Improve SAP BPC Reports Using Local Member

SAP Business Planning and Consolidation (SAP BPC) 10.1 resolves some difficulties finance users have had in setting up advanced finance reports. It includes multiple solutions, one of which is a user-friendly feature called Local Member. Any finance user who has prepared a report using SAP BPC has needed to pull data from SAP BPC while also setting up dynamic Microsoft Excel formulas. Given that EPM is an Excel Add-in, it is fairly apparent that this is something that users can do. What is not apparent is how users should go about doing it. This blog is intended to alleviate that problem.


What Is a Local Member?


Local Member is an EPM feature that enables users to set up Excel formulas in their reports and to repeat them at the intervals they desire. For example, Figure 1 shows a variance from a budget report. This is a common report for finance users that is very easy to create using the Local Member formula. The benefit of a Local Member formula, as you can see, is that it is part of the report and it can repeat itself logically every time budget numbers are pulled.

Figure 1 — The formula as part of the report

How to Create a Local Member Formula

There are two ways to create a Local Member formula: New Report/Edit Report and Options/Activate Local Member Recognition.

1. From New Report/Edit Report: When you want to create a Local Member formula in a new report, click the New Report button. When you want to add a Local Member formula to an existing report, click the Edit Report button and the dialogue box EPM – Report Editor opens as shown in Figure 2.

Figure 2 — The EPM Report Editor opens

This has a tab called Local Members that you can use to create a Local Member formula. The beauty of a Local Member formula in EPM 10.1 is that it is very user friendly and dynamic. It is easily available in the Report Editor. You can adapt to expanding rows and columns depending on the report output and also have the ability to place a Local Member before or after a member, member combination, dimension, column axis, row axis, or Local Member.

First, select the Enable check box, which enables the creation of a Local Member. Enter a Name, which displays on the list of Local Members on the left side of the pop-up. Then enter a description that will be displayed on the report. In the formula bar input the formula for the local member. The remaining options are a fairly exhaustive list of where you can place the Local Member. In my example, I placed the Local Member after the Dimension Category, Member Budget, as shown in Figure 2.

2. From Options > Activate Local Member Recognition: This approach for creating a Local Member is simpler than creating one using the New Report/Edit Report option. Local Member can also be set up by going to the Options button. Check the Activate Local Member Recognition check box (Figure 3).

Figure 3 — Activate Local Member recognition

After that, type a formula as shown in Figure 4 (Cell K14) and a Local Member is generated in the report (% variance columns H and L in Figure 5).


Figure 4 — Add the formula




Figure 5 — Variance columns added

After the Local Member is created though, users need to go to the Edit Report screen and check all the parameters of the new Local Member. In Figure 6 you can see that a new Local Member, LocalMember001, was created and the Description of BUDGET was given. You can change these to whatever you prefer. To do so use the Report Editor and type over the Name and Description on the selected Local Member in the Local Member tab. Then you can refer to the Local Member later.

Figure 6 — New Local Member added

In Figure 7 I renamed it to % Variance. Notice that as the Local Member is attached to the Dimension category and Member BUDGET, it populated the % Variance Local Member automatically after the 2017.01 Variance from Budget Local Member that I created for the example shown in Figure 5. Note that in Figure 4 I input the formula after 2017.02, but it automatically generated the formula for 2017.01. That is because the Local Member recognized that I am trying to get that variance of Budget and Actual in 2017.02, so it is relevant to auto-populate the same for 2017.01.

Figure 7 — Variance renamed to % Variance


The objective of this blog is to explain the use of Local Member and show how to create it using the two available options. Analysts can play around with the options and discover different ways to use them after learning the methods.

Compare the Reporting Benefits of Two Key SAP Business Planning and Consolidation Functions

A classic dilemma for reporting analysts who are trying to add a Microsoft Excel formula to an EPM report is whether to use EPMCopyRange or the EPM Local Member.

  • The EPMCopyRange feature is used to repeat the content of a range of cells to the bottom (columns) or side (rows) of a report. The range begins after the row axis and below the column axis.
  • EPM Local Member allows you to create a new member for adding a formula or calculation to your current report. These Local Members behave like any other member in the report but contain an Excel formula or EPM function.

Each approach has the following pros and cons.

EPMCopyRange Pros

Inserting a formula as part of the report:

Let’s take a cost center expense report as an example (Figure 1). After the column axis you want to input Cost Center Property, Account Property, Vlookup on Cost Center Property, and Vlookup on Account Property respectively. This is easily done using EPMCopyRange. As shown in Figure 1, in cell D1 you define the CopyRange, and in rows D7 to G7, you define the formula and format. This is done in a matter of minutes. Using Local Member instead is much more cumbersome as you need to add the details manually and define the formatting separately for each local member using the EPM Formatting Sheet.

Ease in formatting:

Even though this point is covered above, it does warrant a separate mention as a pro for EPMCopyRange. Formatting is easily done by formatting the cell range that is used in the EPMCopyRange. For example, in Figure 1 the format in the range D7 to G7 is replicated in the cells below it. Complicated conditional formatting can also be done on the cell ranges. Achieving the same effect using the EPM Formatting Sheet could become complicated, and it requires an additional step after you add the Local Member.

Complex Excel formula:

If you have used a Vlookup, Index Table, or SumIf on a Local Member, you are aware this can be cumbersome. Sometimes users face issues with these not working in Local Member. This is because it is critical to get the ordering of Local Members correct when you use complex Excel formulas. If you do not get it right you could face issues with the report, such as the Local Member not being populated or #N/A being populated. But this is easy when you use EPM CopyRange, as shown in Figure 1.

Figure 1 Using EPMCopyRange


EPM CopyRange Cons

Linking a formula to a dimension member:

While using EPMCopyRange it is tough to repeat a formula based on a dimension member. This ability is the biggest pro of the Local Member (i.e., repeating formulas for specific dimensions). One-off repetitions can be handled in EPM CopyRange also using an IF formula, but I suggest using Local Member if there are many repetitions. For more details refer to this point in the pro section for the Local Member.

Local Member Pros

Linking a formula to a dimension member:

A Local Member is specifically helpful if you want to repeat a formula after a specific dimension. As shown in Figure 2, if you need EBIT% (% of Revenue) every time you populate EBIT, then using a Local Member helps. It populates this information every time EBIT is populated.

Note: For this to work, click the Edit Report button in the Local Members tab to open the Report Editor functionality. Select the Member radio button in the Attached to section as shown in Figure 2.

Figure 2 — Information is automatically populated

Local Member Cons

Placement for the Local Member:

Unless you go to the Edit Report screen and attach the Local Member to a specific Member, Member Combination, Dimension, Column Axis, Row Axis, or Local Member as shown in Figure 2, the report randomly picks what it thinks is the best Attached to selection when analysts build a report. This can be confusing for beginners, and it can be cumbersome even for experts who understand this as they have to go into each Local Member and update the ‘Attached to’ option to make sure the Local Member populates in the correct position.

Formula Bar in Local Member:

In the formula bar in Figure 2 notice the formula =EPMMEMBER([ACCOUNT].[PARENTH1].[EBIT])/EPMMEMBER([ACCOUNT].[PARENTH1].[TOTREVENUE]).

This can sometimes be a problem, especially when you are trying to use this for variances. For example, in Figure 3 you use the Local Member to compare the 2017.01 Estimate versus the Actual. But in February the month changes to 2017.02 (Figure 4) and the Local Member goes away as the formula is dependent on the category and time.

Figure 3 — Compare the estimate versus the actual for 2017.01


Figure 4 — The Local Member goes away


Formatting can be tough while using the Local Member as you need to manually update the EPM Formatting Sheet with the format for each Local Member. This can be cumbersome when there is a shortage of time to prepare a report.


I believe that EPM CopyRange provides more flexibility to users as it has more pros than cons. Local Member is a more out-of-the-box solution and is normally the first go-to for first-time users. However, I would like finance users to explore the many benefits that EPMCopyRange provides. If introduced early on, EPMCopyRange is more intuitive to finance users than Local Members. When you move from being a user to a super user, you may find that EPM CopyRange is a super feature of SAP BPC 10.1. For financial reporting users, EPMCopyRange eases a lot of design and formatting issues without requiring help from an SAP BPC subject matter expert (SME) or a developer. It promotes self-sufficient usage and also the use of SAP BPC as a reporting tool because of its flexibility feature.  

Pinpoint Performance Bottlenecks Using ABAP Profiling

Analyze Your Application with Transaction SAT


by Manfred Mensch, SAP


Today’s complex IT landscapes must support many business users working concurrently with various applications. Software developers are also faced with diverse expectations for program performance: While users demand short response times and a predictable scaling behavior when the amount or the size of processed objects grows, IT administrators want minimal resource consumption so that the required hardware is as cost-efficient as possible. When these expectations are not met, or conflict with each other, developers must find a balanced way to optimize application performance. This requires a systematic, fact-based strategy to identify the parts of the software where most of the runtime is spent or that consume most of the resources, especially memory.

