Considerations for selecting SuccessFactors vs Workday for your organization

In this post, I will share with you comparisons of SuccessFactors with Workday and hope it helps in your software selection process. I managed several SuccessFactors projects and have hands on experience. My knowledge about Workday comes some from reading about it and some from Workday consultants. You can click on the links to go directly to a topic that interests you although I recommend the first time, you read through all topics.


The mission of Human Resources is to lead and manage strategic alignment of HR systems resources to support faster decision making, more effective workforce management, and improve resource alignment with the organizations missions. A strategic HR IT effort could greatly help the entire organization. Business leaders may have many questions such as:

  1. What business priorities and objectives are we aiming to support with the system?
  2. What is the best way to implement the system and use it to meet business needs?
  3. How can we maximize our investment?
  4. What steps will ensure widespread adoption of the solution by employees?

A firm understanding of the driving forces behind your organization’s HR transformation and targeted use of a talent strategy, a core HR strategy, or a transform strategy can help bring clarity and focus to the deployment effort. Before we jump into the comparisons, please note that there are 10 initial steps in the process to select a HR Software for your organization.

  1. Put together a Enterprise HR System Strategy. I will write about this is a future post.
  2. First, hire a good leader who will not only help shepherd the process but who can make crucial decisions in making this journey a pleasant one for you. This person’s influence can very well put you on the road to success. I have shepherded this process several times and I cannot emphasize how important this step is.
  3. The next step in the process is to identify the current processes in your organization. I am a big proponent of maintaining a Business Process Master List.
  4. After you have identified the processes, start writing down the requirements in each of major areas. For example: you could identify all the requirements in Personnel Administration or Organizational management or Compensation management, etc. You could have your subject matter experts write this from scratch if it’s not readily available or buy a list from the internet (one company I know sells a list of over 3,000 HR requirements), etc.
  5. Identify what is a standard industry practise vs what provides an competitive advantage. This step is important as it allows you to know later on what you can trade-off as no one software can address all of your requirements perfectly.
  6. Next identify the technical requirements. Do you need API’s so that the software can integrate with other systems you have? Do you need the system to be a cloud software? Does it support multiple countries (currencies for example) and multiple languages? How does it handle extensibility?
  7. These requirements are a starting point so you can compare apples to apples.
  8. Develop demonstration scripts so that you can ask the vendors to come onsite and show how their software will address the processes that are critical and provide a competitive advantage for your organization.
  9. Include other requirements such as vendor background, reference checks, etc.
  10. Compile this list into a repository and agree upon a scale to rate vendors. I know some companies that have a cloud solution so that you can do this electronically. That would work, or a simple excel file will also work, just choose something you are comfortable (based on how many individuals will be involved in the selection process) with and follow a process.

With above steps, you have prepared a bare minimum foundation for selecting a software to address your HR needs. Remember that the time spent in the selection process on upcoming roadmaps, service models, and vendor support is as important as time spent on feature and functionality checklists. With a new technology purchase, an organization is buying more than just a new piece of software, it is also purchasing that vendor’s future possibilities.

Base your final selection on in-depth use cases, customer testimonials and a clear understanding of what “hides under the covers” of the offering. You also should have a good grasp of the product roadmap and the vendor’s viability. Remember to do your homework and due diligence, bearing in mind your organization’s overall choices and constraints.  .

Let’s take a look at the differences between SAP SuccessFactors and Workday since they are the two of the most well-known human resource management (HCM) software. Each is a HR technology that brings a higher level of functionality and insight to the human resource department, helping with anything from applicant tracking, talent acquisition, compensation management, employee and manager self-service tools and more.

Two major selection criteria (pricing and implementation cost/time) will will not be discussed in detail here because both vary by customer. From an overall Commercial Flexibility, SuccessFactors is the winner because of the following reasons.

  1. SAP’s SuccessFactors solution is typically lower from an overall subscription fee. SAP will also provide deep discounting to win your business. Workday does not discount and treats all organizations the same (regardless of the size).
  2. SuccessFactors is usually willing to put in place long term price protections that minimizes the opportunity for cost increases during subsequent renewal terms. Workday has also shown a willingness to put price protections in place, however, achieving these protections typically takes significant back and forth effort with the results often not as good as those achieved with SAP.
  3. SAP shows a willingness to negotiate and improve their standard service level credit structure both in terms of credit percentage and ability to terminate for service level non-conformance. Workday does not negotiate or modify their service levels or service level credit structure.


SAP SuccessFactors

SAP SuccessFactors provides HR and workplace analytics solutions in five distinct segments — Core HR, Talent Management Software, Analytics, Social Collaboration, and Small Business Solutions.

  • The Core HR element (Employee Central) provides a central resource for employee control and now delivers 71 country localizations. SuccessFactors Employee Central Payroll includes a hosted instance of SAP Payroll. Global benefits administration functionality is available, while U.S. benefits administration is provided through partners (such as Benefitfocus). Health and safety tracking (but not grievance, we created a custom object in one of my projects) is delivered with Employee Central. Basic digital HR document management is supported by enabling various attachment types within process workflows.
  • The Talent Solutions module helps provide dashboards for things like recruitment, on-boarding and incentives, with the key goal of helping to hire and retain talented people. It is composed of natively developed solutions from SuccessFactors (i.e., performance and goal management, compensation, succession and career development, and recruiting management), as well as solutions that were acquired and subsequently enhanced: Plateau (learning management system [LMS]), Jobs2Web (recruiting marketing), Inform (workforce analytics and workforce planning), KMS (forms engine, primarily for use in onboarding), CubeTree and Jambok (social collaboration). SuccessFactors continues to develop these acquired solutions: Jambok and CubeTree were combined and enhanced to create SAP JAM; and the KMS forms engine was combined with additional development to deliver Onboarding.
  • Leave and absence management, as well as core timesheet functionality, is supported within Employee Central, with broader WFM capabilities delivered through partners (such as Kronos or Workforce Software).
  • SAP’s Social Collaboration component involves SAP Jam enhances collaboration between people within a company.
  • Natively developed Help Desk capabilities were introduced in 2014 via the Employee Central Service Center and the addition of “AskHR” links on each page to facilitate knowledge search and service center ticket creation.
  • Employee Central provides HR localization support for 71+ countries and translated in 39+ languages, with additional localizations and translations planned. SAP SuccessFactors operates two data centers in the U.S., three in EMEA and two in the APAC region.
  • SAP SuccessFactors began as a natively developed talent management suite for performance management. Career development, succession planning, compensation, recruiting and core HR were added later. Via multiple acquisitions, the vendor then added Plateau to the suite for learning management (2011), as well as CubeTree for social/collaboration (2010), Inform for workforce analytics (2010), Jobs2web for social posting/recruiting marketing (2011), KMS for onboarding (2013) and Fieldglass for contingent labor management (2014).
  • SAP SuccessFactors uses Machine learning that elevates HR’s role from tactical processes to strategic business partner. Intelligent software is enabling the mechanics of workforce management like creating job requisitions, recommending courses, or predicting which employees are likeliest to leave the company.
  • SAP SuccessFactors offers two options to customers considering deployment of extended functionality. The first is the Meta Data Framework (MDF), a configure-to-extend development environment that enables customers or SI partners to build complete sub-applications with no coding within the Web administration tools to define and extend objects, create rules and define user experiences. The second is the Hana Cloud Platform (HCP), a complete code-to-extend PaaS designed to handle more-complex integrations and functional requirements. Since MDF and HCP are natively integrated, users can reduce development and support efforts by building core objects in MDF, then leveraging them in HCP.
  • SAP SuccessFactors delivers standard/operational and ad hoc reporting via its Online Report Designer, delivered dashboards use the Tile-Based Dashboard Framework, with some configurability options. The Analytics component provides workforce planning tools that help decision makers work on long-term planning. SAP SuccessFactors is planning to include a new analytics user experience, transition to the Hana platform to increase reporting process throughput and the delivery of additional predictive analytics.
  • EC deployments range across multiple industries, with slightly more adoption in manufacturing, professional/consulting services, communications/media and business services (together comprising an estimated 43% of the customer base). Approximately 46% of customers have 1,000 employees or more, and 14% have more than 10,000 employees.



The Workday finance and HR software suite helps planners to stay on top of both people and finances.

  • Global HR functionality is enabled through delivery or configuration of the fields necessary to support statutory reporting in individual countries. Payroll is provided for the U.S., Canada, France and the U.K.. Workday has not announced plans for the development of any additional payroll localizations. Instead, it is focusing on partner integrations and payroll interface technologies to satisfy additional country requirements. Gartner estimates that approximately 55% of Workday clients use U.S. or Canadian payroll. Benefits administration is delivered as part of core HR, and Cloud Connect for Benefits delivers prepackaged connections to third-party providers. Health and safety tracking is supported; however, grievance tracking is not. Basic digital HR document management is supported through attaching various document types to the core worker record. Expense Management, fully integrated with the suite, is also available as an optional module for HCM customers.
  • Workday delivers functionality to support performance management, succession planning, compensation management, workforce planning, recruiting and onboarding. Functionality across performance, succession and compensation is generally of average competitiveness. Recruiting is still relatively new (launched in May 2014), with capability gaps compared with the broad and deep offerings of the more-established recruiting suite solutions (such as Oracle Taleo or IBM Kenexa). An LMS is not offered; however, Workday partners with several LMS vendors (such as Cornerstone OnDemand and Saba) to deliver standard integration with Workday HCM. A new Talent Insight offering released in April 2015 delivers data science and machine-learning capabilities (acquired in its 2014 purchase of Identified) to deliver predictive and prescriptive recommendations into key talent work streams.
  • Workday delivers absence management through its core HR solution and offers a separate module for time tracking. The time-tracking solution is designed for organizations to collect, process and distribute time data to manage time and labor for their global workforces. Workday clients with more-complex requirements in this area (including industry-specific needs, such as complex work rules and scheduling optimization) will typically turn to third-party solutions. Gartner estimates that approximately 40% of Workday HCM clients use Workday Time Tracking.
  • Extensive self-service for managers and employees is enabled via role-based views of the system. Workday delivers native mobile support for iPhone, iPad and Android mobile devices, as well as responsive Web design via HTML5. HR Help Desk for shared-service centers is provided through partners integrating with the Workday functionality.
  • Workday provides translations of employee and manager self-service transactions in 24 languages. It operates multiple data centers in North America and has two data centers in Europe (Ireland and The Netherlands).
  • Workday was brought to market in late 2006 on the premise that a natively developed suite of HCM functionality on a multitenant SaaS platform would optimize the customer experience and increase the pace of innovation. Workday has made several acquisitions of underlying technology components to improve scalability, integration and information management, including the Cape Clear integration engine (2010) and Identified (2014) for search and predictive analytics.
  • Workday enables customers to create custom fields and attributes for 33 application objects (such as Worker, Job Profile, Location, Pre-Hire and Region). Once created, custom fields can be included in business processes and reporting, and are not affected by application updates.
  • Workday provides standard/operational reporting and configurable, role-based dashboards (accessible via mobile, as well as browser) as an embedded capability of its application. It provides visual dashboards that are easily formed into chart and graph views to show details about management chains, team histories and more.
  • Workday customers come from a broad cross-section of industries; however, professional/consulting services, education, business services, insurance and manufacturing are the primary verticals, with an estimated 63% of the customer base. Gartner estimates that 85% of Workday customers have more than 1,000 employees, and 26% have more than 10,000.


Please find below the capabilities comparison checklist and end users ratings for these two solutions.

Figure 1: Capabilities Comparison Checklist

Applicant Tracking Yes Yes
Applications Management Yes Yes
Benefits Management Yes (Integration with Benefits Focus for US) Yes
Career Development Yes Yes
Career Development Planning Yes Yes
Collaboration Tools Yes (SAP Jam) Yes (Integration with MS Office 365 Groups)
Compensation Management Yes Yes
Competency Management Yes Yes
Compliance Management Yes Yes
Customizable Reporting Yes Yes
Employee Onboarding Yes Yes
Goal Management Yes Yes
Goal Setting / Tracking Yes Yes
Job Application Management Yes Yes
Job Management Yes Yes
Learning Management Yes Yes
Payroll Management Yes (EC Payroll) Yes
Performance Appraisal Yes No
Performance Management Yes Yes
Performance Review Cycles Yes Yes
Real Time Analytics Yes Yes
Real Time Data Yes Yes
Recruiting Management Yes Yes
Succession Management Yes Yes
Succession Planning Yes Yes
Time & Attendance Tracking Yes (Integration with Kronos) Yes
Training Management No Yes


Figure 2: Vendor Benefits and Challenges Survey
(Source: Sierra-Cedar HR Systems Survey White Paper 2016-2017)





  • All-in-one app: SuccessFactors offers collaboration functionality that eliminates the need to export spreadsheets or Word documents. It allows users to do all tasks and view reports on the app.
  • Greater functionality: For example, Compensation Planning module is a differentiating factor of the software, especially Executive Review as it isn’t offered by other vendors.
  • Ease of Use: For example, Review process makes the goals and reviews process more natural.
  • Mobile Features: Offers apps for iPhone, iPad and Android mobile devices, giving users the flexibility of using the solution any time from anywhere.
  • Extensibility: SuccessFactors has Metadata Framework-based extensibility approach (especially in Employee Central) that addresses any requirements that are not met out of box.
  • Innovations: With Intelligent Services, Continuous Performance Management, Chatbots for answering common HR questions, and Artificial Intelligence in the areas of Recruiting and flagging discriminatory language in job descriptions, SAP is committed to innovating at a rapid pace (SAP has the financial and technological power to build out its solutions to be the best in the world. I remember how when SAP initially came out with their BW solution, it was very bad and very late to the party but in about 4 years it overtook all other solutions out there and was considered the best in class).


  • Integration: Developed Employee Central on its own technology stack; however other SF modules are also on different technologies which means a customer running the whole suite will have different code bases and versions. Employee Central Payroll is really SAP Payroll on cloud. Parts of the solution have a different look and feel, different workflows, a different data model although SAP is making a firm commitment to creating a new single unified platform for every app it owns (I see more and more screens being converted to Fiori with every release).
  • Customer support: Various users point out that the support portal was difficult to use and the response time is long. SAP did address this by bringing all support related topics into a single portal.
  • Poor implementation: The system needs to be built manually (which was time intensive). SAP needs to improve the transport system and make it more robust.
  • Requires better UI: SAP is converting their screens to Fiori, but it’s currently not there yet.




  • Cloud first: Native cloud vendor with a great offering, business culture and service quality. Workday has been able to develop a product based on next-generation technology, such as object and in-memory, with a consumer-grade user experience, including mobile, second to none; robust functionality; and covering most HR domains.
  • Short learning curve: Offers greater flexibility than other tools and is easy to navigate without instructions because of the simple overall layout.
  • Easy to implement: Easy to use by employees, managers and HR but is also capable of handling large volumes of transactions or data
  • Added functionality: Workday also provides professional service automation and financial accounting as added offerings.


  • Functionality: Workday has yet to reach functional parity with SuccessFactors in the talent space.
  • Limited integrations: Workday does not integrate with ATS, Jobvite, etc. This adds costs in order to hire IT experts for implementation.
  • May be costlier: Workday is relatively expensive and uses a ticketing customer service model, which means that issue resolution time is high.
  • Not really an ATS: New buyers may have to create many custom processes for routine processes.
  • Learning and Payroll are work in progress. Not really there as a robust solution. Payroll especially is lacking multi-country solution.
  • Workday’s custom objects is a move in the right direction, but it has its limitations: There are only so many custom objects you can have, you cannot use them where you see fit and cannot pull them up necessarily where needed.
  • Reporting limitations:  It is limited to 10,000 entries and for large companies this might be an issue.
  • Security:  The pervasive security is generally very good but it isn’t carried through effectively when looking at talent or succession pools. Also, you need to create a workaround to prevent HR people being able to see their own data.

While there is no one easy answer to the question, it does not have to very hard to select a system. I have helped several organizations make the right selection for their circumstances and I would be glad to help you with yours. If your company already uses SAP, it makes sense to consider SuccessFactors, otherwise Workday should also be considered along with other products. Follow some recommendations as below:

  1. The critical piece of the puzzle is to hire the right people who have done this before and understand not only HR systems but also how to navigate through the organizational policies, procedures and processes and determine how to modernize and transition them to the new system.
  2. Establish a priority order for HR functionality (based on the business outcomes defined in the Enterprise HR System Strategy mentioned in introduction section) to drive proper evaluation of these solutions. You must determine which capabilities are the most crucial to your success, and what applications will deliver them.
  3. Ask deeper, more-detailed questions during the RFP, demo and contracting phases to find the best-fit solution. Gather the same response set from all vendors in the initial RFP. Tailor the Technical review, architecture review and integration deep dive sessions so that you can understand how each vendor’s approach might affect how their applications are implemented, deployed and managed in your environment.
  4. Structured reference checks with similar customers are key to understanding what it’s really like to work with the product and vendor. Solicit at least three references from the vendor to get a balanced picture of each finalist vendor’s strengths, trade-offs and implications.
  5. Be prepared for the fact that deploying any of these solutions is likely to be a major change in how your core HR will be managed, see my post on Mapping Business Process and improving them.

Software Requirements List
SAP SuccessFactors announces two big wins
Sierra Cedar 2016–2017 HR Systems Survey Results
3 keys to negotiating successful cloud agreements
SAP SuccessFactors vs. Workday vs. Google?!?
The Absolute Latest from Workday – August 15, 2017

Please feel free to reach out to me for any decisions that you might need guidance on with regards to SuccessFactors, S/4 HANA, SAP Leonardo. I am happy to pay it forward. This post would not have been possible without all the help from blogs in SAP community and other articles published by SAP. Please connect with me at so that you can get notified if topics like SuccessFactors and S/4 HANA interest you.

How CDS Views support better performance and faster development

In this post, I will share with you the why is it important to know about CDS Views, its features and how to create it, etc. You can click on the links to go directly to a topic that interests you.

Why is CDS Views important?

CDS is an infrastructure layer for defining semantically rich data models, which are represented as CDS views. In a very basic way, CDS allows developers to define entity types (such as orders, business partners, or products) and the semantic relationships between them, which correspond to foreign key relationships in traditional entity relationship (ER) models. CDS is defined using a SQL-based data definition language (DDL) that is based on standard SQL with some additional concepts, such as associations, which define the relationships between CDS views, and annotations, which direct the domain-specific use of CDS artifacts. Another example is expressions, which can be used in scenarios in which certain CDS attributes are considered as measures to be aggregated.

With the availability of the SAP HANA platform there has been a paradigm shift in the way business applications are developed at SAP. The rule-of-thumb is: Do as much as you can in the database to get the best performance.

To take advantage of SAP HANA for application development, SAP introduced a new data modeling infrastructure known as core data services. With CDS, data models are defined and consumed on the database rather than on the application server. CDS also offers capabilities beyond the traditional data modeling tools, including support for conceptual modeling and relationship definitions, built-in functions, and extensions.

CDS provides the following enhancements in comparison to SQL.

  • Expressions used for calculations and queries in the data model
  • Associations on a conceptual level, replacing joins with simple path expressions in queries
  • Annotations to enrich the data models with additional (domain specific) metadata

CDS is supported natively in both ABAP and SAP HANA, the data models are expressed in data definition language (DDL) and are defined as CDS views, which can be used in ABAP programs via Open SQL statements to enable access to the database. SAP HANA-based CDS operates on SAP HANA, while ABAP-based CDS operates on most major database platforms as well as SAP HANA, and each has a different type of repository for development objects.

What are its features?
CDS serve as central definitions that can be used in many different domains, such as transactional and analytical applications, to interact with data in the database in a unified way. For example, in CDS, you can define views that aggregate and analyze data in a layered fashion, starting with basic views and then adding powerful views that combine the basic views. Another difference is the support for special operators such as UNION, which enables the combination of multiple select statements to return only one result set. You can use the DDL of ABAP CDS in Eclipse based ADT to create rather complex views that exceed the capabilities of the classical database views created in SE11 by far.

Following are some of the important features provided by CDS Views:

  1. Semantically rich data models
    CDS builds on entity relationship model and is declarative in nature. It is very close to conceptual thinking.
  2. Compatibility across any database platform
    CDS is generated into managed Open SQL views and is natively integrated into the SAP HANA layer. These views based on Open SQL are supported by all major database vendors.
  3. Efficiency
    CDS offers a variety of highly efficient built-in functions — such as SQL operators, aggregations, and expressions — for creating views.
  4. Support for annotations
    The CDS syntax supports domain-specific annotations that can be easily evaluated by other components, such as the UI, analytics, and OData services.
  5. Support for conceptual associations
    CDS helps you define associations that serve as relationships between different views. Path expressions can be used to navigate along relations. Introducing an abstraction of foreign key relationships and joins, associations make navigation between entities consumable.
  6. Extensibility
    SAP delivered CDS views can be extended with fields that will be automatically added to the CDS view along with its usage hierarchy.

ABAP-based CDS has been engineered with complete transparency to the underlying database, meaning that all major database vendors are supported in addition to SAP HANA, which remains the optimal database choice. ABAP-based CDS plays a substantial role in the foundation of SAP Business Suite 4 SAP HANA (SAP S/4HANA). A large set of CDS artifacts — several thousand CDS views — consisting of several hundred thousand lines of ABAP code, represent the underlying core data model of the SAP S/4HANA solution.

How to create a CDS view?

Lets create a basic CDS view for the table SCARR and expose it in a oData service that can then be consumed in Fiori 2.0 applications. You should have downloaded and installed the ABAP Development Tools extension for Eclipse already, as well as being within the ABAP perspective with desired package selected. The artifacts are modeled and edited using the DDL editor tool within the Eclipse-based ABAP development tools (ADT) for SAP NetWeaver (known as ABAP in Eclipse).

Every CDS view has its own CDS Source code. Two objects are created in ABAP Dictionary of Every CDS View:
1. CDS Database View: It is read-only classical database view in ABAP Dictionary.
2. CDS Entity: It is actual CDS view. It covers the CDS Database view and makes other attributes possible, such as authorization checks defined in CDS view.

1.Use Transaction code SE16 to check there is data in the table. This is the data that we can expose in oData service.

2. Create a project within the HANA Studio in ABAP perspective. CDS is not written in ABAP, but the object will exist in the ABAP repository. It is a combination of Open SQL and various annotations. Select the Package, right click on $TMP and select New > Other ABAP Repository Object > Core Data Services. Expand that node.

3. In the Core Data Services node, choose DDL Source. The CDS DDL contains language elements for CDS data definitions and language elements for CDS metadata extensions.

DCL is used for security. ABAP CDS enables access control based on a data control language (CDS DCL). Access control in ABAP CDS further restricts the data returned from a CDS entity in ABAP CDS. CDS access control is based on the following:
CDS roles defined using the CDS DCL statement DEFINE ROLE. Currently, a CDS role is mapped to each user implicitly. This is why they are also known as mapping roles.
Access rules defined in a CDS role CDS entities. Access rules can define conditions, but also provide free access. Access rules can be inherited from another in a CDS role.
Access conditions defined in an access rule for the elements of the CDS entities for CDS entities.
If a CDS role with access rules is defined for a CDS entity, the access conditions are evaluated implicitly each time an object is accessed using Open SQL or using an SADL query (unless access control is disabled using the value #NOT_ALLOWED for the annotation @AccessControl.authorizationCheck. If access control is enabled, only that data is read that meets the access conditions.

4. Create the view, ZX is reserved, maintain this so it is in its own namespace and does not interfere with pre-delivered views. Underscores are allowed. Add a description and name.

5. If the CDS view is going to be used in production, choose a transport request. Note: ABAP CDS View will create and deploy the corresponding database view on the target database automatically (requiring no additional steps for the developer or transport manager).

6. Choose ‘Define View’ for a template since we are just creating a Basic view. We can also create other views with joins, associations and parameters. See links section on how to do this. As for CDS Extend Views, it extends an existing CDS view cds_entity using a CDS view extension cds_view_extension in the CDS DDL. The extended CDS view must be specified under the name of its CDS entity. See blog with video here.

7. In the View definition, specify the table name SCARR (from step 1) in the code by changing the data_source_name which came from the template. Make other necessary changes as shown below. The outline on the left bottom shows the changes made via code.
Datasource Declarations usually comes before the first curly bracket. Within this section, the developer specifies:
i. The type of view (define or extend view)
ii. The CDS view name
iii. The source table or view (SCARR from step 1)
iv. Any parameters
v. Any joins/associations

8. Save and Activate the CDS View.

9. Test the CDS View.

10. The results are displayed.

11. There are many types of annotations. For example, change the end user text label annotation to ‘Airline’ as shown below. See click here for post on how to create ABAP CDS view and OData with SAP Annotations.
@VDMViewType can be Basic (private, end user never accesses them), Composite (combination of 2 or more views with associations) or Consumption (exposed to end user, accessible through analytic frontend or published to oData).
@AbapCatalog.sqlViewName is the only mandatory annotation for a non-extending CDS View source file.
@AbapControl.authorizationCheck specifies whether an authorization check should be performed for the current CDS view.
@Analytics.dataCategory: #DIMENSION means it can be used for analytics and it is of type Dimension table. (other choices are AGGREGATIONLEVEL, CUBE, FACT)

12. Primary Key. A CDS View has two types of keys:
i. For CDS Entities, KEY can be used to define key elements, This Key is the semantic key of the CDS View.
ii. The key of the CDS database view is determined implicitly, as in a classical view. This key is a technical key of the CDS View.

13. Save, Activate and Test as in steps 8-9-10. Now we can build a Consumption view so that the CDS view we just built can be used in Analytics or OData. Start just like before with step #2 above. Description field can be filled as ‘SCARR Query – Consumption View – Public View’. Choose Basic View for template.

14. Replace data_source_name with basic view created earlier. As a naming convention, basic view contains “I” (for Interface) and consumption view contains “C” (for Consumption).

15. Include @OData.publish: true in annotations section and make sure a key is defined when you include all fields in the view definition. Save, activate and check if it was successful.

16. Open the SAP GUI for the relevant ABAP project by starting the SAP GUI Launcher ABAP Development Tools (icon  in the toolbar). Within the embedded SAP GUI, you are able to access the complete functionality of the classic ABAP Workbench.

17. In the command field, enter the transaction code /n/IWFND/MAINT_SERVICE. (You may get a message saying user not logged in, hence the /n). The entry screen of the transaction displays in the target system all activated Gateway services in the Service Catalog and allows you to add new services. Copy the service name as shown in step #15 which is of the format<CDS_VIEW>_CDS.

18. Click the Add Service button in the toolbar. Enter the System Alias of your front-end server. Enter the Technical Service Name (<CDS_VIEW>_CDS) and click on Get Services. As a result, the service is displayed for selection.

19. Select the service created as a result of last procedure and then choose Add Selected Services or alternatively click the object link for further selection.

20. The Add Service dialog that appears, and it suggests the name Z_CDS for the Technical Service, and for the Technical Model.
The dialog that now appears informs you that the model metadata for the Gateway service is going to be created.
Specify the package for service activation (should be same as the package the CDS view was created in).

21. We should get a message in a dialog box that the model metadata for the Gateway service has been created successfully in the Gateway. We can check it by going to the CDS view as below.

22. Clicking on the link in the picture above, will launch a browser. It will ask for user id and password. Enter the values, and you should now be able to see that the service is being correctly exposed.

Metadata can be retrieved by changing the URL from “sap-ds-debug=true” to “$metadata”.

Data can be retrieved by changing the URL from “sap-ds-debug=true” to “<query name>”.


  • A CDS database view is created for each CDS view and this database view supports only transparent tables, which means that pooled tables and cluster tables cannot be accessed using CDS views.
  • For CDS views, CDS view enhancements are a separate way of making enhancements without making modifications.
  • When a CDS data definition is activated, it is created as metadata in CDS source code. CDS entities are not transported. Instead they are created after the transport of a CDS source code when this code is activated in the target system.
  • CDS with input parameter is supported only from 7.40 SP8 onwards. CDS was introduced in ABAP 7.4 0SP5.
  • SAP recommends to use associations instead of joins because they are closer to “conceptual Thinking”. Association is not a join, it is just metadata about possible join. Actual join is created when the association is used in a path expression.
  • work with the CDS entity, whose name is defined behind DEFINE VIEW. Only the entity carries the full capabilities of the CDS view, like semantical information, client handling, connection to authority checks, etc. You can use the CDS entity behind TYPE for declaring work areas and in Open SQL in ABAP programs.

Differences between OLAP and OLTP
What is SQL-92
CDS Views with input parameters
Understanding Join Types
CDS Views with Joins
CDS Views with Associations 
How to create ABAP CDS view and OData with SAP Annotations
Standard DEMO Examples of ABAP CDS views
OData Documentation
CDS Wiki
SAP Executive Keynote: Björn Goerke, Barcelona 2015


Please feel free to reach out to me for any decisions that you might need guidance on with regards to SuccessFactors, S/4 HANA, SAP Leonardo. I am happy to pay it forward. This post would not have been possible without all the help from blogs in SAP community and other articles published by SAP. Please connect with me at so that you can get notified if topics like SuccessFactors and S/4 HANA interest you.

The value of Real-time, Simple, User-centric S/4HANA Applications to your Organization

In this post, I will share with you the benefits of S/4HANA Apps in the areas of finance, logistics, inventory management, sales and human resources. You can click on the links to go directly to a topic that interests you.

Real-time, Simple, User-centric S/4HANA Applications help in running your SAP solution faster, cheaper and better; thereby creating value for your Organization. SAP S/4HANA delivers massive simplifications (customer adoption, data model, user experience, decision making, business processes, and models) and innovations (Internet of Things, Big Data, business networks, and mobile-first) to help businesses run simple in the digital economy. S/4 HANA can be deployed as on-premise edition or a cloud edition.

Finance Process

SAP S/4HANA Finance is a comprehensive set of financial management and accounting solutions, covering financial planning and analysis, accounting and financial close, treasury and financial risk management, collaborative finance operations, and enterprise risk and compliance management. Finance organizations need to keep up with new and evolving business models and provide decision makers with instant insight. With SAP S/4HANA Finance, you can create a common view of all financial and operational data, provide flexible, easily consumable reporting, automate processes and instantly evaluate the financial implications of business options with real-time analytics, prediction, and simulation, all with a beautiful user experience.

Finance in real-time is a paradigm shift. Let’s take a few scenarios and analyze the impact of S/4HANA.

  1. Post General Journal Entries:
    With the transactional app Post General Journal Entries, you enter manual postings to G/L accounts. For example you can make adjusting entries during month-end closing, or record business transactions that have no source document (such as expenses paid with petty cash). Applicable taxes can optionally be calculated automatically as you enter the items. You can specify additional account assignment objects such as cost centers, orders, or materials. You can enter notes or add attachments to explain the reason for a posting.



  1. Analyze Third Party:
    • Display Financial Statement: With the transactional app Display Financial Statement, you can display balance sheets and profit and loss statements for your companies. These reports are generated on the fly by analyzing all the relevant line items. From these reports, you can also access the line items of a specific G/L account or customer/supplier line items.
    • Display G/L Account Balances: With this transactional app, you can check and compare the balances, and the credit and debit amounts of a ledger in a company code for each period of a fiscal year. You can restrict the data to a single general ledger account, or use other selection criteria (for example, profit center). In a further view, you can compare the balances relating to several fiscal years with each other.
    • Display G/L Account Line Items: You can use this app to check general ledger (G/L) account line items. You can switch between the general ledger view and the journal entry view. In both views you can use filter criteria to choose whether the app should display open and cleared items for open-item-managed accounts, or all of the items for an account. You can select the line items based on a key date or after the clearing date in connection with a key date. In the entry view, you can also choose whether the app displays normal items, noted items (items to remind you of outstanding payments), or parked items (incomplete and not yet posted journal entries) only, or all items.
    • Manage General Journal Entries:
      With the transactional app, you can analyze your journal entries and create reversals in order to make adjustments. Filtering and selection criteria enable you to quickly find journal entries, for example based on the type or user. The information provided includes the accounts posted, other account assignment objects, and any sales or purchase taxes. You can make reversing entries. Display variants allow you to add or remove fields. You can enter notes or add attachments to explain the posting. Information is shown on any related documents, such as purchase orders or incoming invoices.



