Skip to content

Commit

Permalink
Merge pull request #507 from Azure/naigaras-sap-checklist
Browse files Browse the repository at this point in the history 
Update sap_checklist.en.json
  • Loading branch information
@erjosito
erjosito authored Oct 4, 2023
2 parents 12d8567 + 32db376 commit a1dde01
Showing 1 changed file with 50 additions and 49 deletions.
99 changes: 50 additions & 49 deletions checklists/sap_checklist.en.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,59 +106,59 @@
"text": "Enforce a RBAC model for management groups, subscriptions, resource groups and resources",
"guid": "fda1dbf3-dc95-4d48-a7c7-91dca0f6c565",
"severity": "High",
"training": "https://learn.microsoft.com/en-us/training/paths/implement-resource-mgmt-security/",
"link": "https://learn.microsoft.com/en-us/azure/well-architected/sap/design-areas/security"
"training": "https://learn.microsoft.com/training/paths/implement-resource-mgmt-security/",
"link": "https://learn.microsoft.com/azure/well-architected/sap/design-areas/security"
},
{
"category": "Identity and Access",
"subcategory": "Identity",
"text": "Enforce Principle propagation for forwarding the identity from SAP cloud application to SAP on-premises (Including IaaS) through cloud connector",
"guid": "45911475-e39e-4530-accc-d979366bcda2",
"severity": "Medium",
"training": "https://learn.microsoft.com/en-us/training/modules/explore-identity-services/2-explore-azure-virtual-machine-auth-access-control",
"link": "https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/scenario-azure-first-sap-identity-integration"
"training": "https://learn.microsoft.com/training/modules/explore-identity-services/2-explore-azure-virtual-machine-auth-access-control",
"link": "https://learn.microsoft.com/azure/active-directory/fundamentals/scenario-azure-first-sap-identity-integration"
},
{
"category": "Identity and Access",
"subcategory": "Identity",
"text": "Implement SSO to SAP SaaS applications like SAP Analytics Cloud, SAP Cloud Platform, Business by design, SAP Qualtrics and SAP C4C with Azure AD using SAML.",
"guid": "750ab1ab-039d-495d-94c7-c8929cb107d5",
"severity": "Medium",
"link": "https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/scenario-azure-first-sap-identity-integration"
"link": "https://learn.microsoft.com/azure/active-directory/fundamentals/scenario-azure-first-sap-identity-integration"
},
{
"category": "Identity and Access",
"subcategory": "Identity",
"text": "Implement SSO to SAP NetWeaver-based web applications like SAP Fiori and SAP Web GUI by using SAML.",
"guid": "325ae525-ba34-4d46-a5e2-213ace7bb122",
"severity": "Medium",
"training": "https://learn.microsoft.com/en-us/training/modules/explore-identity-services/8-exercise-integrate-azure-active-directory-sap-netweaver",
"link": "https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/sap-netweaver-tutorial"
"training": "https://learn.microsoft.com/training/modules/explore-identity-services/8-exercise-integrate-azure-active-directory-sap-netweaver",
"link": "https://learn.microsoft.com/azure/active-directory/saas-apps/sap-netweaver-tutorial"
},
{
"category": "Identity and Access",
"subcategory": "Identity",
"text": "Implement SSO to SAP NetWeaver-based web applications like SAP Fiori and SAP Web GUI by using SAML.",
"guid": "9eb54dad-7861-4e1c-973a-f3bb003fc9c1",
"severity": "Medium",
"training": "https://learn.microsoft.com/en-us/training/modules/explore-identity-services/6-exercise-integrate-azure-active-directory-sap-fiori"
"training": "https://learn.microsoft.com/training/modules/explore-identity-services/6-exercise-integrate-azure-active-directory-sap-fiori"
},
{
"category": "Identity and Access",
"subcategory": "Identity",
"text": "You can implement SSO to SAP GUI by using SAP NetWeaver SSO or a partner solution.",
"guid": "f29676ef-0c9c-4c4d-ab21-a55504c0c829",
"severity": "Medium",
"training": "https://learn.microsoft.com/en-us/training/modules/explore-identity-services/8-exercise-integrate-azure-active-directory-sap-netweaver",
"link": "https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/sap-netweaver-tutorial"
"training": "https://learn.microsoft.com/training/modules/explore-identity-services/8-exercise-integrate-azure-active-directory-sap-netweaver",
"link": "https://learn.microsoft.com/azure/active-directory/saas-apps/sap-netweaver-tutorial"
},
{
"category": "Identity and Access",
"subcategory": "Identity",
"text": "For SSO for SAP GUI and web browser access, implement SNC \u2013 Kerberos/SPNEGO (simple and protected GSSAPI negotiation mechanism) due to its ease of configuration and maintenance. For SSO with X.509 client certificates, consider the SAP Secure Login Server, which is a component of the SAP SSO solution.",