So how do you apply this strategy in your ABAP-based SAP environment? You must start with a complete and functionally correct application running on a test system with a representative set of test data. Then, to measure the application, you need a monitoring tool that can indicate whether the program’s performance needs optimization and whether there are bottlenecks related to runtime or to memory consumption. Such a monitoring tool can also detect issues linked to communication with external resources. For a detailed analysis, you need a profiling tool to examine events — such as instructions, statements, and calls to processing blocks — that are executed as the application runs, and to record their number, runtime (inclusive as well as exclusive), memory consumption, and call stack. This profile information pinpoints the critical — that is, the most expensive — parts of the application coding.

These measurement and analysis tools are readily available to SAP customers as part of all currently supported releases of SAP NetWeaver Application Server (SAP NetWeaver AS) ABAP. Transaction STATS1 serves as the monitoring tool, while transaction ST052 is helpful for problems caused by communication with external agents. This article looks at the profiling tool included with SAP NetWeaver AS ABAP: transaction SAT, the ABAP Trace tool (also known as Runtime Analysis).3 It shows you how to enable the recording of ABAP profiles (also known as traces) and how to analyze the results to find your application’s performance bottlenecks and resource consumption hotspots.

Enabling ABAP Profiling

By default, ABAP profiling is switched off, so that the system’s performance is not impaired. To enable profiling, access the ABAP Trace tool via transaction code SAT and configure the profile recording.

Configuring the Recording

Configure the profile recording on the Measure tab of the SAT start screen, shown in Figure 1.


Figure 1 — Configure and start the profiling on the Measure tab

Figure 1 — Configure and start the profiling on the Measure tab


Copy the DEFAULT measurement settings variant to a new variant (named SAP_INSIDER in the example) and click on the Change button (Change). On the resulting screen, change the settings to establish:

  • How you want to measure, using the Duration and Type tab (Figure 2)


Figure 2 — Define how SAT will perform the measurements on the Duration and Type tab

Figure 2 — Define how SAT will perform the measurements on the Duration and Type tab


  • What you want to analyze, using the Statements tab (Figure 3)


Figure 3 — Choose the statements to be included in the measurements on the Statements tab

Figure 3 — Choose the statements to be included in the measurements on the Statements tab


  • Where you want to measure, using the Program Parts tab (Figure 4)


Figure 4 — Specify which parts of the program you want to measure on the Program Parts tab

Figure 4 — Specify which parts of the program you want to measure on the Program Parts tab


On the Duration and Type tab, you specify how the measurements will be performed. The settings you choose depend on your unique requirements, and you must weigh the pros and cons of each against your needs. The aggregation setting is the most important decision: Selecting None creates one separate record for each executed event. This setting includes the call hierarchy and enables a very detailed investigation, but creates a potentially huge set of event records (the profile or trace) along with associated disadvantages, such as large overhead during profiling and sluggish analysis. Monitoring of memory consumption requires non-aggregated profiling and adds further significant overhead, so use this setting judiciously. The Per Call Position setting, on the other hand, summarizes data for identical events triggered from the same ABAP source code location into one record. For getting an initial impression of an application’s performance, the advantages of the smaller number of event records resulting from the Per Call Position setting far outweigh the associated loss of detail. The Explicit Switching On and Off of Measurement option enables you to restrict the profiling to a part of your application, such as a user interaction that was identified as expensive by its statistics records.

The Statements tab is where you choose the events that you want to record. For a first overview, select only the Processing Blocks. Subsequent more thorough investigations may require event records for further statements. If you include operations on internal tables, you can improve the resulting information by selecting the Determine Names of Internal Tables checkbox on the Measure tab of the SAT start screen, which enables SAT to record the names of internal tables as declared in the ABAP coding instead of using memory object IDs, such as IT_<NN>.

If you already have a suspicion about your application’s hotspot, you can identify this on the Program Parts tab by choosing Limitation on Program Components and restricting the event recording to the relevant dedicated source code component, such as a specific class or even a particular method. For the initial evaluation, profiling with No Limitation of the Measurement provides a comprehensive view.

Once the measurement settings variant has been defined and saved, you can reuse it for any number of profile recordings. Note that if you name a variant DEFAULT, SAT will use it on startup.

Profiling the Application

With the measurement settings defined, you are ready to record the ABAP profile, which requires that you run the application. Transactions, programs, and function modules are conveniently profiled from the Measure tab of the SAT start screen by clicking on the Execute button. This will start a new internal session with its own logical unit of work and preserves the SAT internal session. If you selected the Eval. Immediately checkbox on the Measure tab of the SAT start screen, trace evaluation begins immediately after the application completes and control returns to SAT. If you chose the Explicit Switching On and Off of Measurement option on the Duration and Type tab during the variant configuration, profiling starts only when you enter /ron in the OK code field and stops when you enter /roff.

To analyze browser-based applications or other non-SAP GUI applications, you need to schedule the profile recording on the Measure tab of the SAT start screen by clicking on Schedule under For User/Service. This scheduling option establishes a set of criteria (Figure 5) that will all need to be fulfilled by requests arriving in the ABAP back end for the kernel to start ABAP profile recording. The criteria include:

  • User: Name of the back-end user
  • Client: Client where the session is executed
  • AS Instance: ABAP application server instance where profiling will start
  • External Session: Number of the external session
  • Process Type: Process category (Dialog, Update, RFC, or HTTP, for example)
  • Object Type: Type of object to be measured (such as transaction, report, or URL)
  • Object Name: Name of the object to be measured


Figure 5 — Define criteria for scheduling the recording of an ABAP profile (in the background, the table for previously scheduled measurements is visible)


If you are unsure about appropriate values for some criteria, leave them empty or select Any.

There are further criteria to control the scheduling itself. With Max. No. of Sched. Measurements, you can set an upper limit for the number of measurements that can be started. With Expiration Date and Expiration Time, you control how long the scheduling is valid. Note that if you selected the Explicit Switching On and Off of Measurement option on the Duration and Type tab during the variant configuration, it has no impact on a scheduled profile.

Keep in mind that profiling is specific to the application server instance. Ensure that the program runs on the instance where you have activated the recording (or activate profiling on all application server instances). To obtain reproducible profiles with good data quality, execute the application a few times before recording a profile. These pre-runs will fill buffers and caches on all components that are involved in the application. Then the profile recorded during the measurement run will not contain any initialization overhead, which usually is not relevant.

Note that, depending on the measurement settings, profiling can significantly impair the application’s runtime. During analysis, SAT tries to correct for the overhead, but times taken from an ABAP profile should not be used for any other purposes.

Analyzing the ABAP Profile

While recording the profile, transaction SAT collects the event records into a file in the application server instance’s file system. During the first evaluation, the records are reformatted and the profile is stored in the database. From then on, the full analysis capabilities of transaction SAT are available. Copious profiling leads to a huge number of event records whose initial formatting for storage in the database takes a long time. Additionally, analyzing large ABAP profiles is slow and tedious.

The Evaluate tab on the SAT start screen (Figure 6) lists available profiles with some of their metadata:

  • Status: Status of the measurement
  • Measurement Date: Date of the recording
  • Measurement Time: Start time of the recording
  • Deleted On: Date when the measurement will be deleted (the default is the measurement date plus 50 days)
  • Description: Measurement’s description
  • Name of Trace Object: Object whose execution was profiled
  • Trace User: User who recorded the profile
  • Runtime: Total runtime in microseconds (µs)
  • Aggregation: Aggregation level of the profile
  • System: SAP system where the profile was recorded


Figure 6 — Select a recorded profile for analysis on the Evaluate tab


Clicking on the Expert Mode button (Expert Mode) in the toolbar displays further metadata on the measurements. The most helpful additional information is % Internal, which is the relative amount of time spent within the ABAP application server instance. This information helps determine whether optimizations are most promising in the local ABAP code or whether database accesses or remotely called functions, which are considered external, must be improved first.

To display a profile, double-click on the corresponding line in the list. Then, before starting a detailed investigation, click on the funnel icon (Funnel) to adjust the display filter so that event records related to system programs (field TRDIR-RSTAT has the value “S”) are shown. The display filter can also be reached from the SAT main menu (Utilities > Filter Default).

Profile analysis is supported by several tools included with transaction SAT that address specific questions. Here, we look at the Hit List tool, the Processing Blocks tool, the Profile tool, and the Times tool, which are the most useful for our purposes. Most features of the Call Hierarchy tool are available in the Processing Blocks tool with better usability. Issues that may show up in the DB Tables tool are much better investigated with an SQL trace recorded in transaction ST05.

