How to deal with SAP-OutSystems Indirect Access

OutSystems-SAP Indirect Access
SAP-OutSystems License options
SAP OutSystems Digital Core
SAP-OutSystems license calculation

Keep using SAP for the back end and OutSystems for the front end and mobile or tablet apps is an approach that can speed up your digital transformation radically. Any kind of mobile- or web application can be integrated with SAP and complement your SAP environment to a modern and future-proof system. 


A bunch of reasons leads our customers to choose a low-code platform like OutSystems on top of their SAP-landscape, such as:
-Short delivery time of mobile- and web applications
-Overall reduction of IT-costs
-New business model opportunities
-Increase efficiency of business processes
-Offering customer-friendly solutions
-Increase Developer Experience

Does this sound too good to be true? Well it isn’t! But nevertheless, there are some issues that should be carefully considered. One of them is how to deal with SAP’s license model  which these pages are about.
 
 It almost sounds to good to be true, Connect, Search and use SAP Services in OutSystems. Is it really this simple. Off course nothing is ever as simple in the IT world. From a technical perspective usin a BAPI (Business Application Programming Interface is easy enough. But when you do apart fromtechnical and functional SAP knowhow there are some subjects that need thorough observation. One of them being the license of SAP.

SAP is renown for it's unclearity on licensing models, however with the new licensing they try to set foot in the new IT reality where AI , IoT, Robtized processes and Mobile apps forces SAP to rethingk the ERP core licensing strategy.

How does this new licensing model impact companies that run low-code platforms on top of SAP?
On these pages we are trying to give you a digest of the implications. To read the full digest visit the SAP OutSystems linkedIn group  or contact B-Synergy for a license & security audit 
SAP-OutSystems License Direct Human Access and Indirect Digital Access
SAP license model
SAP’s license model released on April 10th 2018 
SAP-OutSystems Indirect Digital Access License calculation
The definition of Indirect access according to SAP is when people or things use and
exchange data of the Digital Core without directly logging into the system. This could be the case if you use OutSystems on top of your SAP-landscape and if that use is not an indirect static use, which generally will be the case.

Where in the past a user-license was applicable on SAP-OutSystems scenario's, now the outcome-based license is needed to be compliant to the latest SAP-rules.

The Outcome-Based License SAP is counting the amount of 9 document-types which are initially created via an indirect access.

SAP Offers a Note for SAP ECC that tells you the score of relevant counted documents. To prepare and start discussing with SAP or your SAP Partner B-Synergy has build a independent licence checker running on OutSystems. This Solution is offerd both as-a-service as well as installed on your OutSystems Environment.
The license covers the total amount of documents created within one year times the multiplier and document price. Only the initially created document counts; no additional costs will be charged for reads, updates, deletes or creation of the additional documents automatically generated in the system when the first document is created.

Nothing changed with documents created by named users directly into the digital core; still the user license is applicable. Therefore, in order to avoid any over-licensing, you should know exactly how your applications are being used internally.

Indirect Access could become a massively unpredictable cost factor. Make sure
that you know your IT-Landscape in detail. An architectural diagram which includes
details on data flow could help to understand where and how you are connected to
SAP.

Make sure how is the authentication & authorisation process Implemented. Even large customers are still running Insecure SAP-OutSystems Integrations. Allthough architects or manager often claim they have everything under control, there is enough concrete evidence that most SAP customers running OutSystems on top of SAP ECC or S/4HANA did  not implement any security at all. This situation is leaving your SAP fully open for attacks.
Common SAP OutSystems security risks are:
-uncontrolled data reads through the abap layer,
-no authentication layer around ECC or S/4HANA RFC's,
-Publicly exposed RFC's

When you are uncertain if your SAP OutSystems Integration is secure, you can ask B-Synergy to do a 1 day SAP OutSystems security audit. 
SAP-OutSystems License Options
SAP-OutSystems Digital Core
Click here to see your activities