  1. Process Receivables:
    • Process Collection Worklist: The transactional app, Process Collections Worklist is intended for collection specialists whose main task is to contact customers in order to request payment of overdue receivables. As a collection specialist, you can process your prioritized collections worklist. The worklist enables you to focus on the most urgent customers, for example, those with the highest overdue amount or where the amount has been overdue for a long time.
    • Process Receivables: The transactional app, Process Receivables is intended for collection specialists whose main task is to contact customers in order to request payment of overdue receivables. As a collection specialist, you can access a list of receivables payable by an individual customer. You can then create promises to pay and dispute cases. You start the app either by entering a customer number directly, or by searching for a customer, or by drilling down to an individual customer from the Process Collections Worklist app.



  1. Clear Incoming Payments:
    With the transactional app Clear Incoming Payments, you can clear a receivable payment manually, such as an open incoming payment for a customer invoice. The system usually clears these payments automatically. However, sometimes customer information is missing and the system cannot find appropriate open items that match the payment. In this case, you have to clarify this payment, match it to the correct open invoices and credit memos as aligned with your customer, and clear the payment manually.



  1. Payment Proposals:
    • Manage Automatic Payments: With the transactional app Manage Automatic Payments, you can schedule payment proposals or schedule payments directly and get an overview of the proposal or payment status. The app identifies the overdue invoices and checks whether all the required payment information is complete.
    • Revise Payment Proposal: With the transactional app Revise Payment Proposals you can check and revise payment proposals and the details of open items. This allows you to make sure that all the payments are made correctly and on time and are compliant with company policies.



  1. Manage Supplier Line Items:
    Manage Supplier Line Items is a key transactional app for accounts payable accountants and managers. Whether you use it for ad-hoc requests or recurring reports, the app enables you to easily find supplier line items using a wide range of search criteria. For example, you can see all line items of a supplier account or all open supplier invoices for a company code that are overdue at a key date.
    To make your work more efficient, you can personalize the layout of the table, predefine recurring queries, and save your settings as variants.
    In addition to displaying data, you can also take various actions such as setting a payment block or creating a manual payment. You can export the data to a file and collaborate with colleagues. The app also serves as a navigation target from other apps, allowing users to drill down into the supplier line items.



  1. Post Incoming Payments:
    With the transactional app, you can post and clear a single incoming payment in one step. You usually check for incoming payments using online banking. However, if payments are not received using electronic bank statements, you need to enter the payment data manually and trigger a search for the matching open items. Ideally, the system proposes a list of matching items for which you can post and clear the payment in one step. If it’s not possible to clear the payment, you can post it on account or to a G/L account.



  1. Planning and Forecasting:
    The unique business value of SAP S/4HANA is to have access to a single consolidated view of all planning and forecasting information in one system, which combines transactional and analytical data. Consequently the rollup of planning from different subsidiaries into corporate planning and planning from operations into financial planning is possible to manage the impact of operational plans. Real-time information to immediately update plans and forecasts, real-time revenue and cost analysis and liquidity forecasts can be performed.


    • Efficient reporting. A simplified database table holds all required financial information and uses the data processing power of SAP HANA to help ensure real-time and accurate reporting. This feature also eliminates the need for batch jobs and data replication in other systems, such as business intelligence.
    • Accelerated financial close. With SAP S/4HANA Finance, CFOs and their teams needn’t worry about spending nights and weekends to ensure the timely closing of monthly, quarterly, half-yearly or annual financial closes. The financial closing process is significantly improved, and the instant visibility of P&L (profit and loss) ensures business decisions can be made quickly, based on emerging sales and financial trends.
    • Integrated business planning. A Microsoft Excel-based interface significantly reduces the entire financial planning process by transferring financial data such as cost center, profit center, internal order and P&L planning from Excel into ECC for real-time reporting and to make informed business decisions.
    • New asset accounting. The new asset accounting component of SAP S/4HANA Finance makes it possible to manage parallel valuation of assets using the ledger and accounts approaches. It is no longer necessary to record depreciation areas. All systems’ postings are also now real-time across all valuations.
    • Cash management. Replacing the cash and liquidity management component, the cash management feature manages bank account management, short-term cash position and liquidity forecast reports, and real-time liquidity planning, thereby allowing for tighter cash management for an optimized working capital.
    • Financials reporting. This feature replaces many of SAP’s traditional drill-down reports that are not only notoriously slow, but that also do not dive deep enough to provide in-depth analytics on important financial key performance indicators.

(Benefits section is from the site: What business benefits does SAP S 4HANA Finance offer CFOs. Thanks to its author.)

Functional Changes

  • Between FI and CO, in the new architecture FI and CO is merged so that real-time integration is guaranteed by design. Users can natively drill down to the same line items from the key figures and reports of both components.
  • Please refer to What You Need To Know About SAP S/4HANA Finance (On Premise)

Technical Changes

  • All transactions simply insert multiple into the database, which does not require locks.
  • The Universal Journal is one single physical table, and SAP HANA provides the necessary speed to aggregate hundreds of millions of line items of one table within seconds.
  • The new journal entry consists of a header (table BKPF) and the respective items (table ACDOCA). The table ACDOCA contains all fields needed for G/L, CO, AA, ML, PA and 6 digit fields for line item numbering (no longer the 999 document lines limit).
  • Concerning the usage of Material Ledger for parallel currencies and parallel valuation purpose, the contents of tables MLIT, MLPP, MLPPF, MLCR, MLCRF, MLCD, CKMI1, BSIM is now stored in ACDOCA. MLHD data is stored in BKPF. MLHD, MLIT, MLPP, MLCR still keep prima nota information, in case of manual price changes or material debit/credit


MRP Process

MRP is a critical business process. A Material Planner is responsible for making sure the production plant never runs out of materials, components or sellable products. For example, if a material is produced in-house, the MRP calculates the dependent requirements. The quantity of components required to produce the finished product or the assembly, by exploding the Bill of Material (BOM). If a material shortage exists, Production Orders or Purchase Orders are created at every BOM level to cover requirements.

The MRP within SAP S/4HANA runs entirely on the in-memory platform SAP HANA which has been optimized and improved the overall performance. With the new transaction code the MRP planners are able to run transactions close to real time which were classical batch processes in the past. More filter functions provide a broader flexibility to parametrize the MRP.

Identifying solutions to material shortages traditionally, several ERP transactions have to be executed (see Figure). In the MRP within SAP S/4HANA, data is pulled in real time from all areas of material management including procurement lead times, inventory stock availability, lot sizes, manufacturing scheduling and sales orders across multiple sites. The system goes one step further and suggests potential solutions for the shortage through Solution Cards. In fact, Solution Cards has all information needed to resolve the material shortage (e.g. Reschedule Purchase Order, Increase Purchase Order, stock transfers). As this system is on one common base, financial data can be mixed directly into the process to rank proposed solutions. Each proposed solution is evaluated in real-time and the Material Planer can preview viability and impact before accepting a solution.

Starting from the current state of the supply chain and including the existing MRP algorithms, the simulation computes the future inventory situation in detail. The optimization algorithms make use of the simulation to find the ideal replenishment strategies and parameters. E.g. with this ability to simulate and compare the ways of resolutions, the Material Recourses Planner can compare, for example, the effectiveness of an external replenishing compared to a replenishing via a production on an industrial site. Additionally all financial implication of the proposed solutions is visible.

Functional Changes

  • MRP planners are able to run transactions close to real time which were classical batch processes in the past.
  • More filter functions provide a broader flexibility to parametrize the MRP.
  • Material resources planner can now optimize daily work tasks by focusing on exceptions and on the most urgent problems with the highest financial implication.
  • The Material Planner´s work environment will be role based and exception driven.
  • See below for changes and impacts with S/4HANA.

Technical Changes

  • The internal logic to read the planning elements from the database to the internal table has been fully redesigned to run in-memory planning.
  • Large parts of the application logic in the database server were implemented in SQL Script (15.000 lines of code).
  • Transactions were rewritten and tables simplified.
  • With SAP S/4HANA tables are read in parallel. (no need for the application server to call the database server many times to read relevant data. Tables were read sub sequentially. The additional roundtrips required a significant bandwidth to load the data. )
  • The calculation engine within the database is directly hosting the calculations, which eliminates data load into the application layer (old way of doing things).
  • All optimizations superpose each other to optimize the elapse time by a factor 10. (POC of 20 has been achieved)
  • Aggregated material views are historical necessary to achieve reasonable response times for specific views.
  • Customers transferred Analyzes into Data Warehouse Systems allowing a flexible reporting at reasonable response times but adding complexity. Due to the merge of OLTP and OLAP; we can use the real time analytical capabilities directly on the transactional processes, and propose simulations possibilities for the user.

Business Changes

  • Enables running MRP on a much higher frequency which changes processes and decisions.
  • Planner can meet the vagaries of production better and service levels can be increased.
  • Increased speed of execution and analyses enable meeting the new requirements of the market.


  • Accelerated creation of purchase requisitions
  • Automatic detection of shortages
  • Higher accuracy of purchased quantities
  • Cost savings through process automation

SAP MRP (Material Requirement Planning) Tutorial: MD01, MD02, MD04
MRP run using Re-order Point planning
Comparison Demo Video

Inventory Management Process

The challenge of inventory management is to reduce storage costs to an absolute minimum while providing customers with the right products in the right time in the right quantity. Classical inventory planning cannot keep up with flexible accommodations, or custom configurations which customers expect these days. Slow update cycles lead to outdated information as new orders fly in constantly high speed. Limited inventory visibility increases error rate and supply shortages which will affect available-to-promise to the customers and can lead to customer churn.

Inventory Management powered by SAP S/4HANA enables organizations to harmonize warehouse inventories, demand and supply planning. With real-time processing of inventory postings and inventory values, warehouse space can be reduced to a minimum and lead to higher accuracy of inventory, increase turnover and reduced days of items in stock. SAP S/4HANA enables taking all production locations and external supply chains into account and managing the changing demand for smaller lot sizes passing through entire logistic operations with all involved parties. It helps managing capacities and quantities in a much more needs-based way.

The supply chain stretches from planning via supply and production through packaging and finally to the delivery of the product, with various suppliers, service providers and internal operations working hand-in-hand. It’s crucial to keep everyone involved in the process up-to-date and react fast to incidents as products increasingly are sold as services.

Functional Changes

  • Enables high performance evaluations of inventory key figures based on the material document data.
  • Deep analyzes of stock movements and further complex stock evaluations are supported.
  • See below for changes and impacts with S/4HANA.

Technical Changes

  • A single table (MATDOC) with almost all required attributes and views represents the data for all business perspective. This single table structure allow high performance evaluations of inventory key figures.
  • Aggregates are created dynamically based on line item level on-the-fly.
  • The simplified code eliminate the risk of inconsistency and allows easier system maintenance.
  • The MM-IM aggregate tables and the classical document tables will not be updated anymore and aggregate tables will be replaced by new compatibility CDS views with the same semantics as their corresponding table. These CDS views perform an on-the-fly calculation for aggregates.
  • The existing fields MBLNR and MJAHR of the table MKPF are not key fields any more.
  • Elimination and reorganization of IMG table structure.

Business Changes

  • Ensures goods are consistently available at the right time and place.
  • Reduces inventory and increases working capital with deeper insight into supply chain.
  • Improve demand planning and decrease safety stock levels to cut costs.
  • Use enhanced supplier intelligence to minimize out-of-stock situations.
  • Enable SAP ERP to recommend specific actions that balance profitable service and inventory.


  • Inventory data is always up-to-date, so safety net is low.
  • Enables catering to customer wishes at very short notice.
  • Improves delivery performance, satisfies customers and ensures customer loyalty.
  • Transparent view on the stocks currently available
  • Efficient processing of inventory adjustments

SAP MM – Inventory Management
SAP Inventory Management Tutorial 
Comparison Demo Video

Sales Order Fulfillment Process

Customers are well informed, tech-savvy and are searching for ways to ease their daily life. Their smartphones play a vital role in enabling this trend. This evolution offers a chance to rethink and re-design offerings to customers. These offerings have the following characteristics:

  • The value is offered as a service, not as a product.
  • The value is delivered per request.
  • Service scales up and down according to demand
  • Customers pay per usage. Not a fixed cost.
  • Available from anywhere at any time.

Customer information is no longer available in one place. To deliver a one-to-one personalized customer experience, we have to assemble mass volumes of digital customer engagement information from social networks, location services, check-ins, buying history etc. have to be leverage them for deeper insights. This makes a cross channel execution of marketing processes and collection of personalized customer engagement data  a huge effort. Lack of visibility into marketing performance and lack of time to make changes lead to a very low agility level of the companies and their ability create value for their customer and increase their profit in a very dynamic environment.

To be effective, ensure growth or sometimes even to survive today, the individual’s expectations and buying behaviors need to be the center of your organization’s approach. Marketing organizations that already practice it and excel at cross-channel integration and data-driven marketing, achieve up to 61% greater revenue from new customers and 32% lower marketing spend.

The use of predictive analytics identifies purchasing patterns to narrow down the customers that have the highest purchase likelihood. This ensures maximum marketing budget efficiency and puts the individual customer and his preference at the center of the message. With SAP S/4HANA real-time contexts can be leveraged to collect data from various sources, analyze patterns and drive relevant engagements with known and unknown contacts and develop the full context of individual customers for individualized engagements at every stage.

Blending of structured and unstructured data from internal and external sources like sensors, payment information, purchase history and social media likes enables you to gain deeper and more comprehensive understanding of true customer value.  You need to ensure you think your processes end-to-end.

This has ramifications all the way to planning, production and your ability to deliver (your sourcing and supply chain). Small order quantity have a major effect to the business process (Material requirements planning, production, packaging, shipping). Often the processes in the companies are optimized for production and delivery for larger quantities and is a problem when you consider the impact on related documents (Production orders, delivery notes, goods issues, goods receipts…).

Functional Changes

  • Provides a real-time business, meaning accurate update inventory information (best in real-time), high frequent fast MRP runs and an efficient way to handle back-order.
  •  B2C or B2B orders run in real time within a company as so called ‘No touch order’.
  • A manual process is only required when unforeseen problems (e.g. credit limit check, Availability to promise Check) are occurring.
  • See below for transactions vs apps to execute with S/4HANA in the area of Sales Order fulfillment.
  • See below for changes and impacts with S/4HANA.

Technical Changes

  • With SAP S/4HANA there is no locking issue for material documents anymore because there is just an insert into the new table MATDOC .
  • Simplification of the SD data model (see Fig.1) shall be e.g. achieved by

    • Optimized Document Flow (VBFA)
    • Optimized Access to Business Data (VBKD), Contract data (table VEDA) and Partners (table VBPA).
    • Elimination of Status Tables (VBUKVBUP)
    • Elimination of Indices (VAPMA, VAKPA, VLPMA, VLKPA, VRPMA and VRKPA)
  • The user interface of the document flow will undergo a re-design, too. The new process overview will combine document flow and status information to be used in Sales Order Fulfillment Monitor App and others.

Business Changes

  • Core systems can react to this high and volatile demand up to the last second.
  • Orchestration of marketing processes through personalized customer information (in real time and across fully integrated processes and channels).
  • Deliver personalized experiences to the customer, making real-time recommendations and detailed tracking of the performance.


  • Real-time insights into intents help to run campaigns with speed and agility. Adjustments are possible while the campaign is running and the lead is hot.
  • Understanding marketing activity performance can help to plan resources for customer advocacy and growth and can result in 24% higher revenue growth from new customers and 30% higher growth in market share.
  • Real-time operational insights and collaboration can result in 22% less effort to market and sell products more efficiently.
  • Enables order quantity of 1 piece and very short delivery time.


Comparison Demo Video

Human Resources Process

SuccessFactors provides a unified, comprehensive solution that simplifies talent management – so you can proactively act, easily measure and clearly communicate talent results and business impact. The talent management solution from SuccessFactors includes Recruiting, Onboarding, Performance & Goals, Compensation, Succession & Development and Learning solutions.

SuccessFactors enables to attract and engage with the right people, for the right role, at the right time. Moreover the solution also helps to develop top people by continuous focus, feedback and relevant learning experiences. This helps companies retain the top talents and also supports them by recognizing, growing and rewarding talent.

The SuccessFactors HCM Suite (SuccessFactors) is the “default” HCM solution for S/4 HANA.  Customers choosing S/4 HANA as their next-generation business suite also require a next-generation HCM suite and this is the focus of SuccessFactors.  Productized integration (built and maintained by SAP) exists today so customers can connect SuccessFactors with S/4 HANA (both on-premise and cloud).

In a classic HR landscape there are many systems, interfaces, and requires high technical maintenance to support end-to-end process. For different functionalities of talent management system (like recruiting, learning or performance management) there are different systems on different databases.  This complexity often developed historically as within several years to the core HR functions were added more and more talent management functions. As a result companies have to deal with multiple legacy and disparate HR systems which are costly and difficult to manage. The employees are not engaged with their HR systems and find them difficult to use. The separation of functionalities in different system makes it also hard to connect the data and get a holistic view of talent. To gain a holistic view, data preparation is necessary because the information has to be retrieved from different systems.

SAP recommends new SAP customers implement SuccessFactors as their HCM solution for S/4 HANA. On the one hand, customer can benefits from SuccessFactors in the cloud, and on the other hand they can benefit from everything S/4HANA provides. The seamless integration of SuccessFactors to SAP S/4HANA provides the following:

  • Drives operational alignment between HR and Finance to optimize capabilities and align with the business
  • Enables consolidated access to real-time data to provide insights and measure the business impact of HR
  • Integrates end-to-end processes across financials and HR to help manage budget and headcount planning
  • Leverage an engaging, unified user experience along the processes by on role and responsibilities with SAP Fiori

Please refer to my post   Understanding SAP S/4HANA Finance with SAP SuccessFactors HCM Suite Cloud Deployment Solution for more about deployment options.

Functional Changes

Technical Changes

Business Changes

  • SuccessFactors is a new SaaS implementation. All the benefits of a SaaS product are the changes that you can expect such as less cost (pay as you go), quick innovations (releases every quarter), collaboration and Social features, mobile capabilities, user friendly interface, easy non-technical customization, etc.


  • Reduce the employee turnover thanks to more engaged talent
  • Increase HR productivity thanks to a linkage with the business
  • Better cross company insights with a faster access to HR and financial data



Please feel free to reach out to me for any decisions that you might need guidance on with regards to SuccessFactors, S/4 HANA, SAP Leonardo. I am happy to pay it forward. This post would not have been possible without all the help from blogs in SAP community and other articles published by SAP. Please connect with me at so that you can get notified if topics like SuccessFactors and S/4 HANA interest you.

How to get SAP S/4HANA Cloud Implementation right for your organization

In this post, I will share with you the advantages of what type of an organization should consider SAP S/4HANA Cloud, benefits, approach and the tools used in various phases of Activate Methodology. You can click on the links to go directly to a topic that interests you.

  1. Introduction
  2. Benefits
  3. Approach
  4. Discover Phase
  5. Prepare and Explore Phases
  6. Realize Phase
  7. Deploy Phase

  1. Introduction

Who should consider it?

  • Organization has a small IT department or does not have IT department
  • Organization is in regions across US and is thinking of expanding to other regions within country and other countries
  • Organization is increasing current product line
  • Employee strength greater than 1000 and growing
  • Organization is currently working off spreadsheets or small LoB applications
  • Organization feels the need consolidate all line of business applications in an integrated central business suite, accessible for all of the company’s locations

  1. Benefits

Following are the typical benefits of SAP S/4HANA Cloud solution:

  • Quicker implementation times
  • Reduction of support costs
  • Ability to resort back to standard and provide control
  • Aligning to SAP’s strategic direction
  • Flexibility to integrate and enhance

Organizations need to at minimum take into account above benefits, analyze the cost of in-house IT personnel and capital expenditure for infrastructure and compare it with subscription costs.

Check out the, it can help you understand the many process improvements.

  1. Approach

SAP Activate is an end-to-end SAP S/4HANA Cloud deployment methodology that includes self-led discovery via preparation and exploration, configuration, test and data migration, user onboarding and go-live.

Typical project starts with assembling a team of key expert users from each line of business to start the project. The evaluation team consists of key users from the main lines of business:

  • a senior consultant from their Sales line of business
  • an accountant expert from the Finance line of business
  • a senior consultant from the Purchasing & Production line of business
  • IT director

In an SAP S/4HANA Cloud implementation, key users are involved in all major activities from solution discovery all the way through system configuration and end user onboarding in preparation for going live. This group led by the project manager will be part of the following phases of the Activate Methodology.

  1. Discover Phase

  • Starts with first contact with SAP S/4HANA Cloud and ends with making the decision to buy SAP S/4HANA Cloud
  • Self-led discovery of SAP S/4HANA Cloud, self-led exploration and collaboration with SAP experts
  • High-level deployment scope enabling to procure SAP S/4HANA Cloud solution and to start with a tailored high-level scope
  • Key users look for high-level expectations regarding the scope
  • Understand the breadth, depth, and functionality of SAP S/4HANA Cloud
  • Understand benefit it can bring to the business
  • Become familiar with value of SAP S/4HANA Cloud in general
  • The customer and the sales team of SAP come to a jointly agreed description of the implementation scope, overall project timelines, and target solution models.
  • For a quote by SAP S/4HANA Cloud sales or a qualified SAP S/4HANA Cloud partner, customer will map their requirements against the scope items of SAP S/4HANA Cloud and conduct a high-level analysis, recommending a comprehensive solution.
  • Get the solution scope right
  • Learn and take advantage of any tools, services, or support offerings that could help to plan and execute the project
  • Make use of below information sources on SAP S/4HANA Cloud
    • Product Scope Document
      1. Goto > “Products” > “ERP and Digital Core” > “SAP S/4HANA and ERP for Large Enterprises” > scroll further down and click on “SAP S/4HANA Cloud” > scroll down for “Details” > “Release Information” > and you will find the “SAP S/4HANA Cloud 1705 product scope” document. Its important to go through:
        • Country and Language
        • What’s new in this release section (updated quarterly)
        • Business priorities
        • Solution capabilities
        • High level functional scope
        • End-to-end solutions for the solution, down to the level of single-scope items

  • Roadmap Document
    1. See bottom of this screenshot or click on this link. It contains information regarding:
      • Planned functionality by line of business (next three quarters)
      • Cross-topics
      • Localization





  1. Prepare and Explore Phases

  • You can find all the important information for the project phases, including their deliverables, on the Roadmap Viewer.
  • The aim of the prepare phase is to do the initial planning and preparation for your deployment project. In this phase, you kick off your deployment project and you define the goals of your project, the high-level scope, and a project plan.
  • In the Prepare phase, you can find a list of all the key activities that you need and you can also find a list of all the deliverables.
  • You will receive your starter system. The starter system is an activated SAP S/4HANA Cloud system that contains model company configuration and master data.
  • Create users in this system, so you can start using the system.
  • The starter system, along with the SAP Best Practices Explorer, are the main tools used in the Explore phase.
  • The main part of the Explore phase is Fit to Standard Analysis. The goal of the Fit to Standard Analysis is to validate the predefined scenarios and processes and determine the configuration requirements.
  • SAP S/4HANA Cloud is a highly pre-configured and instantly running
  • SAP delivered the best practice content that delivers fast time-to-value for larger project and product-centric organizations. This provides fast value realization.
  • Conduct Fit to Standard workshop using the starter system and the SAP Best Practices Explorer. The documentation that is available on the SAP Best Practices Explorer is an excellent step-by-step guide to go over the Best Practices processes in your starter system.
  • Execute hands-on configuration within the SAP S/4HANA Cloud
  • Use the starter system to play around and investigate the SAP Best Practices processes.
  • Use the self-service configuration UIs in the Manage Your Solution app, to see what you can do to adapt the system to your needs. However, you should be aware that it is not possible to transport the configuration of your starter system to the quality system that you receive at a later point in time. It is only meant for exploring the configuration options.

  • Project level accelerators:
    • SAP S/4HANA Cloud overview presentation
    • Prerequisites matrix (which depicts the relationship between scope items and building blocks)
    • Delivery supplement (which highlights key implementation information)
    • Master Data Overview
  • Scope item level accelerators:
    • Scope-item fact sheet with a description
    • Process diagrams
    • Test scripts



  • Download the content library as a ZIP file. You should be able to see:
    • Package fact sheet
    • Scope items
    • Process flow and Process Steps
    • Test scripts and test procedures
    • Master video data and Master data
    • Setup instructions
    • Roles
  • Organizing the Fit to Standard workshop
    • Conduct solution validation workshops across all the functional areas of the solution
    • Involve the respective LoB experts to ensure the adoption of the solution later on and safeguard that SAP S/4HANA Cloud meets the business requirements
    • Follow the six steps in the Fit to Standard Analysis
      1. Step 1, an SAP consultant supporting the implementation explains the Best Practices process using the process flow depicted in the SAP Best Practices Explorer.
      2. Step 2, the consultant shows this Best Practices process in the starter system. By doing this, the consultant demonstrates in which area you will most likely need to do some configurations.
      3. Step 3, the project team discusses what they have just seen in their starter system and whether the SAP Best Practices process can fulfill their business requirements.
      4. Step 4, project team identifies its requirements for the SAP S/4HANA Cloud system. Those requirements are then added to the product backlog, which can be analyzed further at a later stage.
      5. Step 5, the implementation project team establishes which configuration values they require and documents this thoroughly. This is extremely important for the system provisioning process. After the team has documented its required configuration, it can hand this document over to SAP’s service center. The service center then adapts the Q system accordingly and provides it to the project team.
      6. Step 6, the consultant provides all the necessary material on process flows, test scripts, and users to the IT director. Using this material, the project team can perform the specific business scenarios on their own.

  • Confirm SAP S/4HANA Cloud provides a good fit and configure/adapt where changes are required using the SAP Roadmap Viewer. The Roadmap Viewer is a good tool to provide you with step- by-step instructions for your implementation The roadmap is structured along the six Activate phases. It has the Discover, Prepare, Explore, Realize, Deploy, and Run phases. Navigate to the Configuration document: Roadmap Viewer > Solution Specific > SAP Activate: Implement and Configure SAP S/4HANA Enterprise Management Cloud > Roadmap Structure: Explore phase > Deliverable > Fit to Standard Analysis – Enterprise Management Cloud > Chart of Accounts – Conduct Workshop > Accelerators > Chart of Account Numbering and Change Template.xlsx
  • For some configuration changes, such as the org structure changes, you can document what you want your org structure to look like and can then provide this information to the service center, who will help you to set it up.
  • For some configuration changes, you can do it without service center support. So, it’s very important to know which SSCUIs correspond to which scope item. There are accelerators which maps the SSCUIs to the scope items. Take a look at which scope item corresponds to it and then take care of it during the implementation project.
  • Complete Fit to Standard Analysis and define configuration by end of this phase.

  1. Realize Phase

a. Scope and Configure

  • Configuration of the solution is done in this phase. Guided configuration, the system provisioning of the Q and P systems, the system phases, and the segregation of configuration duties between the customer and SAP are part of this phase.
  • Guided configuration provides an assisted way to adapt SAP Best Practices for SAP S/4HANA Cloud and facilitates the lifecycle management of this business process content in cloud deployments in order to activate new SAP S/4HANA innovations without disruption. It can be conducted agilely in sprints. It is accompanied by a test automation tool, direct access to learning, and data migration.
  • The leading principle of the guided configuration is that it can be done by the key users in the line of business without a central IT department. The configuration values are defined with “self-service configuration” apps.
  • Self-service configuration apps are mostly lightweight apps to configure certain topics (ex: delivery block reasons for deliveries or payment block reasons for payments), but also be comprehensive apps (ex: organizational structure app to add organizational units). With SAP S/4HANA Cloud 1705, around 150 apps have been delivered. Key users access these configuration apps centrally with the app “Manage Your Solution”.
  • Not all configuration settings are changeable with these apps. Some are done by SAP Service Centers based on definitions that were captured in predefined forms during the Fit to Standard workshops.
  • All customer personalization done via self-service configuration UIs and configuration as a service is stored separately from SAP Best Practice content to protect the system configuration against unwanted changes.

Content Lifecycle Management ensures activation of both updated and new Best Practice processes delivered by SAP without disruption.

  • Best Practices processes delivered by SAP are subject to maintenance and content System configuration is subject to change as well. Additionally, you can personalize existing business processes with self-service configuration, and add additional process steps or processes.
  • Configuration changes done by SAP, customers or partners will be recorded in the Content Lifecycle Management history. It protects system configuration against these unwanted changes:
    • Pre-configuration delivered by SAP
    • Personalization done by the customer
    • New process steps and processes added by customers or partners.
  • Content Lifecycle Management ensures compliance for new or updated processes delivered by SAP without disruption.
  • System Status is used to control the customizing settings consistently within and across the system. The status is visible in the “Manage Your Solution” app and it is nearly the same as the project phases of SAP Activate.
  • “Manage Your Solution” app system statuses
    • There is no “Manage Your Solution” status for discovery as the starter system currently allows no configuration.
    • There is an additional “Change” phase for additional configurations after a set of configurations has been tested and
    • During the “Preset” phase foundational configurations are being done by SAP.
    • During the “Explore” phase, the “Manage Your Solution ” app is always in status “Explore”. During this you can change configuration settings and get to know them. Align these with the Fit to Standard workshops so that any changes that apply before a Fit to Standard workshop are This is necessary as changes from this phase are not automatically taken over to the Q system for later use.
    • The Q system itself starts fresh and can have the status “Preset”, “Realize”, or “Change”.
    • The P system also starts fresh on the same release as the Q system and has a system status “Deploy” or “Run”.

Mapping of system statuses to logical systems

  • Three phases of the Q system
    • “Preset” phase
      1. The Q system is being prepared based on requirements defined in the Q system provisioning form. Here the most important ERP basic settings are applied, such as the definition of the country or countries, the ledger setup, the currencies, the organizational structure, the customer chart of accounts, house banks, and integration.
    • “Realize” phase
      1. The Q system is now being configured by the key users and the expert configuration applied by SAP. The key users use the self-service configuration app included in the “Manage Your Solution” app. This app also included the test tools and the data migration tools. The configuration status is set to “Confirmed” or “Completed” at the end of this phase.
    • “Deploy” phase
      1. Production system is The protection system must be in the same release as the Q system, so it is requested within a few weeks from receiving a Q system. Configuration, chart of accounts changes, and organizational structure changes will be duplicated from the Q system.
      2. Once the transport has been released, no configuration or data migration can occur until the P system is activated. After the service center activates the P system, they will change the Q system phase to “Change”.
      3. To proceed with configuration, a change project must be created. This process is repeated for each configuration sprint.
      4. Using sprints of 1 to 2 weeks, business processes are configured and tested in Q. At completion of the sprint, the change project is released and the configuration is transported to the P system.

To summarize, you received the Q system with the initial settings determined during the Fit to Standard Analysis. The key users configured the Q system using the self-service configuration UIs. And the remaining expert configuration is conducted by SAP.

With this P system provisioned, the tested configuration is released and transported to the P system.

The Q system is set to change. From here additional configuration is being conducted, tested, and released to P in weekly sprints in an agile approach.

b. Extensibility

  • Below is a comparison between classic SAP S/4HANA and SAP S/4HANA Cloud regarding extensibility. It identifies the customer expectations regarding updates and cycles, the extensibility concept and who is able to do it.
  • On classic SAP, we have a lot of additional business Modification to tables may be needed that may need programming. This is a lot of effort and this is a high risk regarding side effects also to the standard.
  • In SAP S/4HANA Cloud extensibility concept, we have loosely coupled extensions that provides flexibility. Stability is guaranteed and there are no side effects on the standard. We can rely on the extensibility coding and the extensibility wizards that this is running even after an upgrade. The business experts can easily apply non-disruptive changes, and they can rely on these changes even after an upgrade without any risk.
  • Extensibility can be In-app extensibility or Side-by-side extensibility. Side-by-side extensibility requires SAP Cloud Platform which is a fully-fledged development environment for all the cloud applications. For more about this, please refer to extensibility here.

  • Business user
  • Business Users may want to change columns or hide fields on their personal screen. These Fiori personal settings should not affect other people. This is not part of the extensibility concept, this is just part of Fiori.
  • Business experts of the LoBs / Key Users

Key Users use in-app extensibility which uses the all the possibilities or the capabilities of extensibility concept in SAP S/4HANA Cloud.

  • add custom fields, able to change the business logic with the help of kind of user exit BAdIs.
  • add or use SAP-released CDS views• define own custom views – for analytics
  • add custom interfaces
  • add custom forms

These changes affect all the people in the LoB and the organization.

  • Developers

Can use both In-app extensibility or Side-by-side extensibility.

  • add complex business logic
  • define new business objects and apps (small, lightweight apps are possible within SAP S/4HANA Cloud).