The Hit List Tool

The Hit List tool (Figure 7) aggregates events by calling position4 and in its default layout shows:

  • Hits: Number of calls to the event from identical calling positions
  • Gross [microsec]: Total gross runtime of the event in microseconds (µs)
  • Net [microsec]: Total net runtime of the event in microseconds (µs)
  • Gross [%]: Total relative gross runtime of the event as a percentage of overall runtime
  • Net [%]: Total relative net runtime of the event as a percentage of overall runtime
  • Statement/Event: Name of the event (this field can be divided into Operation and Operand via the Representation Statement/Event button (Representation Statement/Event) in the list’s toolbar
  • Program Called: Name of the program in which the event was executed
  • Calling Program: Name of the program that called the event


Figure 7 — The Hit List tool aggregates the events recorded during profiling by call position


An event’s gross time (also called inclusive time) is the difference between its start and end times. The net (or exclusive) time is calculated by subtracting all gross times of directly nested subevents.

By default, the Hit List entries are sorted by net time descending, which is adequate when searching for traditional tuning approaches on the algorithmic level. To find the most expensive processing blocks or program flow branches, re-sort the list by gross time descending and analyze from the top downward. Verify that the events are required for the application and that all their executions are necessary: The most efficient optimization strategy eliminates everything that is not required for the application’s business objectives. Finally, sort the list by the number of calls descending. Investigate events that are called often and consider the use of mass-enabled calls if many executions are indeed necessary.

The Processing Blocks Tool

The Processing Blocks tool (Figure 8) is available only for profiles recorded without aggregation (by selecting None on the Duration and Type tab during configuration of the measurement settings). The tool restricts the complete call hierarchy with all events to modularization units — excluding other events provides a good overview of the application’s program flow. The tool displays the following columns:

  • Processing Block: Tree-like hierarchical display of the modularization units
  • Level: Call stack level — that is, nesting depth of the processing block
  • System: Icon (System Event) to indicate system event
  • Gross [microsec]: Gross runtime of the modularization unit in microseconds (µs)
  • Net [microsec]: Net runtime of the modularization unit in microseconds (µs)


Figure 8 — The Processing Blocks tool with the critical path expanded


If the trace was recorded with memory consumption (by setting the Measure Memory Use option on the Duration and Type tab when configuring the recording), the Memory Usage On/Off button (Memory Usage On/Off) shows further fields:

  • Memory [byte]: Beginning of the processing block: Memory used when entering the modularization unit
  • Memory [byte]: End of the processing block: Memory used when exiting the modularization unit
  • Gross memory increase [byte] in the processing block: Difference of the values in the two previous columns
  • Gross memory [%] increase in the processing block: Gross memory increase divided by initial memory usage

While the call hierarchy of the processing blocks can be expanded manually level by level, the Critical Processing Blocks button (Critical Processing Blocks) is more convenient: In a popup, simply select a criterion (percentage of runtime [gross or net] or memory increase) and specify a lower limit as a percentage (the default is 5% of the overall total gross time, or of the memory consumption at the beginning of each processing block). Processing blocks that fulfill the condition are identified as critical. They are shown with a red background, and all the events leading to them will be expanded. Depending on the criterion used to define Critical Processing Blocks, the following questions can be answered:

  • Percentage of total runtime (gross): What are the critical program flow paths where a substantial fraction of the time is spent? If any of them are superfluous, they must be eliminated by not calling the modularization unit at their root. This will save all the gross time of this call and shorten the application’s runtime by the corresponding amount of time.
  • Percentage of total runtime (net): Which processing blocks are directly responsible for a considerable amount of time? If they cannot be removed, they or their caller must be tuned to save as much time as possible.
  • Memory increase in processing block: Which processing blocks lead to a significant increase in memory consumption? Verify that the amount of processed data is reasonable and that the data structures are as lean as possible.

The Confine to Subarea button (Confine to Subarea) restarts the Processing Blocks tool with the selected event record as the root node. You can then focus on a smaller sub-branch of the application’s call hierarchy.

The Profile Tool

In the Profile tool (Figure 9), events are partitioned based on their class. Alternatively, events can be categorized by package, component, or program with the Other Hierarchy button (Other Hierarchy). At each level, further expansion according to the remaining categories is possible from the context menu. The available fields include:

  • Profile: Tree-like display of the hierarchy of categories
  • Selection: Checkbox to mark individual categories for subsequent navigation via the Display Subarea button (Display Subarea)
  • Number: Total number of calls to events in the category
  • Net [microsec]: Total net runtime of events in the category in microseconds (µs)
  • Net [%]: Total net runtime of events in the category as a percentage


Figure 9 — The Profile tool with various categorizations, such as packages or components


These fields help to find the areas that receive most of the calls or where most of the net time is incurred. Focus your optimization on these areas.

The Times Tool

The Times tool (Figure 10) lists events in chronological order with the following event data displayed in the columns:

  • Index: Running number
  • Statement/Event: Name of the event — this field can be divided into Operation and Operand and augmented by Program Called via the Representation Statement/Event button (Representation Statement/Event)
  • Gross [microsec]: Gross runtime of the event in microseconds (µs)
  • Net [microsec]: Net runtime of the event in microseconds (µs)
  • Total User Times: Non-system net time
  • System Time in Tot.: System net time (caused by programs for which the field TRDIR-RSTAT has the value “S”)


Figure 10 — The Times tool with Expert Mode switched on


The Times tool is especially helpful for non-aggregated profiles, where it enhances the Hit List results by revealing the individual event records that contribute to an entry with hits larger than one.

Events with a large net time may be candidates for optimizing their algorithms or data structures. If the gross time of an event is high, check whether all nested events are required and optimized.

The Expert Mode button (Expert Mode) subdivides the net times (user and system) into times used in modularization units, in the ABAP database interface (internal), in the database server (external), for internal table operations, for dynpro operations, and for other events.

Enhancing the Analysis

Transaction SAT supports navigation between its analysis tools so that the investigation of a suspicious event found in one tool can be enhanced in another tool. Let’s look at the most useful ways the Hit List, Processing Blocks, Profile, and Times tools can be used together to refine the analysis.

For a Hit List entry, the subset of all contributing trace records can be displayed in the Times tool — either by clicking on the Display Subarea button (Display Subarea) or by selecting the appropriate item from the entry’s context menu. This is valuable for aggregated entries (Hits > 1 in the Hit List) — for those, it is not obvious from the Hit List whether the time is uniformly distributed over the contributing individual events or whether a few of the events account for most of the time. With the Times tool, this can easily be discerned, provided that the profile was recorded without aggregation.

Similarly, for an entry selected in the Hit List, Processing Blocks, or Times tools, navigation to the event’s position in another tool is supported by the Position Cursor button (Position Cursor) or by using the context menu. If the navigation starts in the Hit List tool at an aggregated record corresponding to multiple single records, then all of these individual records will be offered for selection in a popup. Pick the record whose position in the other tool you want to see.

The set of records contributing to a category in the Profile tool can be displayed in the Hit List or Times tools via the category’s context menu. To do this for multiple categories, mark their checkboxes in the Selection column and press the Display Subarea button (Display Subarea). Double-clicking on an individual category will show its records in the Hit List tool.

Double-clicking on an event record in the Hit List, Processing Blocks, or Times tool navigates to the source code position. This provides context information and shows how the statement was programmed in ABAP. This is especially helpful for calls to modularization units where the parameters passed to the interface are relevant, but not included in the profile.

Checking Scalability by Comparing ABAP Profiles

An application’s total runtime is the sum of the execution times of the invoked events. Scaling relates this total runtime to the amount of processed data or to the size of the handled objects. The overall relation should be (quasi)linear or better, and must never be quadratic or worse. For small data sets (such as those typically available in development and test systems), the impact of contributions that scale worse than (quasi)linear may not be visible in the total runtime, because they are masked by the vast majority of events that have acceptable scalability. As soon as the data volume or the object size increases, the few events with poor scaling behavior dominate the application’s runtime to a catastrophic extent.

A conclusive scalability check with a small data set relies on an event-by-event comparison of two ABAP profiles for distinct runs of the same application. Let’s say that N1 and N2 are the respective amounts of processed data. Choose N1 and N2 so that their ratio N2 / N1 is larger than 10, and so that the runtimes of the relevant events are above 100 µs. (Otherwise statistical fluctuations may make the interpretation less reliable.) Events where the ratio of the net times is significantly above N2 / N1 probably have poor scaling behavior. This approach implicitly assumes a third measurement with N0 = 0 and zero runtime. For this reason, N1 should be large enough to make any overhead independent of the amount of data negligible.

