A secure, flexible environment for Euronics’ SAP systems in AWS

Euronics has been using SAP systems for business management for more than 20 years. Today, it operates a network of more than 60 stores and the number of stores is growing year by year. In addition to the growing number of the stores, it has been operating the largest Hungarian-owned electronics webshop with the highest turnover for the third year running. To fulfill the demand from the stores and the webshop, it has a 28,000 m2 warehouse in Üllő, of which 2,000 m2 is robotized. The client uses almost all available and relevant SAP modules to provide  IT support coverage for these tasks and processes. Euronics also uses the SAP Business Warehouse solution in addition to its SAP ERP system, and in 2023 it will also implement the SAP BTP solution to modernize its system integrations. 

As many of the stores are open from Monday to Sunday and the webshop is available at all times, it is essential that IT systems, and especially the ERP system, are stable, secure and scalable 24/7 to meet these demands. 

Euronics has been using SAP for a long time and it has become an essential part of its business, making it a priority to ensure that it is reliable, secure and flexible. This has not been fully achieved with the IT ecosystem that had been previously operating in the on-premise environment, not only SAP systems but also servers serving other functions (e-invoice validator, SAP Content server, EDI server, SAP Cloud Connector, etc.). Challenges were caused by (unplanned) downtime, performance problems, even at critical times for the business. 

Therefore, Euronics wanted to choose a platform that could ensure high availability and consistent performance in a cost-effective way. At the same time, the platform should be flexible enough to meet changing business needs and development plans, and provide a high-grade security for the management of business-critical systems and data. The options for Euronics were: 

• Investment in own infrastructure: purchase of hardware/software tools and additional resource expansion. 
• Private cloud provider: operational flexibility and security constraints. 
• SAP Rise: Euronics was not sure that this solution would have been right for them, especially in terms of development, change management and therefore flexibility. 
• Moving to public cloud: as the client already had a good experience with AWS, due to the fact that their webshop and other systems had been running on AWS, choosing AWS was an obvious choice, also because of the ease of future integrations. 

Security of data and systems was not emphasized in the above options, but was a very important consideration. Achieving the required level of IT security for both private cloud and in-house infrastructure would have required significant additional expertise and investment in terms of both tools and resources, whereas AWS provides enterprise security and compliance functions “security by design” in an integrated and always up-to-date way, all on demand, cost-effectively, complemented by advanced monitoring-logging in a homogeneous architecture, without the involvement of third party tools or services. 

Since Euronics did not plan to build a new team to meet the higher expectations, but wanted to develop the knowledge of the existing IT organization, it looked for an AWS partner with the right references and experience in both migration and subsequent support. Thus, Euronics entrusted TC2 with the migration of the SAP system to AWS and the development and operation of the AWS platform. 

The project process 

TC2 planned and executed the platform change within the Migration Acceleration Program, based on the best practice AWS migration strategy. Following the consultation with Euronics, we decided to migrate the SAP systems using the so-called lift & shift migration methodology, which further reduced the potential risks of the project with the possibility of optimization with the least number of changes. 

We faced several challenges at the beginning of the project. We were running legacy SAP and OS versions and we inherited a rather heterogeneous environment, with a mix of Windows and Linux based servers, in some cases with application and database installed on separate machines, in other cases on the same server. 

The migration project was divided into several phases. In the first phase of the project, a Proof-of-Concept (POC) was developed in which the SAP system was run in an AWS sandbox environment, allowing Euronics to test the planned data migration process and to ensure that SAP runs correctly in AWS. Based on the experience gained from the POC, we were able to optimise some elements of the system and plan the subsequent migration phases. 

The next step of the project was the migration of the test and development environments, and based on this experience, the migration of the live systems, which was completed smoothly thanks to thorough testing, and the project was delivered on time. 

Basics – the technological details 

During the project, it was important to deliver an easy-to-be-operated environment for Euronics that is flexible and highly secure to meet future needs, so the AWS platform deployment started with the development of a complete enterprise Landing Zone based on TC2 standards and AWS Well-Architected Framework best practices. 

The basis of the Landing Zone is an AWS organization for the unified and secure management of accounts and the cross-account operation of services at each organizational level. Part of the Landing Zone is a central network account where all network connections are concentrated, including the Internet gateway (NAT Gateway and Internet Gateway), the central firewall (AWS Network Firewall), central routing (Transit Gateway) and the site-to-site VPN connection to the ground environment. 