These objects are decoupled from the lifecycle. There is no problem or difficulty after an upgrade. All of these changes affect the people in the organization.

  • Business Configuration: this is covered by Fiori
  • In-app extensibility
    • Less complex
      • UI Adaptations: covered by the Fiori standard
      • Individual Terminology: you can change names of
    • More complex
      • Custom Reports/Analytics: We design our own CDS views and use them for our own analytics activities
      • Custom Forms: add your own forms
      • Custom Fields: We can use custom fields on all objects, CDS views, and Fiori screens, forms, API’s, Interfaces, and Platform (SAP Cloud Platform)
      • Custom Logic: A restricted ABAP Editor is available and so ABAP activities are possible
    • Side-by-side extensibility
      • Custom apps: are built on SAP Cloud Platform to improve your process, to add a new process step in, or to replace an existing process step. It’s too complex to edit in the Custom Logic and so has to be done as a custom app.
      • Process Integration: We can make service calls
      • Vertical Solutions/Add-Ons: We can build heavyweight applications (ex: for industries).

c. Integration

We can connect cloud as well as on-premise products with the integration of S/4HANA Cloud. With the SAP S/4HANA Cloud, SAP provides integration (through productized integrations) and integration capabilities to non-SAP products (through frameworks). SAP provides content as well as development in order to achieve this. Currently integrations are available for SAP SuccessFactors, Ariba, Hybris, Concur, Fieldglass, as well as SAP Financial Services Network. Additionally, SAP also provides customer-driven integration capabilities with our APIs.

With the SAP-delivered integration, SAP Cloud to SAP Cloud is pre-delivered with best practices content as well as processes. SAP is responsible for the operations and upgrades, and ensures that during the upgrades your functionality remains untouched in terms of downtime or disturbance. This is predefined and developed by SAP and operated by SAP. If you walk through to the template-based integrations, you can take advantage of the SAP-delivered integration.

If you look at the customer-driven interfaces based on the released public SAP APIs, then you will completely own and operate these integrations that are built. We will provide the APIs, so from that perspective we provide you with developments in terms of APIs. However, putting these APIs together and connecting to the third-party system is completely development on the customer’s side, and operated by the customer. You will have maximum flexibility to decide how you build up which kind of data comes through, as well as which tool you connect to. However, you will have time and implementation costs associated with this.

API acts as a messenger that takes a request and tells S/4HANA Cloud what to do, and returns a response back to the partner system to which you will connect. There are different possibilities to connect using the APIs. You can connect to on-premise systems using SAP HANA cloud connector. There are APIs which you can use to connect to cloud systems also. These APIs can be used to connect to either SAP cloud systems or to third-party cloud systems, and will take advantage of SAP Cloud Platform Integration to make this happen. You can connect to on-premise systems, using the cloud connector or the SAP Cloud Platform Integration.

SAP delivered public APIs are in the form of OData, REST, or SOAP APIs, and are publicly released on the API Hub. If you go to SAP API Business Hub, you can find all the relevant APIs that are required to connect S/4HANA Cloud. You can do, create, read, update, or delete operations for different objects within S/4HANA Cloud.

We also have the possibility to connect S/4HANA Cloud to the SAP on-premise systems using more kind of RFC-based APIs like the BAPIs or the IDocs.

For more information, please read my blog on SAP Cloud Platform Integration.

d. Migration and Testing

Realize stage has Migrate, Integrate, Extend, Test activities. The Migration Cockpit is used for Migrating data and Test Tool is used for automating Testing.

  • Migrate
    • Each migration object comes with preconfigured content and mapping. SAP provides all the content and migration
    • Depending on your scope solution, the correct migration objects that you can use for migration is presented. If you don’t have any kind of source data, or if you want to do it manually, you can still do
    • Automated mapping means that we scan through all your imported values and see what fits to SAP and what doesn’t – where you would have to make changes to the source
    • By using the mapping tool, you don’t have to fix everything in the source or in the templates. You can use the migration cockpit in order to change and convert relevant values.
    • Navigate to Migrate Your Data from the configuration menu, from the Manage Your Solution. There you will see a list of the migration objects as shown below.

The tool generates file template which can be downloaded. Then start the guided migration process with all the different steps.

Please also check out to Watch the Demo: Migration to the Cloud and
Migration Cockpit Presentation


  • Test Automation Tool
    • The test automation tool is an integral part of SAP S/4HANA Cloud. With preconfigured test scripts, you can automate your business process tests. In addition, you can change existing tests or create new test cases via a recording functionality. The goal to accelerate business process tests.
    • For everything you change in the system, you can directly run a test to see what the result would be if you change a certain value or setting. It automates test cycles. It accelerates business process testing via test automation.
    • It provides the following:
      • Enables test script creation with a recording functionality.
      • Documents all automated test activities with screenshots.
      • Enables a sound test result even during short test cycles like upgrade tests.
      • Provides a quick check with ready-to-run test scripts.
    • There are 3 scenarios where you can use the Test Tool
      1. Implementation support for new & changed processes: Quick check of configuration changes End-user
      2. acceptance test: Test of customer-owned test cases
      3. Regression test: Test of customer owned & SAP delivered processes after upgrades/updates

In the Test Plan Overview screen you can see processes in “In Process”, “Failed”, “Success” or “Untested” statuses.

  • It is possible to set Default Values for testing by creating Variants. It is also possible to see screenshots of last run.

  • “Change Adaptability” can be used if the system requires you to change, for example, a certain threshold based on the testing you did, it will do so and show it you in the results. Then we run the test.

  1. Deploy Phase
  • The main goal of the Deploy phase is to ensure that the organization is ready to productively use and operate SAP S/4HANA Cloud.
  • For this, you need to onboard the users of SAP S/4HANA Cloud to make sure they are able use the new ERP system.
  • You need to do user training and onboarding, which is partly embedded into SAP S/4HANA Cloud.
  • We differentiate between two main groups of users: the key users and end users. A key user can be seen as an administrative user and is a representative of a number of business processes and their related configuration.

  • Key users play a fundamental role in ERP implementations. Key users are functional experts who were involved with Fit to Standard Workshops. End users are those employees who work with ERP on a daily basis.
  • In contrast to end user enablement, key user enablement already starts early in the Prepare phase of a project. End-user enablement, though, starts significantly later, in the Deploy phase. Both user groups require ongoing enablement because they need to be familiar with the new releases of SAP S/4HANA Cloud.
  • The enablement of both end users and key users can be categorized in three
  • Phase 1: Onboard quickly and get familiar with SAP S/4HANA Cloud in the early phases of working with the
  • “My Learning” app embedded in SAP S/4HANA Cloud gives all users role-based access to the relevant learning It is easy to use, and the central access point to all learning materials.

Getting started, Processes, Implement, Other tutorials

  • Phase 2: Become productive in SAP S/4HANA SAP provides tutorials for most of business scenarios in SAP S/4HANA Cloud. These tutorials are embedded in SAP S/4HANA Cloud as well. Users can also leverage the user assistance for in-app help on the same screen, guided tours, and documentation.
  • Phase 3: Stay up to date over time. Since there are quarterly release cycle in the Cloud, it’s easy to fall behind. Leverage the SAP Learning Rooms on the SAP Learning Hub to stay current. employees can collaborate with their peers and experts from SAP in virtual Learning Rooms. Learning Rooms are moderated by SAP trainers and experts, feature additional training materials, and allow all users to ask questions or share their experience. You can use the SAP Learning Rooms for SAP S/4HANA Cloud implementations and SAP Activate.
  • For end-user training, customers can even set up their own customer-specific Learning Rooms and fill them with customer-specific training
  • Enablement for key users: It is necessary to provide key users with more comprehensive In order to bring your key users up to speed, SAP provides role-based Learning Journeys. Such Learning Journeys show you all the available learning assets for a specific topic and how to best navigate them. On those Learning Journeys, you can find a mixture of openSAP courses, SAP Learning Rooms, and e-learning on the SAP Learning Hub, and also classroom training.

  • All Learning Journeys start off with a branch listing all the resources to get an overview of the topic. In above case, you would start by registering to the SAP S/4HANA Cloud Implementation Learning Next it is recommended to participate in this openSAP course. After gaining an overview, the Learning Journey continues with a branch to go deeper and become fully competent.
  • Access the SAP Learning Hub and find the new courses on the Learning Hub. you can assign the course to yourself and then you can start the course whenever you would like to participate.
  • Some e-learning course also provides you with live system access, a feature of the SAP Learning Hub.

  • The SAP Learning Hub is really a great resource for onboarding your You can find lot of information relevant for Key Users here. An example is the “SAP S/4HANA Cloud Implementation Learning Room”.


Please feel free to reach out to me for any decisions that you might need guidance on with regards to SuccessFactors, S/4 HANA, SAP Leonardo. I am happy to pay it forward. This post would not have been possible without all the help from blogs in SAP community and other articles published by SAP. Please connect with me at so that you can get notified if topics like SuccessFactors and S/4 HANA interest you.




What You Need To Know About SAP S/4HANA Finance (On Premise)

In this post, I will share with you the advantages of SAP S/4HANA Finance, Releases, System Conversion, Functional Scope, New Features, Central Finance, Technical Scope and Extensibility. You can click on the links to go directly to a topic that interests you.

  1. Introduction
  2. Releases
  3. System Conversion
  4. Functional Scope
  5. New Features
  6. Central Finance
  7. Technical Scope
  8. Extensibility

  1. Introduction

SAP S/4HANA Finance is a financial application in the SAP S/4HANA ERP platform. It consists of a set of interconnected financial management functions that provide real-time data from the enterprise resource planning (ERP) applications. SAP S/4HANA Finance is part of S/4HANA and is built on the SAP HANA in-memory database platform.  S/4HANA integrates cross-organizational functions into one system that combines transactional processes and analytics for real-time applications. For the front end, SAP S/4HANA Finance uses SAP Fiori for a consumer-like and personalized UX (user experience).

SAP S/4HANA Finance is the first business application developed for the S/4HANA platform. It is designed to remove traditional barriers between transactional, analytics, and planning systems to provide instant insights and on-the-fly analysis using all levels of financial data.

The main advantages of SAP S/4HANA Finance are:

  • Processing speed combined with integrated features for the various financial functions
  • Faster reconciliation of financial processes
  • Single source of financial truth
  • Real-time data with analytics to model and predict the impact of changes

SAP S/4HANA Finance can be implemented on-premises, in the cloud, or in hybrid environments. SAP S/4HANA Finance applications can be implemented as standalone products or bundled together.

  1. Releases

On Premise versions are as follows:

  • SAP S/4HANA 1610 FPS02 (latest at the time of writing)
  • SAP S/4HANA 1610 FPS01
  • SAP S/4HANA 1610 (Digital Core, Fiori 2.0, Extended Warehouse Management, SAP Core Modules Improvement)
  • SAP S/4HANA Finance 1605 (sFin release 3.0)
  • SAP S/4HANA 1511 FPS02 On-premise Edition (SF-EC-HCI support)
  • SAP S/4HANA 1511 FPS01 On-premise Edition (SAP NetWeaver 7.5 SP01)
  • SAP S/4HANA 1511 On-premise Edition (SAP NetWeaver 7.5, Fiori, both Finance and Logistics, full-blown SAP S/4HANA Enterprise Management, dropped ‘Simple’)
  • SAP S/4HANA Simple Finance 1503 On-premise Edition (SAP NetWeaver 7.4, sFin release 0)
  • SAP Smart Business for the SAP Simple Finance add-on 1.0 for SAP Business Suite powered by SAP HANA – SPS03 (SAP NetWeaver 7.31 and 7.4, sFin release 0)

*FPS: Feature Pack Stack

S/4HANA Finance includes only the finance innovations (replacement of classis FI-CO) on to the already existing system. So, everything in logistics will remain as it is. Basically, you get to SoH, then re-process all of your financial documents into the new add-on/simplified financial models. All of your other modules are still running ECC 6 EhP7 or EhP8 functionalities. This means that all of your Sales and Distribution, Production and Logistics process all remain the same as in SAP ERP.

In S/4HANA 1610, SAP has included all the available functionality of the latest release of S/4HANA Finance 1605.

Cloud versions are as follows:

  • SAP S/4HANA Cloud 1705 (latest at the time of writing)
  • SAP S/4HANA Cloud 1702
  • SAP S/4HANA Cloud 1611
  • SAP S/4HANA Cloud 1608
  • SAP S/4HANA Cloud 1605

And customers can source S/4HANA from the cloud too (think HEC!).

S/4HANA is a new name for the same good old suite functionality (ERP, SRM, CRM, …) – the difference is the suite can now run on HANA. Finance was the first part of ERP optimized to run on HANA. The functionality itself or the way to configure the system does not change much.

The finance add-on replaces the classic Financials applications in your SAP ERP system. Before you install the Finance add-on, you must prepare the migration of application data. Install the finance add-on using the Software Update Manager (SUM). Install two SAP HANA Live packages using the HANA Lifecycle Manager (HLM)

SAP Simple Finance includes:

  • for Finance
    • SAP Accounting (powered by SAP HANA)
    • SAP Cash Management
    • SAP Integrated Business Planning (IP and BPC and embedded BW)
  • Additional innovations
    • Treasury and Financial Risk Management
    • Collaborative Finance Operations
    • etc.

You can use Software Update Manager (SUM) to perform the installation of SAP S/4 HANA Finance and to perform system upgrades as well as enhancement package installations.

  1. System Conversion

SAP S/4HANA is SAP’s next-generation business suite. As such, it is not a legal successor of any SAP Business Suite product. It is a new product, built entirely on one of the most advanced in-memory platforms today – SAP HANA – and incorporates modern design principles through the SAP Fiori user experience (UX). SAP S/4HANA delivers massive simplifications (customer adoption, data model, user experience, decision making, business processes and models) and innovations (Internet of Things, Big Data, business networks, and mobile-first) to help businesses Run Simple in the digital economy. Through its approach to building SAP S/4HANA, SAP is re-architecting its solution for modern business processes that the ever-increasing digitization of the world demands. Therefore, it’s necessary to decide on one data structure and architecture to move forward.

SAP is taking on responsibility for managing the impact of these decisions.

  • Many of the changes are purely technical and will have no or only limited impact on people’s work; therefore, they will not trigger business change management. Such changes will be mandatory when converting a system to SAP S/4HANA.
  • Other decisions are of a more strategic nature, determining which version of functional support will evolve into new capabilities. In these cases, SAP will generally keep the traditional capabilities available as compatibility scope, enabling a predominantly technical migration of these processes and leaving the timing of change management as a customer decision. Change management may therefore take place during the initial conversion or be postponed to a later point in time.

System Conversion Sequence 

SAP provides a process for the conversion to SAP S/4HANA. The following figure gives an overview of the tools, the phases, and the activities involved in the process.

Recommendation: SAP recommends that you do the activities in the sequence shown in the figure and explained in the sections below.

Maintenance Planner 
You have to use the Maintenance Planner to do the system conversion to SAP S/4HANA On-premise edition. Based on the Maintenance Planner, which is recommended to run in an early phase of the SAP S/4HANA System Conversion Project, if there is no valid conversion path for any of the items listed below, the Maintenance Planner prevents the conversion.

  • Any Add-Ons to your system
  • Any active Business Functions in your system
  • Industry Solutions

After the check, the Maintenance Planner generates the download files (add-ons, packages, DBDs, and the stack configuration file) and creates the stack configuration file (stack.xml), which is used by SUM to convert to SAP S/4HANA On-premise edition.

Pre-Check Relevance 
Pre-checks are shipped to customers that want to convert to SAP S/4HANA On-premise edition in the form of SAP Notes. Customers can use these pre-checks to find out what mandatory steps they have to carry out before converting to SAP S/4HANA. The results list the instances that need to be addressed before attempting the conversion process.

Custom Code-Related Information 
To support the customer in detecting custom code that needs to be adapted for the move to SAP S/4HANA, SAP offered custom code analysis tools (as part of NW 7.50). The customer can verify if his current custom code will be compliant with the SAP S/4HANA On-premise edition data structures and scope.

Quick Overview of the Conversion Process

To enable you to do an optimal planning of your path to SAP S/4HANA, SAP provides
Simplification List for SAP S/4HANA 1610 FPS02 (latest as at the time of writing this blog). Each simplification item details the steps that need to be taken for the conversion from a business and a technical point of view, both preparatory and follow-on steps and each item is available as a SAP Note that may contain additional information. You should read the Simplification List to get an overview of all the simplification items that are relevant for your specific conversion. When you have identified the simplification items relevant for your conversion, you also need to look at the relevant simplification SAP Notes themselves to get all the available information. The SAP Notes may contain more information that the Simplification List, because they may have attachments and may reference other SAP Notes. This situation is not reflected in the text of the Simplification List PDF, which is only an extract from the SAP Notes. The simplification items are partly integrated with the pre-check and custom code migration tools. These tools provide a detailed report about where the code of your SAP Business Suite system does not comply with the scope and data structures of SAP S/4HANA.

Prepare Phase
Before starting the realization phase of the conversion process, you also have to do the following preparatory activities:

  1. System Requirements: You need to be aware of system requirements, start releases, conversion paths, and data volume.
  2. Maintenance Planner: You need to run the maintenance planner tool as a first step in the conversion process.
  3. Pre-Checks: These checks identify important steps you need to take to make sure that your system can technically be converted and that your business processes can start running directly after the conversion process has been completed. There are also pre-checks available for the preparation of the migration of financial data. This step is also mandatory and will be triggered again by the Software Update Manager.
  4. Custom Code Migration: The compatibility of custom code with SAP S/4HANA can be checked with the ABAP Test Cockpit. Do steps 2 to 4 in the prepare phase in the sequence listed above. It is, however, technically possible to do them independently or in parallel.
  5. Cross-application preparation activities: In addition to the general preparation steps described above, you also need to do some cross-application preparations.
  6. Application-specific preparation activities: In addition to the cross-application preparations, you may also need to do some application-specific preparatory steps. These steps and their documentation are partly provided by the pre-checks and the custom code checks. For a complete overview of all necessary steps, see the Simplification List at the link mentioned above.

Realize Phase

  1. Software Update Manager (SUM): When you have completed the steps above, and have implemented all the adaptations required to ensure your system and your custom code is suited to SAP S/4HANA, you then run the SUM. The SUM does the database migration (if required), the actual software update, and the data conversion.
  2. Cross-application follow-on activities: Other manual cross-application activities may also be required.
  3. Application-specific follow-on activities: You may also need to do application-specific manual steps. These steps and their documentation are provided by the pre-checks and the custom code checks, which provide the list of simplification items relevant for your specific systems. For a complete overview of all necessary steps, see the Simplification List (mentioned above).

The use of a distributed system landscape for your conversion allows you to take as long as needed to identify and process the software changes required by the conversion and then apply these changes efficiently during the conversion of your productive system to minimize downtime.

  1. Functional Scope

Following functional scope is available as part of SAP S/4HANA Finance:

  1. Financial Planning and Analysis (FP&A)
  2. Accounting and Financial Close
  3. Treasury and Financial Risk Management
  4. Collaborative Finance Operations
  5. Enterprise Risk and Compliance
  1. Financial Planning and Analysis (FP&A)

Organizations can use it to forecast, plan, and budget as an ongoing process, can forecast the impact of business decisions, accelerate planning cycles, increase profitability, and make finance functions more efficient.


  • Strategy development and translation
  • Planning, budgeting, and forecasting
  • Profitability and cost management
  • Monitoring and reporting

New innovations:
Planners can access real-time master data and accruals in SAP ERP without data replication. Organizations can run end-to-end simulations and faster planning cycles with one common financial planning model.

  • Enables embedding of end-to-end planning process and use of real-time operational data to eliminate time lags and redundancy
  • Runs on-the-fly financial analysis at any level of granularity using a single table in-memory
  • Supports the entire financial planning lifecycle – including development, updates, and reporting
  • Enables ad hoc simulations of organizational changes or new business models directly in ERP system
  1. Accounting and Financial Close

Organizations can meet the legal terms and complete the financial reports on time, close the books faster, improve compliance and control, and reduce closing workloads and costs.


  • Accounting
  • Entity close
  • Corporate close
  • Reporting and disclosure

New Innovations:
SAP Accounting combines financial and management accounting and profitability data into one universal journal. It abolishes totals, indices, and other pre-defined aggregates, and relies on line items as a single source of truth. Multiple parallel documents for all valuations are posted in real time to ensure correct values from the beginning.

  • Enables execution of closing tasks and inter-period processes in real time
  • Enables running real-time reporting with complete drill-down by any dimension
  • Provides a single, unified data model to simplify processes, increase productivity, and reduce risk
  • Enables execution of depreciation runs with simplified processing logic and data structures
  • Leverages line item postings for every single asset, allowing for detailed reporting
  1. Treasury and Financial Risk Management

Organizations can find the risk in financial processes at an early stage and device ways to mitigate them (using Predictive Analysis), accurately forecast cash flow, manage liquidity, and mitigate risk, integrate cash flows, transactions, commodity positions, and market data and optimize straight-through processing with full-view and real-time analysis, audit trails, and compliance reporting.


  • Financial risk management
  • Payments and bank communications
  • Cash and liquidity management

New innovations:
SAP Cash Management provides global cash positions in real time, even in the presence of heterogeneous backend systems. New capabilities provide detailed analysis of forecasted cash flows – so you can bring greater levels of consistency to cash balances, cash requirements, and liquidity strategies.

  • Enables integrated cash flow analysis
  • Enables integrated business planning, including liquidity planning lifecycles
  • Provides comprehensive central bank account management
  • Provides real-time visibility of bank balances and currency exposures
  • Enables increase of executive engagement with an intuitive and modern user interface (UI)
  1. Collaborative Finance Operations

Organizations can rapidly respond to fluctuating market dynamics, automate receivables and payables processing, enable efficient shared services delivery and streamline travel management.


  • Receivables management
  • Invoice management
  • Travel management
  • Real estate management
  • Financial shared services

New innovations:
SAP Receivables Management improves working capital and financial health by using real-time receivables data to assess customer credit risk, streamline billing, resolve disputes and prioritize customer collections to reduce days sales outstanding:

  • Enables monitoring customer payment behavior in real time
  • Enables in making proactive decisions with exception-based receivables management
  • Enables determination of customer’s top line contribution with simplified analysis
  • Enables improvement of reconciliation and analysis with intuitive search functions and usability
  • Provides relevant, real-time data to shape customer interactions
  1. Enterprise Risk and Compliance

Organizations can prevent unauthorized access to sensitive data, detect fraud and abuse, and proactively balance the risk for all the financial processes, automate risk, compliance, and international trade activities. By proactively minimizing risk and compliance violations, the software makes it easier to optimize business operations, protect assets, and improve financial performance.


  • Enterprise risk management
  • Controls and compliance management
  • International trade management
  • Fraud management
  • Audit management

New innovations:
SAP Fraud Management gives you the insight you need to detect, investigate, and deter fraud. The software uses advanced rules and algorithms on Big Data to identify and predict fraudulent behavior, issue alerts, and block fraudulent transactions.

  • Enables processing of high volumes of data to help with real-time fraud detection at the transaction level
  • Provides centralized fraud management to optimize investigation and monitoring
  • Enables minimizing false alarms by calibrating detection strategies and running real-time simulations
  • Enables modeling detection strategies and carry out simulation to predict new fraud patterns
  • Enables harmonizing data to expose potential duplications or erroneous, fraudulent entries

See documentation for further information: SAP S/4HANA 1610 – Feature Scope Description.

  1. New Features

Some of the challenges before SAP S/4HANA Finance were:

  • Different level of details stored in respective components/tables
  • To move the data to appropriate table for reporting purpose
  • Multiple BI extractors to analyze full data in BI
  • Reconciliation needed for all components

Following improvements are provided with the new SAP S/4HANA Finance architecture −

  • Multidimensional reporting on Universal journal without performing data replication to BI
  • Universal Journal as one-line item table with full detail for all the components. No reconciliation is required and data is stored only once.
  • Improved structural capabilities of the financial solution – multiGAAP, additional currencies, etc.
  • Support for the existing ABAP programs or reports to prior tables with read access.

Let’s look at the features provided in more detail:

  1. One Single Source of truth and all accounts become GL accounts
  2. Parallel currencies and parallel valuation
  3. Profitability Analysis in S/4HANA 1610
  4. Attributed Profitability Segments
  5. Event based revenue recognition
  6. Bank Account Management (lite)
  7. New Asset Accounting
  8. Embedded Analytics and Reporting
  1. One Single Source of truth and all accounts become GL accounts

All line items will be stored in the new table ACDOCA. There will be no redundant, aggregate or total tables anymore. All dimensions of GL, CO, COPA, AA and ML will be in ACDOCA.

In the ACDOCA we have multi-dimensional GL, parallel ledgers, parallel currencies, 999,999 line items and custom defined fields. The challenges of gathering combined content of several tables to represents the truth and reconcile the different level of detail stored in the different components/tables of SAP (e.g. CO= more detail, FI= less detail) is now something of the past.

The reason of the merge of secondary and primary cost elements is the fact that all actual line items will now be stored in one single table ACDOCA. This also applies on purely (internal) CO postings. You should not include these secondary accounts in your P&L.

  1. Parallel currencies and parallel valuation

In S/4HANA 1610 we can now have up to 10 parallel currencies per ledger. Real-time conversion for all currency types is possible, zero balance per document is guaranteed for each currency and CO-area currency is now calculated for all accounts (also non-cost element).

Parallel valuation functionality is significantly enhanced in S/4HANA 1610. SAP now provides two options to store multiple valuations:

  • Parallel valuation updated in parallel single-valuation ledger
  • Separate ledger for each valuation
  • Transparent separation of posting and reporting based on different regulations
  • Parallel valuation updated in multi-valuation ledger
  • Separate amount columns in the same ledger
  • Reduce memory footprint
  • Reduce effort and time for closing

See an example of the 2 methods below.

  1. Profitability Analysis in S/4HANA 1610

Profitability Analysis is done via Account based COPA. Costing Based profitability analysis is still available and can be used in parallel, but there will be no integration with the Universal Journal (ACDOCA table).

See below for list of enhancements on Account Based profitability analysis below. Split of Cost of Goods Sold on multiple accounts based on cost component split. This is done during posting of the Goods issue.

  • Split of production variances on multiple accounts. This is done at order settlement.
  • 3 new quantity fields provided in the line items and a BAdI for conversion of the logistical quantities to common quantities in Finance.
  • Real-Time derivation of market segment information from cost postings (Cost Center, order etc.)

Summary of the enhancement:

Unfortunately, there are still some limitations which are on the future roadmap. Current limitations of Account Based profitability analysis:

  • Sales conditions which are not posting to GL (statistical) are not supported
  • Realignment of characteristics which are changed after posting are partially supported. Not for all characteristics!
  • Creation of sales order generates expected revenue, COGS etc. in profitability analysis is not supported.
  1. Attributed Profitability Segments

‘Attributed PA segment’ can be activated. With this new functionality, organizations can have the real account assignment to the service order and an attributed assignment to a profitability segment in COPA before settlement. Previously, when we have a debit memo request in a Time & Material Service order which has a settlement rule for settlement to COPA, the debit memo request will have an account assignment to the service order and no profitability segment and that meant that you do not have the profitability segment information until the service order is settled to COPA.

  1. Event based revenue recognition

The revenue recognition process is now fully integrated with the Universal Journal. There is no separate storage for Revenue Recognition data anymore.

Cost and revenues are recognized as they occur. The entry of the source document will generate two postings. An entry for the initial costs and revenue and an entry for the revenue recognition posting.

There is a new Fiori app ‘Event based revenue recognition’ for monitoring of revenue recognition postings and manual adjustments.

  1. Bank Account Management (lite)

The basic functions of the Bank Account Management functionality of Cash Management is brought in to the core and is called Bank Account Management Lite.

The main new features and differences compared to the old house bank and bank account setup are the following:

  • Group-wised account management
  • Signatory
  • Overdraft Limit
  • Opening and Closing with approval process
  • Easily maintain bank accounts

The house banks are still created in customizing. Bank accounts are now part of master data and can be maintained by users through a dedicated Web Dynpro or Fiori application using the new transaction FI12_hbank.

  1. New Asset Accounting

Migrating to New Asset Accounting is a pre-requisite for migration to S/4HANA (Finance). The reason and motivation behind New Asset Accounting is:

  • No data redundancy
  • Reconciliation between GL and AA ensured
  • Transparent assignment of depreciation area to accounting principle
  • Simplified chart of depreciation: only 1 CoD per valuation
  • No delta depreciation areas
  • Asset balance in real-time (APC posting run not needed)
  • Plan values in real-time

Usage of the New Depreciation Calculation Engine is mandatory and the tables ANEA, ANEP, ANEK, ANLC, and ANLP are not updated anymore in New Asset Accounting.

An example of the new posting logic during integrated asset acquisition with two ledgers with two different accounting principles:

As you can see a new ‘technical clearing account’ is used to post accounting principle specific documents. The balance of the technical clearing account is zero.

  1. Embedded Analytics and Reporting

SAP blends transactions and analytics in one system allowing operational reporting on live transactional data.

Many new possibilities are opened up with the new data structure (e.g. ACDOCA), pre-delivered Virtual Data Models (VDM’s), performance of HANA and the latest reporting tools/interfaces.

Embedded analytics in S/4HANA provides pre-defined models across the entire suite in which the business logic is embedded and deliver contextual information.

Fiori apps and the KPI Modeler in SAP Smart Business together with the Analytical Path Framework provide a lot of content and satisfies a lot of customers. Below are some examples of Smart Business cockpit and the Analytical Path Framework apps.

S/4HANA also provides multi-dimensional reporting apps. For example, the Market Segment Actuals app (P&L report with additional Profitability Analysis characteristics).

For more flexibility, the products from the BO suite (additional license) Analysis for Office and Lumira can be used.

  1. Central Finance 

Central Finance is used to transition to SAP S/4 HANA Finance without impacting the current system landscape. Using Central Finance, you can implement a common reporting structure by mapping the common entities in the local system to a common set of master data in the Central system. It takes advantage of solutions that were already centrally managed such as Financial Close Cockpit, Intercompany Reconciliation (ICR), and Financial Supply Chain Management (FSCM). It can be used as a functional migration option, a flexible reporting platform for mergers and acquisitions, and a shared services system.

Central Finance can be seen as an approach to adopting SAP S/4HANA. Instead of forcing customers to migrate to the SAP HANA and S/4HANA, it allows finance documents to be replicated into a new Central Finance instance that running on S/4HANA. This is particularly relevant in an organization where there are multiple older SAP ERP instances or other Finance applications outside of SAP. There is minimal impact to the underlying source systems which are Central processing (e.g. cross system allocations and intercompany reconciliation) can be immediately moved to the central instance achieving immediate benefits, but further functionality can then be migrated piece by piece into the central instance. Eventually all finance functionality can be moved into the central instance and the source financial systems turned off. This presents a lower risk approach to migrating to S/4 HANA at least from older source platforms.

Technically, real-time data replication from source system to Central Finance is through SAP Landscape Transformation Replication Server (compare this with BW/BPC which require ETL tasks). Configuration in the Central finance instance controls error handling through a suspense account. Master data, which needs to be kept in line between the source systems and the central finance instance is handled with master data governance (MDG) set up between the underlying and central systems. A central finance posting looks the same as an SAP ERP financial posting but is linked back to the source system via reference to the document number key of the source document and logical system to which it belongs.

Central Finance System Landscape

The figure above illustrates the way in which SAP Finance and Central Finance are used in conjunction with SAP Landscape Transformation Replication Server (SAP LT Replication Server), SAP Master Data Governance (SAP MDG) and error handling. If you integrate SAP MDG with SAP Simple Finance, then you can use SAP MDG to harmonize the master data from the source system to the Central Finance system.

The SAP LT Replication Server collects data written to databases in the source systems and feeds this data into the corresponding Central Finance accounting interface. If you are mapping master data, SAP suggests you use SAP MDG. If you are mapping short-living cost objects, you should use SAP MDG in conjunction with the cost object mapping framework.

After the data is mapped, the system uses error handling to log the details of any errors encountered. You can choose to make corrections and repost the item or process the item again after, for example, you correct the mapping rule or adjust incorrect values in the document.

The internal accounting interface posts the Financial Accounting (FI)/Management Accounting (CO) document to SAP HANA as a universal journal entry.

