SAP Cloud Peering for SAP Private Cloud

Customer Guide

INTERNAL
Document Owner:
SAP Private Cloud Operations Team
January 2021

“INTERNAL - This document is classified as INTERNAL. It may be made available to SAP private cloud
customers subject to the confidentiality terms under the agreement which customer purchased SAP private cloud
services (or under a valid non-disclosure agreement if no such contract exists yet with the receiving party). This
document and the information it contains is not intended for general public disclosure and should not be shared,
disseminated, or republished. The receiving party shall handle this document and the information it contains as
SAP confidential information. “

The processes and details as described in this document are only valid for SAP private cloud services
operated by SAP as the delivery organization. These processes and details may be different if the
services are delivered by an SAP Partner / supplier.
Copyright and Disclaimer

Copyright © 2021 SAP SE. All rights reserved.

THIS DOCUMENT IS PROVIDED BY SAP SE, ITS AFFILIATED COMPANIES AND/OR SAP’S SUPPLIER ("SAP GROUP")
FOR INFORMATIONAL PURPOSES ONLY, WITHOUT REPRESENTATION OR WARRANTY OF ANY KIND, AND SAP
GROUP SHALL NOT BE LIABLE FOR ERRORS OR OMISSIONS WITH RESPECT TO THE MATERIALS.

NO PART OF THIS DOCUMENTATION MAY BE REPRODUCED OR TRANSMITTED IN ANY FORM OR FOR ANY
PURPOSE WITHOUT THE EXPRESS PERMISSION OF SAP SE. ALL CONTENT IS CATEGORIZED AS CONFIDENTIAL
INFORMATION OF THE SAP GROUP.

THIS DOCUMENT IS INTENDED AS BACKGROUND INFORMATION AND DESCRIBES INTERNAL PROCESSES OF SAP
GROUP AND TECHNICAL DETAILS OF SOME ASPECTS OF THE HANA ENTERPRISE CLOUD SERVICES.

NOTHING CONTAINED HEREIN SHALL BE CONSTRUCTED TO BE A LEGALLY BINDING AGREEMENT UNDER

INTERNATIONAL LAW. THIS DOCUMENT DOES NOT MODIFY, SUPPLEMENT, DIMINISH, OR IN ANY WAY AFFECT
ANY AGREEMENT BETWEEN SAP OR AN SAP AFFILIATE AND ANY THIRD PARTY.

THE INFORMATION IN THIS DOCUMENT IS NOT A COMMITMENT, PROMISE OR LEGAL OBLIGATION TO DELIVER
ANY MATERIAL, CODE OR FUNCTIONALITY. THIS DOCUMENT IS PROVIDED WITHOUT A WARRANTY OF ANY KIND,
EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.

ALL FORWARD-LOOKING STATEMENTS ARE SUBJECT TO VARIOUS RISKS AND UNCERTAINTIES THAT COULD
CAUSE ACTUAL RESULTS TO DIFFER MATERIALLY FROM EXPECTATIONS. READERS ARE CAUTIONED NOT TO
PLACE UNDUE RELIANCE ON THESE FORWARD-LOOKING STATEMENTS, WHICH SPEAK ONLY AS OF THEIR
DATES, AND THEY SHOULD NOT BE RELIED UPON IN MAKING PURCHASING DECISIONS.

THIS DOCUMENT OR ANY RELATED DOCUMENT REGARDING SAP'S STRATEGY AND POSSIBLE FUTURE
DEVELOPMENTS, PRODUCTS AND OR PLATFORMS DIRECTIONS AND FUNCTIONALITY ARE ALL SUBJECT TO
CHANGE AND MAY BE CHANGED BY SAP AT ANY TIME FOR ANY REASON WITHOUT NOTICE.

ANY PROCESSES DESCRIBED AND INFORMATION GIVEN IN THIS DOCUMENT ARE SUBJECT TO CONTINUOUSLY
IMPROVEMENT PROCESS. THAT MEANS THE TECHNICAL CONCEPTS AND PRACTICES USED TO ACHIEVE THE
SERVICES DESCRIBED IN THIS DOCUMENT ARE EXPECTED TO CHANGE OVER TIME BY SAP GROUP. SAP GROUP
RESERVES EXPLICIT THE RIGHT TO CHANGE ANY CONTENT OF THIS DOCUMENT WITHOUT PRIOR NOTICE.

