SAP S/4 HANA Ultimate Guide: Features, Deployment, and Migration

What Is SAP S/4 HANA?

SAP S/4 HANA is an enterprise resource planning (ERP) suite that offers various intelligent technologies, such as machine learning, artificial intelligence (AI), and advanced analytics. Organizations employ SAP S/4HANA to adopt new business models, manage changes at speed, use predictive AI capabilities, and orchestrate internal and external resources.

SAP S/4HANA is replacing the legacy SAP ERP Central Component (ECC) as SAP’s most important ERP product. Additional SAP ERP solutions include SAP Business One and Business ByDesign.

History of SAP S/4HANA

SAP R/3 was SAP’s foremost ERP solution in the 1990s, based on a client-server model. SAP later replaced it with ECC, which dominated until 2014. Initially released in 2014 as a next-generation FinTech solution, SAP Simple Finance later became SAP S/4HANA, with an expanded core, as a complete ERP platform.

SAP introduced logistics functionality to S/4HANA in 2016, focusing on sourcing/procurement, manufacturing, asset, and supply chain management. Advantages over SAP ERP include embedded EWM (extended warehouse management) and production planning-detailed scheduling.

SAP also introduced ML capabilities in 2017 to facilitate invoice reconciliation and automation and manage transportation. SAP S/4HANA started supporting predictive accounting in 2018 and has continuously added intelligent AI, blockchain, and IoT upgrades. By 2022, SAP has introduced several industry-specific lines of business (LOBs).

S/4HANA vs. SAP ECC

SAP’s original ERP offering was ERP Central Component (SAP ECC), and it is still deployed by many SAP customers. However, ECC is being discontinued, and SAP announced the end of maintenance support by 2027. This leaves many SAP users asking how to migrate to SAP S/4HANA and when is the right time to make the transition.

Here are the key differences between S/4HANA and ECC:

• Database—SAP ECC can run on third-party databases from vendors like Oracle and IBM. SAP S/4HANA can only run on SAP HANA, SAP’s modern in-memory database.
• Converting customers and vendors to business partners—SAP ECC separates customer and vendor files, even if the same organization provides both functions. S/4HANA combines common data structure elements into one business partner record.
• Combining Controlling (CO) and Finance (FI) components—in SAP ECC, general ledger accounts (FI GL accounts) are mapped to CO base cost elements. S/4HANA uses a common journal structure to store GL accounts and cost factors.
• New General Ledger (GL)—SAP ECC has two versions of its GL structure—“legacy” and “new”. S/4HANA only uses the new GL, which is technically very similar to ECC’s new GL. When migrating to S/4HANA, all FI GL accounts must use the new GL structure.
• Rebates—in ECC, customer rebates are processed using traditional Sales and Distribution (SAP SD) rebates. In S/4HANA, this has been replaced by settlement management with condition contracts.

Learn more in our detailed guide to ECC vs. S/4HANA (coming soon)

SAP S/4HANA: Advantages and Challenges

SAP S/4HANA is considered one of the most significant innovations introduced by SAP in the past two decades. It provides features like predictive analytics based on machine learning, making it more than a data management tool and allowing it to optimize and automate many business processes.

Major benefits of SAP S/4HANA include:

• Improved interface—S/4HANA provides a UI based on the new SAP Fiori framework, which provides a simplified and personalized user experience. Users can quickly access important information and receive decision support and notifications. The interface can also be flexibly adapted to user roles. The Fiori app is usable on mobile devices as well.
• Improved performance—SAP HANA’s in-memory database gives users real-time access to data. Data is stored in the main memory in aggregate format rather than on the hard drive to avoid data duplication. This simplified data model not only reduces the size of the database but also allows ad-hoc analytics and transaction processing to be performed on the same system.
• Increased flexibility—SAP S/4HANA offers several deployment and licensing models. Customers can choose between an on-premises version, a hybrid model, or a subscription-based cloud version. The latter resides on the SAP server, which saves customer resources such as hardware and maintenance costs. You also benefit from faster response times and innovation cycles.

However, many SAP users experience challenges when migrating to an innovative ERP platform like S/4HANA:

• Incompatibility between existing IT environment and requirements of the system.
• Master data quality issues.
• Company-specific ABAP code, which is compatible with S/4HANA.
• S/4HANA can create inconsistent business processes compared to original processes running with previous systems that must be tuned prior to migration.
• Resistance to change can delay or block the migration process.

