SAP Hub and Spoke Design

Aayush 21 Reputation points
2020-12-23T03:11:47.057+00:00

Dear Experts

As SAP follows hub and spoke design in Azure, this is referring to spoke VNET - should we have two separate spoke VNETS - one for non-prod and other for prod sap workloads ? Or just one spoke VNET both for non-prod and prod will suffice ?

I understand one spoke VNET will technically work but what's the best practice and which strategy is mostly suggested to the customers migrating SAP workloads to Azure by Microsoft.

I would like to understand the best practice from security and governance standpoint.

Thanks
Ayush

SAP HANA on Azure Large Instances
SAP HANA on Azure Large Instances
Microsoft branding terminology for an Azure offer to run HANA instances on SAP HANA hardware deployed in Large Instance stamps in different Azure regions.
120 questions
Accepted answer
  1. prmanhas-MSFT 17,901 Reputation points Microsoft Employee
    2021-01-06T14:19:19.59+00:00

    @Aayush Apologies for the delay in response and all the inconvenience caused because of the issue.

    Since it was holiday season there was a delay in response from our internal team as well which took some time.

    As per discussion what they mentioned is as below:

    Hub-spoke model in general is for dividing workloads into separate spaces and allowing restricted access.We generally use spoke and hub arch to isolate the traffic from other vnets.

    SAP deployments using the Azure virtual Ddatacenter architecture will be implemented using a hub and spoke model. The hub VNet is the central point for connectivity where an Azure Firewall or other type of network virtual appliances (NVA) is implemented to inspect and control the routing of traffic to the spoke VNet where your SAP applications reside.

    Same has been mentioned in this article as well.

    The Azure Virtual Network (VNet) service securely connects Azure resources to each other. In this architecture, a VNet connects to an on-premises environment through a gateway deployed in the hub of a hub-spoke topology. The spoke is the VNet used for the SAP applications and the database tiers.

    General guidelines for SAP on Azure is here.

    The above might be general guidelines so if you are looking for information or guideline specific to your environment our Technical Support should be able to help you out better since they might have the required tools and ways to access your environment and suggest you accordingly.I would recommend you to contact azure support. If you have a support plan, requesting you to file a support ticket, else please do let us know, we will try and help you get a one-time free technical support.

    Hope it helps!!!

    Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Aayush 21 Reputation points
    2021-01-06T04:56:24.857+00:00

    @prmanhas-MSFT Awaiting response, as it has been long.
    Pls suggest other forums where we can discuss such concerns and know more to benefit from Microsoft community.

    Thanks
    Aayush

    0 comments