In a first part, in the sap application, it is not easy to architect design that needed to be accessed both internally and externally in this there will be confusion which components are required and where to place. In the second part, it shows the traditional application network zoning can be mapped to AWS. In the third part, it discusses the SAP application which requires to and from both internal and external sources.
The virtual private cloud (VPC) Subnet zoning patterns for SAP on AWS is dividing the three parts. These are
Internal and external access
The internal access is dividing the four applications. These are
- Internal access: the application is accessed only internally. The application needs to be the corporate network or virtual private network. The most organizations required for internal access is SAP enterprise resource planning, SAP business warehouse etc.
- Internal and controlled external access: the application is accessed internally and limited accessed by external access. With the combination of internal application and external access as a service SAP successes factor, SAP solutions.
- Internal and uncontrolled external access: the application is mostly accessed by publicly and internal access components for administration, configuration, and integration.
- external access: For the basic administration work the application needs to be internal and externally accessible(basic administration works like access management and interfaces)
The network zoning is dividing the six applications. These are
- Restricted zone: it is restrict secured data in the zone. For example finance and HR solutions database.
- Intranet zone: it is an accessible database in the restricted zone. For example, SAP advanced database application.
- Extranet zone: it is intermediate between the internal and external zone.
- External zone: it is applications and appliances are directly internets facing and act as the entry and exit point of the internal zone.
- Management service zone: all other zones are hosted in management service zone with like SAP solution manager, monitoring server.
INTERNAL AND EXTERNAL ACCESS:
The internal and external access requires from interfaces between SAP and Non SAP system. In this access perfect example of SAP process integration. The internal interface is easy to manage and the challenge lies in providing external access.
The internal and external access are four typical options. These are
- Virtual private network connections: it establishes a site to site network connections
- Elastic load balancing: These are three types of load balancers. these are
Classic load balancer, network and application load balancer. These are built for the Ec2 classic platform.
- NAT devices: NAT devices are two parts .these are NAT gateway and NAT instance. It is possible alternatives of elastic load balancing. The network-facing configurations and managing NAT instances. The gateways are managed by AWS services.
- Reverse proxies: it is a type of proxy server in which one or other sources retrieves the resources instead of the clients. as these resources are originated from the same client-server the resources will return back to the client itself.