To migrate or not to migrate? That is the
question on the minds of virtually every SAP
customer who has not yet migrated to the cloud
or SAP HANA®. However, for most customers, this
question is premature. Before you consider
migrating, you should first ask yourself, “Am I
even ready to migrate?” Unfortunately, for most
companies, the answer is “no.”
When migrating to a new platform, the quality of
SAP application management becomes more
critical than ever – particularly if that migration is
to the cloud or a hybrid environment. Yet there
are three areas where most organizations fall
short today with SAP management that can turn
any migration into chaos: version management,
infrastructure optimization, and access and
security management. To compound these
issues, the lack of any sort of advanced
monitoring capabilities usually leads to
inefficiencies and a lack of visibility into the overall
health of your SAP deployment.
These seemingly straightforward functions can become incredibly complex in an SAP
environment, and if they are not properly
managed introduce significant risk to the
business. To be able to effectively migrate to
SAP HANA or to the cloud – or for that matter, to
get the most out of your legacy SAP
implementation – having firm control over these
three areas is critical.
Unfortunately, SAP’s native solutions for all three
(SAP Health Checks, GRC, and Monitoring) are
extremely difficult to implement and to use
productively on an ongoing basis. As a result,
most SAP customers don’t use them at all, and
often ignore these technical areas all together –
at their own peril when it is time to migrate.
SAP System Health Checks
The SAP standard reporting for system health is implemented through Solution Manager. Most SAP
customers have Solution Manager as part of their landscape, and is one of the first things every SAP
customer should configure and put into practice. Unfortunately, its lack of intuitiveness and
significant training requirements prior to use means it’s often underutilized.
This situation drives many customers to operate in a reactive mode. It’s common not to use the Early
Watch Alerts (EWA) functionality, leaving system issues unchecked until they begin impacting the
business. Even if they are using EWA, they may not be acting on the issues appropriately simply
because the EWA reports tend to be very large documents that are difficult to wade through and
properly prioritize action items.
An additional complicating factor is that SAP is attempting to acclimate customers to frequent
updates. This will be the reality moving forward as an increasing number of customers migrate to the
the public cloud, SaaS models and S4 in public cloud, but for today’s non-cloud implementations
these updates are often missed. This creates an epidemic of SAP systems that are not as up-to-date
as they should be.
For example, support stacks should be updated at least once every year, but for typical mid-sized
business implementations they tend to be updated every two-four years. This causes a significant
problem when it’s time for an upgrade or a migration because these updates must be made
retroactively. Organizations are then faced with an enormous amount of technical work before an
upgrade or migration can begin and larger delays in the process.
It is not realistic for most organizations to acquire the expertise and raw manpower required to
effectively use Solution Manager and Health Checks, so the most practical solution is to acquire the
services of a partner who can perform them every quarter. To be most effective, the partner should
enrich and simplify the EWA report so high-priority items are clearly defined. Ideally, the partner
should also provide remediation and real-time monitoring services to make a full transition to
proactive SAP management.
Governance, Risk & Compliance (GRC)
Europe’s General Data Protection Regulation (GDPR) goes into effect in May 2018, and is bringing
governance, risk and compliance (GRC) to the forefront for SAP customers. GDPR requires that
organizations have much greater control over employee privileges, and imposes greater
responsibility over customer data management – including the right for customers to be forgotten.
Any European organization or multinational business operating in Europe needs to have robust SAP
GRC capabilities to ensure compliance with GDPR.
Many SAP customers will simply default to SAP’s native GRC module in the journey to GDPR
compliance. However, similar to the issues around Solution Manager, SAP GRC is extremely complex
and can take a long time to implement and master. In fact, if customers have not yet begun to
implement SAP GRC will have a difficult time being operational by the time GDPR goes into effect.
SAP customers would be well served to look beyond SAP for alternative GRC solutions that offer
simpler implementations and faster time to compliance – without sacrificing quality. One such
solution is ControlPanelGRC®. While SAP GRC takes months to implement, ControlPanelGRC can
deliver results in as little as one day and can be fully implemented in a few weeks.
Beyond deployment issues, there is also additional complexity in SAP GRC that will create problems
with GDPR. For example, creating a “read only” display version of business roles in SAP is complex
and makes it difficult to ensure that every role is properly locked down. Having this type of control is
critical for GDPR, because unauthorized editing rights can lead to expensive regulatory violations.
ControlPanelGRC, on the other hand, provides easily understandable analytics that can quickly
identify any roles that have edit rights assigned to them, and allow you to remediate unnecessary
While GDPR will not go into effect until May 2018, we expect strict enforcement when it does. Initially,
if organizations are not compliant but can prove that they are doing the right things to become
compliant, it’s likely they won’t be penalized too harshly. But over the long term, full compliance with
GDPR will be an absolute requirement – the days of “I hope we don’t get caught” are over.
SAP Monitoring is complementary to EWA. While EWA is like preventive medicine – making sure you
do the right things to avoid getting sick; Monitoring is like real-time diagnosis – using tests and
measurements to identify the cause of an existing illness, in real time.
For many SAP customers (particularly small to mid-sized businesses) – within SAP, monitoring is done
manually every day. This process is expensive and cumbersome, so an increasing number of
organizations are considering using SAP Solution Manager for automated monitoring. This brings its
own set of challenges:
Similar to GRC, SAP customers should not simply default to SAP’s tools for system monitoring. There
are third-party tools that can do the job more easily and comprehensively. One such tool is
Symmetry’s monitoring platform, which is purpose-built for SAP monitoring. It employs an agent-less
architecture that mimics a user’s activity and measures the ensuing business behavior. It also
Unless you’re already familiar with Solution Manager, it is very complicated making it difficult to implement and
productively use for monitoring over the long term. SAP Technical Operations is lost within Solution Manager
functionality, rather than being a purpose-built solution focused on making SAP monitoring easy and effective.
SAP Technical Operations relies on agent technology that is installed on the same servers as your SAP
implementation. The agent creates several complicating factors: although minimal, it competes for system
resources with SAP; it adds one more technology to patch in your architecture; and it has no concept of the user
experience or business context. This is because it takes technical measurements from the inside-out, rather than
user-focused measurements from the outside-in.
It does not provide an interactive and historically-based view across systems. Instead, users have to log into each
individual system to conduct monitoring, and then manually inspect logs and time stamps to understand real
time system health based off the alerts.
integrates across systems and provides customizable dashboards to easily identify issues across SAP,
databases, operating systems, the virtualization layer in cloud environments, and more.
Manual SAP monitoring is simply not a viable solution, particularly in high-stakes situations like
upgrades or cloud migrations. Manual monitoring typically happens once or twice a day, and the
person doing the monitoring might look at the most important 20-25 areas of SAP. Proactive partners
like Symmetry will continuously monitor the system, looking at 50-60 areas of SAP every hour of every
day – so your system doesn’t miss a beat.
Remediation is the final piece of the monitoring puzzle. No matter which mode of monitoring an
organization chooses, it must have a system in place for efficiently remediating any problems that are
discovered. When engaging a partner for monitoring, it is important that the partner have a service
desk that can fulfill this function.
Taking the First Step
To date, many SAP customers have been able to get by without devoting much focus to Health
Checks, GRC or monitoring. As the stakes continue to be raised by SAP and IT leaders around the
globe, “getting by” will not be good enough. Whether it’s upgrading to SAP HANA, migrating to the
cloud, or staying out of trouble with GDPR, SAP customers need to address these three keys to
system health if they plan to deliver greater business value.
Contact the experts at Sanomas for your
personal Migration Readiness Assessment