PRELIMIARY SIZING GUIDELINE
Sizing GRC AC Version 10.0 Beta Release/Ramp-Up Released to SAP Customers for Beta/Ramp-up Document Version 1.0, August 2010
Disclaimer The information in this presentation/document is confidential and proprietary to SAP and may not be disclosed without the permission of SAP. This presentation is not subject to your license agreement or any other service or subscription agreement with SAP. SAP has no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation about SAP’s strategy and possible future developments, directions, and functionality of products and/or platforms, are all subject to change and may be changed by SAP at any time for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. This document is provided without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. This document is for informational purposes to provide guidance in preliminary sizing of hardware for beta testing and may not be incorporated into a contract. SAP assumes no responsibility for errors or omissions in this document, except if such damages were caused by SAP intentionally or grossly negligent. Once SAP officially publishes sizing guideline at the general availability of the product/solution, this preliminary guideline is not valid any more.
Š SAP 2008 / Page 2
Agenda
1. Introduction 1.1. Functions and Requirements of SAP GRC Access Control 1.2. Architecture of SAP GRC Access Control 1.3. Factors that Influence the GRC Access Control Performance
2. Initial Sizing for GRC Access Control v 10 2.1. Assumptions 2.2. Sizing Guideline
3. Comments and Feedback 4. Sizing Fundamentals and Terminology
Š SAP 2008 / Page 3
Functions and Requirements of SAP GRC Access Control – An Example Example: Sizing Batch Access Risk Analysis
Object Synchronization Profile Sync Role Sync User Sync Master Data (Auth) Sync Rule Setup Function Risk Rule Generation
Personal Information Batch Risk Analysis Management Report
© SAP 2008 / Page 4
Access Control 10.0 Architecture & Landscape
Front End Client
optional
SAP NW Portal 7.01 Web Browser
SAP GUI 7.10
GRC Portal Content (Business Package)
optional
SAP NetWeaver BW GRC BI Content
AC, PC & RM (Add-On: GRCFND_A)
SAP ERP (4.6C – 7.1) NW Function Modules (Plug-in: GRCPINW)
HR Function Modules PC Automated Ctrls (Plug-in: GRCPIERP)
optional Identity Management Solutions (SAP or Non-SAP)
SAP NetWeaver AS ABAP 7.02 optional
SAP BusinessObjects GRC Suite 2010
Adapter
Non-SAP Business Applications
Selected Factors That Influence the Performance Landscape Number and type (SAP, Non-SAP, IDM, etc.) of target/backend systems: for access risk analysis, access provisioning, role generation and/or superuser privilege management
Business Requirements Total number of objects (users/roles/profiles) in each of the backend system for access risk analysis Total number of risks and rules defined for access risk analysis Average number of permission level violations per object (user/role/profile) in access risk analysis Number of average roles per request and number of average systems associated per request Number of Firefigher IDs accessing the backend per hour during normal business hours and average number of transactions per firefighter Number of access request per hour or per working day and number of maximum concurrent users to create or approve request Number of maximum concurrent real-time access risk analysis (ad-hoc) jobs and average number of objects (users/roles/profiles) in each real-time access risk analysis Disk size depends on number of violations; frequency of ad-hoc analysis, etc. It will also depend on # of clients
Š SAP 2008 / Page 6
Assumptions for the Sizing Guideline Sizing of Access Control v 10 is based on the following assumption Out of the box access analysis rule set with around 50,000 rules are used in all access risk analysis Sizing of only AC v 10 server is provided. It is expected plug-in installed in the backend system(s) will add some overhead when AC v 10 retrieves data but this overhead in the backend system(s) is not included here. Preliminary sizing is performed on only a selected use cases including full batch access risk analysis Database is included within the sizing No network sizing is performed here Only T-shirt sizing is provided Small – 1-3 backend systems with 10,000 users Medium – Between 3 and 10 backend systems and 25,000 users Large – 10+ backend systems with 50,000+ users
© SAP 2008 / Page 7
Preliminary Sizing Guideline for AC v 10
Category
Minimum Disk Space
Minimum SAPS
Small
400 GB
2000 SAPS
Medium
600 GB
4000 SAPS
Large
1,000 GB
8000 SAPS
Š SAP 2008 / Page 8
Sizing Fundamentals and Terminology
Sizing Sizing means determining the hardware requirements of an SAP application, such as network bandwidth, physical memory, CPU processing power, and I/O capacity
CPU
Processing times of business transactions or tasks Cost factor: Number and processing power of servers
Disk size Disk I/O
Data that resides on the database File read and write activity to storage Cost factors – Backup/recovery depends on size of database – Storage capacity
Memory
Front-end Network Load
© SAP 2008 / Page 9
Allocated to a user or background process Garbage collection, planning run Cost factor: Physical memory slots
Transferred amount of data Network time and roundtrips Cost factor: Leasing bandwidth
Sizing Fundamentals and Terminology
SAPS The SAP Application Performance Standard (SAPS) is a hardware-independent unit that describes the performance of a system configuration in the SAP environment.
