AWS Partner Network (APN) Blog

Simplify SAP Operations with Kyndryl Application Management for SAP on AWS

By Dileep Nair, Sr. Manager, Enterprise Architect – Kyndryl
By Suresh Pulivarthi, Sr. Partner Solutions Architect – AWS

Connect with Kyndryl-1

When managing complex SAP workloads in the cloud, customers face challenges including how to secure and optimize performance, lack of standard operating procedures, uncontrolled change management, and IT unavailability.

Kyndryl Application Management for SAP on AWS is a managed service designed to harness the full power of your SAP platforms and enhance agility and efficiency with cloud-enabled workloads on Amazon Web Services (AWS). Kyndryl can help customers achieve the following benefits:

  • Eliminate skills gaps and enable customers to focus on innovation while benefitting from differentiating application management and maintenance.
  • Simplify SAP operations for applications running on AWS while improving security and application resiliency.
  • Increase visibility with a managed services portal that shows SAP applications and the AWS infrastructure from a single pane of glass.

In this post, you will learn more about Kyndryl Application Management for SAP on AWS managed services, including support models, building resilient architectures, and tools and automation.

Kyndryl is an AWS Premier Tier Services Partner and global IT infrastructure services provider that’s relentlessly innovating to help customers with cloud-native transformation and make the journey seamless.

Key Services and Benefits

This section depicts the services offered by Kyndryl Applications Management for SAP on AWS and its benefits.


Figure 1 – Services offered for SAP applications.

Kyndryl’s Application Management for SAP on AWS is designed to simplify day-to-day operations:

  • Reduce costs, complexity, time, and risk by optimizing the way in which mission-critical enterprise resource planning (ERP) workloads are delivered and performed on AWS.
  • As Kyndryl takes care of day-to-day maintenance, clients can concentrate on more strategic initiatives.
  • The Managed Apps platform provides SAP applications with key insights and analysis.
  • With the Managed Apps portal, clients get enhanced visibility and transparency into SAP applications monitoring; 100% of data on the portal can be accessed and consumed through APIs.
  • Kyndryl offers comprehensive security controls and features that are specifically designed for SAP applications, reducing risk and providing peace of mind for customers.

Build Resilient Architecture for SAP on AWS

Below is a sample architecture depicting how Kyndryl builds resilient architecture for SAP S/4 HANA and deploys on AWS in a typical managed customer landscape.

The AWS Well-Architected Framework and AWS best practices are followed in the SAP on AWS reference architecture.


Figure 2 – SAP on AWS architecture in a Kyndryl managed customer landscape.

In the architecture above, the production SAP system is configured with high availability clustering. The SAP application layer’s point of failure being central services in AWS Availability Zone 1 (AZ1) is configured with lock replication to enqueue replication server in AZ2.

Similarly, the primary SAP HANA Server (AZ1) is connected to the secondary SAP HANA Server (AZ2) via HANA system replication (HSR).

These AWS storage services are used to protect the data with unmatched durability and security:

  • Amazon Elastic Block Store (Amazon EBS) provides block-level storage that’s well-suited for use as the primary storage for operating system files, binaries, databases, or SAP application file systems which require direct access to raw block-level storage.
  • Amazon Elastic File System (Amazon EFS) is a fully managed file system used for mounting shared files /usr/sap/trans and /sapmnt/<sid>, to be accessible for multiple application layer instances deployed in AZ1 and AZ2.
  • Amazon Simple Storage Service (Amazon S3) provides secure, durable, and highly scalable object storage used for SAP system backups.

Both the SAP application layer and SAP HANA database are configured to be protected by a SUSE Enterprise Linux (SLES) or Red Hat Enterprise Linux (RHEL) offered SAP-certified clustering solutions with overlay IP address routing for high availability.

Network Load Balancer, which functions as the fourth layer of the Open Systems Interconnection (OSI) model, is used to enable network access and route traffic for app server cluster IP and HANA database server cluster IP. This high availability cluster solution ensures the failover of resources from primary AZ1 to secondary AZ2, thereby ensuring maximum uptime of the mission-critical SAP system.

In addition to the primary region, which provides high availability for business continuity, there’s a disaster recovery (DR) pilot light infrastructure in the secondary region to deliver the expected recovery point objective (RPO) and recovery time objective (RTO) requirements.

The SAP HANA database is replicated from the primary region to the secondary region via HSR. The SAP application layer is replicated from the primary region to the secondary region using AWS Elastic Disaster Recovery (AWS DRS), which minimizes downtime and data loss with fast, reliable recovery applications using affordable storage, minimal compute, and point-in-time recovery.

Kyndryl Support Models

There are two models offered by Kyndryl for Application Management for SAP on AWS: Direct Account and Resell Account.

Following are the details of a Direct Account support model:

  • Customer owns the relationship with AWS​.
  • Root access to AWS account is owned by the customer​.
  • Customer account is connected as a member account to the customer-owned management account.
  • Customer account is managed by customer-owned AWS Control Tower​.
  • Customer has their own landing zone design that needs to be confirmed to meet Managed Apps requirements​.
  • Customer pays infrastructure costs to AWS directly.​
  • Customer owns all FinOps commitments (Reserved Instances and Savings Plans)​.

Here are the details of the Resell Account support model:

  • Kyndryl owns the contract relationship with AWS.
  • Kyndryl’s Resell Account support model provides End Customer Account Model (ECAM) and Solution Provider Account Model (SPAM) options.
  • The ECAM model is the default option for commercial customers, and the SPAM model is the default option for public sector customers.
  • Customer account is managed by Kyndryl-owned AWS Control Tower as a separate organizational unit (OU).
  • Kyndryl pays AWS infrastructure costs and recovers customer costs.
  • In the ECAM model, customer owns root access to AWS account and governs access to AWS services.
  • In the SPAM model, Kyndryl owns the root access to the AWS account and governs usage of AWS services.


Figure 3 – Kyndryl Resell Account model options.

Tools and Automation

For SAP on AWS, Kyndryl offers an integrated suite of tools to enable automation for pre-delivery requirements capture, build, deploy, migration, and steady state operations.


Figure 4 – SAP Automation Manager (SAM) suite of tools.

Here’s a list of automation tools which are used for managing SAP on AWS:

  • SAP Automation Manager Build Order Tool (SAMBOT) enables seamless automation by capturing detailed build order requirements.
  • SAP Automation Manager (SAM) orchestration engine generates a unique workflow for each client that automates the process of building and delivering the SAP system.
  • SAP Automation Manager Unified Launchpad (SAMUEL) is an automation orchestration tool for steady state operations, with capabilities such as inventory lists, patch schedules, and reporting.
  • Operational Platform as a Service (OPaaS) is a tool for integrating SAP and SAMUEL with native AWS services.


The Kyndryl Applications Management for SAP on AWS offering helps customers to simply SAP operations, reduce costs, eliminate skills gaps, and increase visibility for SAP applications on AWS.

Kyndryl’s service offering drives optimization security and compliance reporting, and application and service delivery to lines of business become more predictable from a cost, resource, and workload perspective.

To learn more about Kyndryl managed services capabilities, see the customer success stories for Schneider Electric and Schibsted Media Group.

To obtain more details and/or discuss further, submit a request to Kyndryl via AWS Marketplace or Kyndryl Bridge Marketplace.


Kyndryl – AWS Partner Spotlight

Kyndryl is an AWS Premier Tier Services Partner and global IT infrastructure services provider that serves 1000+ clients and relentlessly innovating to help customers manage SAP applications on AWS

Contact Kyndryl | Partner Overview | AWS Marketplace