Publish & Protect Architecture is the fusion of two technologies, SAP (Advanced) Event Mesh for publishing Event Data, and Enterprise Blockchain for protecting the originality and integrity of Event Data.

The Enterprise Blockchain is actually enabling a number of things to happen, including:

. Being a secure store of the Events which have been published, for future reference, for example in the case of Audit/Internal Control/Governance/Regulation/Compliance. Thanks to storing a copy of every Event at the same time as publishing it, you have the highest level of cyber security on your Data

. Being a secure log in case there is a need to replay and resend Event Data. In the case of a situation where certain Events during a certain time period need to be resent, you can't go in to the S/4HANA and say give me the Contact Name of the Business Partner from last Wednesday because it has already been over written. Thanks to the Enterprise Blockchain, and that every time you publish an Event to the SAP (Advanced) Event Mesh you also write that Event to the Enterprise Blockchain, you have the highest level of cyber security protection on your historical Event Data

This blog is the result of collaboration between myself and Tom Fairbairn from Solace. Tom has published a sister blog to this one on the Solace website, and following SAP Community Rules I cannot link to it, that's fine though because you can easy find the blog on google if you search for Solace Publish and Protect.

We are all either already, or becoming, familiar with Event Driven Architecture (EDA) and SAP's Event Mesh and Advanced Event Mesh.

Almost every day more Standard Events are being built in to SAP S/4HANA. The catalogue gets bigger and bigger https://api.sap.com/products/SAPS4HANA/events/events .

Events like Business Partner https://api.sap.com/event/OP_BUSINESSPARTNEREVENTS/overview , "Informs a remote system about created and changed business partners in an SAP S/4HANA System".

Sending out the Business Partner Event to a remote system informing them about a changed or created business partner, this is the Publish side of Event Driven Architecture.

But what about the Protect side of Event Driven Architecture ?

The Protect side of EDA is about being able to trust the originality and the integrity of the Data.

EDA is about fluidity, it is a fast business, a Business Partner Contact Telephone Number could be changed another system, that system notifies S/4HANA, S/4HANA gets updated with the new Contact Telephone Number for this Business Partner and then informs, Publishes this Data to Subscribing Systems as part of an end to end integrated Business Process.

And here's the thing, what happens if there's a problem at the remote system which is receiving the Events from the S/4HANA, what if we get in to a situation where we need to re-play the Events that came from the S/4HANA ?

What happens if we need to be able to prove the originality and the integrity of Event Data which was sent at a certain time and date, or in-fact at any time ?

SAP Advanced Event Mesh has a feature to store Logs of Events and to be able to replay Event Logs, this has been explained nicely here: https://community.sap.com/t5/technology-blogs-by-members/reversing-the-time-with-advanced-event-mesh...

As Tom Fairbairn from Solace said in his blog, "A common implementation of the event source pattern is to have a distributed immutable log storing all state transitions, and to rebuild current application state by replaying the state transitions.

Surely this is the solution to publish and protect?

Well, no. This approach doesn’t solve the trust issue: would you replicate your log-based event streaming solution to an untrusted third party? Thought not. Log based streaming solutions also assume that replicas are generally on-line and up to date, which is not a good assumption in cross-organisational scenarios. Lastly, the log is only immutable in log-based streaming because there is no facility within the platform to edit the logs. Anyone with a binary editor can change the data and there is no detection of this or validation of data integrity. For that, you need an enterprise blockchain."

tl;dr;

In Business Processes driven by loosely coupled Event Driven Architecture, when something stops working, how can you reproduce what just happened ?

Replay the logs, where do you store the logs ? Blockchain

If for any one of many reasons and use cases, which we can discuss in the comments, and which we can even write subsequent blogs for, including the how-to guides for implementing the solutions, if you need to be as sure as you can be that the Event Data which you are sending from S/4HANA, that you are keeping "proofs" and evidence and copies of every Event which has been sent, for safe keeping, just in case, in the future you will need to be able to prove the originality and integrity of that Data, then next to your SAP Advanced Event Mesh, you need to deploy an Enterprise Blockchain, which you can do today on the SAP BTP Kyma Runtime, and use that Blockchain as the Immutable store of proof of the Events which have been sent out.

Publish & Protect Architecture

The formidable combination of SAP Advanced Event Mesh and Enterprise Blockchain (on the SAP BTP Kyma)

The combination of enterprise blockchain and event-driven integration gives you the benefits of an immutable, distributed ledger while providing the mechanism to integrate with existing and future enterprise systems.

It gets better, you can run the Blockchain across you and your Partners so that each Partner has a copy of the Blockchain.

In Business Processes driven by loosely coupled Event Driven Architecture, when something stops working, how can you reproduce what just happened ?

Replay the logs, where do you store the logs ? Blockchain

How would it look in practice, what is the Reference Architecture ?

Of course, you can bring whichever if your favourite Enterprise Blockchain Platform.

The ideal solution is one which runs on the SAP BTP because of:

Another really simple Publish and Protect Architecture, the easy boiling an egg equivalent of implementing these technologies is to use the SAP Advanced Event Mesh and the Enterprise Blockchain in combination as part of your Business Continuity Planning solution, and write SAP Data to an Enterprise Blockchain which is both Multi Region and Multi Cloud on the SAP BTP like this:

Enterprise AI and the Enterprise Blockchain and Event Driven Architecture with SAP Advanced Event Mesh

And now we're just getting started because the next big one is Enterprise AI, as we all know, in AI, garbage in, garbage out, so how can we be sure that both the Data and Models are protected, that we can trust both the originality and the integrity of the Data and the Models which are the backbone of our Enterprise AI ?

Again, the Enterprise Blockchain. The Events are fed into the Enterprise AI and at the same time written to the Blockchain, alternatively the Enterprise AI reads the Data from the Blockchain, the Data having been fed in to the Blockchain by the SAP Advanced Event Mesh:

The next case are B2B Business Processes where you are sharing (Publishing) Data to your Business Partners and you need to have the highest cyber security protection of the Data which you are sharing, again this is where the powerful combination of SAP Advanced Event Mesh and the Enterprise Blockchain come together