To start the comparison, mark two profiles on the Evaluate tab of the SAT start screen and click on the Compare Measurements button (Compare Measurements). The Hit List comparison (Figure 11) shows the following columns:

  • Code: Indicator showing which of the traces contains the event — T1 indicates that the event occurs only in the first trace, T_2 indicates that the event occurs only in the second trace, and T12 indicates that the event occurs in both traces (T12 must be predominant for a meaningful comparison)
  • Event Class: Category of the event
  • Event Type: Type of the event
  • Name of Event: Name of the event
  • Net 2/1: Ratio of the event’s net runtimes between the second and the first trace
  • Net 2: Event’s net runtime in the second trace in microseconds (µs)
  • Net 1: Event’s net runtime in the first trace in microseconds (µs)
  • Number 2/1: Ratio of the event’s numbers of calls between the second and the first trace
  • Number 2: Event’s number of calls in the second trace
  • Number 1: Event’s number of calls in the first trace
  • Gross 2/1: Ratio of the event’s gross runtimes between the second and the first trace
  • Gross 2: Event’s gross runtime in the second trace in microseconds (µs)
  • Gross 1: Event’s gross runtime in the first trace in microseconds (µs)
  • Program Called: Name of the program where the event was executed
  • Caller: Name of the calling program
  • Offset: Control block offset of the calling position


Figure 11 — Hit List comparison of two ABAP profiles


The default sort order descending by Net 2/1 puts the events with potentially bad scaling behavior at the top of the list. These events need to be investigated very carefully. If there is the slightest probability that they may be executed with a large amount of data, they must be optimized. Otherwise, there will be a high risk of very long application runtimes due to nonlinear scaling behavior.

For ABAP applications, nonlinearity is almost always related to nested operations on internal tables. It can be caused by either an action that is inherently slow (such as sorting an internal table) and executed too often, or by an operation that must be called very often (such as reading a line out of an internal table) but does not run as fast as possible. To resolve the first situation, you must adapt your application’s logic so that the slow action is called only very rarely. In the second case, the technical implementation of the frequently executed statement must be tuned by changing the data structure or the algorithm. Usually this is more straightforward than redesigning the application’s logic.

ABAP Profiling in Eclipse

Starting with support package 04 for SAP NetWeaver 7.31, there is an Eclipse-based integrated development environment, which is the successor to the SAP GUI-based transactions for ABAP development.5 The Eclipse-based ABAP development tools include an ABAP Profiling toolset with recording and analysis capabilities similar to those of transaction SAT. In addition, a Call Timeline displays the event records in a graphical call tree (Figure 12). The width of the bars represents the duration of the corresponding events. Coloring is according to a set of configurable rules either for the call type or for the object name. The lower panel supports zooming into a specific time interval of the profile, displayed in the upper panel. Resting the mouse over an event shows details for that event in a popup.


Figure 12 — Call Timeline in the Eclipse-based ABAP development tools


With this graphical approach, it is very easy to spot suspicious patterns that repeat or that have a large nesting depth. In addition, navigation from the Call Timeline to other tools, such as the Hit List or the Call Sequence, or to the ABAP source code, supports further investigation or optimization.


Transaction SAT provides profiling functionality that helps you pinpoint hotspots in your ABAP-based applications and find the most promising strategy for optimizing performance. It enables you to collect the information you need to answer critical questions, such as: Which parts of the coding are executed frequently and how much time is spent there? Where is most of the memory consumed? With the answers to these questions, you can identify problem areas in your ABAP code and derive an approach that balances the application performance requirements of end users and IT administrators.


1 For an introduction to transaction STATS, refer to my article “Identifying Performance Problems in ABAP Applications” in the January-March 2016 issue of SAPinsider ( [back]

2 This tool is described in my article “Track Down the Root of Performance Problems with Transaction ST05” in the July-September 2013 issue of SAPinsider ( [back]

3 Transaction SAT is the successor of transaction SE30, and is available as of enhancement package 2 for SAP NetWeaver 7.0. [back]

4 For profiles recorded with aggregation Per Call Position, this was done during recording. If aggregation None was used, the Hit List summarizes the individual event records on the fly. [back]

5 Learn more about the Eclipse-based ABAP development tools in the article “A Guide to SAP’s Development Environments for SAP HANA and the Cloud” in the January-March 2015 issue of SAPinsider ( and at [back]


Manfred Mensch
Manfred Mensch ( joined SAP in 2000 and has been a member of the Performance and Scalability team since 2006. His responsibilities include supporting his colleagues in SAP’s Products and Innovation organization by coaching and consulting on performance during the design, implementation, and maintenance phases of their software. Currently, Manfred is focusing on the development of training programs and on performance analysis tools.

Built-In Protection with SAP Cloud Platform

How Security and Compliance Combine to Safeguard Your Data


by Annette Fuchs, SAP


Businesses face data security threats every day, and stories about data breaches, service disruptions, and theft of personal data such as Social Security numbers, birthdates, addresses, and credit card information appear constantly in the news. A recent study by the Ponemon Institute surveyed 419 companies in more than 13 countries and found that almost half of these incidents are caused by malicious or criminal attacks, with the rest distributed between system glitches and human errors. The study also shows that some companies are better prepared to deal with such incidents than others.

So why are some companies better prepared? Do they have more accomplished programmers? Are their security measures better? Are they less often subject to attacks? In many cases, the answer is that better-prepared companies use a balanced combination of regulatory compliance and security technology. This article explains how SAP Cloud Platform provides this balanced combination to SAP customers.

However, before diving into the details of how SAP Cloud Platform ensures the protection of sensitive data, it’s important to understand the meaning of the terms “compliance” and “security” and how they work together to provide comprehensive data security.

Understanding Compliance Versus Security

Security and compliance are frequent topics of conversation, particularly in organizations with a digital business model, and the two terms are often used synonymously. However, while they are closely intertwined — and while requirements for both can be formally tested and certified against international and national standards — they do differ. Let’s take a closer look.

What Is Compliance?

In general, “compliance” refers to conformity with legal and regulatory requirements, industry standards, and best practices. Its aim is to comply with existing laws and guidelines, adhere to voluntarily established codes of conduct, introduce measures to observe specific rules, and by this, avoid rule violations and any accompanying penalties or prosecution.

The overall goals of being compliant can be placed in six categories:

  • Protection means guarding a company’s reputation, tangible and intangible assets, and people (employees and customers).
  • Counseling refers to best practices about what to do and how to do it.
  • Information refers to a transparent reporting system that provides insight into how well the recommended actions have been implemented.
  • Quality assurance and innovation deal with proper quality assurance to deliver products that meet their functional requirements. Adhering to regulations and standards ensures your innovations are resilient and reliable.
  • Monitoring and surveillance are used to ensure that employees have the right to take an action and that they are performing that action properly according to regulations, laws, and standards. It is almost more important to have monitoring in place that can detect abnormal behavior, or any unexpected or unknown patterns.
  • Marketing refers to the perception of your organization in the marketplace. Being compliant is a source of transparency and proof for customers, employees, and the general public that your company is working in a way that adheres to existing laws and best practices.
What Is Security?

In the context of securing information, “security” refers to sound security systems that help protect information from threats by controlling how the information is used, consumed, and provided.

The overall goals of information security can be placed in seven categories:

  • Confidentiality is keeping secrets secret. This is achieved by encryption for data at rest and in transit, and physical and technical access control.
  • Integrity refers to the accuracy and reliability of information and systems. Hardware, software, and communication mechanisms must work together to maintain and process data correctly, and to move data to intended destinations without unexpected alteration.
  • Availability ensures reliable and timely access to data and resources to authorized individuals. Hardware and applications should recover from disruptions in a secure and quick manner so that productivity is not negatively affected.
  • Authenticity is to reliably verify the genuineness of a message, a recipient, or a sender.
  • Imputability is the ability to reliably assign interactions to specific instances or individuals.
  • Non-reputability refers to associating actions or changes to a unique individual in a way that the individual is not able to deny the action.
  • Reliability is the ability of an entity to perform a necessary function for a specified period under defined conditions.

Some might say that only the first three categories — confidentiality, integrity, and availability — are crucial to information security. While these are certainly core attributes when it comes to information security, authenticity, imputability, non-reputability, and reliability are arguably just as important — particularly when you are running systems or storing data on hosted systems or in the cloud.

The Connection Between Compliance and Security

So how do compliance and security interconnect? Comprehensive data security requires both: One without the other is insufficient. A company that is compliant but does not have a sound security framework or system cannot defend against security attacks or disruptive incidents. And a company with a sound security system but no compliance controls will miss some security considerations — but this scenario at least provides some amount of protection. For this reason, it’s best to start by designing and implementing a security system that fits your company’s needs, which includes identifying what needs to be protected so that you have some protections in place while you then implement controls to verify that system against compliance criteria.