© 2021 SAP SE or an SAP affiliate company. For information purposes only. INTERNAL 2
1 OVERVIEW
SAP Cloud Peering is the SAP Cloud Service that connects customers to a specific SAP datacenter using
interconnect ecosystem providers without touching the public internet. It can be compared to direct connectivity
options that other public cloud providers offer.

SAP Cloud Peering combines the advantages of secure MPLS links such as guaranteed latency and contracted
SLAs with the fast deployment times of Internet VPN connectivity. It is equivalent to the following connectivity
options offered by the major public cloud providers:
• AWS Direct Connect
• Azure Expressroute
• GCP Interconnect
A major difference is that only a specific SAP datacenter can be connected by the customer’s chosen provider
and there is no transport between sites over the SAP network allowed. Figure 1 shows a high-level view of a
typical customer Cloud Peering connection.

SAP Private Cloud

The Cloud Peering link is an extension of the customer’s own WAN and is the responsibility of the customer,
including handling the interconnect provider. Figure 2 shows a detailed view. The customer will work with their
interconnect provider and with SAP to complete the configuration of the link. The main idea of this kind of
connectivity is that all physical links are pre-provisioned and therefore only configuration work needs to be done.
The following process describes the tasks needed to complete this configuration.

Major advantage on customer side is that the same physical connection to one of the ecosystem providers can
be used shared to virtually connect to multiple public cloud providers.

2 SERVICE DESCRIPTION
SAP Cloud Peering can be used by a customer to connect to the SAP private cloud in one of the SAP
datacenters. Customers will get a defined end-to-end SLA, bandwidth, and latency, with this service which is
dependent on the provider (e.g., Equinix provides 99.999% SLA) that is used. If the customer decides to utilize a
third-party provider, the customer oversees managing this third-party provider. SAP is does not deal with third
party providers on behalf of the customer.

2.1 Standard Offering

• Bandwidth: from 100Mbit/sec – 2Gbit/sec (in 100Mbit/sec. steps). More bandwidth requires special
approval by SAP

© 2019 SAP SE or an SAP affiliate company INTERNAL 3

 • There are no costs for traffic or limits on the amount of data, the only limit is the selected bandwidth
• The customer is responsible to define the bandwidth or increase existing bandwidth
• Two connections per location are required: Primary and secondary connection for full redundancy and
according SLA. If the customer has only one physical port and router in place, then SAP will anyways
run 2 BGP sessions at 2 routers on SAP side – even with just one customer router
• Lead time after clarification of all technical details: 10 business days for configuration
• Lead time for cut-over: 10 business days for scheduling and planning
• Total lead time in case of cut-over requirements: 20 business days
2.2 Demarcation
Service Demarcation is the link that is connected into the interconnect provider as outlined in SAP Cloud:
Security Framework and Figure 3. The customer is responsible for the interconnection provider.

*The Demarcation point defines where SAP’s responsibility ends, and the provider’s responsibility begins.
Everything on the left-hand side of the demarcation line belongs to SAP’s responsibility. Everything on the
right-hand side is customer’s responsibility.

2.3 Service Level Agreements

Service SLA is bundled to the private cloud SLA, which can be 99.5%, 99.7% or 99.9% per month, depending on
the customer contract. SAP delivers just one piece of the overall connection: redundant links to the
interconnection provider from the private cloud landscape edge.

2.4 Support Model

The customer owns the connection and is responsible for bandwidth increase and management. In case of any
issues, the customer must engage the interconnect provider first. In case the provider points to SAP, a normal
BCP ticket can be opened.
SAP internal issues will automatically trigger tickets (system/alerting). This will lead to incidents that will be
processed based on the standard support model. SAP supports all devices and links up to the demarcation.

