SAP S4 Rise / Private Cloud

this information is based on sap's current best practices for connectivity https //blogs sap com/2023/01/31/rise with sap s 4hana cloud private edition secure cloud connectivity/ https //blogs sap com/2023/01/31/rise with sap s 4hana cloud private edition secure cloud connectivity/ the following three options are recommended for connectivity to s/4hana cloud, private edition / s/4 rise vpn (ipsec) vpc or vnet peering internet based firewall access ( content server and websockets only ) the connectivity architecture between aws, azure and google cloud are analogous, with minor variances in implementation vpn (ipsec) in this scenario, a virtual private network (vpn) gateway client is deployed in the docuflow middleware tenant and is configured to connect to the sap rise tenant vpn gateway traffic for the sap communications are routed through this secured connection azure and aws provide options for highly available connections as an option vpc (aws/google) or vnet (ms) peering virtual network peering is a mechanism that connects two virtual networks between tenants in a virtual private cloud (vpc) microsoft calls their implementation vnet and aws/google use the term vpc peering in all cases, peering provides a virtual, internal , low latency, high bandwidth network connection between tenants in the same vpc provider internet based firewall access in this scenario, a web application firewall (waf) is configured to allow specific traffic connectivity into the sap rise tenant aws, google and azure all offer waf as a service within the tenant note only https is supported this includes all content server connections and ecm server when websockets are enabled (websockets require s/4 hana 1909 or later) https //community sap com/t5/technology blogs by sap/websocket rfc rfc for the internet/ba p/13502531