"guid": "23181aa4-1742-4694-9ff8-ae7d7d474317",
"severity": "Medium",
"training": "https://learn.microsoft.com/en-us/training/modules/explore-identity-services/9-exercise-integrate-active-directory-sap-single-sign-on"
"training": "https://learn.microsoft.com/training/modules/explore-identity-services/9-exercise-integrate-active-directory-sap-single-sign-on"
},
{
"category": "Identity and Access",
Expand All @@ -174,23 +174,23 @@
"text": "Implement SSO by using OAuth for SAP NetWeaver to allow third-party or custom applications to access SAP NetWeaver OData services.",
"guid": "16785d6f-a96c-496a-b885-18f482734c88",
"severity": "Medium",
"link": "https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/sap-netweaver-tutorial#configure-sap-netweaver-for-oauth"
"link": "https://learn.microsoft.com/azure/active-directory/saas-apps/sap-netweaver-tutorial#configure-sap-netweaver-for-oauth"
},
{
"category": "Identity and Access",
"subcategory": "Identity",
"text": "Implement SSO to SAP HANA",
"guid": "a747c350-8d4c-449c-93af-393dbca77c48",
"severity": "Medium",
"link": "https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/saphana-tutorial"
"link": "https://learn.microsoft.com/azure/active-directory/saas-apps/saphana-tutorial"
},
{
"category": "Identity and Access",
"subcategory": "Identity",
"text": "Consider Azure AD an identity provider for SAP systems hosted on RISE. For more information, see Integrating the Service with Azure AD.",
"guid": "c7bae5bf-daf9-4761-9c56-f92891890aa4",
"severity": "Medium",
"link": "https://learn.microsoft.com/en-us/azure/sap/workloads/rise-integration#connectivity-with-sap-rise"
"link": "https://learn.microsoft.com/azure/sap/workloads/rise-integration#connectivity-with-sap-rise"
},
{
"category": "Identity and Access",
Expand All @@ -206,15 +206,15 @@
"text": "If you're using SAP BTP services or SaaS solutions that require SAP Identity Authentication Service (IAS), consider implementing SSO between SAP Cloud Identity Authentication Services and Azure AD to access those SAP services. This integration lets SAP IAS act as a proxy identity provider and forwards authentication requests to Azure AD as the central user store and identity provider.",
"guid": "59921095-4980-4fc1-a5b6-524a5a560c79",
"severity": "Medium",
"link": "https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/sap-hana-cloud-platform-identity-authentication-tutorial"
"link": "https://learn.microsoft.com/azure/active-directory/saas-apps/sap-hana-cloud-platform-identity-authentication-tutorial"
},
{
"category": "Identity and Access",
"subcategory": "Identity",
"text": "Implement SSO to SAP BTP",
"guid": "a709c664-317e-41e4-9e34-67d9016a86f4",
"severity": "Medium",
"link": "https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/sap-hana-cloud-platform-tutorial"
"link": "https://learn.microsoft.com/azure/active-directory/saas-apps/sap-hana-cloud-platform-tutorial"
},
{
"category": "Identity and Access",
Expand All @@ -230,69 +230,70 @@
"text": "enforce existing Management Group policies to SAP Subscriptions",
"guid": "6ba28021-4591-4147-9e39-e5309cccd979",
"severity": "Medium",
"training": "https://learn.microsoft.com/learn/modules/azure-architecture-fundamentals/",
"link": "https://learn.microsoft.com/azure/governance/management-groups/overview"
"training": "https://learn.microsoft.com/training/modules/enterprise-scale-organization/4-management-group-subscription-organization",
"link": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups"
},
{
"category": "Management Group and Subscriptions",
"subcategory": "Subscriptions",
"text": "enfore closely closely coupled applications into the same SAP Subscription to avoid additional routing and management complexity",
"text": "Integrate tightly coupled applications into the same SAP subscription to avoid additional routing and management complexity",
"guid": "366bcda2-750a-4b1a-a039-d95d54c7c892",
"severity": "Medium",
"training": "https://learn.microsoft.com/learn/paths/implement-resource-mgmt-security/",
"link": "https://learn.microsoft.com/azure/cloud-adoption-framework/decision-guides/resource-tagging/?toc=/azure/azure-resource-manager/management/toc.json"
"severity": "High",
"training": "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-subscriptions",
"link": "https://learn.microsoft.com/azure/architecture/guide/sap/sap-whole-landscape"
},
{
"category": "Management Group and Subscriptions",
"subcategory": "Subscriptions",
