The pitfalls of SAP® licensing

Transparency in SAP® landscapes as the basis for successful risk prevention and successful negotiations regarding indirect usage

 

In the last 24 months, SAP has targeted its customers regarding direct and indirect use. The differences between direct and indirect use are briefly described below.
In the sense of SAP, direct usage occurs when a defined user connects SAP software to SAP software.
For example, an SAP customer links a standard module such as Materials Management to Self-Service Procurement. This means that an employee orders an office item in Materials Management. This data is then transferred to the Self-Service Procurement System. In that way, the purchasing department can create a purchase order to the supplier. For this purpose, the employee requires an SAP Employee User License and the purchaser must have at least one Limited Professional User or a user with similar rights. If these conditions are met, no subsequent licensing is due.

In the understanding of SAP, indirect usage is happening when a defined user connects SAP software with non-SAP software or vice versa. If data is exchanged from SAP to Non-SAP or vice versa, there is an indirect usage.
For example, the above-mentioned employee orders again material using the SAP Materials Management. This data is now transferred to a non-SAP system, since the company’s requirements are not covered by SAP functions. The non-SAP is easy to use, offers a high-performance and fault-tolerant search function with suggestions by the system and offers a self-service, with which users can design their own user interface. The employee of the purchasing department, who does not have an SAP user, now accesses the Materials Management from a non-SAP B2B so that the purchase order can be created.
In this particular case, this means in SAP’s understanding that the buyer needs either a Platform User License or SAP NetWeaver Foundation for Third Party Applications. SAP customers must purchase this either based on users or CPUs/cores. Mixing between the metrics is not allowed.
This is also necessary for test users who simulate load tests. An additional complicating factor is that peak loads are used for the license assessment.
That is, maximum numbers are valid and it is the task of the customer to identify, for example, the maximum number of CPUs/cores in a kind of self-report. For this reason, companies have to carry out these evaluations themselves – manually or tool-supported.
The scenarios described above apply to almost every SAP customer. The SAP landscape has grown massively over the decades of its use. The growth relates both to the number of SAP systems and to the number of interfaces between SAP-SAP and SAP-non-SAP systems.
This is precisely the problem of the SAP customer: there is no corresponding transparency in the SAP landscape. The SAP Solution Manager developed by SAP for the operation of an SAP landscape does not help here since it cannot provide the relevant information.  The collection of the relevant data based on manual activities cannot be presented in terms of time or money. Furthermore, the SAP landscape is subject to constant change. These changes are always to be tracked and documented under economic aspects.

To create such transparency in terms of time and economic aspects, CTI has developed the so-called CTI Landscape Analyzer for SAP Solutions (LA4SAP) and certified it through SAP.

The Landscape Analyzer makes it possible to generate a uniform view of all business-relevant information objects within a highly complex SAP landscape in a very short time. Completely compatible with SAP technology and using SAP standard functionality are derived from data information.
Using the collected data and importing it into an EAM software results in the desired result. The SAP customer can now display and evaluate his evaluations about the use and use of the SAP modules and the interfaces to SAP and non-SAP systems. Furthermore, he can at any time repeat the analysis of his SAP System and Transfer it into the EAM software so that he can understand the changes in his SAP landscape at any time .

This information helps customers analyze the surveys evaluated by SAP. In addition, this is the basis for more knowledge about your own SAP landscape.
In summary, this is a perfect foundation to enter contract negotiations with SAP.

For further Information, please contact the author at guido.w.stass@cti-consulting.de.

Three Steps towards GDPR Compliance

In our last post we already talked about the upcoming enactment of the EU regulation 2016/679 for data protection by the end of May 2018.

We stated that Enterprise Architecture Management (EAM) tools are a natural starting point for collecting and managing the data that are necessary for GDPR compliance.

In order to use this starting point properly we mentioned a three-step approach. Today, we would like to go a little further describing these three steps.

Step 1 – Inform

First of all it is necessary to get to know the GDPR regulation and its requirements both from a legal and IT point of view. This can be done in a one-day workshop.

Such a “GDPR Briefing” workshop should at least have the following items on the agenda:

  • Introduction to the topic of GDPR in a holistic manner
    • Legal perspective
    • Organizational perspective
    • IT perspective
  • Discuss the “need for action” for the company and identify main points
  • Derive first top-level recommendations for GDPR compliance implementation

We offer these GDPR Briefing workshops in cooperation with lawyers.

Step 2 – Define

In the next step the different perspectives of GDPR should be considered in more detail. Besides changes to contracts or end user license agreements on the legal perspective or the installation of new roles (e.g. a data protection officer) and the necessary overhaul of (especially) end user business processes one needs to check the readiness of the existing IT landscape for GDPR:

  • Analysis of the IT landscape regarding GDPR (in particular Article 30)
  • Evaluation of the GDPR Readiness from the perspective of IT
  • Recommendations for the implementation of GDPR with focus on IT

These “GDPR Readiness Checks” are usually performed in short-time projects and are used to prepare the final step.

