Forum Discussion
S/4 HANA in Azure.
Hi All,
I have query like this in my organization Azure portal there is policy "not to create Public Ip on VM ".
so I am installing s/4 HANA app and hana db in azure ( VM cant have public IP )
so how can i make others to use my SAP system in this condition.
i have created architecture like this and used azure bastion for private connect and Nat gateway for outbound connectivity but how can other use SAP system using SAP router string ?
1 Reply
If you are not allowed to create public IP addresses on your Azure VMs due to organizational policy, there are several ways you can allow external users to access your SAP system. Here is one possible solution:
Deploy an Azure Application Gateway: Azure Application Gateway is a web traffic load balancer that can be used to manage and secure web traffic to your SAP system. You can create an Application Gateway and configure it to listen on a specific port (e.g. port 33XX for SAP HANA). You can then configure the Application Gateway to forward traffic to your SAP system running on the VM.
Create a SAP router: You can create a SAP router on your VM to allow external users to access your SAP system. The SAP router acts as a gateway between the external user and the SAP system running on the VM. To create a SAP router, you can follow the instructions in the SAP documentation.
Configure network security groups: To ensure that only authorized traffic is allowed to reach your SAP system, you can configure network security groups (NSGs) in Azure. You can create an NSG and associate it with your SAP system's network interface. You can then configure the NSG to allow inbound traffic on the port used by the SAP router and outbound traffic on the ports required by SAP HANA.
Use Azure Bastion for secure access: Azure Bastion is a fully managed service that provides secure and seamless RDP/SSH connectivity to your VMs directly from the Azure portal. You can use Azure Bastion to securely access your VM and configure your SAP system.
Here is a reference architecture that illustrates how these components can be used together:
https://learn.microsoft.com/en-us/azure/sap/large-instances/hana-architecture
This reference architecture includes details on how to configure an Application Gateway, create a SAP router, and use Azure Bastion for secure access.
In summary, to allow external users to access your SAP system running on an Azure VM without a public IP, you can use an Azure Application Gateway, a SAP router, network security groups, and Azure Bastion.