SAP LT Replication Server collects data written to databases in the source systems and feeds this data into the corresponding Central Finance accounting interface. Three replication scenarios are supported:

  1. FI/CO replication: The replication of FI postings encompasses a certain scope. For a list of postings that are excluded from transfer, clearings and open items, business transactions, etc. refer to the administration guide here.
  2. CO replication: Replication of CO postings that do not flow in via FI (for example, cost center allocation) (actuals only: value types 04 and 11) – for supported business transactions, see SAP Note 2103482.
  3. Cost object replication: For additional information and scope, see SAP Note 2180924.

SAP LT Replication Server is also used for the initial load of CO internal postings and cost objects. The initial load of FI data is managed via Customizing activities in the Central Finance system.

The following challenges can arise which needs a thorough analysis in the business case:

  • The additional cost in maintaining two systems running to reflect financial transactions rather than a single one.
  • A number of SAP notes and DMIS software component are needed in order to allow documents to be replicated from source to target, this may in turn cause regression testing needs.
  • Need a SLT server which is best hosted on a separate instance.
  • Training for SLT and MDM may be required.

  1. Technical Scope

SAP S/4 HANA comes with a simplified data model. The tables and indexes are removed and replaced with HANA views in the underlying database. This replacement takes place during the add-on installation of SAP Simple Finance using SUM – related data is secured into backup tables. The compatibility views ensure database SELECTs work as before. However, write access (INSERT, UPDATE, DELETE, MODIFY) was removed from SAP standard, or has to be removed from custom code.

SAP S/4 HANA Finance uses an in-memory computing power of HANA. To run SAP S/4 HANA, you have to use the latest features of ABAP technology that comes with NetWeaver 7.5.

The following tables were replaced by SAP HANA views with the same names:

  • The line item, totals tables and application index tables of General Ledger Accounting (GLT0, BSIS, BSAS and FAGLFLEXA, FAGLFLEXT, FAGLBSIS, FAGLBSAS)
  • The totals tables and application index tables of Accounts Receivable and Accounts Payable (KNC1, KNC3, LFC1, LFC3, BSID, BSIK, BSAD, BSAK)
  • The line item and totals tables of Controlling (COEP for certain value types, COSP and COSS)
  • The Material Ledger tables for parallel valuations (MLIT, MLPP, MLPPF, MLCR, MLCD, CKMI1, BSIM)
  • The Asset Accounting tables (ANEK, ANEP, ANEA, ANLP, ANLC)

With the installation of the SAP Simple Finance on-premise edition, certain transaction codes and programs in the application areas of AC, CO, FI, AA and FIN – compared to EhP7 for SAP ERP 6.0 – have been replaced with newer transactions, programs, or WebDynpro applications.

For example:

Old Functionality  Type  New Functionality  Type  Text 
FS01 TA FS00 TA Create G/L Accounts
FS02 TA FS00 TA Change G/L Accounts
FS03 TA FS00 TA Display G/L Accounts

For more information regarding the Data Model Changes in Finance, click here.

  1. Extensibility

You can easily extend Universal Journal with customer fields. Extensibility is available for all the components that use Universal Journal – G/L, Asset Accounting, and Material Ledger.

Extensibility for General Ledger coding block extensibility.

Example: S/4HANA Cloud Extensibility Demo: Extending Master Data for Fixed Assets

Extensibility in the SAP S/4HANA suite can be categorized into two main parts:

  • Side-by-side extensibility through SAP HANA Cloud Platform
  • In-app extensibility through built-in capabilities
    • Classic extensibility
    • Key user extensibility

Customers using the side-by-side extensibility approach can use SAP HANA Cloud Platform to build completely new Uls based on the SAP Fiori user experience or integrate with other cloud applications from SAP. They can also build completely new applications and business logic that natively run on the SAP HANA platform or that are loosely coupled to the ABAP programming language back end of SAP S/4HANA.

For both the cloud and on premise, SAP S/4HANA natively embodies key user in-app extensibility tools, offering the means to:

  • Change and adapt the UI layout and context
  • Create custom fields and tables
  • Create and extend analytical reports and forms and
  • Change the business logic by adding business logic

S/4HANA extensibility provides a comprehensive set of tools, platforms, and methodologies to serve the needs of customers and partners with the qualities outlined above. The following main scenarios are outlined below and summarized in figure below.

  1. Side-by-side extensions based on SAP HANA Cloud Platform: Customers and partners can learn from the outside and weave external content into their solutions. SAP HANA Cloud Platform is the PaaS offering from SAP that offers the broadest end-to-end capability in the market (from SAP HANA to SAP Fiori UX) and access to the broadest set of data sources (from SAP cloud applications to social data). For example. customers or partners can integrate business processes with SAP SuccessFactors and SAP Ariba solutions, Concur solutions, or third-party applications. They can use SAP HANA Cloud Platform services (cloud portal. mobile documents, and so on) for extended reach and scope. It is also possible to enable an SAP Fiori and mobile user experience for existing solutions.

Since SAP HANA Cloud Platform is a full- fledged development platform, they can even build completely new solutions with a loose coupling to SAP backend systems. SAP HANA Cloud Platform is designed to be 100% compliant with open standards (for example, using open source software from Eclipse and Apache). When using SAP HANA Cloud Platform. you will therefore benefit from a healthy ecosystem of partners that contribute value to existing solutions and services. With this scenario, you can establish “best of breed” for small and large extensions. By definition, side-by-side extensions are loosely coupled with core SAP systems and therefore support a pace-layered IT.

  1. In-app extensions are implemented in the same system (or software stack) as the enhanced application. We can distinguish between:
    1. Classic extensibility: Customers and partners can extend and even modify SAP S/4HANA software with full access to development tools such as Eclipse or ABAP Workbench (SE80). This extensibility capability is available only on premise with SAP S/4HANA.
    1. Key user extensibility: Customers usually apply many small changes and extensions, since they want to increase user productivity or implement adaptations of the application logic without changing the major parameters of the respective business processes. In other words. these extensions add value to SAP applications and continue to rely on the full context of the standard implementations with respect to data, process, and UI levels. Frequent examples are “add custom fields and tables’” or “change/add business logic (rules, code snippets, and so on)”. With SAP S/4HANA, you can implement in-app extensions satisfying all extensibility qualities. In particular, end-to-end tools enable business experts to apply changes without risk, as the technical complexity is reduced to a level that corresponds to the business purpose and is stable and fault tolerant – similar to standard office applications. Thanks to a strict tool-based approach, these extensions are loosely coupled with core business processes and contribute to a pace-layered IT. This scenario is applicable for the on-premise and cloud deployment options.

Together, in-app and side-by-side extensibility scenarios offer a successful methodology. Note that they are complementary approaches intended for different use cases and should be considered as enablers to generate competitive advantage in the market.


SAP Financial Closing cockpit in SAP S/4HANA; status and Roadmap – Published Aug 14, 2017
Tags: SAP S/4HANA 1709, Intelligent Financial Closing Cockpit on SAP Cloud Platform


Please feel free to reach out to me for any decisions that you might need guidance on with regards to SuccessFactors, S/4 HANA, SAP Leonardo. I am happy to pay it forward. This post would not have been possible without all the help from blogs in SAP community and other articles published by SAP. Please connect with me at so that you can get notified if topics like SuccessFactors and S/4 HANA interest you.

Managing SAP HANA On-Premise Projects

In this post, I will share with you how to build a business case for SAP HANA, the deployment types, scenarios, approaches, SAP Activate methodology, resources required, lessons learnt, and sample project plan and timelines. You can click on the links to go directly to a topic that interests you.

  1. Introduction
  2. Business Case
  3. Deployment Types
  4. Scenarios
  5. Approach
  6. SAP Activate
  7. Lessons Learnt

  1. Introduction

SAP HANA processes transactions and advanced analytics on a single data copy and delivers real-time insights on live transactional data, self-service analytics, simplified IT landscape, and reduced administration. With SAP HANA, there is no disk latency and data duplication, unlike other disk based databases with in-memory options. And all of these capabilities bring accelerated innovation, simplified application development, and less IT landscape complexity.

S/4HANA is natively built on SAP HANA and leverages capabilities like text mining, prediction, simulation and decision support. There are no aggregates, no indices, and no redundancies.

Some of the questions customers frequently ask before embarking on a SAP HANA project are –

  • What is the role of S/4HANA – is it strategic or is it just another release?
  • What is the current status of adoption of S/4HANA, what can we learn from other implementations?
  • What are the top 5 key recommendations for smooth adoption of S/4HANA?
  • What are the general implementation strategies of S/4HANA?
  • What are the challenges we will face?
  • What are the application areas for SAP S/4HANA?
  • What are the areas we need and expectations from System Integrators?

Customers want a non-disruptive adoption path. When starting an SAP HANA project, there are many important considerations to understand with respect to a system landscape. A good starting point is to gain some clarity about the particular use case(s) which will be implemented; in other words what do you plan to “do” with SAP HANA? Once the use case(s) clarified, next it makes sense to understand what deployment options exist to help with your planning.

  1. Business Case

A strong business case for SAP HANA typically includes multiple use cases or projects with examples of how the organization will utilize the product in the course of business. The best business cases go beyond just economic analysis by aligning to an organization’s business strategy, prioritizing key capability requirements, and outlining a compelling case for change. (SAP provides business case templates at

The collection of use cases can then be used to build a roadmap for current and future deployments of SAP HANA. The roadmap will balance each project’s business value against the corresponding difficulty of implementation and/or risk involved. Below are some examples of use cases. Remember even a slight improvement of 1% can bring back millions of dollars back into the business.

Once you have a set of use cases, create a storyline with them. Focus on how SAP HANA can enable organizations to execute their business processes more quickly and efficiently and the value of the real-time information that SAP HANA makes available, as well as the resulting level(s) of business value it delivers. Add the financial information to the storyline to the expected business value and provides some quantitative measures that can be used in the evaluation process. This will help in obtaining funding for the project. Management is looking to justify the expense and effort required to buy and implement it.

There is not a single solution to any project – each will have its own cost, delivery time and set of business benefits. The business case provides us a framework to compare these in a structured way. This is especially important when the solution that you are proposing is not just about reducing costs, but also about increasing capabilities and improving business processes. Brainstorming potential SAP HANA scenarios with those business groups is a great way to identify potential low-cost, high-speed, big-value SAP HANA projects.

Building a business case for HANA with below components is highly desirable. Try to move from Observable to Measurable to Quantifiable to Financial.

  • Financial (ex: reduction in stock, hardware costs, project costs, etc.)
  • Quantifiable (ex: reduction in days outstanding, batch schedule, etc.)
  • Measurable (ex: increased adoption, shorter development time, etc.)
  • Observable (ex: better business engagement, improved morale, customer satisfaction, etc.)

Let’s look at some tools that SAP provides that will give us more information to get started. 

Value Assurance Packages

SAP S/4HANA Value Assurance Service Packages can help ensure implementation is on-time and on-budget. They are incremental and include defined services with a defined outcome for a defined price. This allows you to choose the level of SAP’s involvement in the project. The packages also complement services delivered by partners, so whether you are starting fresh or migrating an existing landscape, SAP and its partners can help you complete your journey to SAP S/4HANA successfully. For more on this, check out my post on Solution Manager (section 13) where I go into more details.

Business Scenario Recommendations report

Through the new Business Scenario Recommendations for SAP S/4HANA customers and partners can receive individual guidance when starting their journey to SAP S/4HANA. SAP gives you advice on which business scenarios in your SAP Business Suite applications benefit from SAP HANA and SAP S/4HANA. It’s tailored to your specific system and free of charge. Click on above link and hit the ‘Get started now’ button to register. You can browse through the results report by Line of Business and review individual business scenario details that include: business context, value, business drivers, SAP S/4HANA and Fiori innovation, improved transactions, and more.

S/4HANA Value Discovery Workshop

Is a 2-day workshop that is used to assess the relevant scope of SAP S/4HANA and the feasibility and readiness to adopt it. Its conducted on-site and uses a value-based approach which provides guidance on the benefits, obstacles to the setup of SAP S/4HANA. The deliverables include Point-of-View document in which organizations can learn how SAP S/4HANA can provide real benefits and come away with a plan to move quickly from initial vision to realization.

  1. Deployment Types

SAP S/4HANA can be deployed on premise, in the cloud, or as a hybrid to give real choices to customers.

SAP offers a broad range of choice when deploying SAP HANA.

  • On-premise for maximum control
  • Cloud for fast time to value
  • Hybrid for greater flexibility and scale

There is no hardware lock-in. Rather, a tailored data-center model lets customers use existing hardware and infrastructure components – such as storage and network devices and processors – for your deployment of SAP HANA.

  • Private managed cloud
  • Public cloud, pay-as-you-go model
  • Public cloud infrastructure as a service
  • Public cloud platform as a service

The customer has the choice SAP S/4HANA is available with on-premise, cloud and hybrid deployments to give real choices to customers. Successful customers traditionally define their “core business” or “core processes” where they can differentiate from competitors and realize a competitive advantage. Those areas are often kept in an on-premise environment where customers require the maximum amount of flexibility, have all configuration possibilities and modify SAP business logic according to their needs. SAP S/4HANA, on-premise edition would be the go-to solution in such cases. In other business areas where differentiation is not essential but a high standardization is required, it would be ideal for customers to adopt the industry best practices. The SAP S/4HANA, cloud edition is the ideal choice in this case because it provides best practices right from the start and reduces the TCO.

SAP S/4HANA, on-premise edition, already offers a business scope that is similar to the current SAP Business Suite in terms of coverage, functionality, industries, and languages. Within this scope, SAP S/4HANA also includes the transformational simplifications delivered with SAP S/4HANA Finance (SAP Accounting powered by SAP HANA) as well as integration with SAP SuccessFactors Employee Central and SAP Ariba Network. The on-premise edition is intended to offer a yearly innovation cycle through innovation packages.

SAP S/4HANA, cloud edition covers specific business scenarios for the marketing line of business and for the professional services industry as well as the most essential scenarios to run an entire enterprise in the cloud with a digital core, which includes: finance, accounting, controlling, procurement, sales, manufacturing, plant maintenance, project system, and product lifecycle management, plus integration with SAP SuccessFactors Employee Central, SAP Ariba Network, SAP hybris Marketing, SAP Fieldglass and SAP JAM. Three offerings are currently available as part of the SAP S/4HANA, cloud edition:

  • SAP S/4HANA, cloud marketing edition – for the marketing line of business
  • SAP S/4HANA, cloud project services edition – for the professional services industry
  • SAP S/4HANA, cloud enterprise edition – for a full ERP scope

The cloud edition is intended to offer a quarterly innovation cycle.

SAP S/4HANA can be deployed on-premise, in the cloud or in a hybrid scenario with on-premise and cloud. The implementation approach is different for on-premise and cloud solutions. The three transition scenarios are: New Implementation, System Conversion and Landscape Transformation.

  1. Scenarios

Customers can implement highly individual requirements regarding business processes and customization. This requires detailed technical knowhow. Customers coming from SAP Business Suite can move to SAP S/4HANA, on-premise edition basically in a one-step-technical procedure using SAP Update Manager (SUM) with Data Migration Option (DMO).

In the SAP S/4HANA, cloud edition the customer is following best-practices with standardized fine-tuning requirements to participate faster on future innovative business processes. The customer of the cloud edition can implement the solution with key user business know-how. During this process, limited technical know-how is required. Customers coming from SAP Business Suite can move to SAP S/4HANA, cloud edition by implementing the SAP S/4HANA cloud system using the guided configuration functionalities plus (if required) data migration functionality technically based on SAP Landscape Transformation (SLT).

There are three different implementation scenarios for how a customer can move to SAP S/4HANA on-premise.

  • Scenario 1 – System Conversion: Existing SAP Business Suite Customer who wants to move to SAP S/4HANA
  • Scenario 2 – Landscape Transformation: Existing SAP Business Suite Customer who wants to optimize their system landscape and move to SAP S/4HANA
  • Scenario 3 – New Implementation: New SAP customer who wants to move from legacy systems to SAP

Scenario 1: System Conversion

This scenario is focused on existing SAP Business Suite customers that want to change their current system into a SAP S/4HANA, on-premise system and includes the following steps –

  • Update to SAP NetWeaver Application Server ABAP 7.5
  • Migrate the database to SAP HANA (in case, the SAP Business Suite system is not yet on SAP HANA).
  • Install SAP S/4HANA, on-premise edition
  • Install SAP Fiori for SAP S/4HANA, on-premise edition
  • Migrate data from the old data structures to the new simplified data structures

The procedure can be done in one or two steps:

  • One-step procedure: ERP 6 and Suite on HANA, ERP 6.0, EhP 0- 8, Suite on HANA (including SAP S/4HANA Finance add-on) using Software Update Manager (SUM) with Database Migration Option (DMO) in case the customer is not yet on SAP HANA Database.
  • Two-step approach: Customers on older Business Suite releases can move to SAP S/4HANA in a (for example with Unicode migration and business partner conversion as a first step and the move to SAP S/4HANA, on-premise edition as second step).

Scenario 2: Landscape Transformation

This scenario is focused on existing SAP Business Suite customers that want to change their current system or system landscape into a SAP S/4HANA, on-premise 1511 system. This scenario covers more complex migration scenarios and includes the following steps –

  • Possibly a new installation of a SAP S/4HANA, on-premise edition 1511 system
  • Possibly converting a system to SAP S/4HANA, on-premise edition 1511
  • Additional migration steps that are based on SAP Landscape Transformation (SLT) combined with SAP Landscape Optimization services

Usually the migration project has to deal with requirements such as: the merge of multiple systems into one global suite system OR the migration of selective parts of a system (e.g. line of business, organizational units). Use cases like data volume reduction (data clean up and archiving) during migration into SAP S/4HANA would also fit in this category.

Scenario 3: New Implementation

This scenario is focused on new SAP customer who wants to move from legacy systems to SAP S/4HANA or SAP Business Suite customers that start for different reasons with a new installation and includes the following steps –

  • Installation SAP NetWeaver Application Server ABAP 7.5 based on SAP HANA
  • Installation of SAP S/4HANA, on-premise edition
  • Installation SAP Fiori for SAP S/4HANA, on-premise edition.

In this scenario, the SAP S/4HANA system is implemented, and master and transactional data are migrated from the legacy system. Depending on the SAP S/4HANA edition and detailed customer requirements, SAP Landscape Transformation (SAP SLT) or SAP Data Services technology is used for the required data migration.

Implementation scenario for how a customer can move to SAP S/4HANA cloud:

  • Implementation of customers cloud system for business scenarios and processes
  • Migrate the required master and transactional data using SAP Landscape Transformation (SLT) and Data Migration Server (DMIS) as data migration tools

Ultimately whether you choose to implement on-premise or cloud editions, it depends on use cases and business benefits. For example, you may want to know what options exist to help manage TCO, such as under what conditions may it be possible to run more than one SAP HANA database on one SAP HANA system? You may want to know what applications and/or scenarios can be deployed together on the same SAP HANA system. You may want to understand the difference between “scale up” and “scale out” when it comes to capacity planning, and what tradeoffs exist when choosing an approach. These aforementioned aspects are just a few of the key facets that are important in evaluating system landscape as you plan out your SAP HANA projects.

Below is a sample system landscape for a SAP S/4HANA on-premise. The Front-End Server (SAP Gateway) connects to the ABAP Back-End Server (i.e. SAP S/4HANA) and other SAP Business Suite Server. Requests are routed via the SAP Web Dispatcher. If we use analytic scope items (optional), we need Business Intelligence Platform installed. When creating Adobe Forms (e.g. PDF Documents) out of an SAP system, the rendering is done by Adobe Document Services. The system landscape diagram below shows the required components.

  1. Approach

The customer can implement highly individual requirements regarding business processes and customization. This requires detailed technical knowhow. Customers coming from SAP Business Suite can move to SAP S/4HANA, on-premise edition basically in a one-step-technical procedure using SAP Update Manager with Data Migration Option (DMO).

In the SAP S/4HANA, cloud edition the customer is following best-practices with standardized fine-tuning requirements to participate faster on future innovative business processes. The customer of the cloud edition can implement the solution with key user business know-how. During this process, limited technical know-how is required. Customers coming from SAP Business Suite can move to SAP S/4HANA, cloud edition by implementing the SAP S/4HANA cloud system using the guided configuration functionalities plus (if required) data migration functionality technically based on SAP Landscape Transformation (SAP SLT).

The many flavors of SAP S/4HANA are as follows –

  1. SAP S/4HANA 1503 On-premise Edition
  • It was the first release of SAP S/4HANA known as SAP Simple Finance. It offers finance related HANA Optimizations.
  • It is a finance add-on based on SAP NetWeaver 7.4 and was Named sFin 2.0.
  • This is the most suitable edition for SAP Business Suite customers who are looking for optimizations and improvements in Finance.
  1. SAP S/4HANA 1511 On-premise Edition
  • Major innovations and HANA related optimizations in both Finance and Logistics.
  • Offered simplifications in Material Resource Planning (MRP), Capacity Planning, Inventory Management, Sales and Distribution on transactional data with real-time analytics.
  • As part of migration, SAP NetWeaver 7.5, core component of S4Core required installation of SAP FIORI on SAP S/4HANA On-premise edition.
  1. SAP S/4HANA 1511 FPS01 On-premise Edition
  • This is the first on-premise Feature Pack Stack (FPS) based on SAP NetWeaver 7.5 SP01 for SAP S/4HANA and was released in February 2016.
  • It offered enhanced FIORI applications and more stabilization by providing minor enhancements to the existing features.
  • Two new industry solutions i.e. Higher Education and Research and Defense Security was supported by SAP S/4HANA FPS01 edition.
  1. SAP S/4HANA 1511 FPS02 On-premise Edition
  • This has some new features over the previous on-premise editions which supports the integration scenario with the Employee Central SAP SuccessFactors using the HANA Cloud Interface (HCI).
  1. Diving Deep into SAP S/4HANA 1610
  • New functions and significant simplifications across the business lines and next step on the way of completely renovating SAP ERP Digital Core (simulation, pattern recognition, and decision-making support and prediction capabilities).
  • SAP FIORI 2.0 – Provides one single personalized entry for list reports, overviews, work list based on domain-specific information
  • SAP Extended Warehouse Management (SAP EWM) – Provides an option to deploy EWM as a centralized or decentralized application with 40 digits material number
  • SAP Core Modules Improvement – SAP Portfolio and Project Management (SAP PPM), Quality Management and International Trade
  • Embedded Software in Product Development – Provides capabilities to support manufacturers in the software management of entire product lifecycle. New product development can be accelerated by businesses.

In summary: In the SAP S/4HANA, on-premise edition the customer can use the full ERP Scope from SAP Business Suite. This includes the application innovation from SAP S/4HANA Finance and SAP S/4HANA Enterprise Management (Material Management and Operations). The SAP S/4HANA, on-premise edition can integrate with other SAP cloud solutions like SAP SuccessFactors Employee Central, SAP Fieldglass, SAP Hybris Marketing, SAP JAM and SAP Ariba Network.

You can go directly from ECC 6 on Unicode (any enhancement pack) to SAP S/4HANA release 1511 or 1610. There is no technical reason to do Suite on HANA first. There is no technical reason to do Suite on HANA first. However, some customers are doing so because they might want the HANA experience first or they have not had a chance to work with the business on process changes.

The Transition path to SAP S/4HANA Enterprise management are as follows:

For more information, please refer to:
S/4HANA On Premise and Cloud Releases
A User’s Guide: The Journey to SAP S/4HANA in Six Steps

Notes on Cloud Editions

  1. SAP S/4HANA Cloud Editions
  • This edition is available as SaaS, resided on SAP owned infrastructure which is operated and maintained by SAP. The deployment options such as IaaS (HANA Enterprise Cloud) and PaaS (HANA Cloud Platform) with both private and public cloud options.
    • SAP S/4HANA Marketing Cloud (LoB)
    • SAP S/4HANA Professional Services Cloud (LoB)
    • SAP S/4HANA Enterprise Management Cloud
  1. SAP S/4HANA Cloud 1605
  • The official product name for both 1503 and 1605 edition with two cloud options i.e. Cloud Private Options and Cloud Public Options.
  • Cloud Private Options –
    • SAP S/4HANA Enterprise Management Cloud
  • Cloud Public Options –
    • SAP S/4HANA Enterprise Management Cloud
    • SAP S/4HANA Professional Cloud and Sap S/4HANA Marketing Cloud.
  1. SAP S/4HANA Cloud 1608

New features and innovations introduced in this edition:

  • Universal Journal, Cash Management and Project-based Services with real-time revenue and cost recognition in Finance
  • Simplified Material Valuation in Supply Chain
  • Campaign Management, Commerce Marketing and Customer/Consumer Profile in Marketing
  • Customer Project Management
  • Consumer Insight, Sales Contract and Manage Customer Returns in Sales, and so on

The SAP S/4HANA, cloud edition covers specific business scenarios for the marketing line of business and for the professional services industry. As well as the most essential scenarios to run an entire enterprise in the cloud with a digital core that includes: finance, accounting, controlling, procurement, sales, manufacturing, plant maintenance, project system, and product lifecycle management. Cloud edition provides native integration between SAP S/4HANA and other cloud solutions from SAP, including those from SAP SuccessFactors in human resources, SAP Ariba in procurement as well as integration with SAP Hybris Marketing.

SAP S/4HANA on-premise and SAP S/4HANA cloud editions mainly differ in process coverage, customization possibilities, release cycles, and licensing model.

  1. SAP Activate

SAP Activate is the standard way of implementing SAP S/4HANA. The SAP Activate methodology is a modular and agile framework for implementation or migration to SAP S/4HANA and other SAP solutions. The SAP Activate methodology supports project teams in the deployment of SAP solutions in cloud, on-premise, or hybrid environments. You can choose to follow it yourself, with an SAP partner, or with SAP directly.

The SAP Activate methodology follows six phases to provide support throughout the project life cycle of SAP solutions. Underlying these phases is a series of value delivery and quality checks, reflected in the approach as quality gate check points, to make sure that the solution delivers the value you expect. The SAP Activate phases are: Discover, Prepare, Explore, Realize, Deploy, Run.

Discover – The first phase is focuses on customer’s discovery of the solution, its benefits and planning the transition journey. In this phase, customers are encouraged to discover the capabilities of the solution through the SAP S/4HANA trial system. Before the phase is completed you will develop the strategy and transition roadmap for your journey.

Prepare – In this phase the project is formally kicked-off, implementation plan is prepared and project team is on-boarded. Before entering into the next phase, the project team will trigger installation and activation of SAP Best Practices in the Sandbox system.

Explore – The project team readies the Sandbox system for detailed fit/gap analysis workshops. Then you conduct the fit/gap analysis workshops to confirm the fit of the Best Practices processes and to identify delta requirements and gaps. The team confirms the gaps and captures specific solution requirements and design in SAP Solution Manager 7.2. This approach is different from the traditional ASAP blueprinting of the past. The goal of fit/gap analysis is to re-use best practices processes, while allowing for flexibility to build additional capabilities on their foundation. This approach has been proven to significantly shorten the Explore activities and positively impact total cost of implementation.

Realize – project team will use agile iterations to incrementally build and test an integrated business and system environment. The project team will also prepare data loads and start readying for solution adoption activities such as key user training and end users on-boarding. During the Realize phase the project team will continue to use SAP Solution Manager 7.2 to document and test the solution so the documentation is ready for solution operations after go-live.

Deploy – In this phase the project team sets up the production environment and perform final checks. When you’re ready, you conduct the cutover activities and switch business operations to the new system. The project team will also turn the solution over to operations team for running the solution.

Run – You’re running your new digital core and you can continue building additional digital capabilities on solid foundation of SAP S/4HANA.

The SAP S/4HANA implementation and specific methodology are extensively covered in the SAP S/4HANA roadmap. The methodology content is organized into a three-level hierarchy: phases, deliverables and tasks.  Each node in the hierarchy has a description that provides SAP’s advice and guidance.   Each node also links to documentation accelerators that may be generic, for example an open issues template or solution specific, like the administration guide for SAP S/4HANA on-premise.

The Implement S/4HANA with SAP Best Practices Reference Guide describes how SAP Activate, SAP Best Practices and SAP Solution Manager 7.2 are used together to implement SAP S/4HANA on-premise or hybrid projects.  It provides detailed technical information based on what is possible with the current releases of software.  It provides granular knowledge for administrators of SAP Solution Manager 7.2, SAP Best Practices and the SAP S/4HANA systems.  Administrators might use content from this guide to brief project team members and some sections can be used by project team members directly.  It provides a recommended sequence of tasks organized into the SAP Activate phases.  It also includes annotated demonstrations that walk you through some of the key steps in the tools.

  1. Lessons Learnt

Following are some of the lessons learnt implementing SAP HANA and SAP S/4HANA.

  1. Order your hardware early (for large scale environments, or multi-node environments, the lead times can sometimes be as long as 10-14 weeks) and give sufficient time for Basis to ramp up knowledge.
  2. Understand the skillset upfront and plan staffing accordingly. Give your implementation partner several weeks lead time if you want the best team.
  3. Setup a steering committee to oversee the project execution.
  4. Build a project schedule with higher % of contingency into it.
  5. Take a structured approach to the business case.
  6. Consider a Pilot/PoC to accelerate the program.
  7. Invest in training and development. Make sure your implementation partner has a formal written training plan on how they will provide knowledge transfer.
  8. Spend time on program communications strategy. Understand stakeholder needs.
  9. Many are “fearful” of a new technology and are unsure how this will change their work. You should provide real demos and workshops early so that everyone knows what is happening and how HANA will change their day-to-day jobs.
  10. Quickly define the scope (and out of scope). Use best practice scenarios.
  11. Allow sufficient time to enhance the business processes.
  12. Budget for Fiori activation, extensions and bug fixing.
  13. Build what is only essential for the first release.
  14. Sizing would be for 3 years out and not based on current system size alone. sizing estimate that includes new projects, data growth, and data retention policies.
  15. Pay very careful attention to the row-stores sizes and the master data growth when buying hardware. You don’t want to have to upgrade shortly after go-live.
  16. Allocate time for dual maintenance mode for the duration of the project when two transport paths are maintained.
  17. Allocate correct amount of time to data migration. Expect to load the same data objects 3-4 times in iterations.
  18. Hire an experienced team who are focused on the same goal, if timeline is aggressive, hire additional team members.
  19. Build one integrated project schedule. Include all stakeholders and get agreement.
  20. Build first sandbox immediately and prototype. Take production copy with production size and conduct full migration with all functional testing.
  21. Maintain a clean system. Focus on housekeeping as this will keep risks down.
  22. Put in place a data reduction program such as deleting change logs, data archiving, etc.
  23. Test management is critical. Revise the strategy and reduce time to complete.
  24. Use Solution Manager for Custom code management, Business Process Documentation and Testing.
  25. Get support from SAP (HANA Advisory council, HANA Ambassador program, Max Attention/Active Embedded, Active Global Support).
  26. Build integrated cutover plan and track forecast and actual times.
  27. Understand the big picture as it helps shape the long-term value from the investment, but start small as it enables you to build in quick wins that establish success early and then continue to build business momentum with later projects.
  28. Can optimize test efforts and costs if projects are also integrated an upgrade to the latest release or EHP project.
  29. Many SAP tools to be combined for the code optimization phase (SAT/ATC, SCI, SQLM/SQLMD, SWLT). Static checks + Runtime monitoring.
  30. It is important to keep in sync with support packs and Java / HANA releases during the project.
  31. Custom code optimization and tests are the main drivers for project duration & costs. Prioritization of efforts often required depending on number of objects to be corrected (can vary a lot between systems).
  32. Formally assign a team of 2-3 experts to come in and meet with your team a few times during the project planning and execution. Make sure these project advisors are hands-on and that they can act as technical go-to resources for your team if questions arise.
  33. Early in the project create a 2-3 year strategic plan that demonstrates to the leadership what you are going to do with this new technology. Present it as new capabilities not just how fast it is.
  34. There are many NLS solutions available that can save you big bucks by reducing the need for multi-node, multi-terabyte HANA systems. Take a serious look at SAP IQ solution for NLS. It is tightly linked with HANA already.
  35. You may not need separate hardware for sandbox and development environments. Using Multiple Components One Database (MCOD) and/ or Multiple components One System (MCOS) you can simplify the number of hardware environments you need.


Please feel free to reach out to me for any decisions that you might need guidance on with regards to SuccessFactors, S/4 HANA, SAP Leonardo. I am happy to pay it forward. This post would not have been possible without all the help from blogs in SAP community and other articles published by SAP. Please connect with me at so that you can get notified if topics like SuccessFactors and S/4 HANA interest you.

