Let me introduce my guest
My today’s guest wanted to be a cosmonaut such as Yurij Gagarin. He even graduated from the Aerophysics and Cosmic Research Faculty of MIPT. Today he is a skilled SAP consultant in application integration, interface development, system administration and mobile technologies, with over 15 years of experience comprising leading complex SAP projects on platform deployment and roll-out. What’s more he is on friendly terms with the cybersecurity matters.
About the differences between SAP S/4HANA and SAP ERP ECC in practice, cybersecurity in the IT industry, Cloud solutions and common challenges in the work of an ERP Integration Architect – Mikhail Groshev is interviewed by Jarosław JZ Ziółkowski.
Reading time: 7 minutes
1. I assume that the SAP industry does not have many secrets for you, because you have been working in the SAP world for over 15 years. I wonder how the architecture of ERP systems has changed over the years? Are the differences significant or not really?
I started with R/3 4.7 that already had 3-tier architecture which the brand new S/4HANA has too. So globally it didn’t change much – practically the same GUI, same application server architecture with its internal parts as MS, ENQ, DP, GW, database support, (except HANA DB). There are many differences of course – HANA DB came in, ABAP had some changes such as OO, REST for example. And of course Fiori/OData with its mobile capabilities which I think is the most significant change for end-users.
2. Okay then, and what about the tools used in your work? Would you be able to do the same today, but working with the tools that date back to 15 years ago?
SAP Application Server is like Arnold Schwarzenegger in the Commando movie – it carries almost all required tools and weapons to complete the task alone. There are codebase, repository, version control, changes delivery system, testing framework, IDE, and so on – all in one place. This approach has its drawbacks, but it makes you independent from all the other stuff for decades, though there are some additional tools for integration developing like SOAPUI and Postman.
So the short answer is yes, as an integration developer I probably would, but of course, the whole integration stream in our S/4HANA implementation project would be near impossible to manage without such modern collaboration tools as Jira, Confluence and Microsoft Teams.
3. Continuing, how does SAP S/4HANA differ from SAP ERP ECC in practice?
The differences lie mostly in the functional areas like Universal Journal, Central Finance, EWM, New GL, built-in Transportation Management, and a lot more but I am not an expert here.
From the technical perspective, almost all differences stem from the fact that S/4HANA supports only HANA DB in comparison to ECC that supports a whole branch of DB software.
As a result, SAP doesn’t have to develop and maintain a “universal” DB interface supporting all possible vendors but it may focus on HANA DB-specific features.
HANA DB key features are in-memory computing and column store, and that’s blurring the boundaries between OLAP and OLTP and making available some great features such as CDS view reporting, Fiori analytical applications, real-time analysis, etc.
In practice in S/4HANA, we can develop, or use those developed by SAP, fancy and fast UI5 applications with built-in analytical features. Also, ad-hoc reporting on local data can be done right in S/4HANA without the need to ETL data to BW and run queries there.
4. It’s hard to imagine SAP without ABAP, right? A few weeks ago, Michael Keller said that he liked ABAP because it had a clear mission (…). Because you are familiar with that, I’m curious about your opinion. What do you love it for, and maybe there is a small part that you hate about ABAP as well?
ABAP is a great language to build SAP business applications from existing programming building blocks. Of course, you may develop any report or module from scratch, but ABAP really shines when one has a solid knowledge of standard modules in this functional area.
I’d say I like ABAP for its excellent built-in repository, fast development speed if based on standard modules, a good framework to develop SOAP services, and great integration capabilities in SAP-SAP scope.
I hate when everything is being developed on ABAP including massive fully custom projects only based on the fact that SAP stores data. ABAP is not intended to develop such solutions as it has inferior versioning capabilities and common codebase stored in an SAP server repository. As a result after several years of operation, the critical core ERP system becomes IT Frankenstein consisting of hundreds of tightly coupled custom applications and several millions of strings of custom code so its TCO is going up and TTM going down.
5. Okay, let’s segue to a slightly different topic. You have a strong background in cybersecurity and IT. Do you think SAP systems are safe?
