Well-Architected | SAP on AWS

Posted 20 December 2019 by Ben Lingwood

If you’ve not heard of it before, the AWS Well-Architected Review is a hidden gem in the AWS tool bag. The review can be carried out on existing or planned system workloads on AWS.


What is a Well-Architected Review?
In a nutshell, the review is an onsite review of your Architecture (at design or already implemented stages) by a Well-Architected Certified Engineer. The AWS Specialist is highly skilled, certified and experienced. At Lemongrass, we have skilled SAP Architects uniquely qualified to review SAP architecture on AWS services.

The review focuses on 5 key aspects (Pillars) which are documented into a report published within 2-3 days of the onsite review. The pillars focus on:

  • Operational Excellence – Is your SAP application designed to avoid preventable P1/2’s?
  • Reliability – Is your landscape designed for high SLA for SAP Architecture best practice?
  • Performance Efficiency – Is your system designed, optimised and tuned for Cloud efficiency?
  • Security – Are Landing Zones, Access Management, State Management tuned for SAP systems?
  • Cost Optimisation – Are right-sizing, auto-scaling, FinOps monitoring & alerting in place?

What Are the Benefits of Running a Well-Architected Review?
If you’re running important workloads on AWS such as SAP, it is important to validate your designs and implementations are robust, optimised and fit for your business. Some of the key benefits include:

  • It’s free! Plus, you will also receive up to $5k in AWS credits to implement any fixes.
  • Ensures that you lower the risk of anything going wrong, safeguarding your system & data.
  • It will enable you to build & deploy faster leveraging AWS platform services & automation.
  • Make informed decisions. Any recommendations are factored into project milestones
  • What will You & Your organisation learn – recommendations are learned and avoided in the future.

Well-Architected Security+
One of the main concerns organisations have is the security of their systems and data within a Cloud-based deployment. The simple answer here is it’s almost certainly MORE secure in AWS than in any other deployment model as long as it’s designed, deployed and monitored correctly.

As part of our Security+ review, our architects will audit your environment against a set of defined AWS Security Best Practices, Cyber Security Framework controls and CIS governed benchmarks. The findings will be delivered in a report with recommendations on how to ensure your environment is fully hardened and secure.

Key areas covered in the audit are:

  • Landing Zone: AWS Account security and deployment, Networking configuration, VPC management, Security Group deployment, IAM policies and roles aligned to industry best practice.
  • Security Monitoring: Realtime security scanning; including native AWS services such as GuardDuty, SecurityHub & many more.
  • System Hardening: Validating your desired state management, and system hardening to Industry standards such as CIS level 1 & 2.
  • Response Framework: If the worst happens ensuring you have the appropriate response & recovery procedures

If you are interested in running a Well-Architected Review for your Project, Workload or Design please contact us.

Email us: info@lemongrassconsulting.com or call us on +44 (0) 844 357 786