cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

S2S VPN requirement?

DGMagni
Explorer

on ‎2025 Jan 12 8:27 PM

0 Kudos
219

Hello Experts:

I have inserted two images here for my question. 

Our client is an existing SAP customer (installed base) on ECC. They are moving to RISE with SAP and are raising questions about the requirement for a S2S VPN connection - as shown here from "Customer Premise" in the upper left hand corner.

They want to know WHY it a S2S VPN is mandatory. They would prefer not to have to use one. 

image (6).png

This customer would prefer to explore THIS option.

The reason why they prefer this option is that they do not want to have remote users - i.e. those working from home or in their offices and already "in the cloud" - to have to activate a VPN before logging into their SAP environment on RISE. 

Why is a S2S VPN mandatory? 

Thank you in advance

Dan Magni

Daniel.Magni@Ameri100.com

 

image (7).png

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
Slupczynski
Product and Topic Expert
Product and Topic Expert
‎2025 Jan 13 8:50 AM
0 Kudos

Hi Daniel,

My assumption is that you're referring to RISE on Microsoft Azure. There are several scenarios available (see this blog) whereas generally besides VPN one could alternatively as well go with a dedicated Private Connection or VPC / VNET Peering.

In case your customer moves all systems to RISE and no further connectivity to the old environments is needed anymore, this route can be dismantled.

Best regards,
Tomasz

Show replies
Show replies
DGMagni
Explorer
‎2025 Jan 13 12:31 PM
0 Kudos
Thank you Tomasz.
DGMagni
Explorer
‎2025 Jan 13 12:32 PM
0 Kudos
Your assumption is correct in that the target environment is RISE. They are an installed base client on ECC. They will retire the old once the new is up and running.
DGMagni
Explorer
‎2025 Jan 13 12:34 PM
0 Kudos
Their ultimate question is on users connecting from home or mobile into the RISE environment. They do not want their users to have to pop up a VPN to get into RISE. Any thoughts you can share on this?
Slupczynski
Product and Topic Expert
Product and Topic Expert
‎2025 Jan 13 4:31 PM
0 Kudos

There is no one unified answer to the exposure of the presentation layer, which theoretically could be some public available website. In case one could define the devices accessing the presentation layer like in a corporate design, that could be regulated via enterprise IdP. Non-enterprise-authenticated access then needs to be restriced at the IdP and the RISE environment having central identity service definition approprietly in place.

Ask a Question