Figure 1 shows an example of resources that typically need protection within an organization. Every enterprise is different, with unique needs and individual goals. A thorough analysis of protection requirements is necessary to design a security system that takes into account the goals and critical information that must be protected within an enterprise.


Figure 1 — Resources within an organization that typically need protection by a security system


Once the protection requirements have been identified, the next step is to carry out a risk analysis. The risk analysis can be considered a connecting element between the security system and compliance controls. Based on the risk analysis, the scope for the compliance goals can be set. It is a good practice to start with a small scope to see if the security system has been designed and implemented properly, and then enlarge it within a continuous improvement approach.

In summary, you need a security system to protect your information, and compliance controls to check whether your security system is properly implemented and working. Compliance can be seen as a snapshot of how your security system meets your security requirements — which are derived from the risk analysis — at a given moment in time. Being compliant helps to minimize your company’s risks and increases the effectiveness and efficiency of your overall security framework, as your security system and compliance controls are continuously aligned and revised to match company goals.

Secure Data Protection with SAP Cloud Platform

Now that you have a foundational understanding of the distinctions and interconnectivity between security and compliance, let’s see how these two concepts come together in SAP Cloud Platform to provide comprehensive data protection.

SAP Cloud Platform is SAP’s platform-as-a-service (PaaS) offering for creating new applications or extending existing applications in a secure cloud computing environment (see Figure 2). Comprehensive application development services and capabilities allow businesses to collect, manage, analyze, and leverage information of all types; to extend and connect to business systems; and to innovate new edge scenarios that enable businesses to continuously adapt and advance. From a security governance perspective, SAP Cloud Platform is embedded within the corporate SAP security framework, which consists of a comprehensive set of security policies, standards, guidelines, and controls to which all SAP products are obliged to adhere.1


Figure 2 — SAP Cloud Platform provides comprehensive application services in a secure cloud computing environment


SAP Cloud Platform offers a variety of security functionality and products, many of which have been covered in previous SAPinsider articles. In addition, to ensure that SAP Cloud Platform meets customer security needs and that security is properly implemented on all levels, SAP Cloud Platform includes a specific Information Security Management System (ISMS), undergoes thorough risk analysis, and follows a regular compliance cycle. During this cycle, adherence to the standards against which SAP Cloud Platform is certified is examined and tested.

Let’s look at some of the key international and national certifications with which SAP Cloud Platform complies or is working to comply, including International Organization for Standardization (ISO) certifications for systems management, Service Organization Controls (SOC) for US-based auditing, International Standard on Assurance Engagements (ISAE) regulations for European auditing, and Information Security Registered Assessors Program (IRAP) certifications for Australian government data (see the sidebar “Securing Information Through Standardization” for more on some of the different types of standards relevant to information security).



Securing Information Through Standardization


In the digital age, with sprawling networks and ever-expanding attack surfaces, standards play a critical role in securing your technology landscape, by providing a systematic way to define your needs and protect your information assets.

For example, there are international standards, such as those developed by the International Organization for Standardization (ISO), which is a worldwide federation of national standards bodies (ISO member bodies). ISO works closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. There are also national auditing standards, such as the Service Organization Controls (SOC) developed by the American Institute of Certified Public Accountants (AICPA), and the Information Security Registered Assessors Program (IRAP). In addition, there are good practices (GxP) guidelines specific to various industries, such as the pharmaceutical and food industries, as well as industry- or region-specific standards, such as the Payment Card Industry (PCI) standards for credit cards, the Health Insurance Portability and Accountability Act (HIPAA) standards, and Federal Information Processing Standards (FIPS).

Compliance with these standards is usually assessed through third-party evaluations and, depending on the type of standard, confirmed with a certificate. For example, an ISO certificate is one or two pages that state what was evaluated. In some cases, such as SOC, forms of attestations consist of comprehensive assessment reports.

Some standards verify point-in-time situations while others target duration-in-time, which means you must prove that you are continuously adhering to the standard — not just at the time you are performing the evaluation. Another differentiator is that some standards are satisfied with a situational snapshot, and others require you to follow the “plan-do-check-act” cycle to ensure continuous improvement of the certification subject.

The "Plan-Do-Check-Act" Cycle


International Certifications: ISO

As a basis for all its certifications, SAP Cloud Platform implemented an ISMS according to ISO 27001. The ISO 27001 standard specifies the requirements for establishing, implementing, maintaining, and continually improving an ISMS within the context of an organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The ISMS for SAP Cloud Platform extends and complements SAP’s corporate ISMS to cover SAP Cloud Platform-specific protection needs, such as service level agreements, or confidentiality and integrity of customer data. The ISMS for SAP Cloud Platform defines the scope, objectives, and targeted entities at which the system is aimed.

ISO 22301 is the standard for setting up and managing an effective Business Continuity Management System (BCMS). It specifies requirements to plan, establish, implement, operate, monitor, review, maintain, and continually improve a documented management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to, and recover from disruptive incidents when they arise, such as earthquakes, floods, pandemics, and terrorist attacks. The goal of these requirements is to be able to return to normal operations in a planned and controlled way within a tolerable period of time after a disruptive incident. This means that you must know your critical processes and what is needed to operate them, and you must know how fast you need to be back up and running before your business will suffer a severe loss.

SAP holds a corporate ISO 22301 certificate that covers corporate resilience and continuity requirements. In comparison, the BCMS for SAP Cloud Platform more specifically covers resilience and continuity requirements for customer systems and data running or being operated on SAP Cloud Platform.

National Certifications: SOC, IRAP, and ISAE

In addition to ISO certifications, SAP Cloud Platform also complies with various national standards, including the US-based SOC regulations, the European ISAE regulations, and the Australian IRAP certification.

Where the ISO standards are more generic, the SOC standards, which are reporting standards maintained by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA), focus on cloud environments. These standards take the form of audits that are performed against an AICPA regulation called Statement on Standards for Attestation Engagements (SSAE) No. 16, resulting in SOC reports.

An SOC 1 report is related to the protection of financial statements, and is relevant for financial reporting services. There is also a European equivalent, named ISAE 3402, which is maintained by the International Federation of Accountants (IFAC) and applies only to Europe. When a company holds both attestations, as SAP does, the certification is usually referred to as SOC1 SSAE16/3402.

An SOC 2 report is related to specific assurance principles addressing non-financial areas. SOC 2 audits are performed against the Trust Services Criteria, which are a set of principles — security, availability, processing integrity, confidentiality, and privacy — to which a company must adhere. These principles are organized into seven categories: organization and management, communication, risk management and design and implementation of controls, monitoring of controls, logical and physical access controls, systems operations, and change management. A company does not need to fulfill all criteria right away — depending on the business, it can define an appropriate scope to be tested against to prove adherence.

SOC 1 and SOC 2 reports can be either Type 1 or Type 2. Type 1 assesses how the security controls are designed. It does not include an assessment of how effectively the controls are operating. Type 2 includes an assessment of the design and operating effectiveness of the security controls. SAP Cloud Platform holds attestations for both types.

SOC 3 reports contain essentially the same content as SOC 2 reports, only the SOC 2 reports are very detailed and may contain critical information. For this reason, they often can be obtained only upon request and are addressed at interested professional audiences. SOC 3 reports are much shorter and can be publicly available as they contain less critical information and are less detailed.

Another standard is IRAP, which is a security assessment required and designed by the Australian government for government information and communication technology systems. The goal of this assessment is to ensure that systems operated within government agencies where sensitive data is accessed and processed comply with best-practice security standards. The assessment is carried out in two stages. In the Stage 1 audit, the assessor identifies security deficiencies that the system owner rectifies or mitigates. In the Stage 2 audit, the assessor assesses the residual compliance. SAP Cloud Platform has undergone both stages and is currently waiting for the certificate.

Details on all certificates and attestations for SAP Cloud Platform can be viewed in the SAP Trust Center.


As persisting news on security breaches shows, there is no absolute security. Or as Eugene H. Spafford put it: “The only truly secure system is one that is powered off, cast in a block of concrete, and sealed in a lead-lined room with armed guards — and even then I have my doubts.”2 However, with a commitment to transparent and recurring reviews and audits by internal and external certification bodies, SAP Cloud Platform helps organizations achieve the highest levels of security by meeting the latest compliance and security standards, and by providing a certification program that is continuously extended and advanced to adapt to new requirements to ensure the security of your business into the future.