Is it safe to swim in the ocean? *Smile*
The system is “safe” as much as secure it’s the weakest part, so cybersecurity is the matter of holistic approach to it, and SAP offers some opportunities here. You must implement strict regulation rules, pay attention to user authorization profiles, and role management, considering the “segregation of duties” concept. Moreover, do all basis customizing regarding security like define password rules, secure the transport system, restrict access to OS and server itself, secure the gateway service, properly implement SSO and so forth, and so on. There are also structural authorization capabilities for HR personal data control, UI masking, and a lot more. I’d say SAP is safe enough if you take care of it properly.
6. Going further on this subject, I must ask about “clouds”. As you know, cloud solutions are a trendy topic these days. Based on your experience and knowledge of cybersecurity, I would like to ask whether you think that cloud solutions are safe? After all, in this case – we do not have any physical components, etc.
There are different cloud solution types on the market depending on the services they provide, so let’s narrow it down to the SAP Cloud Platform offering PaaS.
On the one hand, it is more secure as we don’t worry anymore about proper technical configurations like physical components, network topology, servers access, etc. SAP security settings like I have mentioned are also no worries because we do not depend on the qualification of the basis team and its vastness.
On the other hand, we are obviously posing the additional security risks since the Internet as an untrusted network which lies between the end-user and the backend. And despite all possible cybersecurity tools, actions, and regulations, there is always the probability to be compromised – an evil man can still be there, hiding in the middle *smile*.
One more example of the security issues, that the Information Security Office is usually deeply concerned about, is exposing the internal authentication provider, e.g. MS Active Directory. Although it’s being exposed to SCP only and protected by VPN and all that stuff and chances for a corporate users database to be leaked is vanishingly small, the possibility itself is rather disturbing.
7. So focusing on security, If you were to compare the Cloud installation and the On-premise installation – which one would you choose?
Basically, it depends on the business process we are talking about.
If it’s not a critical business process like manufacturing in Severstal, I could consider using SCP. One good example is talent management in SAP SuccessFactors. Technical services like Mobile Services and Cloud Process Integration are also good candidates.
And of course, there is another severe reason the SAP Cloud Platform is not very popular in the Russian Federation and seldom used for critical business processes – sanctions from US/EU Governments. Today you have a safe and secure ERP system on SAP S/4HANA Cloud, and tomorrow the contract is terminated. All business-processes stop with all business data somewhere in the datacenter. Not good.
8. Let’s talk about your professional experience. I am curious, what do you think is the most difficult in the work of an ERP Integration Architect? You wrote on LinkedIn that you are keen to deal with challenges. What challenges do you face on a daily basis? Which of them give you the most satisfaction?
The most challenging part of integration architecture is to bring this architecture and integration patterns to SAP developers and consultants and to convince them to follow them *smile*.
So it’s more about enterprise architecture management with integration as a part of it. SAP doesn’t offer much in this area except for the SAP Integration Solution Advisory Methodology, which is excellent at first glance, and I hope to implement some parts of It at least.
The main challenge I face every day is how to manage developers and business experts from 70 different application systems to build a familiar integration landscape and develop several hundred Integration scenarios in S/4HANA implementation project with a very tight schedule.
And to do that the particular integration methodology was designed as a part of the overall S/4HANA project methodology. It is the agile-based, hybrid method with key elements from different scaled agile frameworks. It is continually evolving, and I am very proud to take part in building it.
9. Last but not least. Your entire professional career revolves around IT. I wonder what path Mikhail Groshev would have chosen in his life if not for IT? Have you ever wondered about this?
As every child from the Soviet Union, I was dreaming about space and I was going to be a cosmonaut like Yuri Gagarin, that’s for sure *smile*. I even graduated from the Aerophysics and Cosmic Research Faculty of MIPT, but the dream didn’t come true. Speaking seriously and answering the question – no, I have never wondered about that too much in my adult life. Well, I am a very “technical” person, so there were two main possibilities – IT or science, and IT has won this battle *smile*.