SAP and AWS have been working together since 2008 in a strategic technology partnership. The partnership began 16 years ago, when many of today’s cloud providers did not exist or were in a “preview” state. The strategic partnership means that “Walldorf” and “Seattle” jointly test, analyze and select the AWS infrastructure and platform services (SAP Certified AWS) that are best suited for SAP processes. 

For the SAP servers, we have chosen from SAP certified EC2 instances, sized to meet the resource requirements, with the latest Windows and SUSE Linux operating systems installed. The detailed Linux configurations required by SAP were accelerated using automation of the Documents feature of the Systems Manager service with TC2’s proven Infrastructure-as-Code (IaC) scripts. 

For the SAP transfer and interface files, we chose FSx for Windows integrated with Euronics Active Directory because it is compatible with both Linux and Windows operating systems. 

High levels of security are ensured by a number of AWS features and elements, including separation of test and live environments, encryption at rest, use of centralized East-West and North-South firewalls, granular Security Group rules, enabling CloudTrail organization-level logging (with audit logs saved to S3 storage in a dedicated and specially protected account), AWS IAM Identity Center for single-sign logon (with mandatory MFA), and also enabling core AWS security services such as Config, GuardDuty, and Security Hub to collect security events as they occur. 

Backup is handled by AWS Backup and monitoring is handled by CloudWatch. 

Well-defined operational and security event notifications are channeled into TC2’s monitoring system, so our operations and support team can be notified of critical situations immediately. 

We built Euronics’ enterprise-ready SAP platform from AWS’ native, integrated services. 

The result – a satisfied customer 

Nothing proves the success of the project better than the words of Balázs Kiss, CIO of Euronics: 

“I am completely satisfied with the AWS platform and the service provided by TC2, the system developed fully meets all my preliminary expectations. 

The success of the project was largely due to the flexibility provided by AWS (and TC2 of course). It was possible to set up a POC environment at any time and test some functionality without having to wait weeks or months, and once testing was complete, it could be dismantled and thus keep costs under control (pay-as-you-go). In addition, TC2 could quickly scale servers down or up depending on the results of the testing, so we could achieve perfect “right-sizing” and even boost disk performance on the fly if the task required so,” says Balázs Kiss, when during one test import, the structure of the files received from the ground environment made the loading much slower than expected, and by increasing the throughput of the EBS volume, we were able to speed up the process on the fly, without downtime and in a very short time.” 

On the security side, Balázs Kiss pointed out that “In an on-premise environment, I could never spend enough to get the level of security services that are available in AWS. Moreover, it’s a predictable cost, I don’t have to tender periodically for different vendors, I don’t have to deal with regular upgrades, integrations and other maintenance, I can leave it all to AWS and the expertise of TC2, who are constantly improving the expertise of my staff. Since then, I sleep much better.” 

Most importantly, since moving to AWS, there has been absolutely no downtime or performance drops. By relying on managed services and so-called predictive operations support, incidents can be prevented or at least responded to in a timely, fast and even proactive manner. For example, one of the storage facilities started to fill up, which TC2 detected in advance and intervened, so that this did not cause any downtime or disruption either. The design of the AWS platform is based on “by design”, which means that we design and build systems that can even self-heal, because human knowledge cannot completely rule out operational anomalies, so we have to be prepared for this responsibly. 

Throughout the project, TC2 was able to respond quickly and flexibly to new needs as they arose on the fly, and to make changes because of the benefits of the AWS platform. One of the outstanding advantages of AWS is that new requirements can be tested, validated or discarded quickly and cheaply on an R&D basis. 

Finally, Balázs Kiss concludes: ”In addition, I have big plans for SAP to leverage the data warehouse and artificial intelligence capabilities of AWS, I’m looking forward to starting new projects, and my team and I have already started to look at other systems to move to AWS. All of this, of course, we also plan to do with the excellent team of professionals at TC2.” 

At TC2, we also consider the project as a success and are ready to take on the next assigments. 

TC2, as an official Migration Services Competency Partner of AWS, will design, implement and provide 7/24 operational support for your migration and application modernization projects based on AWS audited methodology, documentation and support, while reducing your customers’ AWS project and operational costs with MAP program reimbursements.