Learn More


Learn more about SAP Cloud Platform and how SAP ensures security, compliance, and quality at the following links:


1 For an introductory look at how SAP’s overarching security strategy is realized with SAP Cloud Platform, see the article “Securing the Cloud with SAP Cloud Platform” in the October-December 2017 issue of SAPinsider ( [back]

2 A. K. Dewdney, “Computer Recreations: Of Worms, Viruses and Core War” (Scientific American, vol. 260, no. 3, 1989, pp. 110; [back]


Annette Fuchs
Annette Fuchs ( is a Senior Product Manager at SAP with a focus on security quality and processes. She has been leading several product security certification projects within SAP NetWeaver development, including the Common Criteria certifications for SAP NetWeaver Application Server and FIPS 140-2 for SAP’s Crypto Kernel. After a couple of years in product management for SAP Document Center, she is now specializing in Business and IT Service Continuity Management for SAP Cloud Platform.

Centralized Management of Hybrid SAP Landscapes

How SAP Landscape Management Simplifies IT Maintenance in Hybrid Environments


by Michael Hesse and Markus Winter, SAP


In the digital world of big-data and in-memory technologies, innovation has become a key differentiator for companies running SAP software. Cloud-based solutions in particular are helping organizations expand into new business areas, with a growing array of infrastructure-as-a-service (IaaS) solutions enabling companies to get new projects up and running quickly, without the time and cost associated with on-premise deployments. For example, using IaaS-based resources to test and customize a new solution can speed the deployment process significantly.

On-premise solutions remain a critical part of IT infrastructures, however. Organizations might want to keep their most sensitive data on premise to fulfill strict security requirements, for instance, and some industries, such as defense, might have policies against storing data outside the country where they are based. Consequently, IT departments find themselves running hybrid landscapes of growing complexity, which increases the administrative burden for IT staff already under pressure to spend more time on innovation projects while decreasing costs.

To help SAP customers minimize time-consuming maintenance work — such as provisioning, cloning, and refreshing SAP systems and solutions — so that they can respond in a timely way to digital opportunities, SAP offers SAP Landscape Management, an application that can simplify the management of hybrid SAP landscapes. Introduced in 2011, with the latest version, 3.0, delivered in November 2016, SAP Landscape Management is a separately licensed application that runs on SAP NetWeaver Application Server (SAP NetWeaver AS) for Java version 7.40 and higher. It provides a centralized, simplified framework for managing SAP and non-SAP solutions and systems, both on premise and in the cloud, and with its support for SAP HANA and SAP S/4HANA, it helps companies adopt innovations such as the Internet of Things (IoT) and predictive analytics.

This article provides an overview of how SAP Landscape Management simplifies the maintenance of hybrid SAP landscapes. It first looks at the solution’s functionality, and then walks through how it is used in key implementation scenarios.

Simplifying SAP Landscape Management

With SAP Landscape Management, SAP administrators can reduce the time spent keeping the lights on. By simplifying SAP system and landscape management and providing landscape-wide visibility and control across infrastructure layers, the software enables companies to run their SAP solutions more efficiently across physical, virtual, and cloud environments. The result is increased efficiency, lower operating costs, and time freed up for IT teams to focus on more value-added activities.

SAP Landscape Management helps streamline the management and operations of SAP hybrid landscapes by:

  • Centralizing landscape management
  • Automating system provisioning for SAP solutions
  • Providing comprehensive design and extensibility tools
  • Helping administrators manage landscapes based on the SAP HANA platform
Centralizing Landscape Management

SAP Landscape Management provides a single pane of glass through which you can view your entire system landscape. The software enables you to centralize management of your IT infrastructure with built-in support for system dependencies and tools to help monitor the health and availability of SAP services across your IT environment.

Real-time dashboards (see Figure 1) help show at a glance how your systems are running and provide a quick, high-level overview of your current landscape state. Meanwhile, landscape visualization technology allows you to visualize systems as well as underlying infrastructure and identity relationships.


Figure 1 — Real-time dashboards provide an overview of your current landscape state


A sophisticated scheduling engine allows you to schedule and execute mass or sequential tasks during planned maintenance. In addition, you can use a rolling kernel switch procedure to update application servers step by step, in a rolling fashion, without causing downtime and disruption for users.

Automating System Provisioning for SAP Solutions

With SAP Landscape Management, you can automate the repetitive, day-to-day administration tasks that typically tie up IT personnel. These activities include complex provisioning operations such as copying systems, cloning data, performing refreshes, and installing application servers.

In addition, SAP Landscape Management enables the automation of crucial activities — such as cleaning up print jobs, changing RFC destinations, and converting logical systems names — that must be performed after the copy or refresh of SAP NetWeaver or SAP Business Suite applications. You can automate these post-copy activities either as part of the system copy and refresh process or as a standalone task.

Providing Comprehensive Design and Extensibility Tools

Using SAP Landscape Management, you can tailor landscape administration processes to meet the needs of your organization. For example, custom provisioning functionality enables you to integrate and use your own replication technology for system provisioning.

In addition, custom operations functionality lets you create action buttons inside the operations pane for SAP Landscape Management. For example, you can create an action button that gives an SAP administrator access to a privileged OS command without the need for login details. Custom hooks also allow you to extend, modify, or even replace existing workflows within the solution, and automation studio tools enable you to schedule operations, such as a restart during the night, to be executed on instances, systems, or hosts at specific points in time.

Helping Administrators Manage Landscapes Based on the SAP HANA Platform

You can use SAP Landscape Management to efficiently operate and provision SAP solutions optimized for SAP HANA, including SAP S/4HANA. In addition to automating system copy and refresh operations, the landscape management software enables you to automate functionality within SAP HANA.

This functionality includes the takeover feature, which allows you to switch activity from primary to secondary systems. In addition, failover functionality enables you to complete the process of restoring the workload from a standby host back to the original host after it has been recovered and is operational again. With near-zero downtime maintenance capabilities, you can also keep solutions up to date without disrupting users.

How Does SAP Landscape Management Work?

SAP Landscape Management enables companies to run and maintain their IT solutions effectively, wherever they are hosted, which allows IT to run its operations to suit the needs of the business and support cloud-based initiatives more easily. To support this capability, SAP Landscape Management uses a flexible adapter concept that enables companies to connect to any kind of infrastructure.

With this support, organizations can manage and control private and public cloud-based solutions, on-premise environments, or a hybrid combination of these scenarios, allowing them the agility to take advantage of the benefits offered by the cloud, while continuing to maintain sensitive information in their on-premise solutions.

These capabilities enable SAP Landscape Management to support a variety of mixed environments. Let’s take a closer look at how SAP Landscape Management supports on-premise and IaaS landscapes, which are two of the most common scenarios.

Managing On-Premise Environments

Figure 2 shows the components set up in an on-premise environment. As depicted, SAP Landscape Management is installed on SAP NetWeaver Application Server for Java. The landscape management software has two application programming interfaces (APIs) with adapters that enable them to manage central storage and virtualization environments. SAP Landscape Management also connects to the physical or virtual server hosting SAP applications and controls administrative functions — such as starting and suspending virtual machines, information gathering about hosts and operating systems, and moving SAP components between hosts — for this software.


Figure 2 — An architectural overview of SAP Landscape Management in an on-premise scenario


Managing IaaS Environments

Figure 3 shows SAP Landscape Management set up to control systems in an IaaS environment. In this scenario, adapters that connect to the IaaS provider’s APIs enable the landscape management software to manage private-cloud environments (such as OpenStack) and public-cloud environments (such as Amazon Web Services and Microsoft Azure). One of the key requirements for successfully managing this kind of environment is a proper networking setup. SAP Landscape Management requires network access to each of the managed SAP systems, which is usually achieved by a VPN or proxy network setup.


Figure 3 — An architectural overview of using SAP Landscape Management in an IaaS scenario


Freeing IT Resources to Drive Innovation

By enabling administrators to manage hybrid IT environments using a single tool, SAP Landscape Management radically simplifies how companies can manage their IT infrastructures. This, along with increased automation, is transforming how IT professionals are performing their jobs. Instead of spending the majority of their time on day-to-day administration work, IT personnel can have more free time for innovation projects that help the business create a competitive advantage.

Furthermore, support for the management of in-memory computing environments like SAP HANA allows companies to take full advantage of big data-based technologies such as artificial intelligence, the Internet of Things, blockchain, and predictive analytics. In this way, SAP Landscape Management can be viewed as a critical solution to help SAP customers drive innovation in IT and support digital innovation projects.



Learn More


Learn more about SAP Landscape Management and how it simplifies the management of modern IT environments at the following links:


Michael Hesse
Michael Hesse ( is a Product Manager at SAP with a focus on landscape management. He works very closely with SAP partners to integrate solutions to manage SAP systems running on different infrastructure platforms. Before joining SAP, Michael worked for VMware and EMC focusing on integrating new technologies with SAP solutions.