SAP S/4HANA Line of Business (LOB) Components

S/4HANA currently includes the following LOB components:

• Finance—focuses on a business’s financial operations, including planning, accounting, and management.
• Logistics—focuses on supply chain and supplier management.
• Sales—focuses on sales processes, including quotes, pricing, checks, and requests.
• R&D and Engineering—focus on product lifecycle management, including cost, compliance, and project management.

SAP has extended the core digital LOB capabilities for industry-specific requirements, including discrete, consumer, and services industries, energy and natural resources, financial services, and public services.

Some examples of industry segments are:

• Consumer industry segments—agribusiness, fashion, consumer products, life sciences, retail, and wholesale distribution.
• Discrete industry segments—high tech, manufacturing, and aerospace engineering.
• Energy and natural resources segments—construction products, chemicals, and mining.
• Public service segments—defense, healthcare, education, and government.

SAP S/4HANA Deployment Options

There are several ways to deploy SAP S/4HANA. Each is summarized as follows:

On-premise

SAP S/4HANA on-premises deployment involves an SAP S/4HANA instance that is hosted on customer-owned IT infrastructure. Customers have the following options:

• System conversion (brownfield) implementation—converts an existing SAP environment to SAP S/4HANA.
• New (greenfield) implementation—migrates existing business data to a new SAP S/4HANA system.
• Selective data transition—leverages shell conversion to reuse existing ERP processes in a new system.

Cloud

There are several cloud options for SAP S/4HANA deployments, all of which involve the use of integrations with third-party cloud platforms:

• SAP S/4HANA Cloud deployment—provides SAP S/4HANA capabilities by serving S/4 HANA instances belonging to multiple customers on a group of partitioned cloud servers. This option provides limited functional scope.
• Private cloud deployment—provides SAP S/4HANA capabilities without the need for customers to maintain a technical backend. This is ideal for companies running SAP ERP that have in-house cloud experience. It allows you to host the solution in your own cloud without sharing servers with other tenants.
• RISE with SAP license—provides access to SAP S/4HANA Cloud, a fully managed cloud-based version of S/4HANA.

Hybrid

Hybrid SAP S/4HANA instances offer a combination of on-premises and cloud deployments. This can be done for a number of reasons, such as testing the viability of both instances or hosting an on-premises deployment at headquarters while using a cloud deployment for branch offices.

How to Implement or Migrate to S/4HANA

Regardless of the deployment method, implementing S/4HANA is a complex, time-consuming, and expensive process. Even if you are migrating from SAP ECC, which is a similar system, migrating to S/4HANA is very different from a standard version upgrade. In fact, in many cases, an S/4HANA migration is more like implementing new software than an upgrade.

Because S/4HANA simplifies the data model and includes most SAP ECC features, businesses can rethink and redesign their business processes to take advantage of the advanced capabilities of S/4HANA.

Most SAP ECC systems are highly customized, which thousands of special features developed to meet the needs of specific companies or industries. S/4HANA includes these customizations as standard, so the customization done on top of ECC will no longer be necessary. However, this means that before implementing S/4HANA, you should thoroughly explore all processes to understand how to optimally design for S/4HANA and remove unnecessary customizations.

There are two general approaches to S/4HANA implementation: brown field and green field.

Brownfield implementation

In a brownfield implementation, an organization takes an existing SAP environment and moves it to S/4HANA. This means the company will continue to use at least some legacy features. Brownfield implementations are often less complex and less time-consuming, but the organization often cannot take advantage of all the innovative features of S/4HANA.

Greenfield implementation

Greenfield implementation includes installing and configuring S/4HANA in a new environment and importing business data. The organization needs to redesign all its business processes, which is more disruptive, costly, and time-consuming than the brownfield approach. However, it provides access to all of S/4HANA’s modern ERP capabilities.

Regardless of the approach an enterprise adopts, data management is an important part of any S/4HANA implementation. An important consideration is how to ensure data moving to the new system is transformed into S/4HANA’s simplified data model.

Learn more in our detailed guide to S4/HANA migration (coming soon)

SAP Fiori and S/4HANA

SAP Fiori is a design language and user experience methodology developed by SAP for use by SAP customers and business application partners. The SAP Fiori design language is used for many SAP applications, including the S/4HANA and C/4HANA suites.

Fiori for S/4HANA is recommended by SAP but not mandatory. There are compelling reasons to adopt Fiori with S/4HANA:

• It is a completely new user interface built from the ground up to address new trends and requirements in user experience.
• It focuses on the features important to individual users, unlike traditional interfaces that had many unnecessary options.
• Interfaces created in SAP Fiori are optimized for specific user roles and tailored to user needs.

