP data centers are certified to comply with global security standards, such as ISO/IEC 27001 and SOC 2. We implement stringent security measures including encryption, 24/7 monitoring, and regular audits.

Other Controls

System Availability SLA is 99.7% (documented in SAP Trust Center - Service Level Agreement for Cloud Services).

System Landscape

Development Environment

https://syw-itg-dev-eu20.authentication.eu20.hana.ondemand.com

Project Test Environment

TBA. FIGAF composite

Quality Environment

TBA FIGAF composite

Production Environment

TBA

Operation Architecture

Change and Configuration Management

This section will include the details related to change and configuration management of SAP and non-SAP systems.

Transport Management

Transporting code using the Figaf Tool for SAP Integration Suite involves a structured process that leverages its DevOps and change tracking capabilities.

1. Landscape Setup:

Configure Landscapes:
Define your system landscapes (e.g., Development, QA, Production) within Figaf's Configuration -> Landscapes page. Specify details like platform, automatic transport lookup, and landscape items.
Synchronize Systems:
Synchronize your source system (e.g., your development environment) with Figaf to capture the current state of your integration objects.

2. Create a Development Ticket

Generate Ticket: Navigate to DevOps -> Tickets and create a new development ticket, associating it with the relevant landscape. This ticket will track your changes.

3. Attach and Track Objects:

Attach Tracked Objects:
Within the ticket, go to the "Tracked Objects" tab. Attach the specific transport(s) or integration objects (e.g., iFlows, mappings) that contain the code you want to transport.
Include Dependencies:
Use the "Attach all dependent objects" feature to ensure all necessary related objects are included in the transport.

4. Initiate Transport:

Start Transport: Click the "Start transport" button. Figaf will then prepare the transport package for deployment.

5. Import and Verification:

Synchronize Target System:
Synchronize your target system (e.g., your QA or production environment) with Figaf.
Automated Import Check:
Figaf automatically checks the import status of the transports after synchronization. The transport status will update to "IMPORTED" once successfully processed.

6. Resolve Ticket

Resolve Ticket: Once the transport is complete and verified, you can resolve the development ticket in Figaf.

Key Features Facilitating Transport:

Version Control:
Figaf tracks changes to integration objects, allowing you to compare versions and understand modifications.
Approval Workflows:
Implement approval processes within Figaf before transports are moved to higher environments.
Testing Integration:
Leverage Figaf's testing capabilities to create and execute tests on your transported code, ensuring functionality after deployment.
Virtual Tenants (for CPI):
Utilize virtual tenants for environments like QA, allowing reuse of development systems while maintaining governance through prefixes/postfixes and avoiding unnecessary deployments of certain objects like value mappings.

Release Management

SAP controllled

Monitoring

Standard Monitoring

SyWay Project > Application Architecture SAP Integration Suite > image-2025-9-12_20-14-4.png

FIGAF

Monitoring SAP SAP Cloud Integration - Figaf

Application Monitoring

Provide the details of application monitoring configuration

System Monitoring

SAP System Monitoring - CALM and other common components

Sizing

SAP monitors system load and utilization, and proactively scales up capacity during release deployment.

High Availability

deployed across multiple availability zones with the following SLA:

RPO - 4h
RTO - 24h

Disaster Recovery

SAP data centers are designed with redundancy and disaster recovery plans to help ensure business continuity. In the event of an outage, data and services are automatically rerouted to other operational centers.

Backup/Restore

SAP performs full backups with the following schedule to meet SAP's recovery point objective.

T1	Hourly	8 Days
T2	Daily	35 Days
T3	Every Sunday	120 Days

Maintenance Plan

Weekly Maintenance Windows for SAP Cloud Services – Standard Windows SAP weekly standard maintenance windows are scheduled as listed below for the Cloud Services in this section: Start Time in UTC per region MENA FRI 7 pm UTC APJ SAT 3 pm UTC Europe: SAT 10 pm UTC Americas SUN 4 am UTC The above-mentioned maintenance windows define the maximum scheduled downtime from which certain cloud services consume only partially

SAP Cloud Platform API Management SAP Cloud Platform Integration 2 Hours

Major Maintenance

Up to 4 times per year: APJ: FRI 2 pm – FRI 6 pm UTC Europe: FRI 10 pm – SAT 2 am UTC Americas: SAT 4 am – SAT 8 am UTC

Service Introduction

Application Category

Provide the details of application category based on application classification. Application category is defined based on RPO, RTO requirements

Support Team

Provide the details of support team that may be required to support the application

Skill required

SAP SCPI Developers, Architects

Checklist

Provide the checklist for support organization to support the application

Exceptions

This section covers any exceptions to the reference architecture. Some Applications may have limitations and may not meet the Enterprise Architecture, Reference Architecture and IT Policy guidelines. All exceptions should be included in this section.