Solution Manager 7.2 – A Powerful Tool to Build and Run SAP and Non-SAP Solutions

In this post, I will share with you the Key Value Chains, Key Capabilities, New User Experience, Process Management, Agile Innovation, Cloud & Hybrid, SAP HANA, Digital Business, Focused Solutions, Upgrade to 7.2, Integration Model, Outcome Based Delivery Support, Value Assurance Packages, ITIL in Solution Manager 7.2. You can click on the links to go directly to a topic that interests you.

  1. Introduction
  2. Key Capabilities
  3. New User Experience
  4. Process Management
  5. Agile Innovation
  6. Cloud & Hybrid
  8. Digital Business
  9. Focused Solutions
  10. Upgrade to 7.2
  11. Integration Model
  12. Outcome Based Delivery Support
  13. Value Assurance Packages
  14. ITIL
  15. Definitions

  1. Introduction

 SAP Solution Manager is an application lifecycle management (ALM) set of software tools that is provided free to large and midsize enterprise customers with a valid SAP support and maintenance contract. Most of these tools or modules are free to customers on SAP Enterprise Support (or Product Support for Large Enterprises [PSLE]) maintenance agreements. SAP customers on the lowest level of support contract, SAP Standard Support, have the usage rights for a “baseline” subset of Solution Manager modules.

SAP Solution Manager 7.2 is an integrated end-to-end platform intended to assist users in adopting new developments, managing the application lifecycle, and running SAP solutions. SAP Solution Manager is an integrated platform to align business and IT on one business process landscape with four key value chains:

  1. Portfolio to Project (P2P) to drive the portfolio of projects and balance business initiatives and their business value against IT capacity, skills and timelines. This provides the strategy to balance and broker a customer’s portfolio, and gives a unified viewpoint across Program Management Office (PMO), enterprise architecture, and service portfolio. Data quality for decision-making is improved, and KPIs and roadmaps are available to improve business communication.
  2. Requirement to Deploy (R2D) to build what the business needs, when it needs it with measured business outcome. This provides a framework for creating, modifying, or sourcing services, for support of agile and traditional development methodologies. Visibility of the quality, utility, schedule, and cost of the services SAP customers deliver is improved with continuous integration and deployment control points.
  3. Request to Fulfill (R2F) to catalog, request and fulfill services. This helps IT organizations transition to a service broker model, with a single catalog with items from multiple supplier catalogs. The process efficiently manages subscriptions and total cost of services, and manages and measures fulfillments across multiple suppliers.
  4. Detect to Correct (D2C) to anticipate and resolve production problems. This brings together IT service operations to enhance results and efficiency, enabling end-to-end visibility using a shared configuration model. Issues are identified before they affect users, with reduced mean time to repair.

Solution Manager in a Nutshell

These value chains utilize the different functional areas of SAP Solution Manager:

  1. Project Management
  2. Process Management
  3. Custom Code Management
  4. Test Suite
  5. Change Control Management
  6. IT Service Management
  7. Data Volume Management
  8. Landscape Management
  9. Application Operations
  10. Business Process Operations

SAP Solution Manager 7.2 supports SAP and non-SAP components in all four value chains. It is also possible to integrate 3rd-party tools into SAP Solution Manager. It offers support for the complete lifecycle of SAP S/4HANA as well as SAP HANA. It provides a completely new way to model and manage business processes, and comes with predefined SAP S/4HANA content. SAP Solution Manager 7.2 can be extended to integrate with cloud solutions seamlessly. It also supports hybrid deployments.

  1. Key Capabilities
  1. Improved user experience, with more visually attractive graphics, and browser-based user interfaces.
  2. Powerful implementation capabilities, providing a comprehensive design and build environment that allows customers to efficiently implement SAP S/4HANA (new SAP S/4HANA implementation, system conversion, landscape transformation).
  3. Agile implementation. With the Focused Build offering, it delivers a seamless tool-based requirement-to-deploy process. It includes business demand and requirements management as well as integrated risk management, clear-cut collaboration features that allow to manage global development teams remotely.
  4. Hybrid support. Customers can leverage the new ERP solution in the cloud or on-premise with cloud solutions. Because cloud offerings are a reality in most customers solutions today, it can be extended to integrate with cloud solutions seamlessly, thus catering to the customer that need to manage hybrid solutions.
  5. Support for SAP S/4HANA and SAP HANA. Solution Manager 7.2 was explicitly designed to be the support companion to SAP S/4HANA, providing tools, content, best practices, and methodologies to allow organizations transitioning to a new. It delivers support for SAP S/4HANA, from readiness checks and custom code management, to testing, deployment, and integration support.
  6. SAP Solution Manager 7.2 can run on SAP HANA. Solution Manager 7.2 is the first release that leverages the SAP HANA database, so customers can choose to use a standard database or SAP HANA.
  7. Automated status collection. Tiresome and error-prone labor can be automated. Program Management Office (PMO) and project dashboards do not require administrators to consolidate statuses across different teams. These dashboards are always up-to-date, provide a single source of truth accepted by customers, partners and SAP, and they can be centralized for all projects of a customer word-wide.

Impacts and Top Recommendations for customers as per Gartner are shown below.

Source: Gartner (December 2016)

  1. New User Experience

 SAP Solution Manager Launchpad offers role-based access to all relevant applications and Work Centers. It provides SAPUI5 / Fiori apps for key business-facing UIs and mobile applications. Vital SAP Solution Manager UIs are revamped incrementally using SAPUI5 / Fiori, based on customers usage and demand. Browsers supported by the SAP Business Suite are also supported by SAP Solution Manager.

Solution Manager 7.2 also provides Launchpad, Apps & Dashboards as part of the New User Experience.

  1. Process Management

The graphical modeling environment is fully embedded in and integrated with all SAP Solution Manager processes. It is the single source of the truth for process definition and provides a common toolset to all stakeholders. SAP Solution Manager 7.2 allows to describe processes graphically using BPMN 2.0 process and collaboration diagrams.

It is essential to focus on the target audience and stakeholders of the models when modeling processes. This also defines the elements shown in the process, level of detail required and if a process is more business oriented or IT oriented. Care should be taken to avoid unnecessary details in the models to keep the complexity manageable since every information element generates effort and costs.

In SAP Solution Manager 7.2, customers can assemble processes from reusable building blocks such as reusable process steps or interfaces. These reusable building blocks can be used to leverage the processes for testing, monitoring or training purposes.

In SAP Solution Manager 7.2, customers can create multiple diagrams for a single process. Essentially, the diagram is only a graphical representation of the process defined by the purpose of the models given by the audience. So, multiple diagrams can exist for a single process, all diagrams sharing the same process definition but each diagram can use a different subset of process steps and can use a different visualization. You can define one diagram that is appropriate for discussions with business departments, another which has more details and therefore is appropriate for implementation and configuration purposes, and yet another diagram which is tailored to technical process monitoring.

  1. Agile Innovation

Solution Manager 7.2 provides automated visibility of solution readiness against due dates, with integrated risk management, enables management of distributed development teams, agile release and software engineering with optional JIRA integration, automated test planning, change & release management to support continuous delivery & integration and DevOps and the full integration of demand, project, process, change, release and test management.

Solution Manager 7.2 enables transparent requirements-to-deploy methodology with incremental deployment and constant feedback loops with the business. Agile projects use the following terminology which can be modelled in Solution Manager 7.2 –

  1. Releases are used to synchronize project go lives and ensure continuous delivery and integration.
  2. Projects are used to bundle deliverables. Multiple and parallel projects are possible.
  3. Phases ending with Quality Gates. The initial prepare and scope (or “Blueprint”) is short followed by incremental builds.
  4. Waves ending with Touch and Feel by the business (typically 8 – 12 weeks) and is part of the Build phase. We can track solution-build progress by value chain, process, or functional areas.
  5. Sprints with Show and Tell sessions to the business (typically 2 weeks)

Solution Readiness Dashboard

  1. Cloud & Hybrid

Solution Manager 7.2 is ‘for’ the cloud, ‘with’ the cloud and ‘on’ the cloud. Let’s take a look at what that means.

For the Cloud

Solution Manager 7.2 works with SAP solutions that could be installed On-Premise or in the Cloud. In hybrid cloud scenarios, it enables the collaboration between customer and cloud provider for the following areas:

  1. Solution Documentation
  2. Performance & Availability Management
  3. Interface Management
  4. Exception Management
  5. Data Consistency Management
  6. Business Process Management
  7. Maintenance Management
  8. Change Management
  9. Test Management
  10. IT Service Management
  11. Remote access

With the Cloud

Solution Manager 7.2 is available in SAP Cloud Platform. Customers do not have to install it On-Premise.

Solution Manager 7.2 enables maintenance process with the Maintenance Planner. Below are some of the change options and related tools –

  • In the Maintenance Planner changes are defined and stack.xml and download basket are prepared.
  • Consuming tools are Software Provisioning Manager Software (SWPM), Update Manager (SUM) etc.
  • The customer profile is updated based on SAP Solution Manager. It is re-used by SAP Readiness Check for SAP S/4HANA and by SAP Transformation Navigator.

On the Cloud

SAP Cloud Appliance Library (SAP CAL) provides an online repository of latest, pre-configured SAP solutions that can be instantly consumed in the cloud. It supports use cases for business validation, test & demo, trial, development, proof of concept, training and evaluation as well as production deployment. The software appliances in the library are standard SAP products like SAP Solution Manager 7.2, Business Suite on HANA, content enriched products (Rapid Deployment Solutions for ERP or CRM), technology contents like the ABAP Application Server or HANA but also other software products like Fiori or SAP IDES. Also, custom built appliances can be delivered as a consulting service through the SAP Services organization.

Deploying Focused Build on customers productive SAP Solution Manager 7.2 is the recommended approach.


Solution Manager 7.2 can run on SAP HANA as well as other databases. Running it on SAP HANA has the following advantages –

  1. SAP HANA for SAP Solution Manager 7.2 is delivered for free within your support agreement
  2. Drastically faster text search functionality opens new opportunities e.g. to work with documents, service reports, ITSM tickets
  3. SAP Solution Manager as a door opener for SAP HANA

A special SAP Solution Manager version that runs on SAP HANA is required if –

  • The customer is new to SAP
  • Wants to install and operate SAP Business Suite powered by HANA
  • No other customer business unit is using SAP Business Suite
  • No SAP Solution Manager is available

This version does not need a separate, traditional database installation.

Note: An Upgrade from SAP Solution Manager 7.1 to SAP Solution Manager 7.1, powered by SAP HANA is not possible. SAP recommends executing upgrade to SAP Solution Manager 7.2 and migration to SAP HANA in one go. See section 10 Upgrade to 7.2 for more details.

  1. Digital Business 

As part of an overall digital business transformation strategy, SAP Solution Manager 7.2 was explicitly designed to be the support companion to SAP S/4HANA, providing tools, content, best practices, and methodologies to allow SAP’s customers to transition to the new release. This support is independent of the transition scenario a customer can choose, such as a new SAP S/4HANA implementation, a system conversion, or a landscape transformation. In summary, SAP Solution Manager 7.2 delivers support for SAP S/4HANA, from readiness checks and custom code management, to testing, deployment, and integration support.

SAP Solution Manager 7.2 provides the following for implementing S/4HANA:

  1. Prepare Phase
  • Download a project plan from SAP Cloud and adapt to needs during the planning workshop (“SAP S/4HANA Transition”, a unified project plan for new installation, conversion, and landscape transformation is made available)
  • Enables orchestration of service delivery
  • Ability to synchronize Q-Gates with SAP’s back office
  1. Explore phase
  • Ability to import business processes from the SAP Cloud for build and design
  • Ability to manage delta scoping using a live SAP S/4HANA trial system with fully activated configuration based on SAP Activate content and DBS model companies
  • Ability to manage business requirements from collection to decision
  1. Realize/Deploy Phase
  • Ability to slice requirements into work packages and assign them to waves
  • Enables handing over work packages to agile build teams who develop in sprints
  • Ability to report the build progress automatically. 

SAP Activate provides SAP S/4HANA best-practice process content that consists of process diagrams, documentation and configuration.

  1. Customers can download this content into your SAP Solution Manager
  2. From the diagram, customers can jump into SAP FIORI apps in a pre-activated SAP S/4HANA trial system
  3. Customers can execute show and tell of the SAP S/4HANA innovations hands-on
  4. Customers can document requirements as a result of this fit/gap analysis

  1. Focused Solutions

Focused Solutions for SAP Solution Manager are turnkey solutions, made for immediate consumption in a SAP Solution Manager system. They are ready-to-run, highly pre-configured and provide automation for repetitive tasks in IT.

Focused Solutions are based on best practices based on the experience of hundreds of SAP Solution Manager Implementations. They provide an ideal model how build, run or holistic management reporting should be done.

The current portfolio of Focused Solutions for SAP Solution Manager consists the following offerings:

  • Focused Build is a turnkey solution to support agile implementations, specifically of SAP S/4HANA.
  • Focused Insights enables easy creation of dashboards across all SAP Solution Manager scenarios within minutes without any programming, leveraging seven out-of-the-box dashboard models.
  • Focused Run is a service provider solution designed to scale secure application operations of thousands of productive systems.

Benefits of Focused Solutions 

  • Customers do not face any coding cost as SAP delivers a standard solution. It eliminates the variety of processes by a standardized reference process. Tools to support this process come with the solution.
  • Less training cost for projects as SAP delivers all knowledge required.
  • Upgrade risk is eliminated as SAP delivers standard upgrades.
  • Licensing model is very simple (through rental licenses).
  • Focused solutions are fully integrated in SAP Solution Manager 7.2.

Focused Build 

Out-of-the-box, and integrated, tool-supported methodology to manage requirements and software development in large, agile innovation projects such as SAP S/4HANA implementations. It is a seamless tool-based requirement-to-deploy process within SAP Solution Manager. The solution includes business demand and requirements management, integrated risk management, and clear-cut collaboration features that allow to orchestrate business and IT units as well as global development teams remotely. This methodology and approach was ideated in large SAP MaxAttention engagements and, since its successful market introduction, has been established as the standard implementation method for SAP S/4HANA projects with a high innovation ratio.

Benefits are as follows – Automated visibility of solution readiness against due dates, with integrated risk management, Management of distributed development teams, Agile release and software engineering with JIRA integration, Automated test planning, change and release management to support continuous delivery and integration, and DevOps, Full integration of demand, project, process, change, release, and test management.

Focused Insights 

Focused Insights aims to deliver, in real time, the most relevant and valuable information to the right people. While it provides full transparency of information stored inside SAP Solution Manager, it also takes into account the best practices and experience gained during numerous custom projects, offering you a set of prepackaged dashboards tailored to your needs. The add-on contains a set of dashboard models intended to get the best out of your SAP Solution Manager and to provide instant value any effort. The data they present range from highly aggregated and historical data up to real-time raw data to support operators and IT experts in their critical business.

Benefits are as follows – Build custom-specific, easy-to-use dashboards in minutes, Pre-packaged content with simplified configuration models, no programming needed, Monitor 800+ best-practice KPIs, pre-selected for standard use cases, Mix real-time or historic metrics from across all SAP Solution Manager use cases, Ideal to build your Innovation Control Center and Operations Control Center, Enable top-level, strategic, KPI-driven management for the business solution for IT and Business.

Focused Run 

Focused Run for SAP Solution Manager concentrates on the specific needs for high-volume system and application monitoring, alerting, and analytics and is a powerful solution for service providers who want to host all their customers in a central, scalable, safe, and automated environment. It addresses selected customers with advanced needs in the area of system management, user monitoring, and integration monitoring, and configuration & security analytics. It uses the full power of SAP HANA as a platform including streaming, replication, scale-out, predictive analytics, and compression. With this, customers can support thousands of systems in high volume monitoring use cases.

Benefits are as follows – Optimized for high volume system and application monitoring use cases using the full power of SAP HANA, Extremely simplified architecture with small technical footprint and reduced total cost of ownership, Proven built-in security concept with HTTP(S) as communication protocols and push as communication direction, Clear separation of different customers with multi-tenancy enablement, Maximum of automation during assignment and maintenance of managed systems.

  1. Upgrade to 7.2

The upgrade from SAP Solution Manager 7.1 to SAP Solution Manager 7.2 comprises three main steps. The Standard Procedure, which is documented in SAP Note 2227300, comprises the following basic steps to upgrade your SAP Solution Manager 7.1 system to SAP Solution Manager 7.2 and migrate the database to SAP HANA or SAP ASE:

  1. The first main step (the preparation, optionally including Content Activation,) is carried out in SAP Solution Manager 7.1
  2. The second step, the actual technical upgrade and the post-processing, including the dual-stack split in SAP Solution Manager 7.2.
  3. The third step is carried out in SAP Solution Manager 7.2 where you run transaction SOLMAN_SETUP to make all necessary configuration settings.

Standard Procedure

A simplified upgrade and migration procedure incorporates the Database Migration Option of the SUM and the combined split and migration in SWPM.

Simplified Procedure


Migration path Description Value proposition Considerations
Standard procedure ·     First upgrade your dual-stack system, then

·     split the ABAP stack and the Java stack and

·     optionally migrate one or both stacks to SAP HANA or SAP ASE.

·     Interim production use is possible after the Dual-Stack Split ·     Longer downtime and more steps than other procedure


Simplified procedure ·     First upgrade and migrate the ABAP stack of your dual-stack system with DMO of SUM and then

·     split and migrate the Java stack to SAP HANA or SAP ASE.

·     Reduced complexity of the procedure

·     Reduced downtime for migration

·     No interim production use possible, since the split and the migration of the Java stack is integrated into one step.

·     After the upgrade with DMO of SUM, the ABAP part is already migrated.

  1. Integration Model

With SAP Solution Manager 7.2 the solution can cope with requirements of all lifecycle phases in one unified model. No matter whether a process is in design, build, or run phase, the same solution manages the content. The solution becomes a single source of truth. Solution is the sum of a company’s systems, applications and processes. It acts as a container for versions of solution documentation, one of which is the production version.


Branches separate different versions of solution documentation content to establish a proper lifecycle management. Branches are the linchpin of the SAP Solution Manager content lifecycle concept. They control the visibility and changeability of solution documentation content. By default, when you create a solution, there will be a production and a maintenance branch. While the production branch only contains productive documentation, the maintenance branch offers a version of solution documentation content in a staging area to further maintain customer solution documentation without interference with productive content.

Integration Aspect

By the design and use of a solution, the Process Management is centrally integrated to many other SAP Solution Manager functionalities. The picture below show possible integrations.

The content provided in the Process Management can be used for monitoring of processes and interfaces (Business Process and Interface Monitoring). The monitoring will inform you once a system, process or interface will not behave as you expected.

In case the content shall be changed, it can interact with Project Management by creating a project.

The project can be part of a release in Release Management. Release and Project can be used with a close interaction to Change Management which itself has a deep integration to Transport Management and Process Management by controlling also changes on documentation.

Changed documentation can influence the way how the processes shall be tested. This will have an impact on test preparation in Test Management.

During test execution defects can be created within the ITSM module, these defects can be converted into a correction in Change Management.

After successful adjustments and re-test, the transport management can release appropriate transport requests into the productive landscape while all relevant documentation will be released to the production branch.

  1. Outcome based delivery support

As SAP Solution Manager 7.2 has seen massive investment into the build side of the lifecycle, it is the platform of choice for outcome-based delivery. IT needs to deliver outcome iteratively and in fast innovation cycles to the business. Methodologies and tools are required to support outcome based delivery in four aspects:

  1. Jumpstart: Implementation requires a jumpstart for business value prediction and measurement of realized business value. Project plans and roadmaps are required specifically for the implementation of SAP S/4HANA, mapped to services in the SAP Value Assurance programs. Best practice process, provided by SAP Activate and Digital Business Services (henceforth “DBS”) Model Companies, can be used as a starting point to discuss to-be operating models with the business, reflecting the operational execution of new innovative business models which are required to stay competitive in the marketplace. Those business process models can be consumed in the new graphical modeling environment of SAP Solution Manager 7.2. From those graphical models, one can jump in trial systems also provided by SAP Activate and DBS model companies to assess the system reality with the business. DBS model companies extend SAP Activate towards end-to-end solutions for a given line-of-business or industry. If the solution does not fully fit business needs, requirements can be attached to the business process models. All content is pulled from the One Content Cloud into SAP Solution Manager. Trial systems are not thrown away after design, they will transition into the baseline for build.
  2. Agile: Requirements can be implemented following agile methodologies and tooling. We make sure that we build what the business needs, when they need it. Instead of lengthy blueprinting exercises, we build the solution iteratively with continuous feedback loops with the business. We support an agile release train allowing continuous delivery into production, based on solid quality gates and release management procedures.
  3. Automation: All tiresome and error-prone labor is automated. PMO and project dashboards do not require admins to consolidate status across different teams. These dashboards are always up-to-date, provide a single source of truth accepted by customers, partners and SAP, and they can be centralized for all projects of a customer word-wide.
  4. Out-tasking: Finally, we support out-tasking of work packages for the requirements that need to be configured or developed on top of the best practice solutions provided by SAP Activate and DBS model companies. We allow packaging and distribution of configuration and development work and we can centrally orchestrate distributed delivery teams globally. We can track solution readiness against due dates for specs, coding or tests that need to be ready for a planned program increment in SAP Solution Manager. We still ensure collaboration and quality assurance with SAP, although a partner primes the implementation.

  1. Value Assurance Packages

To support customers who wish to implement SAP S/4HANA, SAP offers services such as value assurance packages and SAP Solution Manager 7.2 is the delivery infrastructure for these services. It provides the foundation for project plans, service delivery planning, delta scoping workshops, managing business requirements, managing work packages, and provides comprehensive reporting.

SAP S/4HANA Value Assurance service packages are incremental and include defined services with a defined outcome for a defined price. This allows customers to choose the level of SAP’s involvement in the project. The packages also complement services delivered by partners, so whether customers are starting fresh or migrating an existing landscape, SAP and its partners can help customers complete their journey to SAP S/4HANA successfully. Below figure illustrates SAP S/4HANA Value Assurance service packages, which consist of four levels:

  1. Plan and safeguard: The first level of SAP involvement defines your implementation strategy, identifying necessary prerequisites and your target architecture — all with the help of a technical quality manager from SAP. Business and IT stakeholders work with SAP to establish a foundation for the system customer wants to develop. SAP helps customer complete planning activities to define implementation strategy, identify dependencies, and define target architecture. The optional service package, plan and prototype, helps the customer evaluate the solution in a short time frame with real business scenarios using real data.
  2. Technical implementation: The second level centers on the technical implementation in terms of data and system migration, high availability, and disaster recovery. Customer and any System Implementer will work with focus on functional implementation of SAP S/4HANA, while support team assesses current capabilities and then designs and scopes the right technology environment, processes, and organization.
  3. Migrate and implement: The third level focuses on the functional implementation with preconfigured setup and business process templates. It also defines customers support framework by analyzing the impact of the implementation on operations. Building further on the first two engagement levels, the migrate and implement level helps to migrate an existing platform or facilitate a new installation. SAP helps implementation of SAP S/4HANA software with a preconfigured setup and simplified, ready-to-use support for business processes.
  4. Innovate and optimize: The fourth level is the most involved and is personalized to help drive innovation and reimagine business models across the entire company. The innovate and optimize level provides a comprehensive and personalized option that brings together all the options from the other three offerings, and expands on this to help customers innovate and realize additional value through new business models in solution areas that expand outward from the digital core.

As an added benefit, the service packages use a predefined innovation roadmap — including best practices and SAP S/4HANA readiness checks — that guide customers through the entire project life cycle, from discovery through running SAP S/4HANA. They also contain services that enable SAP to assist in every phase of the implementation. The service packages also leverage the functionality within SAP Solution Manager 7.2, allowing customers to better facilitate IT interaction with the lines of business. It provides the tools to build, test, and deploy SAP S/4HANA with monitoring capabilities to track the progress of project for a smoother transition with little to no disruption to business.

SAP delivers a four-phased approach to support customers on their journey to digitization:

  1. Executive alignment: Determine strategy and goals for the SAP S/4HANA implementation. Ensure team members are aware of the scope, timeline, required resources, and governance model.
  2. Value discovery: Identify opportunities to innovate and optimize business processes by engaging in design thinking workshops and leveraging assessment tools. Build out business case, solution roadmap, and migration plan, and define the execution framework.
  3. Validation and executive readiness: Finalize plans and help ensure buy-in by delivering a comprehensive, board-ready presentation to executives. Determine the funding requirements to solidify the decision.
  4. Value delivery: Ensure program delivery is on time, within budget, and in line with the expected outcomes.

While all four phases contribute to the success of an implementation, value delivery is often the phase that is most scrutinized by executives. It is imperative that the value outcome is properly communicated throughout the company and that results are delivered as promised in order to truly measure the success of the implementation.

SAP S/4HANA Value Assurance is part of SAP MaxAttention services and SAP ActiveEmbedded services.

  1. ITIL

SAP Solution Manager also has been verified as ITIL (IT Infrastructure Library) compliant in 15 core processes by Pink Elephant.

  1. Availability Management
  2. Capacity Management
  3. Change Management
  4. Event Management
  5. Financial Management
  6. Incident Management
  7. IT Service Continuity Management
  8. Knowledge Management
  9. Problem Management
  10. Release & Deployment Management
  11. Request Fulfillment
  12. Service Asset & Configuration Management
  13. Service Catalog Management
  14. Service Level Management
  15. Service Portfolio Management

According to the IT Infrastructure Library (ITIL), IT Service Management (ITSM) covers all activities that are performed by an organization to plan, design, deliver, operate and control IT services. The SAP Solution Manager ITSM tool is compliant with, and certified by, ITIL. It is designed to support business processes and enables you to run every aspect of your service desk operations. ITSM enables you to manage service requests, incidents, and problems as defined in your SLAs. This means you can implement infrastructure changes and reduce, or even eliminate, the impact on your business and end users.

SAP Solution Manager offers a set of standard, preconfigured IT Service Management processes that can be set up with the help of a guided configuration procedure. Based on this ready-to-use configuration, you can adjust the tool to match your individual business requirements using, for example, custom workflow settings, organizational models, user roles, automatic email notifications, UI adoptions, and reporting capabilities.

In addition, SAP Solution Manager offers many standard functions, such as authorization management, multiple inbound and outbound channels, a post-processing framework, and an easy enhancement workbench to make individual field adjustments without the need for additional coding.

  1. Definitions

ALM: Application lifecycle management is the product lifecycle management (governance, development, and maintenance) of computer programs.

SDLC: It is splitting of software development work into distinct phases (or stages) containing activities with the intent of better planning and management. Common methodologies include waterfall, various types of agile methodology, etc.

Requirements management: It is the process of documenting, analyzing, tracing, prioritizing and agreeing on requirements and then controlling change and communicating to relevant stakeholders.

Software architecture: It is about making fundamental structural choices which are costly to change once implemented. Documenting software architecture facilitates communication between stakeholders, captures early decisions about the high-level design, and allows reuse of design components between projects.

Software testing: It is an investigation conducted to provide stakeholders with information about the quality of the product or service under test.

Release management: It is the process of managing, planning, scheduling and controlling a software build through different stages and environments; including testing and deploying software releases.

Dual Stack: SAP system that contains installations of both Application Server ABAP and Application Server Java (AS Java). A dual-stack system has the following characteristics: Common SID for all application servers and the database, Common startup framework, Common database (with different schemas for ABAP and Java). Note:  SAP does not recommend to setup Dual Stack Systems. SAP NetWeaver discontinues Dual Stack deployments as of release 7.4.

Software Provisioning Manager: SWPM is a new tool which provides you installation support just like earlier SAPInst. You can refer the following link for more details

Software Update Manager: SUM is a multi-purpose tool that supports various processes, such as performing a release upgrade, installing enhancement packages, applying Support Package Stacks, installing add-ons, or updating single components.



Please feel free to reach out to me for any decisions that you might need guidance on with regards to SuccessFactors, S/4 HANA, SAP Leonardo. I am happy to pay it forward. This post would not have been possible without all the help from blogs in SAP community and other articles published by SAP. Please connect with me at so that you can get notified if topics like SuccessFactors and S/4 HANA interest you.

The many facets of SAP Security

In this post, I will share with you some of the security features in Cloud, Applications (SaaS and Custom), HANA, Mobile, and IoT with some Recommendations. Click below links to go directly to the sections.

  1. Introduction
  2. ECC/NW Security
  3. Cloud Security
  4. Applications Security
  5. HANA Security
  6. Mobile Security
  7. IoT Security
  8. Secure Operations
  9. Recommendations
  10. Definitions

1. Introduction

The most common SAP products deployed are enterprise management (ERP), technology platforms (backbone), financial and data management and customer relationship management (CRM). The impact of information theft, modification of data and disruption of business processes in a SAP system would be catastrophic or very serious. However, many organizations are underestimating the risk and do not have an understanding of the impact of the value of the data that could be lost from the SAP system. SAP systems are critical to the revenues of many organizations and although senior leadership understands the importance and criticality of SAP installations to profitability, most tend to underestimate the risks associated with insecure SAP applications.

Some of the reasons for breach of access in a SAP system are – Strong password policies are not maintained; Standard users, super user, DB users are not properly maintained and passwords are not changed regularly; Profile parameters are not correctly defined; Unsuccessful logon attempts are not monitored and idle user session end policies are not defined; Network Communication security is not considered while sending data over internet and no use of encryption keys;  Database users are not maintained properly and no security measures are considered while setting up the information database; Single Sign-on’s are not properly configured and maintained in a SAP environment, etc.

New technologies and trends such as cloud, mobile, big data and the Internet of Things increases the attack surface of SAP applications. Stealth and sophistication of cyber-attacks against the organizations SAP platform are increasing. Very few organizations are confident a breach would be detected within one week. A barrier to achieving security is that organizations feel they do not have full visibility into the security of SAP applications and many companies do not have the required expertise to prevent, detect and respond to cyber-attacks on their SAP applications.

Most organizations believe it is the responsibility of SAP to ensure the security of its applications and platform. Despite the perceptions of the seriousness of an SAP breach, no one is most accountable if their organization had an SAP breach. There is a perception that the CIO and CISO will address any breaches. There is a lack of clear ownership over securing SAP applications.

In total, 3910 SAP Security Notes and Support Package Implementation Notes have been published as of April, 2017. The most common vulnerability types are XSS, Missing authorization check, and Directory traversal.

2. ECC/NW Security

Security within the SAP ECC is achieved through the authorization concept. The authorization concept is to help establish maximum security, sufficient privileges for end users to fulfill their job duties, and easy user maintenance. The authorization concept is based on assigning authorizations to users based on roles. For role maintenance in SAP NetWeaver Application Server for ABAP, use the profile generator (transaction PFCG), and in SAP NetWeaver Application Server for Java, the user management console of User Management Engine (UME). You can define user-specific menus using roles. The rule of least privilege is a fundamental principle in SAP Security.

The following topics are important from ECC Security perspective:

  • User Management and Authentication
  • Authorizations
  • Network and Communication Security
  • Data Storage Security
  • Security for Third-Party or Additional Applications
  • Trace and Log Files

The following figure shows the authorization components and their relationships. See Definitions for more details.

User management Tools

SAP ERP Central Component provides the following user management tools.

  • User maintenance for ABAP-based systems (transaction SU01)
  • Role maintenance with the profile generator for ABAP-based systems (PFCG)
  • Central User Administration (CUA) for the maintenance of multiple ABAP-based systems
  • User Management Engine (UME)

Segregation of Duties

Incompatible duties or responsibilities occur when a single person has been given or allowed access that could potentially be used to carry out and conceal errors and/or irregularities in the course of performing their day-to-day activities. Some examples of incompatible duties are:

  • Authorizing a financial transaction, then receiving and maintaining custody of the asset that resulted from the transaction.
  • Receiving checks (payment on accounts receivable) and approving write-offs.
  • Depositing cash and reconciling bank statements.
  • Approving time cards and having custody of paychecks.
  • Having unlimited access to alter or adjust assets and accounting records, and computer terminals and programs.

To avoid these kinds of problems certain roles in SAP cannot be held together by the same employee.

3. Cloud Security

It is important to understand the cybersecurity and privacy risks before deciding to move SAP applications to the cloud. The top security concerns for the SaaS model focus on identity management, data storage location, system operations and data transmission and flow controls.

Top security concerns of the SaaS delivery model:

  1. Identity management
  2. Data storage and location
  3. System Operations
  4. Data transmission and data flow control

Identity management: SAP leverages Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption and provides features such as Internal authentication, Federated authentication (single sign-on), Separate authorization and authentication modules, Password protection, etc.