Fiori Tools and Capabilities

The Fiori framework provides several tools and capabilities that can provide value for SAP end users. These include:

• Fiori Launchpad—allows SAP users to access selected applications based on their specific business roles and privileges. Launchpad also provides access to a powerful enterprise search capability, making it possible to find resources (such as documents, customers, or applications) across the SAP ecosystem in a single search box.
• CoPilot—a digital assistant that communicates with users in natural language to help them find, set up, and plan meetings.
• Overview Pages (dashboards)—a powerful analytics tool that allows users to query large amounts of data and presents it in the form of a visual card. This tool allows users to view relevant insights in one place and take immediate action by going directly to a dedicated app or contacting the resource owner.

Learn more in our detailed guide to S4/HANA Fiori (coming soon)

Security Considerations for SAP S/4HANA

At its core, both SAP S/4HANA and SAP Business Suite are based on SAP NetWeaver AS ABAP. From a security point of view, S/4HANA offers the same internal optimizations, switches, and security controls as any other SAP NetWeaver AS ABAP-based system. The primary difference is that it is based on the SAP HANA database.

SAP HANA security concerns

Initially, it might seem that the SAP HANA database is the main point of concern in S/4HANA security. However, beyond securing SAP HANA as a database, you need to consider that HANA is also an application server that runs S/4HANA application processes can run. These processes run within the SAP HANA Extended Application Service, a full development and runtime environment provided by SAP HANA for native applications.

These native SAP HANA applications bypass the ABAP stack and its security controls and must be dealt with using separate security strategies.

SAP Fiori security concerns

SAP S/4HANA simplifies the user interface through the SAP Fiori framework. Fiori replaces previous transactions managed through SAP Business Suite. Fiori makes it possible to transition SAP activity to the web and mobile devices, and in some cases, applications are made available to users outside the organization (for example, contractors or suppliers).

While this is highly convenient, open access to ERP functions creates a range of new attack surfaces. All aspects of Fiori applications must be carefully considered by security teams.

Cloud security concerns

Some organizations are migrating ERP processes to the cloud via S/4HANA’s cloud deployment options. For security teams, this means that sensitive data is stored on third-party servers, and integrations with external systems and applications must be carefully monitored.

Authentication and access

Security teams must carefully coordinate access to legacy and new SAP applications and instances. This requires efficient, centralized user and authentication management, which is resilient to identity-based attacks.

Learn more in our detailed guide to S4/HANA security (coming soon)

S/4 HANA Compliance with PathLock

Moving to S/4 HANA can be a massive undertaking that requires careful planning and preparation. Far too often, companies forget to think about how their access control and security strategies will change until they get close to going live on a new platform. S/4 HANA will often require a new approach to access control that can adapt to the new landscape and challenges.

With Pathlock, organizations using SAP S/4 HANA can automate many of their SAP security processes to provide 360-degree protection across the SAP system landscape. The Pathlock platform can provide complete capabilities, including:

Financial Impact Prioritization

Pathlock automatically prioritizes your most critical violations by quantifying access risk by tying violations to real dollar amounts of the out-of-policy transactions.

Comprehensive Rulebook

Pathlock’s catalog of over 500+ rules can provide out-of-the-box coverage for controls related to SOX, GDPR, CCPA, HIPAA, NIST, and other leading compliance frameworks.

Real-Time Access Mitigation

Pathlock allows users to quickly investigate and respond to potential risky transactions by reviewing access, de-provisioning users, forcing 2FA, or even allowing Pathlock to respond intelligently in real-time, terminating suspicious sessions and blocking transactions in real-time.

Out-of-the-Box Integrations

Pathlock’s out-of-the-box integrations extend workflows to the provisioning and service desk tools you already have in place, such as ServiceNow, SailPoint, Okta, Azure AD, SAP GRC, and more.

Lateral SOD Correlation

All entitlements and roles are correlated across a user’s behavior, consolidating activities and translating cross-application SODs between financially relevant applications.

Continuous Control Monitoring

Pathlock identifies the largest risks by monitoring 100% of financial transactions from applications like SAP in real-time, surfacing violations for remediation and investigation.

Interested to find out how Pathlock can help to automate your SAP Security program while keeping your landscape secure and compliant? Request a demo of Pathlock today!