2.5 Consulting
SAP will not directly consult, or support third parties as ordered by the customer.

2.6 Supporting Documentation and Information

• Official landing page including provider availability
• SAP Help Portal

© 2019 SAP SE or an SAP affiliate company INTERNAL 4

3 ONBOARDING PROCESS
The following section describes the process to get the connection configured.

3.1 High level workflow

• Customer orders SAP Cloud Peering connectivity through their designated SAP Cloud Delivery Manager
and CAA (Cloud Advisory Architect).
• Required basic information and routing details need to be provided upfront, see below
• SAP Cloud Peering servicesare requested via SAP for Me. This will trigger a service request ticket for
the configuration automatically
• SAP will check and respond with authorization key
• The customer uses the authorization key in the ordering process with their provider, which can be a web
portal or a manual provisioning process.
• SAP will check and accept the incoming request from the provider if all details are valid
• Customer and SAP agree on a go-live date for the Cloud Peering link in a cut-over call

3.2 Technical details explained

The following technical details need to be provided through the Service Request template at SAP for Me.
Normally a Network engineer is able to define them, or in many cases the Network Service provider will define
and configure them on behalf of the customer. Please note that BGP is mandatory to be used as routing protocol
and the customer or their provider must be able to configure and maintain BGP on their side of the network.

Below example is showing how the BGP parameters are being used.

The following parameters need to be specified at SAP for Me.

• BGP Peering network1
o BGP Peering IP customer Peering network1
o BGP Peering IP SAP Peering network1
• BGP Peering network2

© 2019 SAP SE or an SAP affiliate company INTERNAL 5

 o BGP Peering IP customer Peering network2
o BGP Peering IP SAP Peering network2
• BGP Peering MD5 secret
o 20 characters max
o e.g.: verysecret#$*&^%
• BGP Peering Customer side ASN
o needs to be different from the SAP side ASN
o SAP side ASNs can be found in the table below

Location HEC ID SAP ASN

St Leon-Rot HEC01 65200
Amsterdam HEC02 64799
Sterling HEC03 65199
Santa Clara HEC04 65198
Tokyo HEC05 65152
Osaka HEC06 65154
Sydney HEC07 65499
Sydney2 HEC08 65500
St Leon-Rot HEC09 65201
Walldorf HEC10 65524.10
Moscow HEC11 64899
Moscow2 HEC12 64898
Toronto HEC13 65195
Toronto2 HEC14 65194
Frankfurt 4 HEC15 64897
Ashburn HEC16 65524.16
Colorado Springs 1 HEC17 65524.17
Colorado Springs 2 HEC18 65524.18
Frankfurt 3 HEC19 65524.19

3.3 Limitations
Some limitations have to be outlined and accepted by the customer.
• Not all providers are available in all locations, please check availability on our official landing page
• SAP Cloud Peering connections are not encrypted, SAP strongly recommends using encrypted protocols
• Bandwidth requests of more than 2Gbit/s will need special approval
• DR datacenters have to be connected separately, there is no SAP internal backbone that can be used to
access the DR data center, and this also does not make sense from business continuity perspective
• Only redundant links are allowed using 2 virtual connections and 2 BGP sessions
• Automated failover to VPN or MPLS is not supported

© 2019 SAP SE or an SAP affiliate company INTERNAL 6

www.sap.com

© 2021 SAP SE or an SAP affiliate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form
or for any purpose without the express permission of SAP SE or an SAP
affiliate company.
SAP and other SAP products and services mentioned herein as well as their
respective logos are trademarks or registered trademarks of SAP SE (or an
SAP affiliate company) in Germany and other countries. Please see
http://www.sap.com/corporate-en/legal/copyright/index.epx#trademark for
additional trademark information and notices. Some software products
marketed by SAP SE and its distributors contain proprietary software
components of other software vendors.
National product specifications may vary.
These materials are provided by SAP SE or an SAP affiliate company and/or
SAP’s Supplier for informational purposes only, without representation or
warranty of any kind, and SAP SE or its affiliated companies shall not be
liable for errors or omissions with respect to the materials. The only
warranties for SAP SE or SAP affiliate company products and services are
those that are set forth in the express warranty statements accompanying
such products and services, if any. Nothing herein should be construed as
constituting an additional warranty.
In particular, SAP SE or its affiliated companies have no obligation to pursue
any course of business outlined in this document or any related presentation,
or to develop or release any functionality mentioned therein. This document,
or any related presentation, and SAP SE’s or its affiliated companies’
strategy and possible future developments, products, and/or platform
directions and functionality are all subject to change and may be changed by
SAP SE or its affiliated companies at any time for any reason without notice.
The information in this document is not a commitment, promise, or legal
obligation to deliver any material, code, or functionality. All forward-looking
statements are subject to various risks and uncertainties that could cause
actual results to differ materially from expectations. Readers are cautioned
not to place undue reliance on these forward-looking statements, which
speak only as of their dates, and they should not be relied upon in making
purchasing decisions.