Step 3 – Realize

Finally, recommendations and defined measures need implementation. This should be based on a project plan derived from a “GDPR Readiness Check” and encompasses points like:

  • Set up and enhance the EAM tool for the GDPR use case
  • Import the necessary data
    • Applications and how they process business data
    • Servers where applications are deployed and their physical location
    • How applications support business capabilities and organizational units
  • Automate updates for these data in the EAM tool
  • Name responsibilities and incorporate the EAM tool in GDPR compliance processes
  • Train GDPR responsibles

When it comes to the setup of an EAM tool as the “golden source” for GDPR compliance there is always one reason that hinders quick results – the amount of data to be collected about the existing IT landscape.

We offer various “remedies” for this particular obstacle which automatically read a specific part of the IT landscape and make it visible in EAM tools – and thus accountable in terms of GDPR:

  • Landscape Analzer for SAP: This tool reads the basic data about entire ABAP-based SAP landscapes (systems, clients, interfaces). We are currently working on an enhancement to also gather interfaces between SAP systems and non-SAP systems using SAP PI.
  • AWS integration: Servers running as virtual machines in the Amazon cloud (Elastic Cloud Compute [EC2] service of the Amazon Web Services) can be read via this tool and automatically imported in an EAM tool.

 

Do you have questions or comments? Feel free to let us know what you think about this approach and whether it makes sense to you. Let us know when you have questions the post did not cover deep enough. We’re glad to help: sales(at)cti-consulting.de.

Realize GDPR Compliance with Enterprise Architecture Management

Data protection becomes more and more important in a world where many aspects of life are supported by IT systems processing personal data and a lot of organizations running these systems.

General Data Protection Regulation (GDPR)

With Regulation (EU) 2016/679 of the European Parliament and of the Council data protection becomes a prominent issue for all organizations operating inside the European Union. That is because both the rights of individual users on information against organizations and the obligations of organizations for reporting and disclosure have been extended. Some examples:

  • Consent: Stronger conditions apply as to how consent about personal data processing is given.
  • Breach notification: Loss, theft or unauthorized access to personal data must be notified.
  • Subject access: Subjects can demand information whether their personal data is processed by an organization or demand porting their data to another provider.
  • Right to be forgotten: Subjects can demand data to be erased or restrict the processing of their data.
  • Data governance: Measures to ensure data governance must be put in place, e.g. privacy impact assessments (PIA), audits, or the appointment of a data protection officer.

Disregard of the new legislation can lead to severe penalties. GDPR Article 83 demands up 20 m Euros or up to 4 % of the total worldwide annual turnover.

In order to reach compliance with GDPR a lot of information about all data handling activities and the data processed needs to be collected, analyzed and made accessible. Action must be taken now as the regulation comes into force on May 25th 2018.

Enterprise Architecture Management supports GDPR Compliance

Enterprise Architecture Management (EAM) is the part of IT management that deals with documenting the existing IT landscape, defining standards and planning the future IT landscape. As this task needs to collect and maintain a lot of meta data about the IT of an organization, EAM is usually tool-based.

EAM tools like Alfabet (Software AG) or LeanIX (LeanIX GmbH) can support organizations in gaining GDPR compliance for various reasons.

First of all, these tools already come with a lot of information about the IT that is relevant for GDPR:

  • Documented applications show where (inside and outside of an organization) data are processed and how.
  • Information Flows describe how data are exchanged between applications.
  • Cataloges for business data define categories of data used by applications and business processes.

Such repositories are easily amended with the information specific for GDPR and thus lead to a much more complete view of an organization’s IT processing activities.

EAM tools also provide strong reporting capabilities. Alfabet, for instance and among others, offers the following reports and views:

  • Applications and their interrelation via information flows can be made visible using information flow diagrams.
  • Data processing activities (create, read, update, delete) are listed in so-called CRUD matrices.
eam-03-crud-matrix

Example of a CRUD matrix in Alfabet

 

Methodical Setup of GDPR compliance

We support your organization in realizing GDPR compliance in a three-step approach:

  1. Inform: Get to know the GDPR regulation and its requirements from the legal and IT point of view in a one-day workshop.
  2. Define: Define the measures that need to be taken based on your individual requirements (e.g. how to configure EAM tools to provide information needed for GDPR, how to change processes to incorporate GDPR steps, etc.).
  3. Realize: We help you to implement the measures defined in step 2. Among other things: We set up and enhance your EAM tool for the GDPR use cases from step 2 and import the necessary data. We offer various tools to automate the retrieval of data about the IT landscape, e.g. with our Landscape Analzer for SAP systems and Amazon Web Service (AWS).