Data storage and location: In a SaaS model, heterogeneous data may reside within a single instance of a database. With cloud solutions from SAP, there is a logical isolation within a SaaS application that extends down to the virtual server layer. Cloud solutions from SAP segregate heterogeneous data by using the following approach to build the application architecture and store the data: Unique database tables, Dedicated database Servers, Encrypted data storage, Secure levels, etc.

System Operations: Cloud solutions from SAP help organizations meet these requirements by providing industry-standard certifications and ITIL-based operational processes that include security management and governance functionality such as the following:

  • Change and security patch management processes
  • Security incident management processes
  • Identity management processes
  • Monitoring inclusive security compliance (configuration management)
  • Activity logging and vulnerability management solutions
  • Asset management and system lifecycle management
  • Virus and malware protection
  • Network isolation (firewalls, routers, and VPN gateways)
  • Surveillance solutions such as intrusion detection systems, load balancers with Web-based application firewalls, 24×7 security monitoring, and security and event management

Data transmission and data flow control: Cloud solutions from SAP include functionality that prevents eavesdropping, tampering, and forgery through cryptographic controls, a defense-in depth strategy, and the enforcement of Confidentiality, Integrity, Nonrepudiation of data. SAP secures communications by employing many of the following data transfer options: Secure Web communication, Secure messaging, Secure FTP with file encryption, Encryption keys, IPsec VPN Tunnels, WAN connections, Physical-encrypted and secured data transfer, etc.

In cloud solutions from SAP, there are security controls and practices for its SaaS offerings that are designed to protect the confidentiality, integrity, and availability of customer information. Additionally, SAP continually works to strengthen and improve those security controls and practices. The SAP Cloud portfolio offers a holistic approach to information security, implementing a multilayered defense at all the touch points in the information flow, providing complete data privacy, transparency, and audit controls. This approach includes both the physical and logical layers applied across the application as well as the middleware, database, operating system, network and communication layers, and the underlying datacenters.

The multi-tiered approach found in cloud solutions from SAP help ensure a balance between control and ease of use. Users can stay productive, while customers information stays secure. And when changes are made to the environment, they are logged, approved, and verified through a centralized, online application.

Layers of information security

Cloud solutions from SAP help customers address security concerns at the physical, database, middleware, application, and network and communication layers.

Layer 1: Physical site (SAP data centers)
SAP operates its own data centers and also partners with localized world leaders in colocation hosting centers to provide environmentally controlled, secure facilities that use an integrated security management system. These security measures include electronic photo ID badging, cardholder access control, biometrics, recorded digital video surveillance, and alarm monitoring. All SAP data centers are ANSI/TIA/EIA-942 Tier III+ rated facilities. Each facility is equipped with continuous monitoring; multiple, redundant UPS-protected power circuits with generator backup; smoke detection units; fire suppression systems; 24-hour, year-round onsite security personnel; and intrusion detection alarm systems.

Layer 2: Database
Data must be secured while at rest, in transit, and in use, and access to the data must be controlled. The use of advanced security mechanisms in cloud solutions from SAP not only secure data while at rest but also secure access to the data through Advanced security, Load balancing, Attack prevention, Access control, Database audits, Classification of information, Data encryption, Backup and restore, etc.

Layer 3: Middleware
Application servers are built on the programming interfaces of Internet-accessible services, which typically involve multiple cloud components communicating with each other over application programming interfaces (APIs).
Other safeguards include the following:

  • Single sign-on and identity federation
  • Security Assertion Markup Language (SAML) 2.0 assertion
  • Integration between the SAP public cloud and identity management systems on the premises
  • Fully delegated administration

Layer 4: Application
Most cloud solutions from SAP are written in Java and adhere to the J2EE specification. The applications dynamically produce every page, encrypt them and send them to a user’s desktop using SSL. Cloud solutions from SAP employ extensive security measures to protect against the loss, misuse, and unauthorized alteration of data. Cloud solutions from SAP include security features and measures such as secure and encrypted communication, security parameters, user profile and role-based authorizations, advanced logging, transport management, and transaction controls.

Layer 5: Network and communication
Every component of the IT network must be meticulously configured, deployed, maintained, and continually tested for optimal performance to strike a balance between security and availability of applications. Routers, switches, and load balancers, are configured to provide secure, high availability access. Connections to multiple Tier 1 Internet service providers (ISPs) for highly available network access. All network equipment is redundant, providing seamless failover between devices.

Incoming customer user requests are passed through the firewall down to the load balancers, which distribute traffic to the appropriate Web server (presentation tier) for processing. The Web server then makes independent requests to the application tier, and the application tier makes independent requests to the database tier. At each level, an incoming request is validated against business and security rules to protect against malicious access.

Security controls and practices in SAP Cloud

SAP Cloud has put in place controls such as information security incident management, consistent and proven security measures, information security standards, security education and awareness, and compliance standards.

Information security incident management

SAP Cloud implements formal event reporting and follows escalation procedures if an information security incident occurs. Real-time notifications of vulnerabilities and security incidents are entered into the SAP ticketing system, actions documented and problems tracked to completion.

Consistently proven security measures

Security controls and processes are vital, but establishing the right procedures can be challenging. SAP successfully completed the newest SSAE 16 SOC 2 audit in 2011. SAP Cloud also certifies against ISO27001.

Security education and awareness

At SAP, security responsibilities are addressed throughout a person’s tenure with the company to help ensure that employees, as well as contractors and third-party vendors, understand their responsibilities. SAP involves all employees, contractors, and third-party vendors in annual security awareness training.

Compliance standards

Cloud solutions from SAP comply with the latest standards, including:

  • All policies based on ISO 27002
  • Applications tested to Open Web Application Security Project (OWASP) standards
  • Infrastructure hardened to Center for Internet Security (CIS) standards
  • S. government Federal Information Security Management Act of 2002 (FISMA) accreditation (OPM/DHS/NTIS) for certain SaaS offerings
  • PCI certified in certain areas and for various SaaS offerings
  • SSAE 16 SOC 2 auditing every year
  • SSAE 16 SOC 2 or ISO 27002 certification for the SAP data center
  • Safe Harbor certification
  • BS 10012 standard for the management of personal information

SAP Cloud has established agreements internally that permit the company to manage data using all of its resources globally. All contracts with sub-processors include appropriate provisions to ensure that SAP adheres to all of the European Union data privacy requirements.

4. Applications Security

  1. SaaS Applications

SuccessFactors, Ariba, Concur, Fieldglass, Hybris are some of SAP’s SaaS products and role based permissions model is used in many of these applications. As an example, please refer to SuccessFactors Role Based Permissions –

  1. Custom Applications

SAP Fiori is the default user experience across all SAP solutions including SAP’s newest Business Suite SAP S/4HANA. Fiori unifies all user experiences in the future. Its designed for all screens or solutions. It allows for user interaction across all input devices.

SAP Fiori applications communicate with the ABAP stack through OData services. In addition to ABAP authorization users must be granted authorization to access the Fiori applications and the OData services in SAP NetWeaver Gateway. SAP Fiori applications require users and roles in SAP NetWeaver Gateway. A SAP Netweaver Gateway PFCG role contains start authorizations for OData Services. SAP doesn’t deliver these roles to customers.

The SAP Fiori Launchpad relies on the authorizations in the ABAP back-end server and the authorizations to access the OData services in the SAP NetWeaver Gateway in the ABAP front-end server. Configuring these relies on Launchpad catalogs and UI PFCG roles.

A technical role is needed for the SAP Fiori Launchpad and SAP delivers a predefined set of technical objects for the SAP Fiori Launchpad, in particular the required profiles.  For ‘own’ catalogs these and possibly other technical objects are also required.  The UI PFCG defined roles bundle all front-end privileges required for execution of Fiori apps. Through user assignment to back-end roles, additional privileges are provided to execute the specific applications or access the OData services. The powerful ‘Fact sheets’ require authorization roles in the front end, which grant the users authorizations for the ICF services and business server pages (BSP) to support the fact sheets.

SAP supports following proxy solutions for Fiori applications. To make SAP data and functionality available to SAP Fiori web applications, a new opening in the firewall is created to provide access to your SAP system. A common solution is to place a SAP Web Dispatcher in the DMZ.

Web dispatcher is the recommended solution from SAP to secure Fiori apps. Given below is an architecture, you could see that web dispatcher sits in DMZ (there is no need to open any ports in your internal network). The web dispatcher has the function of a reverse proxy which makes sure that the communication is secured.

Follow the steps below to enable access to Fiori apps from the internet.

Place the SAP Web Dispatcher in the DMZ: Setup a SAP Web Dispatcher that works as an intermediate between the user and the SAP server where the Fiori App is running. It is advised to put the web dispatcher in a DMZ in your network. This DMZ is a part of your network that can be directly accessed from the internet. The users shouldn’t be allowed to contact the SAP server directly, all traffic should go through the web dispatcher.

Configure the SAP Web Dispatcher: Because this web dispatcher can be accessed by everyone on the internet we need to make sure that only the allowed traffic is forwarded to the SAP server. This can be configured in the web dispatcher. Communication between the user and the web dispatcher has to be secured so HTTPs needs to be configured too.

Set up user authentication and authorization: Make sure the users authentication and authorization is setup correctly. This is done by making sure the necessary users are created on the ABAP front-end server (this is the server where the Fiori apps and the services are running). When the users are available you can give the access to the apps they are allowed to use.

If you only want to provide access from your internal network by making the web dispatcher only reachable from your internal network. In this situation people working from home would need to connect to your network using VPN before they can use the Fiori apps.

For developing or extending Fiori applications, please read my post

5. HANA Security

SAP HANA is used in below scenarios and security features could differ in each of them.

  1. Three-tier application
  2. Application on SAP HANA extended application services, classic model
  3. Application on SAP HANA extended application services, advanced model
  4. Integrated scenario: reporting on ERP data in SAP HANA
  5. Integrated scenario: reporting on BW data in SAP HANA
  6. Data mart: customer-specific analytic reporting on SAP HANA
  1. Three-tier application

In the Three tier application, SAP HANA is used as a relational database in a classical three-tier architecture consisting of client, application server and database. Security features such as authentication, authorization, user management, encryption, and audit logging are mainly provided and enforced in the application server layer, while SAP HANA is used as a data store only. The application server connects to SAP HANA through a technical user account. Direct access to SAP HANA is only possible for database administrators. SAP HANA security functions are used mainly to manage administrative access.

  1. Application on SAP HANA extended application services, classic model

SAP HANA extended application services, classic model (XS Classic) embed a full-featured application server, web server, and development environment within SAP HANA itself. Applications can be deployed directly on XS Classic. The majority of security features (Access control (ex: User management, Authentication and single sign-on, Authorization framework, Audit logging) and Secure configuration and encryption (ex: Communication channel encryption and Data encryption)) apply directly to such XS applications, with some minor differences for example in the supported authentication methods. Additionally, support for protection against typical vulnerabilities of web-based applications, for example XSRF, is included.

  1. Application on SAP HANA extended application services, advanced model

The XS advanced platform supports several programming languages and execution environments, such as Java, and node.js. XS advanced application runtimes are invoked over HTTP and communicate with the SAP HANA database via SQL. Installation on a separate host from the SAP HANA database is also possible. This makes it possible to put XS Advanced applications into a different network zone and have a firewall between the application and database layers.

Applications are deployed in dedicated containers, thus providing application isolation on the database layer using the SAP HANA deployment infrastructure (SAP HANA DI, or HDI) and on the application layer by using separate operating system users.

Additionally, new concepts for user and authorization management are supported. Business users are managed via an identity provider. Authentication is handled by a central user account and authentication server (UAA). Business users are authorized based on scopes for functional authorizations.

  1. Integrated scenario: reporting on ERP data in SAP HANA

SAP HANA Live for SAP Business Suite supports direct access to ERP data in SAP HANA. ERP data is exposed via virtual data models (SAP HANA views), which are read-only and can be adapted by customers. Authorization checks for direct access are done using SAP HANA privileges.

  1. Integrated scenario: reporting on BW data in SAP HANA

SAP Business Warehouse supports direct access to BW data in SAP HANA. BW data is exposed via special info providers (SAP HANA views), which are read-only. Authorization checks for direct access are done using SAP HANA privileges.

  1. Data mart: customer-specific analytic reporting on SAP HANA

Authorization checks are carried out using SAP HANA privileges (modelled for the individual project), which need to be granted to the end users in SAP HANA.

HANA Security Functions
SAP HANA provides security functions that enable customers to implement different security policies and meet compliance requirements. They are –

  1. SAP HANA Authentication
  2. SAP HANA Authorization
  3. SAP HANA User and Role Administration method
  4. SAP HANA Auditing
  1. SAP HANA Authentication

Database user identifies who is accessing the SAP HANA Database. SAP HANA supports many authentication methods. Single Sign-on (SSO) are used to integrate several Authentication methods.

SAP HANA supports following authentication methods –

  1. Kerberos: It can be used in the following case –
  • Directly from JDBC and ODBC Client (SAP HANA Studio).
  • When HTTP is used to access SAP HANA XS.
  1. User Name / Password

When the user enters their database username and password, then SAP HANA Database authenticate the user.

  1. Security Assertion Markup Language(SAML)

SAML can be used to authenticate SAP HANA User, who is accessing SAP HANA Database directly through ODBC/JDBC. It is a process of mapping external user identity to the internal database user, so user can login in sap database with the external user id.

  1. SAP Logon and Assertion Tickets

The user can be authenticated by Logon or Assertion Tickets, which is configured and issued to the user for creating a ticket.

  1. 509 Clients Certificates

When SAP HANA XS Access by HTTP, Client certificates signed by a trusted Certification authority (CA) can be used to authenticate the user.

  1. SAP HANA Authorization

SAP HANA Authorization is required when a user using client interface (JDBC, ODBC, or HTTP) to access the SAP HANA database.

Depending on the authorization provided to the user, it can perform database operations on the database object. This authorization is called, “privileges.” The Privileges can be granted to the user directly or indirectly (through roles).

Privileges Types Description


System Privileges It controls normal system activity.
System Privileges are mainly used for –·      Creating and Deleting Schema in SAP HANA Database·      Managing user and role in SAP HANA Database·      Monitoring and tracing of SAP HANA database
·      Performing data backups
·      Managing license
·      Managing version
·      Managing Audit
·      Importing and Exporting content
·      Maintaining Delivery Units
Object Privileges


Object Privileges are SQL privileges that are used to give authorization to read and modify database objects. To access database objects user needs object privileges on database objects or on the schema in which database object exists. Object privileges can be granted to catalog objects (table, view, etc.) or non-catalog objects (development objects). Object Privileges are as below –


Analytic Privileges


Analytic Privileges are used to allow read access on data of SAP HANA Information model (attribute view, Analytic View, calculation View).
This privilege is evaluated during query processing.Analytic Privileges grants different user access on different part of data in theSame information view based on user role.Analytic Privileges are used in SAP HANA database to provide row level dataControl for individual users to see the data is in the same view.
Package Privileges Package Privileges are used to provide authorization for actions on individual packages in SAP HANA Repository.
Application Privileges


Application Privileges are required in In SAP HANA Extended Application Services (SAP HANA XS) for access application.
Application privileges are granted and revoked through the procedures GRANT_APPLICATION_PRIVILEGE and REVOKE_APPLICATION_PRIVILEGE procedure in the _SYS_REPO schema.
Privileges on User It is an SQL Privileges, which can grant by the user on own user.
ATTACH DEBUGGER is the only privilege that can be granted to a user.


  1. SAP HANA User and Role Administration method

Depending on the scenario, the user accessing SAP HANA can either be a technical account, a database administrator, or an individual end user. Technical User (DBA User) – It is a user who directly work with SAP HANA database with necessary privileges. Normally, these users don’t get deleted from the database. These users are created for an administrative task such as creating an object and granting privileges on database object or on the application. Database or Real User: Each user who wants to work on SAP HANA database, need a database user. Database user are a real person who works on SAP HANA. There are two types of Database users – Standard User and Restricted User.

SAP HANA User Administrator have access to the following activity –

  • Create/delete User.
  • Define and Create Role.
  • Grant Role to the user.
  • Resetting user password.
  • Re-activate / de-activate user according to requirement.

For user administration and role assignment, administrators can use SAP HANA tools. There are also adapters for SAP identity Management and GRC Access Control. which allow integration into existing user provisioning infrastructures. LDAP group integration for authorization purposes is also provided. To connect custom user provisioning solutions. SAP HANA’s SQL interface can be used. User self-services e.g. for web-based password reset or new user account requests are also available.

  1. SAP HANA Auditing

Audit logging records critical system events, for example changes to roles and users or the database configuration. It can also record access to sensitive data: write and read access to objects such as tables or views, as well as the execution of procedures. For situations where a highly privileged user needs temporary access to a critical system, “firefighter” logging can be enabled, which tracks all actions of a specific user. Audit logging allows you to monitor and record action which is performed in SAP HANA System. These features should be activated for the system before creating audit policy.

6. Mobile Security

SAP Mobile Secure provides mobile device management and mobile application management capabilities. It is an integrated, cloud-based enterprise mobility management (EMM) solution with analysis, compliance, remediation, and reporting.

  • Mobile Device Management – Helps manage and secure deployments of mobile devices.
    • Mobile Device Management
      • Enables self-enrollment of devices for organizational use
      • Provides control needed by pre-configuring settings
      • Enables enforcing security and compliance policies
    • Highly secure and scalable
      • Provides remote lock and wiping of managed devices
      • Provides control security settings for bring-your-own-device (BYOD) or organization-owned devices.
    • Mobile Application Management – Helps manage and secure applications on your devices.
      • Manage applications
        • Enables adding, modifying, and deleting applications.
        • Enables app lifecycle management including security-relevant patches and updates
        • Approve applications that can be consumed by users.
        • Streamlines publishing, analysis, and ongoing management of apps and services – to both managed and unmanaged devices.
        • Helps improve app discovery through categorization, ratings, and reviews and end-user personalization
      • App Wrapping
        • Mobile service for app and device management helps organizations accelerate mobile initiatives by automating app security. App Wrapping technology enables organizations to quickly secure existing corporate and third-party applications without having to write any code.
      • Provides a branded, multi-channel, self-service experience to best serve employees, partners, and consumers.
      • Automatically directs out-of-compliance users to download the appropriate MDM solution before downloading apps and services.
    • Network and Connectivity
      • Secure Mobile Gateway
      • Network Access Control
    • Mobile App Security
    • Enables secure existing corporate and third-party applications (e.g. adding authentication, FIPS 140-2 encryption, per-app VPN) without having to write any code (joint offering with mobile security vendor Mocana, resells its Mobile App Protection product under the SAP banner).

Components of SAP Mobile Secure

  1. SAP Mobile Secure Admin Portal: Provides Application lifecycle management, Analytics, Enterprise integration, User/groups management, etc.
  2. SAP Mobile Place: It is the end user portal for the mobile service for app and device management. It combines the best features of Mobile Application Management (MAM) and Mobile Device Management (MDM), providing a single interface into the Enterprise Mobility Management environment for both managed and unmanaged users and devices. It provides a single destination and an enhanced user experience for all the enterprise end-users to be able to on-board, discover and consume Mobile services exposed by their enterprise.
  3. Mobile Device Management Portal: It is where an administrator can ensure ongoing management of devices i.e. Remote device management, hardware/software inventory, Application policies, silent app installs, removals, etc., manage the required application’s lifecycle, and managed other server configuration options.

Besides SAP Mobile Secure, below Client-side services and supported development and lifecycle processes enable Mobile security.

  • Authentication and logon services to enforce the security of identities on mobile devices
  • Secure communication services to enforce the security of communication channels that mobile apps use
  • Secure offline storage to help ensure the encryption and security of data stored on client devices

Please refer to for more information.

7. IoT Security

As companies collect data beyond traditional IT boundaries, IoT security measures are critical. Some key considerations include being able to secure and monitor devices, encrypt sensitive data, and build risk mitigation into systems.

The IoT introduces a wide range of new security risks and challenges to the IoT devices themselves, their platforms and operating systems, their communications, and even the systems to which they’re connected. Security technologies are required to protect IoT devices and platforms from both information attacks and physical tampering, to encrypt their communications, and to address new challenges such as impersonating “things” or denial-of-sleep attacks. IoT security is further complicated by the fact that many “things” use simple processors and operating systems that may not support sophisticated security approaches.

The Internet of Things service is a service on the SAP Cloud Platform. Therefore, customers need to consult SAP Cloud Platform Security for the corresponding software version.

The core functions provided by the Internet of Things service are offered by the components hosted in SAP Cloud Platform. These components and their security-relevant information flows are shown in the figure below.

The SAP-controlled provider account hosts the Remote Device Management Service (RDMS) which is used for device management and the Internet of Things service cockpit, which acts as a user interface to RDMS. These two components are provided in the consumer account by means of subscription. Users can access the Internet of Things service cockpit by using single sign-on with their SAP Cloud Platform account and having the appropriate role.

The user-controlled consumer account hosts the Message Management Service (MMS) which handles the messages received by the device. Devices need to obtain an OAuth token to send or receive messages through the external APIs.

The dashed box represents functionality that a user is supposed to build to make use of the device data collected. For such a new business application, additional roles must be defined.

The Internet of Things service is a service on the SAP Cloud Platform.

SAP recommends the following while building IoT Apps:

  • Do not delete or change applications, destinations, OAuth clients, and other security settings that are installed by the Internet of Things service.
  • Protect the device and its stored OAuth token all times against unauthorized access. If possible, use an encryption method to store the OAuth token on the device. Remove the old OAuth token when installing a new OAuth token on the device.
  • If the device receives messages from the cloud, allow for secure processing of these messages to avoid unintended actions being triggered on the device.
  • The current version logging capabilities are limited, nevertheless, monitor the system and regularly check for any exceptional misbehavior.
  • Consult a security expert or carefully read the information provided below to be aware of your current protection level.

Roles and Authorizations

Currently, the Internet of Things service use two roles to restrict service access to appropriately authorized users. The IoT-User role is automatically assigned to the SAP ID User of the consumer account during subscription. The other role, IoT-MMS-User, has to be assigned to users after the Message Management Service (MMS) has been installed successfully to the consumer account.


  • IoT-User: Assign this role to users representing a person. This role allows users to create, view, modify and delete devices, device types, message types, and so on, using the Internet of Things service cockpit.
  • IoT-MMS-User: Assign this role to users representing a person. The role grants access to the Message Management Service (MMS) start page and allows users to use the sample clients that are available for the Data Services as well as for the Push Service.
  • IoT-MMS-User: Assign this role to users representing a person. The role allows users only to update or deploy the Message Management Service (MMS).

Security Measures
The Remote Device Management Service (RDMS), the Message Management Service (MMS) and the Internet of Things service cockpit are based on the SAP Cloud Platform and therefore come with the security measures provided by this platform. The Internet of Things service cockpit additionally uses SAP UI5 libraries. Besides the security mechanisms adopted from these underlying SAP technologies, the following security features are in place:

  • Clickjacking: The Internet of Things service cockpit is built on SAP UI5 and inherits the protection mechanisms from this platform.
  • Cross-Site Scripting: Data displayed to the user within the Internet of Things service cockpit is normally processed and rendered by SAP UI5 controls, whereas input validation and output encoding are performed by the renderer.
  • Path Traversal: In the Internet of Things service cockpit, no URL is directly based on user input. File access functionality in the Internet of Things service cockpit is not based directly on user input.
  • Data Validation: In the Remote Device Management Service (RDMS), a special validation framework was established and database input is checked for syntactical correctness. This includes non-emptiness, allowed characters, allowed ranges, and allowed lengths. The Internet of Things service cockpit also includes validation checks during user input.

Network and Communication Security
Communication for all channels is encrypted and based on TLS only.

Security-Relevant Logging and Tracing
The standard logging features of the SAP Cloud Platform are available for the Message Management Service (MMS) component. Therefore, you can view the log files in the SAP Cloud Platform cockpit.

For more information regarding SAP IoT, please refer to my post

8. Secure Operations  

The SAP Standard for Security aims to protect the organizations critical business processes and assets, as well as to ensure compliance with external regulations and standards, such as data protection laws and the Sarbanes Oxley Act (SOX). It secures the availability and integrity of critical business processes – both organizations internal processes as well as collaborative processes with customers or other contractors – and protects the confidentiality and integrity of sensitive information. These objectives are accomplished by addressing 16 different security topics, known as secure operations tracks, as shown in the Secure Operations Map below.

  1. Security Governance: Adopt security policies for your SAP landscape, create and implement an SAP Security Baseline
  2. Audit: Ensure and verify the compliance of a company’s IT infrastructure and operation with internal and external guidelines
  3. Cloud Security: Ensure secure operation in cloud and outsourcing scenarios
  4. Emergency Concept: Prepare for and react to emergency situations
  5. Users and Authorizations: Manage IT users and authorizations including special users like administrators
  6. Authentication and Single Sign-On: Authenticate users properly – but only as often as really required
  7. Support Security: Resolve software incidents in a secure manner
  8. Security Review and Monitoring: Review and monitor the security of your SAP systems on a regular basis
  9. Secure Configuration: Establish and maintain a secure configuration of standard and custom business applications
  10. Communication Security: Utilize communication security measures available in your SAP software
  11. Data Security: Secure critical data beyond pure authorization protection
  12. Security Maintenance of SAP Code: Establish an effective process to maintain the security of SAP delivered code
  13. Custom Code Security: Develop secure custom code and maintain the security of it
  14. Network Security: Ensure a secure network environment covering SAP requirements
  15. Operating System and Database Security: Cover SAP requirements towards the OS and DB level
  16. Frontend Security: Establish proper security on the frontend including workstations and mobile devices

Applying Security Notes / Patches

Implementing security patch is not a onetime process; rather it is a continuous process which should be implemented on a monthly/pre-defined interval basis. SAP has come up with an approach of releasing the security notes on a specific day of a month, as an SAP user, it is imperative for any customer to align with the security recommendations from SAP. Below is the roadmap that we recommend to follow when dealing with the security patches. The same may vary based on the change management process of the customer.

Security Practices for Large Organizations

  • First, it is important to understand where the business is going, what they want to get out of SAP, and the level of importance they put around data within SAP.
  • Second, Based upon the above, you need to develop a well-thought strategy and vision that you can share with business leaders. This document will serve to put clear objectives for your security efforts.
  • Third, assemble solid standards around every facet of the security model. From User Naming convention, User Group Convention, Role Naming Convention, ABAP Query Security approach, CATT Security approach, Table and program auth groups, Info-Cube and InfoObject security strategy, Data classifications, and Role Menu structure. Always, Always follow them. If you don’t, you will regret it later, and end up doing double work.
  • Fourth, develop and implement a common user request process for all SAP systems. Identify business owners and document approvals.
  • Five, Consistently report to management your success in these factors, be honest, and stand your ground when you need to.

9. Recommendations  

SAP strongly recommends that customers visit the Support Portal and apply patches on a priority to protect their SAP landscape. In addition, organizations need to define and follow security policies in SAP environment.

The second Tuesday of a month is known as a Patch Tuesday. SAP’s Security Patch Day coincides with Patch Tuesday to allow admins to install all fixes on one scheduled day. On the SAP Security day, the vendor releases a set of internal advisories containing instructions, patches, or both, which dubbed SAP Security Notes.

Security Notes are standard SAP Notes / HotNews with information about known security vulnerabilities and appropriate countermeasures (correction instruction, configuration, service pack, upgrade, manual measures) whose corrections are contained in subsequently released Support Packages, if possible. They can be found here: Each customer has to regularly review this list and has to verify for each entry whether the security note applies to his systems or not and what to do if necessary. The effort to analyze and to implement security notes, to identity the test requirements and to document all activities is quite high. Different technologies (especially ABAP, Kernel, Java, HANA) require special patch processes and in case of other products like Business Objects or Mobile it’s even difficult to find relevant notes.

Here are 10 steps you can take to avoid SAP security breaches.

  1. Embrace continuous monitoring and agile execution: Be proactive and prioritize SAP security. Having continuous monitoring is helpful to ensure SAP applications are safe and secure. Getting early, fast and frequent feedback, organizations can quickly respond to critical security issues. This ensures that security issues don’t get ignored and crisis is averted.
  2. Ensure there is an owner for security issues: Ensure that someone in the SAP support has the responsibility for security breaches.
  3. Keep Enhancement Packs Updated: One of the most important steps to stay secure is simply to stay up-to-date. Make sure you are running the latest enhancement packs and aren’t lagging several versions behind.
  4. Install Support Package Stacks: Support Package Stacks are support packages and patches for a given product that should be used together. SAP recommends applying these stacks at least once a year and details the maintenance schedule on their website.
  5. Maintain properly configured systems: Organizations are vulnerable due to unpatched misconfigured and outdated SAP systems, putting their entire business at risk. SAP fixes issues regularly and customers need to be aware, prioritize and apply configuration changes and security updates.
  6. Ensure your SAP applications are updated: Make sure you are also keeping your SAP applications patched and up-to-date. They shouldn’t lag behind your SAP ECC.
  7. Return to standard: By eliminating your unused code and reverting back to the standard installation, you can reduce the risk of a security vulnerability as custom code opens the door to risks.
  8. Knowledge about the latest threats and vulnerabilities affecting SAP applications improves organization’s ability to manage cybersecurity risks. It is very important to be able to detect zero-day vulnerabilities in SAP applications.
  9. Segregation of duties and access controls can help in safeguarding your company’s core business.
  10. The following table describes some specific vulnerabilities together with measures SAP strongly recommends that organizations implement. Be aware that the likelihood and impact of a vulnerability being exploited may depend on the attack scenario, how critical the supported business processes are, and which regulatory constraints apply. For example, all Internet-facing applications are generally subject to a higher risk of being attacked.



Likelihood Impact Recommendations
1.     Transport layer security using HTTPS


Eavesdropping on clear text communications is well known among hackers. Conducting such attacks has become fairly easy.


The risk of interception of communication containing business data and user credentials (such as logon tickets, passwords, and sessions tokens)


Secured network communication using HTTPS from browsers to SAP applications is key for mitigating the risk of interception of communication. Enable HTTPS at least for all communication channels that cross the network boundaries of your computer center.
2.     Secure session handling Session hijacking attacks are very common for Web-based applications. Secure session handling protects against various attacks aimed at the interception of the victim’s session, which allows the attacker to view, manipulate, or delete business data.


SAP strongly recommends that customers implement the recommended settings.


3.     Cross-site request forgery (XSRF)


Cross-site request forgery ranks among the most dangerous attacks.


An attacker makes the victim’s user agent issue requests, resulting in undesired and potentially harmful actions like viewing, manipulating, or deleting business data.


SAP closes vulnerabilities in standard code with the SAP Notes. SAP recommends deploying the SAP Notes as soon as possible. A framework for protecting custom applications is provided.
4.     SQL injection


Structured Query Language (SQL) injection is well known among hackers.


Exploiting dynamic SQL statements, the attacker may use malicious SQL statements to view, manipulate, and delete business data in the database.


SAP closes vulnerabilities in standard code with the SAP Notes. SAP recommends deploying the SAP Notes as soon as possible. A framework for validating dynamic SQL statements for custom applications is also provided.
5.     Directory traversal Directory traversal is a common attack.


This attack exploits unintended input for programs to access directories and files on a file system level. Any data, including business data, that is accessible on the file system of the application server could be read, manipulated, or deleted without having file system access.


SAP closes vulnerabilities in standard code with the SAP Notes. SAP recommends deploying the SAP Notes and performing additional configuration activities, as described in the notes, to activate protection measures as soon as possible. SAP also provides a framework for protecting custom applications.
6.     Cross-site scripting (XSS) Cross-site scripting is the most common attack on the Internet against Web applications.


Client-side scripts are used to access client data as well as client credentials, such as sessions, and pose a significant security risk.


SAP closes vulnerabilities in standard code. SAP recommends deploying the SAP Notes as soon as possible. A framework for protecting custom applications is provided.
7.     Invoker servlet This is a known vulnerability of Java application servers.


The invoker servlet allows unauthorized access to application servlets on Java systems.


The servlet must be disabled in all Java application server systems of SAP Business Suite software and SAP NetWeaver® technology platform releases.
8.     ABAP™ code injection This is a special attack requiring basic ABAP™ programming language know-how.


Exploiting ABAP code injection vulnerability, the attacker may do anything to view, manipulate, and delete business data.


SAP Notes must be implemented to help ensure that identified security vulnerabilities in standard code are closed and cannot be misused by attackers. SAP recommends deploying the SAP Notes as soon as possible.
9.     Hard-coded user names


This special type of attack requires specific user names.