Markus Winter
Dr. Markus Winter ( has been working in the field of landscape optimization, virtualization, and cloud computing for the past 17 years, and during that time has driven landscape management topics within SAP. He currently leads the Cloud Management product unit as Chief Product Owner.

Planning Your SAP NetWeaver Upgrade Strategy

A Release-by-Release Look at SAP’s Maintenance Roadmap for SAP NetWeaver


by Karl Kessler, Vice President of Product Management ABAP Platform, SAP SE


SAP NetWeaver is the longtime technology foundation for a wide swath of SAP customer landscapes. Initially introduced in 2004, it serves as the platform for a range of key business applications and provides a host of development and integration tools and services, and SAP continues to add enhancements and features with new releases to ensure this business-critical component meets evolving customer needs. The latest release, SAP NetWeaver 7.5,1 includes a number of features that bring to customers the technologies needed to compete in the digital economy, such as the Internet of Things (IoT), mobile, cloud, big data analytics, and enhanced security.2

Despite the enhancements delivered in the latest releases, there are many older SAP NetWeaver systems — SAP NetWeaver 7.0x systems in particular — still running in production in SAP customer landscapes. In addition to lacking access to the latest innovations and security features, these older releases are now reaching the end of mainstream maintenance: For example, maintenance ended for the initial release, SAP NetWeaver 2004, in 2010 and for SAP NetWeaver 7.0 at the end of 2017.

With maintenance ending and technological advancements continuing, now is the time to move to a newer version of SAP NetWeaver that will meet modern needs and pave the way to adopting innovations such as SAP S/4HANA. But what does this mean, and where do you begin? This article helps you make a strategic plan for your organization by providing a concise, comprehensive overview of SAP’s current maintenance strategy for SAP NetWeaver. It summarizes what you need to know about each existing release — including what is supported, when that support will end, and how it relates to SAP Business Suite — and offers recommendations for planning ahead.

Understanding the SAP NetWeaver Maintenance Roadmap

Figure 1 shows the number of productive SAP NetWeaver systems, by release, running in SAP customer landscapes. As you can see, while SAP NetWeaver 7.4 and 7.5 deployments have significantly increased since they were released for customer use, SAP NetWeaver 7.0 deployments have steadily decreased due to the end of its mainstream maintenance. SAP NetWeaver 7.3x, which is still fully supported, has remained somewhat in the middle and continues to be in practical use.


Figure 1 — The number of productive SAP NetWeaver systems, by release, running in SAP customer landscapes


Note that SAP NetWeaver 7.1 is not a full SAP NetWeaver release (it includes only SAP NetWeaver Composition Environment 7.1, SAP NetWeaver Mobile 7.1, and SAP NetWeaver Process Integration 7.1) and SAP NetWeaver 2004 systems have been in customer-specific maintenance for quite some time. Most customers still running SAP NetWeaver 2004 systems are running them as “read-only” systems, meaning they are used only for compliance or documentation purposes.

Figure 2 summarizes the overall maintenance plan for the SAP NetWeaver releases that are currently in productive use in customer landscapes: SAP NetWeaver 7.0x, SAP NetWeaver 7.3x, SAP NetWeaver 7.4, and SAP NetWeaver 7.5. Let’s take a closer look at the maintenance details for each, as well as how the maintenance strategy for SAP NetWeaver is related to the overarching mainstream maintenance roadmap for SAP Business Suite (see the sidebar “The Maintenance Roadmap for SAP Business Suite” for more on SAP Business Suite).3


Mainstream Maintenance Ends  SAP NetWeaver Release  Link to Product Availability Matrix 
Dec 31, 2017 7.0x 7.0
Dec 31, 2020 7.0x (BW ABAP) Documented only in SAP Note 1648480
7.3x (BW ABAP) Documented only in SAP Note 1648480
Dec 31, 2024 7.5
Dec 31, 2025 7.0x SAP NetWeaver AS ABAP Documented only in SAP Note 1648480
Dec 31, 2024 7.51 SAP NetWeaver AS ABAP
Dec 31, 2024 7.52

Figure 2 — Overview of the SAP NetWeaver maintenance roadmap



The Maintenance Roadmap for SAP Business Suite


SAP Business Suite — including its cornerstone application, SAP ERP — is supported until 2025, which also requires maintenance of the corresponding SAP NetWeaver Application Server (SAP NetWeaver AS) ABAP components until 2025. The Java-based components, however, are supported only as long as the corresponding SAP NetWeaver releases, which means 2017 for Java 7.0x, 2020 for 7.3x and 7.4, and 2024 for 7.5 (note that no SAP Business Suite release is based on SAP NetWeaver 7.3).

The following table shows which SAP NetWeaver software component versions are required as the foundation for the different enhancement packages of SAP ERP 6.0. These versions are interoperable with SAP NetWeaver standalone hubs — for example, enhancement package 8 is interoperable with SAP NetWeaver Portal 7.4.

SAP ERP Release SAP NetWeaver Release
SAP ERP 6.0 SAP NetWeaver 7.0
Enhancement package 4 for SAP ERP 6.0 SAP NetWeaver 7.01
Enhancement package 5 for SAP ERP 6.0 SAP NetWeaver 7.02
Enhancement package 6 for SAP ERP 6.0 SAP NetWeaver 7.03
Enhancement package 7 for SAP ERP 6.0 SAP NetWeaver 7.4
Enhancement package 8 for SAP ERP 6.0 SAP NetWeaver 7.5


SAP NetWeaver 7.0x

For SAP NetWeaver 7.0x (that is, releases 7.0, 7.01, 7.02, and 7.03), mainstream maintenance ended in 2017, and these release versions have now moved to customer-specific maintenance, as documented in SAP Note 52505. Customer-specific maintenance means that SAP provides solutions for known problems while the customer pays for the assessment of new issues and problem solving.

It also means:

  • No delivery of legal changes
  • No delivery of support packages
  • No guarantee for technological updates
  • No guarantee for issues caused by third-party dependencies
  • No service level agreements for initial response times

The main reason for this approach is the security risks caused by SAP NetWeaver Application Server (SAP NetWeaver AS) Java 7.0x. SAP NetWeaver AS Java 7.0x is based on Java Development Kit (JDK) 1.4, which is very old. At this point, JDK 1.4 (released in 2002) and the subsequent JDK 5 (released in 2004) have completely outdated security infrastructures — for example, JDK 1.4 does not support modern security capabilities such as cryptography, public key infrastructure, authentication, secure communication, and access control. For this reason, security patches are no longer delivered for JDK 1.4 or JDK 5, and the only way to fix security issues is to manually downport security updates from JDK 6, which is itself error prone. These risks also hold for all Java-based SAP NetWeaver 7.0 hubs, such as SAP Enterprise Portal and SAP Process Integration. Therefore, SAP strongly recommends that customers running SAP NetWeaver 7.0 upgrade to a higher version — preferably SAP NetWeaver 7.5.

SAP NetWeaver AS ABAP 7.0x is less problematic than the Java version, however, since SAP has full control over the ABAP stack. SAP NetWeaver AS ABAP also serves as the foundation for SAP Business Suite 7, including SAP ERP 6.0, SAP Customer Relationship Management 7.0, SAP Supplier Relationship Management 7.0, and SAP Supply Chain Management 7.0, plus the corresponding enhancement packages. Since SAP Business Suite 7 is supported until 2025, as documented in SAP Note 1648480, the required SAP NetWeaver AS ABAP 7.0x is also supported until 2025.

The business warehouse (BW) component of SAP NetWeaver 7.0x — SAP NetWeaver BW — is a special case. SAP NetWeaver BW consists of an ABAP-based back end (BW ABAP) and a front-end layer (BI-JAVA) that is needed for the SAP Business Explorer (SAP BEx) front end. Similar to the other Java-based components, the Java-based front-end layer (BI-JAVA) reached end of maintenance, but some customers are still using the BW ABAP back end for consumption with other tools (such as SAP BusinessObjects solutions or higher Java versions) — in fact, many of the still-existing SAP NetWeaver 7.0x deployments are SAP NetWeaver BW deployments.

For these customers, SAP’s BW maintenance team is offering a grace period until the end of 2020 so that SAP NetWeaver BW customers can smoothly transition to a higher version of SAP NetWeaver. Note that if the BW ABAP back end is embedded into an SAP ERP system — meaning that SAP ERP and SAP NetWeaver BW are running in the same system, such as in SAP Business All-in-One deployments — then, similar to SAP ERP, the BW ABAP back end will be supported until the end of 2025.

SAP NetWeaver 7.3

Mainstream maintenance for SAP NetWeaver 7.3 is scheduled to end December 31, 2020. This release of SAP NetWeaver was designed to serve as an integration hub for SAP Business Suite, not as a foundation for it, so no SAP Business Suite release is based on SAP NetWeaver 7.3. The intention was for SAP NetWeaver 7.0x to provide a stable core for SAP Business Suite and the corresponding enhancement packages, while SAP NetWeaver 7.3 would serve as the innovation release, delivering many new BW and process integration features.