"text": "Leverage Subscription as scale unit and scaling our resources, consider deploying subscription per environment eg. Sandbox, non-prod, prod ",
"guid": "9cb107d5-325a-4e52-9ba3-4d4685e2213a",
"severity": "Medium",
"training": "https://learn.microsoft.com/learn/paths/enterprise-scale-architecture/",
"link": "https://learn.microsoft.com/azure/governance/management-groups/overview"
"severity": "High",
"training": "https://learn.microsoft.com/training/modules/configure-subscriptions/?source=recommendations",
"link": "https://learn.microsoft.com/azure/architecture/guide/sap/sap-whole-landscape"
},
{
"category": "Management Group and Subscriptions",
"subcategory": "Subscriptions",
"text": "Ensure quota increase as a part of subscription provisioning (e.g. total available VM cores within a subscription).",
"text": "Ensure quota increase as a part of subscription provisioning (e.g. total available VM cores within a subscription)",
"guid": "ce7bb122-f7c9-45f0-9e15-4e3aa3592829",
"severity": "Medium",
"training": "https://learn.microsoft.com/learn/paths/enterprise-scale-architecture/",
"link": "https://learn.microsoft.com/azure/governance/management-groups/overview"
"severity": "High",
"training": "https://learn.microsoft.com/azure/azure-resource-manager/management/azure-subscription-service-limits",
"link": "https://learn.microsoft.com/azure/quotas/quotas-overview"
},
{
"category": "Management Group and Subscriptions",
"subcategory": "Subscriptions",
"text": "Ensure required services and features are available within the chosen deployment regions eg. ANF , Zone etc.",
"guid": "e6e20617-3686-4af4-9791-f8935ada4332",
"severity": "Medium",
"training": "https://learn.microsoft.com/learn/paths/enterprise-scale-architecture/",
"link": "https://learn.microsoft.com/azure/governance/management-groups/overview"
},
"text": "The Quota API is a REST API that you can use to view and manage quotas for Azure services. Consider using it if necessary.",
"guid": "ce4fab2f-433a-4d59-a5a9-3d1032e03ebc",
"severity": "Low",
"link": "https://learn.microsoft.com/rest/api/reserved-vm-instances/quotaapi?branch=capacity"
},
{
"category": "Management Group and Subscriptions",
"subcategory": "Subscriptions",
"text": "Leverage Azure resource tag for cost categorization and resource grouping (: BillTo, Department (or Business Unit), Environment (Production, Stage, Development), Tier (Web Tier, Application Tier), Application Owner, ProjectName)",
"guid": "4e138115-2318-41aa-9174-26943ff8ae7d",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/governance/management-groups/overview"
},
"text": "If deploying to an availability zone, ensure that the VM's zone deployment is available once the quota has been approved. Submit a support request with the subscription, VM series, number of CPUs and availability zone required.",
"guid": "cbfad17b-f240-42bf-a1d8-f4f4cee661c8",
"severity": "High",
"link": "https://learn.microsoft.com/azure/quotas/quickstart-increase-quota-portal"
},
{
"category": "Management Group and Subscriptions",
"subcategory": "Subscriptions",
"text": "&nbsp",
"guid": "7d474317-6c8b-4cbf-95bb-e609d8a03e97",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/governance/management-groups/overview"
"text": "Ensure required services and features are available within the chosen deployment regions eg. ANF , Zone etc.",
"guid": "e6e20617-3686-4af4-9791-f8935ada4332",
"severity": "High",
"training": "https://learn.microsoft.com/azure/cloud-adoption-framework/migrate/azure-best-practices/multiple-regions?source=recommendations",
"link": "https://azure.microsoft.com/explore/global-infrastructure/products-by-region/"
},
{
"category": "Management Group and Subscriptions",
"subcategory": "Subscriptions",
"text": "&nbsp",
"guid": "778424d6-1678-45d6-ba96-c96ad88518f4",
"text": "Leverage Azure resource tag for cost categorization and resource grouping (: BillTo, Department (or Business Unit), Environment (Production, Stage, Development), Tier (Web Tier, Application Tier), Application Owner, ProjectName)",
"guid": "4e138115-2318-41aa-9174-26943ff8ae7d",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/governance/management-groups/overview"
},
"training": "https://learn.microsoft.com/training/paths/implement-resource-mgmt-security/",
"link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/sap/eslz-resource-organization"
},
{
"category": "Management and Monitoring",
"subcategory": "Monitoring",
Expand Down Expand Up @@ -748,4 +749,4 @@
"state": "Preview",
"timestamp": "October 04, 2023"
}
}
}

0 comments on commit a1dde01

Please sign in to comment.