Depends on the individual vulnerability


SAP Notes must be implemented to help ensure that identified security vulnerabilities in standard code are closed and cannot be misused by attackers. SAP recommends deploying the SAP Notes as soon as possible.

10. Definitions

Kerberos: Kerberos is a computer network authentication protocol that works on the basis of ‘tickets’ to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.

Security Assertion Markup Language (SAML): SAML is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.

X.509: X.509 is a standard that defines the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secure protocol for browsing the web. They’re also used in offline applications, like electronic signatures. An X.509 certificate contains a public key and an identity (a hostname, or an organization, or an individual), and is either signed by a certificate authority or self-signed.

Authorization: Authorization is the function of specifying access rights to resources related to information security and computer security in general and to access control in particular. More formally, “to authorize” is to define an access policy. For example, human resources staff is normally authorized to access employee records and this policy is usually formalized as access control rules in a computer system. During operation, the system uses the access control rules to decide whether access requests from (authenticated) consumers shall be approved (granted) or disapproved (rejected).

Authentication: Authentication is the process of confirming identity. It might involve confirming the identity of a person by validating their identity documents, verifying the authenticity of a website with a digital certificate, etc. In other words, authentication often involves verifying the validity of at least one form of identification.

Encryption: Encryption is the process of encoding a message or information in such a way that only authorized parties can access it. Encryption does not of itself prevent interference, but denies the intelligible content to a would-be interceptor.

Auditing: A computer security audit is a manual or systematic measurable technical assessment of a system or application. Manual assessments include interviewing staff, performing security vulnerability scans, reviewing application and operating system access controls, and analyzing physical access to the systems. Automated assessments, or CAAT’s, include system generated audit reports or using software to monitor and report changes to files and settings on a system.

Transport layer security: Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both frequently referred to as “SSL”, are cryptographic protocols that provide communications security over a computer network. Several versions of the protocols find widespread use in applications such as web browsing, email, Internet faxing, instant messaging, and voice-over-IP (VoIP). Websites use TLS to secure all communications between their servers and web browsers.

Secure session handling: A web session is a sequence of network HTTP request and response transactions associated to the same user. Web applications require the retaining of information or status about each user for the duration of multiple requests. Therefore, sessions provide the ability to establish variables – such as access rights and localization settings – which will apply to each and every interaction a user has with the web application for the duration of the session. The disclosure, capture, prediction, brute force, or fixation of the session ID will lead to session hijacking (or sidejacking) attacks, where an attacker is able to fully impersonate a victim user in the web application. Attackers can perform two types of session hijacking attacks, targeted or generic. In a targeted attack, the attacker’s goal is to impersonate a specific (or privileged) web application victim user. For generic attacks, the attacker’s goal is to impersonate (or get access as) any valid or legitimate user in the web application.

Cross-site request forgery (XSRF): Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced ‘sea-surf’) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user’s browser. Attackers who can find a reproducible link that executes a specific action on the target page while the victim is logged in can embed such link on a page they control and trick the victim into opening it. The attack carrier link may be placed in a location that the victim is likely to visit while logged into the target site (for example, a discussion forum), or sent in a HTML email body or attachment.

SQL injection: SQL Injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application’s software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

Directory traversal: A directory traversal (or path traversal) consists in exploiting insufficient security validation / sanitization of user-supplied input file names, so that characters representing “traverse to parent directory” are passed through to the file APIs. The goal of this attack is to use an affected application to gain unauthorized access to the file system. This attack exploits a lack of security (the software is acting exactly as it is supposed to) as opposed to exploiting a bug in the code. Directory traversal is also known as the ../ (dot dot slash) attack, directory climbing, and backtracking.

Cross-site scripting (XSS): Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007. Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site’s owner.

Invoker servlet: The invoker servlet is implemented in the InvokerServlet class that is part of the J2EE Engine’s Web Container. The Invoker Servlet allows unconfigured servlets to be called by simply using a /servlet URL. It is disabled by default in new Tomcat installations, and new metawerx hosting accounts, for security reasons. (see news published 5/12/16 here and a possible solution here)

SAP User Master Record: Master data for SAP users. These enable the user to log on to the SAP system and allow access to the functions and objects in it within the limits of the authorization profiles specified in the role. The user master record contains all information about the corresponding user, including the authorizations.

Profiles: Container of authorizations. Profiles are the objects that actually store the authorization data and Roles are the Container that contains the profile authorization data. A profile is created when a role is generated.

Roles: Contains transaction codes, authorizations (mapped to one profile) and user assignments. Roles provide access to transactions, reports, web applications, etc. Within each role, you can also view and maintain user assignments. Role is created with the role administration tool (PFCG) and allows the automatic generation of an authorization profile. The role contains the authorization data and the logon menu for the user. Roles are usually related to the job that you do and are closely matched to the business processes mapped to the SAP system. Roles are composed of:

  1. Transaction Codes
  2. Profile(s)
  3. Authorization Objects
  4. Organization Level(s)

Composite Roles: Consists of any number of single roles.

Authorization Object: Template for security that contains fields with blank values. Objects that define the relation between different fields and also helps in restricting/ allowing the values of that particular field. Authorization objects are actually defined in programs that are executed for any particular transactions. We can also create custom authorization objects for any particular transaction (generally custom transaction).

An authorization object groups up to 10 fields that are related by AND.

An authorization object allows complex tests of an authorization for multiple conditions. Authorizations allow users to execute actions within the system. For an authorization check to be successful, all field values of the authorization object must be appropriately entered in the user master record.

Authorization (Field Values): Authorization object with completed fields. It is the definition of an authorization object, that is, a combination of permissible values in each authorization field of an authorization object.

An authorization enables you to perform a particular activity in the SAP system, based on a set of authorization object field values.

Authorizations allow you to specify any number of single values or value ranges for a field of an authorization object. You can also allow all values, or allow an empty field as a permissible value.

If you change authorizations, all users whose authorization profile contains these authorizations are affected.

As a system administrator, you can edit authorizations in the following ways:

  • You can extend and change the SAP defaults with role administration.
  • You can change authorizations manually. These changes take effect for the relevant users as soon as you activate the authorization.

The programmer of a function decides whether, where and how authorizations are to be checked. The program determines whether the user has sufficient authorization for a particular activity. To do this, it compares the field values specified in the program with the values contained in the authorizations of the user master record.

Authority Check: Performed by SAP to help establish that a user has the correct authorization to execute a particular task.

Organization Level: This defines actually the organizational elements in SAP. For example, Company Code, Plant, Planning Plant, Purchase Organization, Sales Organization, Work Centers, etc.

Profile generator: The profile generator (transaction PFCG) automatically creates the authorizations and profiles based on transaction codes and authorization object values we specify as data in the role. To help speed up this process, SAP provides a helping hand and if we enter a transaction into a role menu, SAP proposes authorization object values.

User Ids: User ids allow access to SAP applications.  Each user must have a corresponding profile specifically assigned.  In many situations, multiple composite profiles can be assigned to a user ID, depending on the role(s) an individual user is responsible for, in the business processes.

Composite Profiles: Composite profiles refer to the various employee roles available in the corporation (for instance: Purchasing / Receiving Clerk or Accounts Agent).  As the name suggests, composite profiles may contain multiple user IDs necessary to perform all the business operations associated with a particular role.  A composite profile may encapsulate another composite profile(s).

Authorizations: Authorizations are the key building blocks of SAP security.  Authorization is the process of assigning values to fields present in authorization objects.

ECC: ECC stands for Enterprise Central Component and is similar to R/3. The name of this component has evolved, but the essential function of system component has not changed much.

NetWeaver: NW is basically an orchestra of various components. There is a base WEB AS on top of which all other components like EP, XI, BI, MDM, etc. sits. There are different combinations of OS and database on which you can install NW.

MySAP: MySAP is a product of SAP, is an e-business software integration tool that delivers content to the user based on his or her role in an enterprise using a Web browser or Internet appliance.

Phishing is an attempt to obtain access credentials such as user names and passwords by using fake email or messaging (text, instant, or direct) to unsuspecting recipients.

Pharming is an attempt to redirect a Web site’s traffic to another site for malicious intent. Cloud solutions from SAP take extra precautions because even if most people in a customer’s organization know how to protect themselves, others may not.


Please feel free to reach out to me for any decisions that you might need guidance on with regards to SuccessFactors, S/4 HANA, SAP Leonardo. I am happy to pay it forward. This post would not have been possible without all the help from blogs in SAP community and other articles published by SAP. Please connect with me at so that you can get notified if topics like SuccessFactors and S/4 HANA interest you.

What is SAP Internet of Things?

In this post, I will share with you an introduction to SAP IoT, architecture, technologies, how to build an IoT application, use Cases, and definitions. Click below links to go directly to the sections.

  1. Introduction
  2. Architecture
  3. Technologies
  4. How to build an IoT application
  5. Use Cases
  6. Definitions

Backend systems model real world assets, but they are not connected to them. With IoT they can be. Customers can use the SAP Cloud Platform to build IoT apps. This enables customers to connect everything the back office to boardroom, warehouse to storefront as well as desktop to mobile devices. Analysts predict that there will be 50 billion connected “things” by 2020.

In the simplest form, IoT technology takes inputs from the physical world, uses digital technologies to derive insights from those inputs, and then makes outputs available for use back in the world. It is the network of devices and in general things that are connected together and communicating with each other to perform certain tasks, without requiring human-to-human or human-to-computer interaction. Any device that can be embedded with electronics, software, sensors to communicate with other device is “Things”. These devices collect useful data with the help of various existing technologies and then autonomously flow the data between other devices.

When building a network of connected IoT devices that’s truly “enterprise-ready,” there are three big boxes customers have to check off: (1) comprehensive security, (2) interoperability and standardization, and (3) building mature applications that are feeding data and analytics that can be used.

Traditional physical products create value for customers only by virtue of their performance. Connected objects enable automation, scheduling, remote controlling, and other abilities, so information becomes a key determinant of value. IoT-enabled devices create new information that can be communicated, aggregated, analyzed, and acted upon.

SAP solutions for the IoT are built on the SAP HANA platform, which gives access to a wide range of applications, development tools, and integration services. It also provides the ability to process extremely large volumes of IoT data in real time.

At the core of SAP HANA is a full set of natively integrated processing engines to support data streaming, predictive analysis, relationship modeling, geospatial processing, on-the-fly complex calculations, machine learning, and text processing. This is further enriched by an ability to process transactional and analytical workloads from the same data set. This rich set of features provides a foundation for supporting unpredictable workloads of IoT data and solutions.

SAP Cloud Platform for IoT is designed to enable businesses to connect any sensor or device to any app or business process in their company and business network. Device management, IoT messaging and IoT application enablement are all part of the new offering, including data modeling.

IoT technology is part of SAP Leonardo which is an umbrella term for a number of SAP technologies, all built on top of SAP’s open platform-as-a-service (PaaS) offering called SAP Cloud Platform.

Internet of Things (IoT) makes everything connected or connectable, from the products we make to the people that use them:

  • Connected products means new insights throughout the product lifecycle, from design, to production, to delivery, to the end of a product’s life.
  • Connected assets can be tracked, monitored, analyzed, and maintained proactively to reduce operational and maintenance costs and increase equipment uptime.
  • Connected fleets of vehicles, robots, forklifts, and autonomous vehicles can be monitored, maintained, and optimized to improve services, safety, visibility, and service quality.
  • Connected infrastructure can improve digital operational intelligence of physical infrastructure systems, construction, and energy grids enabling improved service, efficient operations, and compliance and risk mitigation.
  • Connected markets can optimize rural and urban areas to better enable new production and enhance assets, space, and our natural resources.
  • Connected people enable more insightful, collaborative work roles, health management, and smart-home environments by connecting people and communities and providing better, more personalized lifestyle experiences.

The Internet of Things is on top of the agenda for most companies. While technology has existed for several decades, it was limited to operational use. The evolution of connectivity, Big Data management, analytics, and cloud technology is enabling us to converge these operational and information technologies to make machines smarter and drive end-to-end digital transformation.

Initially, IoT applications were limited for operational activities on shop floor and data was not leveraged for enterprise use. With the evolution of Industry 4.0 and industrial Internet, customers are looking to leverage this Big Data and develop responsive and intelligent applications for line-of-business and industry-specific end-to-end processes

In a nutshell, SAP’s Leonardo connects things with people and processes. SAP provides a highly innovative IoT solution portfolio which extends the digital core with adaptive applications, big data management and connectivity to enable business process and connected people.

SAP’s IoT platform makes it possible to develop, deploy, and manage IoT applications. Customers will be able to –

  1. Automate processes and network connections
  2. Store and manage sensor data
  3. Connect and control devices
  4. Analyze data.


The SAP Cloud Platform Internet of Things service is designed to facilitate and support the implementation of IoT applications.

Internet of Things service provides interfaces for registering devices and their specific data types, sending data to a database running on the SAP Cloud Platform in a secure and efficient manner, and storing and providing access to the data stored. The respective services are distributed across two main components: Remote Device Management Service (RDMS) and Message Management Service (MMS). A graphical user interface called Internet of Things service cockpit provides access to the various services.

The MMS provides various APIs that can be used by devices to send data to Internet of Things service. It processes the data and persists the data in the databases connected. There may be other use cases, though, which require forwarding the data to a message broker, event stream processor or even a document repository.

The Internet of Things service cockpit is the main interface for users to interact with the Remote Device Management Service (RDMS). You can use it to register new devices, to define the schema of messages (device types and message types) they can send and receive, as well as to establish the trust relationship needed by devices to interact with the Message Management Service (MMS). The Internet of Things service cockpit and RDMS are provided as cloud services and can be used with subscriptions.

The technical core elements of SAP Leonardo Internet of Things (IoT) are:

  1. SAP Leonardo Foundation
  2. SAP Leonardo for Edge Computing
  3. SAP Cloud Platform / SAP HANA Platform
  1. SAP Leonardo Foundation includes both best of breed business services that enable users to rapidly build IoT applications by building digital twins, reusable application services, and applying predictive algorithms; and core technical services to process a high velocity of data with the ability to stream analytics and run predictive scenarios. These are delivered on new generation SAP Cloud Platform coming from millions of devices.

Provides capabilities of data ingestion of raw sensor (thing) data, big data abilities to manipulate huge data volumes and data integration with enterprise software systems (action) to provide the ability to create end-to-end IoT solutions for businesses to leverage and drive the right outcome.

SAP Leonardo Bridge combines real-time information from connected things with business processes to turn extended supply chains into live supply chain environments.

  1. SAP Leonardo Edge Computing ingests data irrespective of connectivity, latency, device protocols concerns, and delivers intelligent edge applications. SAP Leonardo for Edge Computing serves as an IoT Gateway, offering a set of services that run at the edge of the network to complement the SAP Leonardo Foundation. This includes:
    1. Streaming Lite
    2. SAP SQL Anywhere
    3. SAP Plant Connectivity (PCo)
    4. SAP Device Management for IoT by Telit
    5. SAP HANA Integrator by OSISoft
  1. SAP Cloud Platform / SAP HANA Platform

The SAP Leonardo Foundation is available for cloud and on premise deployment types, based on either SAP Cloud Platform /SAP HANA Platform, and includes the following:

3.1 Cloud-based on SAP Cloud Platform

SAP Cloud Platform is the key strategic platform-as-a-service infrastructure that provides the framework for SAP Leonardo. Additionally, SAP Cloud Platform provides end-to-end micro services for machine learning, analytics, Big Data, security, user experience, user management, and backend integration application program interfaces.

  1. SAP Cloud Platform Streaming Analytics
  2. SAP Cloud Platform Remote Data Sync
  3. SAP Cloud Platform Integration
  4. SAP Cloud Platform Internet of things
  5. SAP IoT Application Enablement

3.2 On premise-based on SAP HANA platform

  1. SAP HANA remote data sync
  2. SAP IoT SIM Management
  3. SAP HANA dynamic tiering
  4. SAP HANA Vora

Please see my post on SAP Leonardo Technologies.

The technologies and principles of IoT will have a very broad impact on organizations, affecting business strategy, risk management and a wide range of technical areas such as architecture and network design. The technologies that are important in IoT area are – 

  1. IoT Security
  2. IoT Analytics
  3. IoT Device Management
  4. Streaming data
  5. IoT Platforms
  6. IoT Applications
  7. IoT Cloud
  8. IoT Data
  1. IoT Security

As companies collect data beyond traditional IT boundaries, IoT security measures are critical. Some key considerations include being able to secure and monitor devices, encrypt sensitive data, and build risk mitigation into systems.

The IoT introduces a wide range of new security risks and challenges to the IoT devices themselves, their platforms and operating systems, their communications, and even the systems to which they’re connected. Security technologies are required to protect IoT devices and platforms from both information attacks and physical tampering, to encrypt their communications, and to address new challenges such as impersonating “things” or denial-of-sleep attacks. IoT security is further complicated by the fact that many “things” use simple processors and operating systems that may not support sophisticated security approaches.

The Internet of Things service is a service on the SAP Cloud Platform. Therefore, customers need to consult SAP Cloud Platform Security for the corresponding software version.

The core functions provided by the Internet of Things service are offered by the components hosted in SAP Cloud Platform. These components and their security-relevant information flows are shown in the figure below.

The SAP-controlled provider account hosts the Remote Device Management Service (RDMS) which is used for device management and the Internet of Things service cockpit, which acts as a user interface to RDMS. These two components are provided in the consumer account by means of subscription. Users can access the Internet of Things service cockpit by using single sign-on with their SAP Cloud Platform account and having the appropriate role.

The user-controlled consumer account hosts the Message Management Service (MMS) which handles the messages received by the device. Devices need to obtain an OAuth token to send or receive messages through the external APIs.

The dashed box represents functionality that a user is supposed to build to make use of the device data collected. For such a new business application, additional roles must be defined.

  1. IoT Analytics

IoT business models can exploit the information collected by “things” in many ways — for example, to understand customer behavior, to deliver services, to improve products, and to identify and intercept business moments.

Mass data processing: Sensor data generated by things that are onboarded on the platform are stored in a multi-component, high-performance database system built around SAP HANA, SAP’s in-memory database. During the early stages of implementing IoT solutions, organizations learned to distribute sensors where required (for example: throughout the supply chain) and collect vast amounts of information. Customers are now taking the next step and converting that data into actionable insights.

Time series analysis: Thing sensor data can be clustered and analyzed based on individually defined timeframes as a basis for trend observations, predictive maintenance scenarios, or similar use cases.

  1. IoT Device Management

Long-lived nontrivial “things” will require management and monitoring. This includes device monitoring, firmware and software updates, diagnostics, crash analysis and reporting, physical management, and security management. The IoT also brings new problems of scale to the management task. Tools must be capable of managing and monitoring thousands and perhaps even millions of devices.

For most organizations, there’s a big hurdle to overcome: efficiently connecting thousands of devices and machines to the Internet, collecting data from them, and deriving valuable insights from those distributed sensors. This is no small feat given that “things” come from different suppliers, each with different protocols, data formats, and interfaces to enterprise systems and applications.

The SAP Device Management for IoT application is a data collection, ingestion, and processing engine simplifies and accelerates the process of connecting devices, assets, and sensors to the Internet; collects and normalizes the data they generate; and securely moves this data to any application in real time.

Once devices and machines are connected, SAP Device Management for IoT collects data from them, regardless of where they are, and stores it in SAP databases and business applications, such as the SAP HANA platform, SAP IQ software, or the SAP Predictive Maintenance and Service solution. SAP Device Management for IoT provides full integration into existing enterprise resource planning systems by converting data into a format that can be more easily consumed by target SAP applications and sending data to the appropriate target application.

Please refer to the section Definitions: IoT Gateway.

  1. Streaming data

IoT applications accumulate more data than traditional batch processing can manage. Having capabilities for streaming data continually is key to reliably feeding real-time business processes and extracting timely insights.

Some IoT applications will generate extremely high data rates that must be analyzed in real time. Systems creating tens of thousands of events per second are common, and millions of events per second can occur in some telecom and telemetry situations. There is a requirement to process very high-rate data streams to perform tasks such as real-time analytics and pattern identification.

SAP HANA smart data streaming is a specialized option that processes streams of incoming event data in real time, and collects and acts on incoming information.

Smart data streaming is ideally suited for situations where data arrives as events happen, and where there is value in collecting, understanding, and acting on this data right away. IoT is an example of data sources that produce streams of events in real time.

Data flows into streaming projects from various sources, typically through adapters, which connect the sources to the smart data streaming server. The streaming projects contain the business logic that is applied to the incoming data, typically in the form of continuous queries and rules. These streaming projects are entirely event-driven, turning the raw input streams into one or more derived streams that can be captured in the SAP HANA database, sent as alerts, posted to downstream applications, or streamed to live dashboards.

  1. IoT Platforms

An IoT platform makes it possible to develop, deploy, and manage IoT and M2M applications. Automate processes and network connections, store and manage sensor data, connect and control devices, and analyze data.

IoT platforms bundle many of the infrastructure components of an IoT system into a single product. The services provided by such platforms fall into three main categories:

  1. low-level device control and operations such as communications, device monitoring and management, security, and firmware updates;
  2. IoT data acquisition, transformation and management; and
  3. IoT application development, including event-driven logic, application programming, visualization, analytics and adapters to connect to enterprise systems.

In anticipation of hyperscale and standardization requirements for running SAP and partnered IoT scenarios, SAP has elected to strategically adopt well-established infrastructure as a service (IaaS) technology components like Cloud Foundry and Open Stack. These hyperscale technology foundations are tightly integrated with the SAP Cloud Platform, enabling a scalable foundation to support the enterprise IoT requirements of the future.

  1. IoT Applications

IoT applications capture, collect, interpret, and act on vast amounts of information – detecting connectivity gaps, handling interruptions, and meeting specific business and industry requirements.

SAP has deployed a number of enterprise IoT applications, including SAP Connected Assets, SAP Connected Logistics, and SAP Connected Manufacturing. SAP has also extended IoT services to include predictive analytics, telematics, geo-location, and more.

SAP also provides a set of Reuse components and UI templates which are a set of user interface components and functionality that is required in most IoT applications. They are a collection of easy-to-use building blocks that enable customers to create an IoT-based analytical application from within SAP Web IDE, a web-based tool that intends to simplify the end-to-end application lifecycle: prototyping, development, packaging, deployment, and customer extensions for Fiori or SAPUI5 applications.

Customers can use the IoT Application project template to develop basic IoT applications by using a wizard-based approach. The templates provide a simple way to connect to the SAP backend services from IoT Application Enablement.

The storyboard perspective of the SAP Web IDE and the IoT reuse controls can be used to get a quick start for code-free development of one-page mash-up applications. Customers can later enhance them to multipage applications using your code or merge several one-page applications together.

  1. IoT Cloud

IoT cloud solutions provide affordable access to high-speed data networks to significantly extend the reach and usability of IoT applications. They also offer data storage, processing, analysis, and remote device management.

  1. IoT Data

IoT data management technologies ensure that customers can collect the right data at the right time, even when connectivity is interrupted. Rely on in-memory systems to process massive data volumes generated by thousands of devices.

How to build an IoT Application

Below are the high level steps for building an IoT Application. You need a SAP Cloud Platform developer account.
Step 1: Enable the IoT service
Step 2: Access the IoT service cockpit and deploy the Message Management Service to put in your user name and password.
Step 3: You can now start creating Message Types, Device Types and Devices in the Internet of Things Services Cockpit and send data from a device.

There are several resources that show you step by step how to build an IoT Application. Please refer to –
Hand’s-On Video Tutorials for Internet of Things (IoT) Services
Try out the SAP Cloud Platform Internet of Things (access the starter kit)
SAP Developer Tutorial Catalog

Use Cases
The real value of IoT lies in its ability to be an agent of change – to fundamentally change business models and, in the process, create new business opportunities currently beyond imagining. To make this happen, business needs a true end-to-end IoT solution that can tie the hardware layer – the “things” of the Internet of Things – back to the core. Such a solution requires several distinct components, starting with the hardware layer and ending with apps and analytics.

Building on existing IoT services and solutions, SAP launched an end-to-end portfolio of IoT solutions to help companies connect, transform, and reimagine how they do business. This portfolio includes –

  1. Integration & Connectivity
  2. Data Services
  3. Application Services
  4. Industry Scenarios
  5. Hardware Devices (e.g. machine sensors)

Customers can connect any device to any business process and business networks. This means that customers can connect the core of their business to the edge of the network, transform their existing business processes to gain operational efficiencies, and reimagine their businesses to create new revenue models, products, and services.

Most of the IoT world today is in the industrial segment such as oil and gas, utilities, automotive, some transportation or infrastructure, or connected asset management and also maintenance and infrastructure inspection tasks. IoT has been embedded in that kind of business for many years but modern IoT is taking that data and uploading it to the cloud and that’s significantly moving the needle.

Industrial IoT devices are now sending that data through a gateway into the cloud. There, enterprises can use it for not just maintenance and repairs but things such as forecasting and predictive analytics to increase production and streamline operations.

Use Cases by Industries –

  • Utilities and telcos can predict and prevent service outages
  • Airlines can remotely monitor and optimize plane performance
  • Healthcare organizations can base treatment on real-time genome analysis
  • Oil and Gas can use it for field services

Use Cases by IoT Products –

  • Connected Goods: IoT can be used to connect, monitor, and control a large number of customer facing mass market devices such as beverage coolers, freezers, coffee makers, and vending machines, construction tools or healthcare equipment using SAP Connected Goods. This can be used to create Product-as-a-Service business models.
  • SAP Vehicle Insights: Customers can create new business models with connected car analytics, monitor live vehicle conditions and run powerful connected car analytics with SAP Vehicle Insights. This cloud-based application can help customers collect, map, store, and analyze vehicle and sensor data in real time. Integration with automotive telematics data as well as enterprise and customer data can be used to improve services.
  • SAP Predictive Maintenance and Service: With IoT and SAP Predictive Maintenance and Service analyzes large volumes of sensor data (such as temperature, vibration, or rotation speed) and issues an alert long before a machine breaks down. Combining sensor data with business information in CRM, ERP, and enterprise asset management (EAM) systems, customers can move from reactive to predictive maintenance and service. It can be used to reduce maintenance cost, increase asset availability, improve customer satisfaction, generate new service revenue and change to a usage-based business model.
  • SAP Asset Intelligence Network: IoT can be used to collect, track, and trace equipment information in a central asset intelligence repository. Customers can access up-to-date maintenance strategies, manuals, and more from manufacturers and manufacturers can automatically receive asset usage and failure data from operators.

Use Cases by Organizations using IoT –

  • Trenitalia uses it for predictive maintenance on its trains.
  • Norther Gas Networks (UK SAP customer) is looking towards Leonardo in the future for a whole host of IoT use cases across its massive gas distribution network.
  • John Deere uses it to collect data on crop yields, seeding and planting, moisture, etc., through automated sensors in every machine. It then feeds the data back to a cloud-based interface and mobile app. Small farmers can use this app to harvest efficiently.
  • Alliander is using it to improve data quality in the asset register and to reduce maintenance costs and regulatory risks
  • City of Buenos Aires uses it to manage resources that maintain over 700,000 assets, including streets and lights, parks, bus stops, drains, buildings, and bridges, respond to service requests and improve trash collection and predict and prevent flooding and resulting damage and losses
  • Hamburg Port Authority uses it to gather real-time information, increase cargo handling speed and capacity and interconnect infrastructure to extend the port’s lifetime, offer new services, and transport goods more safely and effectively
  • Kaeser Kompression uses it in the areas of real-time operations and predictive maintenance, to enhance existing business processes and leverage the power of Big Data and predictive maintenance and to reduce selling, general, and administrative expenses
  • Roche uses it in the area of connected care. This improves the quality and results of medical treatments creating stronger relationships between doctors and patients, motivating people to take charge of their health, and giving doctors real insights into patient’s lifestyles that they never had before.

Partnerships in IoT area –

  • With Siemens, SAP is co-developing on the SAP HANA Cloud Platform to make Siemens Cloud for Industry powered by SAP HANA available to industrial customers worldwide.
  • Intel brings an industry-leading platform to seamlessly manage, connect, and secure devices on the edge. SAP is partnering with Intel to simplify, secure and scale the IoT for the enterprise, initially focusing on solutions for retail, oil and gas, transportation, manufacturing, and utilities.
  • Hewlett Packard Enterprise (HPE) announced a new suite of IT hardware solutions for industrial IoT applications that run SAP HANA and Leonardo machine learning.


OAuth: OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. OAuth provides to clients a “secure delegated access” to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials. Designed specifically to work with Hypertext Transfer Protocol (HTTP), OAuth essentially allows access tokens to be issued to third-party clients by an authorization server, with the approval of the resource owner. The third party then uses the access token to access the protected resources hosted by the resource server.

Edge Processing: SAP Dynamic Edge Processing bridges physical “things” with the business world. It allows businesses to take action in real time and optimizes operations by making edge assets and workers operate more efficiently. Functional areas extended to the edge include plant maintenance, inventory management, and materials management.

SAP Leonardo Bridge: Overview of how the SAP Leonardo Bridge combines real-time information from connected things with business processes to turn extended supply chains into live supply chain environments, connecting things from products to people across line-of-business and industry use cases.

Data Mining: Data mining is a systematic computation process comprising a set of techniques and algorithms to investigate significant patterns and cross connections in large datasets, including clustering, classification, and prediction. It is used in particular in data warehousing in order to better understand user behavior and to detect improvement points in order to optimize provided services.

The purpose of data mining is to translate extracted information into an understandable format which makes it possible to gather useful business insights in the context of trend analysis and detection of hidden patterns. Non-trivial extraction of knowledge by applying statistical pattern learning techniques to business applications can be integrated into complex modeling and decision making processes. The resulting business opportunities are widespread, such as item categorization in e-commerce, automation in customer relationship management, market basket analysis in retail sales, and identification of employee characteristics in human resources, to name just a few.

Embedded Systems: An embedded system is a computer system with a dedicated function within a larger mechanical or electrical system, often with real-time computing constraints. It is embedded as part of a complete device, often including hardware and mechanical parts. Embedded systems control many devices in common use today. 98 percent of all microprocessors are manufactured as components of embedded systems. The Internet of Things (IoT) takes advantage of existing sensors and the existence of a network of embedded units, optimally managing available resources at the unit and network levels and providing augmented functions.

Industrial Internet of Things (IIoT): The Industrial Internet of Things (IIoT) is the use of Internet of Things (IoT) technologies in industries. The word “Industrial” transforms the term IoT to impart the concept of smart connected operations to create products and services. IIoT is a part of the broader Internet of Things (IoT), where the connections between things exist mainly to produce physical goods for the marketplace and to maintain the physical assets of production.

Industry 4.0 (I4.0) or Industrie 4.0: Industry 4.0 (Industrie 4.0 in German) is a German government initiative strongly focused on Germany and characterized by the Cyber Physical Production Systems. It identifies with the unfolding fourth industrial revolution. This fourth industrial revolution follows the first one, which occurred in the eighteenth century and was characterized by mechanical production, the second, at the beginning of the twentieth century, which was characterized by mass production using electricity, and the third, in the mid-twentieth century, characterized by production linked to information technology.

IoT Gateway: Dealing with a huge number of sensors and actors is a perfectly normal situation in many IoT scenarios. They are obviously too numerous to be connected directly with business systems. Nor are they technically capable of communicating directly with the business systems. On top of that, the sensors produce an incredible amount of data, and not all of the raw or non-aggregated sensor data is relevant for the business. These factors are just a few examples of why an IoT Gateway yields great value to an IoT architecture. In the context of SAP, the concept of an IoT Gateway is supported by:

  • Intelligent edge processing
  • Telit DeviceWISE
  • SAP HANA IoT Integrator by OSIsoft

SAP’s IoT platform consists of two parts, the IoT foundation for SAP HANA and the IoT intelligent edge processing bundle for the same. The two packages provide data filtering, aggregation and correlation capabilities, and the edge bundle offers data consistency between the edge and the cloud.

Data consumption options

  1. Cloud option: Delivers pre-integrated and open IoT capabilities based on the HANA cloud platform and provides smart data streaming, remote data synchronization, IoT services for device message management, and IoT application services to cloud-based environments.
  2. Edge models for business: SAP will partner with Dell to bring a series of edge models to the enterprise. They’ll combine Dell’s Edge Gateway 5000 with SAP’s IoT platform to allow businesses to address operational challenges such as machine productivity, predictive maintenance and business continuity.
  3. SAP will re-sell Telit’s IoT deviceWISE platform and combine it with their own IoT platform to provide tools and resources needed to build and manage an IoT initiative no matter where a company is in the process.
  4. SAP has a partnership with OSIsoft, which offers a PI System designed to capture real-time data using 450 off-the-shelf interfaces. The partnership with OSISoft is designed to give customers access to the collection, archiving, and distribution of historical IoT data.

