Monitoring for operations of SAP S/4HANA Cloud, public edition

“Do I need to monitor SAP S/4HANA Cloud, public edition?” is the question many SAP customers are asking right now as projects are going live.  

As an SaaS product run by SAP, customers get access only through a public website, and SAP are responsible for the availability of that website and the hardware resources. The places where traditional monitoring focussed either aren’t relevant, aren’t visible, or superficially aren’t the customer’s problem anymore.

Does that mean there is no need to monitor anything in SAP S/4HANA Cloud, public edition? Absolutely not, and in fact, we’ve seen that monitoring is as essential in the cloud as it was on-premises.  

Customers have found that there is still an essential monitoring requirement from the most basic technical level up to compliance and business processes, and even new requirements in cost control and supplier management of SAP. 

Technical details are still your problem

A new S/4HANA Cloud system is delivered without integration to other products. Even other SAP products that were bought as part of the same order must be configured for integration by the customer. Where SAP do provide an integration, that only means content is delivered for the customer to set up. In operational usage, authentication and certificates expire and connectivity problems occur and business processes are affected until the customer operations team resolves the problem.

Running batch job or background jobs immediately creates familiar problems: jobs fail or don’t run when expected. These problems still appear in the Application Jobs functionality of SAP S/4HANA Cloud, public edition. Jobs fail from locked users, and can even run longer than expected, eventually using all system resources until the system becomes unavailable.  

SAP S/4HANA Cloud is extended by applications built externally on the SAP Business Technology Platform. Applications in SAP BTP connect to SAP S/4HANA Cloud via APIs that can face simple connectivity issues, or be broken by the regular update cycle of S/4HANA Cloud. APIs need to be checked proactively for deprecation or breaking changes.  

Authentication to those external applications needs identity provider configuration, with possible connectivity problems, a dependency on another external service, and possibility of expiring certificates or misconfigured trust that does create user downtime in live customers already, particularly without proactive management.  

Whilst you might not need to monitor the disk space or ping the server anymore, customers already live on S/4HANA Cloud are finding that there are a lot of technical monitoring requirements coming to light as they work to stay on top of integration, connectivity, jobs, custom applications and authentication.

Ops is now FinOps and even SuppOps

Cloud technology immediately brings a new responsibility to IT operations teams: FinOps. Every business has been strung by cloud costs already, so the new discipline of FinOps focuses on controlling and predicting the costs of cloud computing.

Cost is not the only part as the delivered service must also be measured. Services that were once run directly by an operations team are now provided by third parties with contractual obligations for service availability, support and updates. Supplier management, SuppOps, is a new responsibility for operations as well.

FinOps and SuppOps fall to SAP operations teams because the parts that need to be monitored are complicated. To measure effective user experience, you must monitor availability of SAP S/4HANA Cloud itself, and the associated Cloud Identity Services and SAP Business Technology Platform (SAP BTP) services.  

Cloud credit and cost consumption monitoring is inherently tangled with a complicated commercial model, technical usage of services, and the numbers of active SAP users. Operations teams now need capabilities for predictive analytics of user usage and cloud credit consumption to support budgeting and what-if analysis. 

Auditors are asking about cloud

Companies of all sizes have implemented SAP cloud solutions to run parts of their business processes, including applications in SAP BTP but also SAP S/4HANA Cloud public edition in a two-tier ERP scenario.  

Auditors have been focussed on on-premises SAP systems and their long-standing checks for segregation of duty, user access control, security controls, and software logistics in that on-premises software. Today, even multinational listed companies have implemented cloud solutions in place with a wild west of compliance problems that an auditor would find immediately on-premises.

Auditors are now starting to ask customers questions about their cloud solutions, and those questions land with the operations teams. Can you show me all the administrative users that were modified in the last month? Do you proactively monitor changes to administrative users? Do you have users with critical combinations of authorisations?  How do you control that?

Many new implementations are complex and operations teams are only starting to settle into managing them. Where are the authorisations for a Fiori app in SAP BTP actually controlled? In SAP S/4HANA Cloud, a separate Cloud Identity Services, or in the BTP identity provider? Monitoring for compliance has to cover multiple diverse sources for user and authorisation data today, including complex trust and SSO.  

Security is not only authorisations and it’s certainly not only compliance. Technical security could be seen as SAP’s problem because SAP S/4HANA Cloud, public edition is a SaaS product, but that idea is fundamentally flawed as you can never outsource the risk of a cyberattack.  

There are security configuration options in S/4HANA and BTP services that are totally in the customer’s responsibility to configure. Security teams are also facing a new perimeter with the public cloud, as external users can connect to the systems and attempt to login from the internet. Does your SAP team know if the number of failed logins is above average today? Do they know if you are under attack?

Skills and products

The relentless move to the cloud is the biggest change facing SAP operations teams today. It brings new responsibilities in FinOps and new skills in different cloud products and SAP BTP. SAP teams have used Avantra to support their monitoring and operations for more than twenty years, and now we turn to the latest challenges in SAP’s cloud products.  

We’ve built Avantra 25 with a focus on the cloud, including new support for SAP S/4HANA Cloud, public edition to cover the operational monitoring needs of this exciting new product, alongside new capabilities to monitor SAP BTP and visualise business processes across systems.

Avantra 25 includes new checks for cloud costs, users and authorisations, compliance, security best practice configuration and security log monitoring and anomaly detection, to provide total visibility of SAP S/4HANA Cloud, public edition.

Talk with one of our SAP experts today to find out more.