Simplify and secure your SAP GUI deployments with M365 integration on Amazon WorkSpaces Pools

As organizations continue to migrate and transform their SAP applications into modern cloud-aware solutions, they seek more scalable, secure, and cost-effective solutions. Users need secure access to SAP GUI while maintaining integration with essential tools like Microsoft Office, a crucial but often overlooked aspect of an SAP implementation.

Delivering the SAP GUI desktop application through traditional methods is cumbersome, limiting user productivity and hindering the adoption of cloud-based SAP environments. Examples of this include deploying the SAP GUI application directly to your endpoint devices or running a traditional virtual desktop (VDI) solution on premise or on-cloud. These solutions are complex to set up and manage, requiring dedicated infrastructure along with security implications of leaving a data footprint on the endpoint device.

Amazon WorkSpaces Pools provides a modern and innovative solution for delivering SAP GUI clients securely and efficiently. As a managed service from Amazon Web Services (AWS), it simplifies the deployment and management of virtual desktops while offering seamless integration with Microsoft 365 applications.

With Amazon WorkSpaces Pools, organizations can provision SAP GUI clients on-demand, ensuring users have access to the applications they need, when they need them, delivered in a secure way. This scalable solution eliminates the need for complex infrastructure setup and management, enabling organizations to focus on their core business objectives.

The benefits of using Amazon WorkSpaces Pools include:

1. Secure and Compliant Access: By consuming a WorkSpaces Pools desktop, your users will use the SAP GUI application securely with no data residual left on the endpoint device. Each Instance is ephemeral in nature, meaning the user is connected to a new instance and when the user logs off the instance is terminated. In addition, you can integrate Amazon WorkSpaces Pools with your Active Directory to inherit you in-desktop security controls and tooling to ensure compliance.
2. Scalability on Demand: By leveraging WorkSpaces Pools, organizations are able to configure scaling policies which allows the solution to auto-scale to match the supply of instances to user demand. This will ensure the solution scales with capacity at the time you need it.
3. Cost-Effectiveness: By leveraging AWS’s pay-as-you-go model, organizations pay for the resources they consume, and is adjustable based on your business needs and consumption. This reduces the overall cost of ownership compared to traditional desktop solutions.
4. Improved User Experience and Productivity: With seamless integration between SAP GUI clients and Microsoft 365 applications, users can work more efficiently and collaboratively, boosting productivity and adoption. An example of this is the “Excel in frame” feature in the SAP GUI application.
5. Simple and Secure connectivity with SAP RISE: Hosting your SAP S/4HANA workloads on AWS allows you to take advantage of simplified and secure connectivity with Workspaces Pools connecting directly to your SAP RISE solution via private VPC peering.

Deploying SAP GUI on Amazon Workspaces Pools

Deploying SAP GUI on Amazon WorkSpaces Pools is a straightforward process, however needs to be planned. IT administrators can follow these high level steps:

1. Deploy an Amazon WorkSpaces Personal instance within the WorkSpaces Management Console
2. Login to the Personal WorkSpace Instance via the WorkSpaces Client (or Web Access)
3. Install the SAP GUI client application along with any additional applications (such as Microsoft 365) and customization requirements in the WorkSpace Instance
4. Capture a custom WorkSpaces Image and Bundle for use in your environment
5. Create a WorkSpaces Pools Directory with integration into your Active Directory (optional) and SAML Identity Provider
6. Deploy the Amazon WorkSpaces Pool
7. Assign users access to the WorkSpaces Pool via your SAML Identity Provider
8. Choose the appropriate method for your end users to access:
   • Web Access – Using a web browser, the user can login via the Application web link in your SAML Identity Provider.
   • WorkSpaces Native Client for Windows or Mac which enables some additional peripheral device support, enter in the Registration Code once installed

Connecting your Workspaces Pools environment to SAP RISE

Follow the SAP RISE to AWS connectivity guide to connect your Workspaces Pools VPC to your SAP RISE VPC. This can be achieved in several ways, the most common of which is via a VPC attachment to a central AWS Transit Gateway in your AWS account. An example architecture is provided below:

ALT: Architecture diagram showing Amazon Workspaces connecting through a customer AWS account to a SAP RISE hosted account on AWS.

Conclusion

By leveraging Amazon WorkSpaces Pools, organizations can overcome the challenges of securely delivering SAP GUI clients to their end-users while ensuring seamless integration with Microsoft 365 applications. This solution provides a scalable and cost-effective approach and enhances user productivity by enabling advanced features such as Excel integration and mail merge capabilities. With Amazon WorkSpaces Pools, companies can confidently embrace the future of cloud-based SAP environments while empowering their workforce with the tools they need to thrive.

Start your free tier trial of Amazon WorkSpaces Pools today and experience the power of secure and integrated SAP GUI delivery. Schedule a consultation with the AWS EUC and SAP experts to learn more about leveraging Amazon WorkSpaces Pools for your SAP GUI client needs.

Refer to the Amazon WorkSpaces Pricing page for complete pricing information.

About the authors

	Phil Persson is a Principal GTM Solutions Architect for End User Computing where he leads the EUC Architecture team across APJ.. Phil has been with AWS since December 2012 where he was a founding member of AWS Premium Support in the Sydney Region and then a Technical Account Manager for AWS Enterprise Support.
	Eneko Bilbao is a Principal Solution Architect specializing in SAP.. He has been designing, architecting and modernizing SAP landscapes for more than 20 years. He is a co-author of the SAP Lens for Well-Architected Framework and leads the SAP Tech Domain across APJ – working with many of the region’s largest SAP on AWS customers.