Lambda Architecture: The Lambda Architecture is used for a generic, scalable and fault-tolerant distributed data processing systems and contains: batch layer, serving layer, speed layer. These layers process incoming data and supply it to queries.

Machine-to-Machine Communication (M2M): Machine-to-Machine communication refers to direct communication between devices using any communications channel, including wired and wireless. Nowadays communication is often via the Internet of Things (IoT).  Widespread adoption of Internet Protocol Version 6, with its extremely large address space, is necessary in order to accommodate all of the sensors and machine-readable identifiers that the Internet of Things will require. Machine-to-Machine communication can include industrial instrumentation, enabling a sensor or meter to communicate the data it records (such as temperature, inventory level etc.) to applications that can use it (for example, adjusting an industrial process based on temperature or placing orders to replenish the inventory).

Message Broker: By ensuring a smooth real-time communication flow, message brokers have a pivotal role in the Internet of Things. As a kind of middleware, or intermediary program module, they have the task of facilitating communication between applications by translating incoming messages from the sender’s formal messaging protocol to the receiver’s formal messaging protocol. Depending on the situation, the message broker will then perform a given task, typically by validating, transforming or routing the message. Message brokers are an essential element in publish/subscribe messaging patterns, an essential part of Internet of Things architectures. As such, the message broker acts as a mediator between different applications. It minimizes the need for applications to be mutually aware of each and thus allows them to exchange messages without having to adopt a different, unfamiliar or incompatible protocol. Employing message brokers thus helps to reduce coupling and increase cohesion in an IT architecture.

Micro-Electromechanical Systems (MEMS): Micro-Electromechanical Systems (MEMS) is the technology for very small devices; merging at the nano-scale into nano-electromechanical systems (NEMS) and nanotechnology.

Microservices: A microservice is a self-contained process that provides a unique business capability. Instead of being organized according to software layers, microservices are created around business capabilities. Each micro service ideally has its own data store. There is no centralized database in a microservice based architecture. In a microservices architecture style, large applications are a suite of small independent services. Unlike monolithic applications, microservice based applications are easy to understand, upgrade, maintain and replace with another microservice.

Reference Architecture for SAP IoT Solutions: The main goal of a reference architecture is to provide a template for a specific solution and interest. It can also be used to highlight specific terms, concepts, methods or products being used. The reference architecture for SAP IoT solutions supports the implementation of a homogeneous set of IoT applications with a high degree of code reuse, thus making development more efficient. It is therefore beneficial both for product development teams at SAP and for developers working on-site for customers and partners to develop their own end-to-end IoT solution based on an SAP IoT platform.

Smart Cities: The Smart City is a topic that as one of the possible applications of the Internet of Things (IoT). The Smart City harnesses the latest technologies and provides citizens, city officials, and city planners with real-time access to real-time traffic data, water and electricity usage, road and transport authority information, tweets, and so on, with the goal of improving the daily lives of the citizens helping the city to run more efficiently.

Smart Grid: The concept behind smart grid describes the improvement of an electrical grid with sensors. There are several fields of application possible, such as smart meters, smart appliances or the smart usage of energy resources. As smart meters are very common, they can already be found in many households. Smart meters in particular, and the smart grid in general, are therefore a good example of how the Internet of Things can help us to improve our environment.

SAP Digital Twin: A digital twin is a virtual representation of a process, product or service. Using software on a cloud-based platform, digital twins pull together and analyze data organizations can use to monitor and head off repairs and other problems before they occur. It is a solution to monitor and analyze in real-time the behavior of structures and mechanical systems under the influence of complex and dynamic loads.

The solution is based on a digital representation of a unique real asset that applies structural finite element models in combination with sensor feeds and classical physics to replicate the physical state of the asset at any point in time. This information can be used in applications built for a wide range of purposes. It can be applied across industry segments and asset types, be it a wind turbine, an industrial robot, a crane or a building. It is used for monitoring, inspection and operational planning by providing a high-fidelity cloud based virtual model connected to edge-based sensor packages.

The state of the physical asset can be read through virtual sensors located on the Digital Twin, the readings of which can be used in other applications. The SAP Digital Twin can, in this way, further integrate into core business processes, such as asset management, plant maintenance and operations.

Four steps to get started with digital twins

  1. Integrate smart components into new or existing products.
  2. Connect the products/services to a central (cloud-based) location with streaming, big data, in-memory and analytics capabilities to capture sensor data and enrich it with business and contextual data.
  3. Constantly analyze the data to identify areas for improvements, new products or even new business models.
  4. Use digital insights to create new services that transform the company – disrupt before your business is disrupted.



New IoT-Based Services for Manufacturing leveraging SAP Cloud Platform Internet of Things – Aug 11, 2017




Please feel free to reach out to me for any decisions that you might need guidance on with regards to SuccessFactors, S/4 HANA, SAP Leonardo. I am happy to pay it forward. This post would not have been possible without all the help from blogs in SAP community and other articles published by SAP. Please connect with me at so that you can get notified if topics like SuccessFactors and S/4 HANA interest you.

3 Things You Need To Know About SAP Leonardo

The 3 things you need to know about SAP Leonardo are (I) the Technologies behind SAP Leonardo, (II) Advantages that the platform provides and (III) Use cases of how some organizations have leveraged it.


SAP Leonardo is a collection of software and services, namely IoT, big data, analytics, blockchain and machine learning, all running on the SAP Cloud. It is a digital innovation system where IoT, artificial intelligence, machine learning, advanced analytics, blockchain come together.

Customers can take advantage of emerging technologies like artificial intelligence, machine learning, advanced analytics and blockchain on top of their business data. It is a set of integrated, data-driven technologies that can serve as the nerve center for digital businesses. To deliver transformation at scale customers need more than IT. So, SAP Leonardo was expanded to be digital innovation system that will help customers to confidently redefine their business for this digital world.

SAP Leonardo is an umbrella term for a number of SAP technologies, all built on top of SAP’s open platform-as-a-service (PaaS) offering called SAP Cloud Platform.

SAP Leonardo technologies are –

  1. SAP Cloud Platform
  2. Internet of Things
  3. Machine Learning
  4. Analytics
  5. Big Data
  6. Blockchain
  7. Design Thinking

SAP Cloud Platform underpins other SAP products spanning its SAP Leonardo IoT portfolio, SAP Clea machine learning services, and the SAP BusinessObjects Cloud portfolio including its SAP Digital Boardroom platform. With SAP Cloud Platform, SAP Leonardo offers intelligent IoT applications, business services for development, technical services for processing high-velocity data and an intelligent edge to process information at the device level. SAP Leonardo combines SAP’s unique strengths, including 45 years of business process knowledge across 25 industries and leadership in Big Data management, in end-to-end offerings addressing the following areas:

  • Connected products for new insights into lifecycle management, sourcing, response and supply, and digital supply networks; and the design, manufacturing and delivery of smart, connected products across all industries
  • Connected assets to track, monitor and analyze fixed assets, including manufacturing and maintenance business processes, to reduce costs and increase equipment uptime
  • Connected fleet to enable businesses and public service organizations owning moving assets (such as vehicles, robots, fork lifts and autonomous vehicles) to improve services and safety, visibility to logistics and service quality
  • Connected infrastructure for new digital operational intelligence from physical-infrastructure systems, construction and energy grids enabling improved service, efficient operations and compliance and risk mitigation
  • Connected markets to enable new production, and business models of local relevance and at the right timing for customer and marketing insights, digital agribusiness, smart ports and smart cities
  • Connected people for more insightful, collaborative work roles, health management and smart home environments connecting people and communities and providing better, more personalized lifestyle experiences

I. Technologies

The following technologies are part of the SAP Leonardo suite.

  1. SAP Cloud Platform
  2. Internet of Things
  3. Machine Learning
  4. Analytics
  5. Big Data
  6. Blockchain
  7. Design Thinking

  1. SAP Cloud Platform

Please see my post on SAP Cloud Platform. You may also refer to SAP’s website SAP Cloud Platform.

  1. Internet of Things

Please see my post on SAP IoT. You may also refer to SAP’s website Internet of Things.

  1. Machine Learning

SAP is harnessing machine learning (ML) into its applications, plus launching its own ML technology on a digital platform, dubbed the SAP Machine Learning Foundation. This is part of a suite of options SAP offers that will allow businesses to use in their plans for digital transformation efforts.

Some of the benefits of ML are the ability to find patterns in Big Data impossible for humans to discern on their own, deliver insights in time, automate routine tasks and focus staff on higher-value work, more accurate predictions in business functions, enables customers to build their own intelligent applications that require no special data science expertise and no special hardware. and access it in SAP applications and platforms easily.

Machine learning empowers software algorithms to learn from history how to handle unstructured data through the recognition of patterns. With this technology, an application can learn how to initiate appropriate action without being explicitly programmed — and expand its know-how with each case.

SAP Leonardo Machine Learning Foundation offers ready-to-go intelligent Business Services and Functional Services using machine learning building blocks for the intelligent processing of all organizations data to detect, to recognize, to predict, etc. It offers developers a set of intelligent functional services, accessible via REST APIs, to perform a variety of tasks, such as detecting objects in images and videos or analyzing written text. Customers will be able to apply frameworks such as TensorFlow, scikit-learn, or R to develop their models and take advantage of the scalability of architecture and the underlying hardware.

Intelligent services embedded in SAP Cloud Platform can use customers’ own training data, and/or can be combined with pre-existing business or technical APIs. This building-block approach brings agility, extensibility, and integration into SAP and non-SAP solutions alike, provides state-of-the-art value to customers and their organizations.

SAP Cloud Platform also provides access to the SAP HANA data platform, which enables rapid processing of large data sets for real-time machine learning analysis. SAP HANA offers over 90 algorithms in its predictive analytics library (PAL) and integration to the R programming language.

You may also refer to SAP’s website Machine Learning.

  1. Analytics

Analytics is composed of Business Intelligence, Predictive Analytics and Enterprise Performance Management. Please see below table for products and capabilities.



Solutions Products Capabilities
1. Business Intelligence 1.1 SAP BusinessObjects Business Intelligence ·  Functional capabilities such as Ad-hoc reporting and analysis, combining data from different sources, etc.
·  Technical capabilities such as SAP HANA, software development kits, etc.
1.2 SAP Analytics Cloud for Business Intelligence ·  Cloud-based authoring
·  Hybrid data access
·  Data visualization and storytelling
·  Visualization design for business communications
·  Data exploration
·  Real-time business intelligence
·  Embedded real-time analytics
·  Built-in social collaboration tools
2. Predictive Analytics 2.1 SAP Predictive Analytics ·  Automated analytics
·  Expert analytics
·  Model management
·  Data Manager
·  Predictive scoring
·  Social and recommendation
·  Advanced Visualization
2.2 SAP Analytics Cloud for Predictive Analytics ·  Smart discovery
·  Predictive forecasting
·  Simulation
·  Smart groupings
·  Smart insights
·  R visualizations
3. Enterprise Performance Management 3.1 SAP Business Planning and Consolidation ·  Unified planning and consolidation
·  Microsoft Office, Web, and mobile reporting
·  Budgeting and forecasting
·  Built-in financial intelligence
·  Legal and management consolidations
·  Prepackaged Business Planning and Consolidation content
·  Self-reliance and accountability
3.2 SAP Analytics Cloud for Planning ·  Business planning in the cloud
·  Embedded real-time analytics
·  Collaboration tools
·  User-driven financial modeling
·  Events console
·  Advanced reporting tools
·  In-memory calculation engine
·  Integration and extensions


1.1 SAP BusinessObjects Business Intelligence
Functional Capabilities
Provides Ad-hoc reporting and analysis tools
Provides BI reporting tools
Provides drill, slice-and-dice, and formatting capabilities
Provides simple drag-and-drop features to create interactive reports
Provides mechanism to combine data from different sources
Provides data alerts
Provides sharing capabilities
Technical Capabilities
Provides SAP HANA as BI system repository and audit database
Provides SAP HANA data access
Provides software development kits
Provides multiple servers running on one or more hosts and/or clusters for high performance, load balancing, and availability
Provides single sign-on (SSO) integration with LDAP, Kerberos, eTrust SiteMinder, & Windows AD
Provides universe semantic layer access to over 40 data sources
Provides support for SAP BW 7.x, SAP Business Suite, and SAP S/4HANA


1.2 SAP Analytics Cloud for Business Intelligence
Cloud-based authoring
Provides cloud based authoring tool (work can be done directly from a Web browser).
Hybrid data access
Provides access to all data – SAP and non-SAP, on-premise and in the cloud – with data connectors to SAP Business Warehouse, SAP Analytics universes, SAP HANA, SAP S/4HANA, and non-SAP sources.
Data visualization and storytelling
Enables building insightful data visualizations, dashboards and storyboards.
Visualization design for business communications
Enables creating clear, compelling visualizations of business communications.
Data exploration
Provides visual navigation to filter and drill into data.
Real-time business intelligence
Provides high-performance, high-scalability in-memory computing power of SAP HANA.
Embedded real-time analytics
Provides access to visualizations and storyboards in-context, instead of jumping to another screen or application.
Built-in social collaboration tools
Enables discussions in-context, rather than switching to another screen or application.


2.1 Predictive Analytics
Automated analytics
Enables use of automated technique to build predictive models that can be embedded in business processes.
Expert analytics
Provides a modeling environment for open-source R-based algorithms, SAP HANA PAL, and SAP Automated Predictive Library (APL). Enables building predictive models with a powerful drag-and-drop interface, and allows users to use their own R scripts.
Model management
Provides end-to-end model management, enables maintaining of predictive models, and schedule updates as needed.
Data Manager
Data Manager provides a framework to facilitate automated data preparation. Users can define a broad set of reusable components, which can be applied to automatically create modeling data sets.
Predictive scoring
Enables getting individual variable contributions for every predictive model. Enables simulations, and score of a specific business question in real time. Enables generating predictive scoring for a wide variety of target systems and directly embed the results.
Social and recommendation
Enables running network and link analysis to understand the connections and relationships between customers and discover which customers have a strong social influence. This capability can help us better manage churn, risk, and fraud.
Advanced Visualization
Advanced Visualization provides an intuitive way to explore data. It enables transforming the results of applied predictive modeling into visualizations that reveal actionable insights.


2.2 SAP Analytics Cloud for Predictive Analytics
Smart discovery
Enables uncovering key influencers of KPIs by using classification and regression techniques. Enables exploration of hidden structures and relationships.
Predictive forecasting
Enables predictive forecasting using visual guidance and dynamic interaction with the results with quality indicators such as confidence interval and hindcast.
Enables predicting the outcome of a KPI or record value based on historical data. Enables simulation of how particular dimension values or KPI values will affect the outcome.
Smart groupings
Provides smart groupings of data values across several measures.
Smart insights
Provides smart explanations for data points.
R visualizations
Provides ability to insert, interact and share R visualizations.


3.1 SAP Business Planning and Consolidation
Unified planning and consolidation
Provides a single, integrated software solution for business planning and consolidation.
Microsoft Office, Web, and mobile reporting
Provides Microsoft Excel, HTML5, and mobile reporting interfaces.
Budgeting and forecasting
Enables what-if modeling and scenario planning to assess budget suitability in real time. Enables building of forecast models and to quickly update and adjust forecasts as needed.
Built-in financial intelligence
Enables automation of aggregations, allocations, and other manual processes to speed up planning cycles. Enables running of what-if scenarios to identify quick course corrections.
Legal and management consolidations
Enables fast and accurate closing by automating the consolidation process. Enables meeting of all financial reporting requirements, including complete audit trail.
Prepackaged Business Planning and Consolidation content
Enables rapid implementation of solution with prepackaged industry and functional content for all types of planning (from capital to strategic planning). Provides financial consolidation starter kits for IFRS and U.S. GAAP regulations.
Self-reliance and accountability
Provides a tool built for finance and managed by finance.


3.2 SAP Analytics Cloud for Planning
Business planning in the cloud
Enables a natural flow between business planning and analysis. Enables planning and simulation with any level of detail and any number of users.
Embedded real-time analytics
Enables planning and analyzing in-context using reporting capabilities and dashboards built right into the application.
Collaboration tools
Enables discussions of plans in-context.
User-driven financial modeling
Enables creation and modification of financial planning models on the fly. Enables alignment of plans across finance and business units by directly integrating with SAP Business Planning and Consolidation.
Events console
The events console provides integrated calendar functionality with the ability to define tasks, assign approvers, and set reminders and alerts for team members. Functionality also includes workflow integration with other applications.
Advanced reporting tools
Provides multi-dimensional drag-and-drop report design, specialized report layouts, cell locking, and auto spreading features. Provides access rights and version management to create private versions, share with specific people, or publishing to authorized users.
In-memory calculation engine
Provides advanced calculations at blazing speeds with SAP HANA’s in-memory calculation engine. Provides report calculations, formulas, and dimension member calculations in real time.
Integration and extensions
Enables seamless integration with SAP Business Planning and Consolidation with data import and export capabilities. Multiple model, worksheet, and summary sheet integration is also available right out of the box.

  1. Big Data

Big Data is the ocean of information we swim in every day – vast zetabytes of data flowing from our computers, mobile devices, and machine sensors. With the right Big Data tools, customers can store, manage, and analyze data and gain valuable insights that were previously difficult. Big Data technologies such as in-memory data management, analytics, artificial intelligence (AI), and machine learning can help transform decision making and businesses.

The powerful set of capabilities in Big Data include the following –
5.2 Analytics
5.3 Predictive
5.4 Hadoop
5.5 SAP Vora
5.6 Machine Learning

SAP HANA is an in-memory data platform that lets customers accelerate business processes, deliver more business intelligence, and simplify their IT environment. It is deployable both on premise or in the cloud. By providing the foundation for all data needs, SAP HANA removes the burden of maintaining separate legacy systems and siloed data, so customers can run live and make better business decisions.


  • Database management: SAP HANA enables processes, transactions and analytics in-memory on a single data copy to deliver real-time insights from live data and simplify operations with modern tools and a secure foundation.
  • Data management: SAP HANA provides access to quality data wherever it best resides using data virtualization, integration or replication. It enables management of data across multi-tier storage to achieve best performance and total cost of ownership.
  • Analytic intelligence: SAP HANA enables use of advanced data processing for business, text, spatial, graph, and series data in one system and delivers deeper insights using powerful machine learning and predictive analytics capabilities.
  • Application services: SAP HANA enables quick prototyping, validation, building, and delivery of smart and modern applications using flexible development and deployment tools.


  • Reduces Complexity: Simplifies IT with one platform for applications. SAP HANA can be used to analyze live data to support real-time business, while reducing data redundancy, footprint, hardware, and IT operations.
  • Runs Anywhere: Enables modernizing data centers. SAP HANA provides many flexible deployment options such as public or private cloud, tailored data center, or 1000+ certified appliance configurations from 13 leading vendors.
  • Real Results: Enables achieving better business. Some organizations are seeing high ROI by using SAP HANA to increase innovation, while decreasing data management costs.


5.2 Analytics

You may refer to section 4 or to SAP’s website Analytics.


5.3 Predictive Analytics
You may refer to section 4 – “2.2 SAP Analytics Cloud for Predictive Analytics” or to SAP’s website Predictive Analytics.


5.4 Hadoop

Hadoop (also known as Apache Hadoop) is an open source, Java-based programming framework that supports the processing of large data sets in a distributed computing environment. It is part of the Apache project sponsored by the Apache Software Foundation.

Hadoop is designed to scale up from a single server to thousands of machines, with a very high degree of fault tolerance. Rather than relying on high-end hardware, the resiliency of these clusters comes from the software’s ability to detect and handle failures at the application layer. Hadoop is designed to be robust, in that your Big Data applications will continue to run even when individual servers or clusters fail.

Hadoop an efficient distributed file system and not a database. It is designed specifically for information that comes in many forms, such as server log files or personal productivity documents. Anything that can be stored as a file can be placed in a Hadoop repository. Hadoop is considered as one of the best in storing the structured, semi-structured and unstructured data.

Structured and un-structured data can be transferred to SAP HANA via a Hadoop / HANA Connector. BODS can be used to pull data to HANA as shown below.

SAP Cloud Platform Big Data Services are the best way to experience Big Data, since they solves the infrastructure, software, and people challenges of Big Data. The optimized infrastructure delivers high reliability and performance, while operational expert services help ensure ongoing success. Freed from operations challenges, customers can achieve great value from Apache Hadoop and Apache Spark.

SAP Cloud Platform Big Data Services are comprehensive services, including deployment, automated operations management, and proactive support. Data scaling, compute bursting, and job monitoring are all automatically included.

Three key components automated management, automated scaling, and infra-structure that is optimized solely for Hadoop and solely owned by SAP. The services feature the key capabilities for Big Data – Apache Hadoop, Apache Spark, Apache Hive, and Apache Pig. They also support third-party applications like H2O, Alation, AtScale, and more. The services are always up to date with the latest production-ready releases, so that users can take advantage of the most recent innovation.

5.5 SAP Vora
SAP Vora enables businesses to analyze all data on a distributed computing framework to readily deliver insights or applications that meet business needs. It is used to generate actionable insights from vast amounts of distributed data to drive innovation and competitive advantage.

SAP Vora is an in-memory query engine that plugs into the Apache Spark execution framework that provides enriched interactive analytics on data stored in Hadoop. It lets you combine Big Data with organizations data in a way that is both simple and fast. You can find the FAQ about SAP Vora here.


  • Provides in-memory, distributed computing engines – relational, time series, graph, and JavaScript Object Notation (JSON) processing engines with specialized algorithms for respective data formats.
  • Provides SQL access to time series, graph, and JSON data.
  • Provides Web interface with SQL editor, data browser, and drag-and-drop function.
  • Provides seamless integration with the SAP HANA platform which enables bidirectional data exchange between SAP HANA and Hadoop.
  • Provides Disk-to-memory accelerator – which assures high performance even when dataset sizes exceed memory capacity.
  • Provides Enterprise-grade data security.


  • Actionable insights from Big Data: Enables decisions in near real time based on entire set of data, even if it comes in different formats and from diverse sources.
  • Simplified IT landscape: Reduces the complexity of working with Big Data using a single, unified platform with a simple-to-use Web interface that works for any use case.
  • Self-service Big Data computing: SAP Vora lets everyone from business analysts and data scientists to engineers and developers use familiar tools and programming languages to analyze huge amounts of data, quickly and efficiently.

SAP Vora architecture

5.6. Machine Learning
You may refer to section 3.


  1. Blockchain

What is Blockchain?

A reliable record of who owns what, and who transacts what. Blockchain is based on distributed ledger technology, which records data (transactions, files, or information) across a peer-to-peer network. Every participant can see the data and verify (or reject) it using consensus algorithms. Approved data is entered into the ledger as a collection of “blocks”, stored in a chronological “chain”, and secured through cryptography.

Blockchain was originally created as the underlying technology for trading the digital currency Bitcoin, blockchain’s potential reaches far beyond cryptocurrency. Blockchains can include land titles, loans, intellectual property, identities, votes and almost anything of value.

SAP Cloud Platform Blockchain service is a “ready-to-use blockchain technology” that could allow IoT devices to instantly “trigger a business process,” for example to ensure a smoother way for orders to reach suppliers.

Blockchain extensions can be developed by customers for their businesses, and blockchain technology will be embedded into Leonardo so that customers can use IoT and ML capabilities. It also allows for an easy setup and management of blockchain nodes. This is intended to support businesses who want to expand and scale out their offerings.


Blockchain as a service lets companies implement distributed ledger technology in the cloud. By eliminating the need for a large upfront capital investment, BaaS is perhaps the easiest, lowest-risk gateway to enterprise blockchain adoption. You can use BaaS to:

  • Experiment and play with the blockchain to see how it could benefit your business
  • Use open standards to create consortia-based and private blockchain networks
  • Prototype, test, and build customized blockchain applications and smart contracts


  • Fewer Intermediaries: Blockchain is a true peer-to-peer platform that will reduce the need for some types of third-party intermediaries like banks, lawyers, and brokers.
  • Faster Processes: Blockchain can speed up process execution in multi-party scenarios – and allow for faster transactions that aren’t limited by office hours.
  • Transparency: Information in blockchains is viewable by all participants and cannot be altered. This will reduce risk and fraud, and create trust.
  • ROI: Distributed ledgers will provide quick ROI by helping businesses create leaner, more efficient, and more profitable processes.
  • Security: The distributed and encrypted nature of blockchain mean it will be difficult to hack. This shows promise for business and IoT security.
  • Automation: Blockchain is programmable – which will make it possible to automatically trigger actions, events, and payments once conditions are met.

You may also refer to SAP’s website Blockchain. Another good resource to understand Blockchain in general is this post.

  1. Design Thinking

Why do we need Design Thinking?

SAP is positioning SAP Leonardo as an Innovation Platform. It’s a shift to be future-oriented. Customers need to look at what might be and then figure out how to get to it, rather than looking at what has been and figuring out how to modify or extrapolate from there. The hope is that when customers educate themselves about SAP Leonardo and learn about significantly changed constraints, they would identify many new use cases (become aware of ‘new’ needs). And the solutions would be arrived at using the design thinking process.

What is Design Thinking?

Design Thinking is a design methodology. The design process is quite collaborative. Typical activities are brainstorming, white-boarding, or other design thinking activities. Design thinking is a design methodology all about creating innovation by combining diverse people, creative space, and an iterative approach. The idea is that seemingly complex problems can be addressed effectively if broken down and iterated upon. Ideal solutions and successful products generally have three things in common. The goal is to balance desirability, viability, and feasibility, also known as human, technology, and business aspects of design. Design thinking is meant to be a holistic, outside-in perspective that helps you to understand the goals and the needs of your end users, customers, and other stakeholders in a way that balances these three spheres.

How to practice Design Thinking?

It can be easy to fall into the trap of assuming you know what you need to build. But remember to diverge first. Brainstorm many possible approaches. Then create some prototypes, which we’ll show you how to do in some upcoming units. Seek validation, refine the solution, and go round the process again. Before you start implementing, make sure you have enough validation. There are several tools and approaches that will be very helpful to you as you go through this design thinking process.

The design thinking process can be as follows –

  1. Create a persona. They are extremely useful when considering goals, desires, and limitations of the users, and they really help guide design decisions.
  2. List out their background, job responsibilities, needs, goals, pain points, stakeholders, competencies, etc. This is used to achieve a common understanding of the mindset of the user.
  3. And then lastly, identify all the touch-points involved.

Once the current user experience journey is completed, try and note the pain points and important moments. What are the most important moments? Build on the ideas you learn from others. Don’t judge or assume too quickly, and try to stay focused on a topic before moving to another topic. Remember that the cost associated with failing is much lower in this stage when key decisions about the app have yet to be made.

You may also refer to SAP’s website Business Transformation Services.

II. Advantages

  1. Customers have all of the important business data in the SAP transactional systems and keeping the data in one place is the best way to safeguard it. AI and Machine Learning can used on this data.
  2. Customers can procure Leonardo and snap it into any architecture or environment they have as Leonardo is built on the SAP Cloud Platform. The SAP Cloud Platform is an open platform, with all open standards and anybody, including non-SAP customers, can get started. The openness of Leonardo enables customers looking for cognitive, IoT or big data solutions to accelerate time to value.
  3. SAP has taken a partnership approach to developing machine learning capabilities, instead of doing it all in-house. It uses Google open-source project TensorFlow for its machine learning algorithms and Nvidia for the hardware to train these algorithms.
  4. With SAP Leonardo, we connect ‘things’ with business processes that are instantaneous and proactive, and with people who can manage more effectively with augmented intelligence and autonomous systems.
  5. SAP will start to build up a library of pre-built use cases, with the launch templates being for the popular predictive maintenance or vehicle telematics use cases. This allows customers to only worry about integrating the relevant back end systems with Leonardo in order to get started quickly.

III. Use Cases

Customers are using Leonardo as a place to track sensor data from connected assets and start to gain insight quickly.

  1. SAP Service Ticketing (part of SAP Hybris Cloud for Customer) classifies incoming customer service tickets so that they can be routed to the right agent. The agent is then prompted with recommended solutions to improve operational efficiency.
  2. SAP Customer Retention application mines data to discover indicators of churn, substantially improving organization’s ability to predict it, and act in time before churn happens. SAP Customer Retention also forecasts cross- and up-sell, as well as loyalty, allowing businesses to choose the best actions to maximize the customer experience.
  3. SAP Cash Application (part of SAP S/4HANA Cloud) learns by observing how humans match incoming bank statements to open receivables like invoices and learns to perform this time-consuming and error-prone task automatically. This enables substantial reduction of labor cost per invoice and faster clearing, ultimately leading to improved process efficiency and service quality.
  4. SAP Brand Impact: Uses deep learning to check for brand images in videos and images in near-real time for advertisers.
  5. Improving HR: SAP Resume Matching (part of SAP Fieldglass) focusses on recruiters. It starts with a job description, and scores candidates to match open positions based on an applicant’s experience and objectives as well as the ability to search a giant database of job openings and suggest potential recruits. It automatically extracts skills, qualifications, and profile information from resumes and job descriptions without the need to create a cumbersome list of synonyms.
  6. SAP Job Standardization (also part of SAP Fieldglass) guides recruiters and hiring managers to create accurate and unbiased job descriptions that are neither overly specific nor use “creative” job titles. Standardized job descriptions make it easier for recruiters to find the right candidate, and for candidates to find the best job.
  7. Enhancing Productivity: To maximize the benefit of machine learning technology, we are committed to making enterprise applications easy to use through conversational applications. SAP CoPilot uses machine learning to simplify how people interact with computers, supporting this collaboration as an automated digital assistant. Users chat with SAP CoPilot using human-like natural language. And CoPilot provides a single-point-of-contact for all SAP applications as well as other vendor’s business solutions like Slack or Google G Suite. SAP is developing chatbots for conversational HR, procurement, service and support on our own conversational engine as a first step toward comprehensive conversational enterprise applications.


  • Heavy machinery manufacturer Caterpillar is eying Leonardo for vehicle insights.
  • Trenitalia is using it for predictive maintenance on its trains.
  • Norther Gas Networks (UK SAP customer) is also looking towards Leonardo in the future for a whole host of IoT use cases across its massive gas distribution network.



AI: Artificial Intelligence is the broader concept of machines being able to carry out tasks in a way that we would consider “smart”. Analytical tools that improve the ability to describe, predict, and exploit relationships among phenomena.

ML: Machine Learning is a current application of AI based around the idea that we should really just be able to give machines access to data and let them learn for themselves.

NLP: NLP applications attempt to understand natural human communication, either written or spoken, and communicate in return with us using similar, natural language. ML is used here to help machines understand the vast nuances in human language, and to learn to respond in a way that a particular audience is likely to comprehend.

Deep Learning: Deep Learning focuses even more narrowly on a subset of ML tools and techniques, and applies them to solving just about any problem which requires “thought” – human or artificial. Deep Learning can be applied to any form of data – machine signals, audio, video, speech, written words – to produce conclusions that seem as if they have been arrived at by humans – very, very fast ones.

Data Science: Dealing with unstructured and structured data, Data Science is a field that comprises of everything that related to data cleansing, preparation, and analysis.

Big Data: Big Data refers to humongous volumes of data that cannot be processed effectively with the traditional applications that exist. The processing of Big Data begins with the raw data that isn’t aggregated and is most often impossible to store in the memory of a single computer.

Data Analytics: Data Analytics the science of examining raw data with the purpose of drawing conclusions about that information.

Augmented Intelligence: Augmented intelligence is an alternative conceptualization of artificial intelligence that focuses on AI’s assistive role, emphasizing the fact that it is designed to supplement human intelligence rather than replace it.

Autonomous Systems: On the Internet, an autonomous system (AS) is the unit of router policy, either a single network or a group of networks that is controlled by a common network administrator (or group of administrators) on behalf of a single administrative entity (such as a university, a business enterprise, or a business division).


New SAP Leonardo Offerings Turn Digital Aspirations into Real-Life Implementations


Please feel free to reach out to me for any decisions that you might need guidance on with regards to SuccessFactors, S/4 HANA, SAP Leonardo. I am happy to pay it forward. This post would not have been possible without all the help from blogs in SAP community and other articles published by SAP. Please connect with me at so that you can get notified if topics like SuccessFactors and S/4 HANA interest you.