Amazon AppStream makes usage of SAP systems running on AWS easy. SAP GUI becomes available on any web browser and thus enables working with SAP applications location-independent. In this post we show how that works.
More and more customers are accelerating the digital transformation by running SAP workloads faster, more securely, and more cost-effectively on AWS. By doing so, customers benefit from the scale and performance of AWS. However, while your SAP environment may be on AWS, many of your users might still access it through SAP GUI on local computers and local networks, which can lead to a few challenges.
AWS and SAP started a partnership back in 2008 and since than in the last more than 12 years they work together to make customer’s life easier by enabling users to access data stored in SAP systems in a smoother way.
Exactly, we can run SAP GUI in the Cloud accessing any SAP systems in any web browser.
The main component to make this happen is Amazon AppStream 2.0.
Based on Amazon Web Services description: Amazon AppStream 2.0 is a fully managed application streaming service. You centrally manage your desktop applications on Amazon AppStream 2.0 and securely deliver them to any computer. You can easily scale to any number of users across the globe without acquiring, provisioning, and operating hardware or infrastructure. Amazon AppStream 2.0 is built on AWS, so you benefit from a data center and network architecture designed for the most security-sensitive organizations. Each user has a fluid and responsive experience with your applications, including GPU-intensive 3D design and engineering ones, because your applications run on virtual machines (VMs) optimized for specific use cases and each streaming session automatically adjusts to network conditions.
The key benefits are:
Sounds promising, right? Let us have a look at the architecture, how we can use it for our SAP GUI scenario.
On the left hand side, we have our end-user with any web browser (Google Chrome, Microsoft Internet Explorer, Apple Safari, Firefox, Opera to mention the most used ones, however even Tor Browser can be used for this purpose). For the communication between the desktop machine and Amazon AppStream 2.0, HTTPS is used (Hypertext Transfer Protocol Secure on port 443). To make sure that the connection can be established port 443 should be open on user’s side and the same port needs to be added as inbound rule for the security group assigned to Amazon AppStream 2.0. Afterwards, SAP GUI Logon will be loaded and we can enter our logon credentials and client number just like in our desktop application “et voilá” we are connected to SAP Application Server and we can execute any SAP transactions as shown in figure 3.
In enterprise environments there is additional need for authenticating users against an Active Directory. With Amazon AppStream 2.0 it is possible to set-up SAML 2.0 federation. With this users can browse to a special crafter (AD FS RelayState) URL and be taken directly to their Amazon AppStream 2.0 applications like SAP GUI.
Generally you pay only for the streaming resources that you provision plus a small monthly fee per streaming user. There is no upfront investment and no long-term commitment when using Amazon AppStream 2.0 – based on AWS pricing page. The main components, which should be considered in the calculations are always-on fleet instances or on-demand fleet instances. In addition, the calculation will also contain the costs for the image builder instances and the user fees. The pricing page (https://aws.amazon.com/appstream2/pricing/) contains more details in this regard. It is an affordable alternative for the used solutions.
First of all, we need to make a decision about whether we need always-on fleet instances, which include compute, storage, and any network traffic used by the streaming protocol. They are are charged hourly. We have to count with the following factor: instance fee (based on instance type and size).
The other option is on-demand fleet instances, which are also charged hourly and we pay for the applicable running instance fee, based on instance type and size (e.g. stream.compute.large)
The image builder instances are also charged hourly. They are used to install applications, in our case SAP GUI and to create a kind of virtual machine image out of it. With that we can choose to run it on on-demand or on always-on instances.
As additional cost we have to calculate with the Microsoft Remote Desktop Service Subscriber Access License (SAL) fee, which is $4.19 per month per user.
To get a better overview let’s see a real example with 10 users, who are using SAP GUI four hours a day during a business week (Monday to Friday) with 20 workdays in a month in the AWS Frankfurt region. The calculation contains cost factors based on the official AWS webpage on June 23rd, 2020. Please always check latest prices on https://aws.amazon.com/appstream2/pricing/.
Microsoft RDS SAL fee
10 users * $ 4.19 = $ 41.9
10 users * $ 4.19 = $ 41.9
10 users * 80 hours * $ 0.12
10 users * 80 hours * $ 0.12
3 stopped instances * (24h * 30 days – 80 usage hours) * $0.035
3 instances * (24h * 30 days – 80 usage hours)
$ 247 / month (for 10 users)
$ 410.2 / month (for 10 users)
As shown in this blog post, even SAP GUI can be used in the cloud to support customers anytime, anywhere, on any devices. Amazon AppStream 2.0 supports streaming sessions using iPad and Android tablets. Simply open Safari or Google Chrome on your iPad or Android tablet and launch an Amazon AppStream 2.0 streaming session. You can use familiar touch gestures, such as swipe to scroll, pinch to zoom, and long tap to right-click, from within your browser to interact with your streaming applications. Use the new Amazon AppStream 2.0 shortcut toolbar to use Windows-specific keyboard shortcuts in your streaming session.