 

Would you like to know more…? For further information, please, visit our web page on GDPR. Feel free to contact us: sales(at)cti-consulting.de.

The Roadmap to Digitalization – Episode 6: How to Integrate the AWS Cloud in Enterprise Architecture Management

Digital transformation or digitalization is widely discussed today. Digitalization offers an abundance of products based on new technologies and technological platforms that possess the capability to reshape business processes, organizational structure and ways of working. It holds the power to reshape complete business models or even overall market situations.

One main element of digitalization is cloud computing, the usage of IT resources (CPU time, storage, etc.) only up to the amount that is necessary at a certain point in time. Enterprise architecture management (EAM) needs to include the resource used in the cloud (be it private, public or a community cloud) to prevent the IT landscape from spontaneous growth. Measures on how to govern the usage of cloud services should (or need to be) implemented. Today, we’d like to show you how.

Get Architecture Information from AWS

Cloud services like Microsoft Azure, OpenStack or Amazon Web Services (AWS) offer APIs by which many different cloud resources can be created and managed.

We had a closer look at AWS. Its API allows control of instances (virtual servers), virtual machine images, volumes, hosts or network infrastructures, etc. For our first implementation, we concentrated on the instances, to be exact, on the AWS Elastic Cloud Compute (EC2) instances. These are the resource most likely used by our customers – i.e. moving applications from an on-premise server to instances in the cloud.

We created a command line tool that runs regularly to request the instance information from the cloud provider and download it in a standardized format.

Integrate with Enterprise Architecture Management

Based on that an automated import job is started to draw the information in Alfabet. Alfabet is a powerful EAM tool that we use frequently in customer EAM projects. Alfabet provides an object type called “device” that represents a server where an application can be deployed on. We used this object type to describe the AWS instances in the realm of Alfabet:

eam-02-instance-description

Imported AWS EC2 instance

The import job also connects the imported instances to the existing IT landscape:

  • Instances are connected to the location where they are running (i.e. “eu-central-1” for the AWS data center in Frankfurt, Germany).
  • Users are assigned to the instances to manage them.
  • A workflow is run to ask responsible users what applications are running on the instances. This is necessary to link instances and applications, and thus make clear how instances are used for.

The steps above provide transparency about the cloud IT landscape. They are the preliminary work for the “actual” use cases:

  • One could review all running applications whether they can be deployed on a cloud instance or not. This would enhance IT standardization as cloud services are built on standardized hardware and software platforms.
  • One could import and collect cost information per instance and use this for reporting and budgeting purposes.

Presentation at EAMKON 2017

We will talk about the integration of the Alfabet EAM tool with AWS at the EAMKON 2017 conference in Stuttgart, 30th May 2017. Looking forward to seeing you there!

Would you like to know more…? If you’re interested in the big picture, refer to the first episode of our digitalization blogs, for enterprise architecture management see this list of posts.

Interested? Please, contact us: sales(at)cti-consulting.de. For further information, please, visit our website.

Custom EAM Reporting with LeanIX

Enterprise Architecture Management (EAM) belongs to the most important organizational capabilities these days. As we showed earlier, EAM comprises the necessary methodologies and means for a prudent IT landscape planning based on an organization’s strategic (and digital) objectives.

EAM tools offer functionality to collect and correlate information about many aspects of your IT landscape (i.e. applications, components, information flows, business supports, business services, service products) and come with several reports and views to make this abundance of information visible and “digestible”.

An architecture management is most effective when the information collected in the EAM tool can be queried and displayed individually for all intended target groups. Each user (be it CIO, enterprise architect, application owner or else) gets exactly the information about the architecture that is most relevant for his/her tasks.

LeanIX is a relatively young member of the EAM tool group (compared to tools like Alfabet or ADOit). It is developed by the Germany-based LeanIX GmbH, is based on a very compact meta-model and is completely web-based.

It offers several reporting capabilities out of the box, e.g. application and project portfolios, cost reports, application and component landscapes, matrices and roadmaps and even a free-drawing capability.

Beyond that, LeanIX can be customized for the individual questions of an organization. It comes with an open interface (API) based on common web technologies (JavaScript, JSON etc.) which is used to integrate custom developed reports or also dashboards.

EAM 01 Leanix Reporting

For example: An IT transition project might need a specific view of only a section of the IT landscape, or one would like to analyze specific information about some applications (is the application business critical, which data protection requirements should the application fulfil etc.) in preparation for an IT project (as shown in the picture above).

We support you designing your EAM reporting: As certified LeanIX partner we help you identify the information needs of the various user groups, design the report, realize it and integrate it into your LeanIX workspace. Feel free to contact us: sales(at)cti-consulting.de. For further information, please, also visit our website.