S AP A pplication P erformance S tandard
2,000 fully processed order line items per hour*
SD Benchmark
* Š SAP 2008 / Page 10
^ =
6,000 dialog steps and 2,000 postings or 2,400 SAP transactions
100 SAPS
Sizing Fundamentals and Terminology Initial and Expert Sizing Initial Sizing refers to the sizing approach that provides statements about platform-independent requirements of the hardware resources necessary for representative, standard delivery SAP applications. Expert sizing refers to a sizing where customer-specific data is being analyzed and used to put more detail on the sizing result.
Hardware Budget Sizing Smaller companies
Advanced Sizing Medium to large companies
Expert Sizing Large or complex projects
Very simple algorithms
Throughput estimates
Additional guidelines
Assumptions, likelihoods
Questionnaires, formulas
Custom calculations
Level setting of project
Usage of standard tools
Analysis of custom coding
Risk identification
Focus on core business processes
Custom sizing guidelines
Initial Sizings
Re-Sizing All projects
Delta Sizing All projects
Upgrade Sizing All projects
SAP system monitors
SAP system monitors
SAP system monitors
Goal: Extend an existing system by load
Goal: Extend an existing system by functions
SAP Notes
E.g. by volume 100 additional users who'll do the same as the current productive ones
Goal: Upgrade SAP software
By different functions, e.g. you are live with CRM and want to add SCM
Production Sizings – whenever there is a change in throughput, sizing must be done
Š SAP 2008 / Page 11
Go Live
Sizing Fundamentals and Terminology Configuration and System Landscaping Hardware resource and optimal system configuration greatly depend on the requirements of the customerspecific project. This includes the implementation of distribution, security, and high availability solutions by different approaches using various third-party tools. There are some "best practices" which may be valid for a specific combination of operating system and database. To provide guidance, SAP created the NetWeaver configuration guides (http://service.sap.com/instguides SAP NetWeaver).
Š SAP 2008 / Page 12
Comments and Feedback
Please send your comments and feedback to SAP to be considered in the official Access Control v 10.0 Sizing Guide. Contact: Swapan Saha, swapan.saha@sap.com
Š SAP 2008 / Page 13
© 2010 SAP AG. All Rights Reserved No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Sun Microsystems, Inc. JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, Clear Enterprise, SAP BusinessObjects Explorer and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP France in the United States and in other countries. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. The information in this document is proprietary to SAP. No part of this document may be reproduced, copied, or transmitted in any form or for any purpose without the express prior written permission of SAP AG. This document is a preliminary version and not subject to your license agreement or any other agreement with SAP. This document contains only intended strategies, developments, and functionalities of the SAP® product and is not intended to be binding upon SAP to any particular course of business, product strategy, and/or development. Please note that this document is subject to change and may be changed by SAP at any time without notice. SAP assumes no responsibility for errors or omissions in this document. SAP does not warrant the accuracy or completeness of the information, text, graphics, links, or other items contained within this material. This document is provided without a warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. SAP shall have no liability for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials. This limitation shall not apply in cases of intent or gross negligence. The statutory liability for personal injury and defective products is not affected. SAP has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third-party Web pages nor provide any warranty whatsoever relating to third-party Web pages.