SAP NetWeaver 7.3x is based on Java 6 and supports many new standards for web services and security. With enhancement package 1 for SAP NetWeaver 7.3 (that is, release 7.31), the codelines of ABAP from 7.02 and 7.3 were merged so that ABAP 7.03 and ABAP 7.31 are technically equivalent, simplifying the codeline and version complexity. The BW component for SAP NetWeaver 7.3 was also the first BW version enabled for SAP HANA. However, there are more up-to-date versions of BW available with SAP NetWeaver 7.4 and 7.5, and SAP recommends upgrading to one of these higher versions to take advantage of the longer maintenance window and new enhancements such as the SAP HANA-based innovations included with 7.5.

SAP NetWeaver 7.4

SAP NetWeaver 7.4 is the most widely adopted SAP NetWeaver release. Originally introduced in 2013, SAP NetWeaver 7.4 was the first release fully optimized for SAP HANA, and many SAP Business Suite on SAP HANA deployments use 7.4 as the technology foundation for their transition to SAP HANA. Two major support package stacks (SPS 05 and SPS 08) for SAP NetWeaver 7.4 delivered new SAP kernel versions along with a host of SAP HANA-optimized features, such as core data services.4

SAP NetWeaver 7.4 is robust, stable, and supported by SAP until 2020. The Java 7.4 codeline is identical to the Java 7.31 codeline, enabling developers to use one codeline for both versions. The ABAP 7.4 codeline is the successor to the ABAP 7.31 codeline, which successfully merged the 7.02 and 7.3 codelines, enabling SAP NetWeaver 7.4 to serve as the foundation for enhancement package 7 for SAP ERP 6.0. This allows customers to consolidate their SAP Business Suite and SAP NetWeaver systems from a technology and development perspective and minimize the number of deployed codelines, which reduces the total development and maintenance costs for both SAP code and custom code.

With its wide adoption and solid performance, why upgrade from 7.4 to 7.5? The most important drivers are the longer maintenance period available with 7.5 and the SAP HANA-based innovations delivered with 7.5. Let’s take a closer look.

SAP NetWeaver 7.5 and SAP NetWeaver AS ABAP 7.51 and 7.52

As of this writing, SAP NetWeaver 7.5 is the go-to release for all SAP NetWeaver customers. Released in 2015, SAP NetWeaver 7.5 continuously delivers new innovations for the ABAP stack to support the rapid development of SAP HANA-optimized SAP Fiori applications. In addition, the 7.5 Java stack was ported to Java 8 to offer customers an up-to-date Java runtime environment.5

The maintenance of SAP NetWeaver 7.5 was just recently extended from 2022 to 2024 (see SAP Note 1648480) to give customers a longer time frame to upgrade from older SAP NetWeaver versions (especially from 7.0x) and to prepare for the transition from SAP Business Suite to SAP S/4HANA.6 SAP NetWeaver AS ABAP 7.5 is also the foundation for enhancement package 8 for SAP ERP 6.0 and for the initial SAP S/4HANA on-premise version 1511 (see Figure 3).


Figure 3 — ABAP innovations for SAP S/4HANA delivered with SAP NetWeaver AS ABAP


Similar to 7.5, the 7.51 and 7.52 versions are supported until the end of 2024. Delivered in 2016 and 2017, respectively, 7.51 and 7.52 are the foundation for SAP S/4HANA 1610 and 1709, and provide various ABAP enhancements that support the transition from SAP Business Suite to SAP S/4HANA.7 For this reason, it is not a full SAP NetWeaver delivery — it consists solely of SAP NetWeaver AS ABAP and related development tools. In addition to being delivered as an upgrade to SAP NetWeaver, these versions can be shipped as standalone application servers for custom development, and are also used as the foundation for the SAP Fiori front-end server and ABAP-based SAP add-ons.

Since 7.51 and 7.52 support only the ABAP usage type and are not used as the foundation for an SAP ERP enhancement package, SAP NetWeaver 7.5 remains the go-to version for the SAP Business Suite and SAP NetWeaver customer base.


SAP NetWeaver is deployed in more than 100,000 productive installations worldwide, serving as the technology foundation for business operations in a large number of SAP landscapes.

The current go-to version, SAP NetWeaver 7.5, delivers a wide range of features to meet the needs of modern business, including support for innovative applications and technologies, such as cloud and analytics, and the transition to SAP S/4HANA. To smooth the transition to SAP NetWeaver 7.5 for SAP NetWeaver 7.0 deployments, which have run out of maintenance, SAP has extended mainstream maintenance for SAP NetWeaver 7.5, 7.51, and 7.52 to 2024, providing customers with a path to innovation.

Learn more at


1 The initial release of SAP NetWeaver 7.5 was delivered in October 2015. The current release is support package stack (SPS) 10, delivered in December 2017. [back]

2 For an overview of some of the ABAP enhancements delivered with SAP NetWeaver 7.5, see my article “ABAP for the Modern Age” in the January-March 2016 issue of SAPinsider ( [back]

3 The SAP Business Suite maintenance roadmap is documented in detail in SAP Note 1648480. [back]

4 For a detailed introduction to SAP NetWeaver 7.4, see my SAPinsider articles “Take Your SAP Solutions to New Heights with the Latest Release of SAP NetWeaver 7.4” (April-June 2014) and “Where ABAP Meets SAP HANA” (October-December 2014) available at [back]

5 For a closer look at some of the ABAP enhancements delivered with SAP NetWeaver 7.5, see my articles “A Foundation for the Future” in the July-September 2015 issue of SAPinsider and “ABAP for the Modern Age” in the January-March 2016 issue of SAPinsider ( [back]

6 For more on transitioning to SAP S/4HANA from SAP Business Suite, see my article “Making the Move to SAP S/4HANA” in the January-March 2017 issue of SAPinsider ( [back]

7 To learn more about ABAP 7.51, see my article “Introducing ABAP 7.51” in the October-December 2016 issue of SAPinsider, and for more on ABAP 7.52, see my article “ABAP and the Cloud” in the October-December 2017 issue of SAPinsider, available at [back]


Karl Kessler

Karl Kessler ( joined SAP SE in 1992. He is the Vice President of Product Management ABAP Platform — which includes SAP NetWeaver Application Server, the ABAP Workbench, the Eclipse-based ABAP development tools, and SAP Cloud Platform ABAP environment — and is responsible for all rollout activities.

Is Your Tax Technology Future Ready?

Having the right tax technology in place is crucial for dealing with the many changes in the global tax landscape. Digital-era tax compliance demands are challenging companies, putting them at risk for non-compliance and pressuring them to move away from spreadsheets and ad hoc practices. Reliance on such homegrown applications is no longer an option for keeping up with the swift changes in tax rules and rate changes. Advanced tax-specific software that is integrated with a company’s ERP system can address these pressures. This article examines how to support an end-to-end tax life cycle with tax-specific software.

This content is available to SAPinsider Members(complimentary).
Please click below to log in or create an account

Login Now »

Create Acount »

Clemens Food Group Corrals the Power of the Digital Core

Pork Processing Company Turns to SAP S/4HANA to Integrate Operations

Clemens Food Group, a pork production company that raises and processes roughly five million hogs each year, knows the challenges of operating in the perishable foods industry. With profitability directly dependent on timeliness and accuracy of orders, it is imperative for the company to have clear insight into its products and warehouse activities. However, Clemens Food’s legacy system was no longer able to keep pace with production and support future growth. The company needed a modern, integrated platform that could scale with its business. Hear how Clemens Food replaced its legacy system with SAP S/4HANA and improved its end-to-end production processes, simplified internal and external communication, and enhanced its visibility into plant operations.

This content is available to SAPinsider Premium Members.
Please click below to log in or create an account

Login Now »

Create Acount»

Vivint Smart Home Adopts SAP S/4HANA in the Cloud to Scale and Expand its Business

Fast-growing Vivint Smart Home realized it needed to replace its patchwork of systems if it wanted to keep on expanding. Its checklist of required functionality for future business needs led to the selection of SAP S/4HANA as the technology foundation. An early adopter of SAP S/4HANA in a cloud deployment, Vivint Smart Home has realized benefits in a number of areas, including inventory transactions, finance controls, and reporting. With the installation of SAP GRC solutions, including SAP Access Control, monitoring of user access has improved. But that was just the beginning. Now Vivint Smart Home is going to build on that foundation with even more SAP functionality.

This content is available to SAPinsider Premium Members.
Please click below to log in or create an account

Login Now »

Create Acount»