The Roadmap to Digitalization – Episode 5: Idea Workshops as Means of Innovation and Participation

Digital transformation or digitalization is widely discussed today. Digitalization offers an abundance of products based on new technologies and technological platforms that possess the capability to reshape business processes, organizational structure and ways of working. It holds the power to reshape complete business models or even overall market situations.

A few months back we already talked about a four-step approach to digitalization in which one steps comprises an analysis phase where workshops are used to collect ideas and rethink business models. Today, we would like to elaborate on this step.

Innovation Phase with Idea Workshops

To find out what you can do in a particular field of digitalization in an organization – say mobility or big data analytics – you have to look two ways: There are the technological and market developments you need to consider. They offer new ways of doing work or new ways of work and business at all. And there are the people in the departments of the organization who know most of the daily processes, customers and applications.

We design or idea workshops to incorporate both sources of information:

  1. Introduction: Workshop participants get an introduction to the workshop topics and objectives. The customer project leader is invited to says something about how the workshop fits into the digitalization efforts of hers/his organization.
  2. Impulses: We offer information related to the workshop topics in one or more keynotes. This could encompass a general introduction to digitalization (followed by a few lead questions), an overview of a specific digital topic (i.e. what is big data all about) or the presentation of new features of a specific software. Sometimes impulses are also given by customer subject matter experts or the project leader.
  3. Idea collection and discussion: The workshop participants are given time to think about ideas. Ideas are written on cards and collected on a pin board. Each person pinning a card to the pin board is asked to present her/his idea. If desired, ideas are collectively prioritized.

We have already performed several such workshops for the last year and a half and always ended up with a surprisingly high number of proposals. Most of the proposals were quite straight forward offering ideas for quick win solutions making existing processes better. Some of the proposals were quite unorthodox – but we considered them valid nonetheless, because in today’s business world it’s the unorthodox business idea that wins the day.

Momentum for Change

Digitalization efforts – like all change efforts in an organization – should include and rely upon all members of an organization. They will be the ones to put the changes in strategies, services and processes into action.

We see these workshop as a means of participation and use them explicitly to include the people in the transformation process: They are allowed to think about their work, put it in different perspectives with the impulses given and make useful suggestions.

The customer’s organization management is called to follow up on the idea workshops with a transparent process about how and why the collected ideas are handled further – which of them are prioritized, which are realized in (pilot) projects and finally introduced to a department or the whole organization. In the workshops, we always experienced people willing to contribute and cooperate. This momentum can be made a strong support for changes driven by digitalization.

Interested? If you are interested in digitalization and enterprise architecture management, please, have a look at the other episodes in our blog and contact us: sales(at)cti-consulting.de. For further information, please, also visit our website.

CTI Landscape Analyzer for SAP® Solutions is certified as powered by SAP NetWeaver®

CTI Consulting today announced that its CTI Landscape Analyzer for SAP® Solutions has achieved SAP certification as powered by the SAP NetWeaver® technology platform. The solution integrates with SAP NetWeaver and provides insight into the SAP software landscape using a unique interface and analyzes all connected systems.

The SAP Integration and Certification Center (SAP ICC) has certified that CTI Landscape Analyzer 3.0 for SAP Solutions is powered by SAP NetWeaver. Solutions that are powered by SAP NetWeaver can be more quickly and easily integrated into SAP solution environments. Customers can benefit from improved interoperability with SAP applications and with the large ecosystem of solutions that run on SAP NetWeaver. Choosing an SAP-certified solution can also help reduce overall IT investment costs and risks.

“We are delighted to announce the successful achievement our CTI Landscape Analyzer for SAP Solutions, now certified as powered by SAP NetWeaver,” said Prof. Dr. Oliver Koch, CEO. “The ability of CTI Landscape Analyzer to run on SAP NetWeaver and interoperate with other SAP NetWeaver-based solutions will prove highly beneficial to our current and future customers.”

The CTI Landscape Analyzer for SAP Solutions provides a structured overview even of multifaceted SAP software landscapes, including current systems, clients, modules, components, information about operating systems and databases, release-versions and all interfaces as well as analyses of modules, components and interfaces. It is fully compatible with SAP technology and uses standard functions in SAP Solutions to transform data into information. Information about the SAP software landscape is up to date at all times and available at the push of a button with every needed technical detail.

The extracted data is converted, complemented and reprocessed into an optimal format using a best-practice model to visualize SAP software landscapes. If needed, the model can be adapted to any existing or favored metamodel, and the integrated analyzation and reporting modules can be used to examine and evaluate the extracted information. CTI Landscape Analyzer features export modules to the leading EAM tools Alfabet© of Software AG, ADOit© of the BOC Group or LeanIX©. Therefore, the extracted information can be used for extended enterprise architecture management.

Interested? Please, contact us: sales(at)cti-consulting.de. For further information, please, visit our website.

Continue reading