Show TOC Start of Content Area

Background documentation Basic Network Topology for SAP Systems  Locate the document in its SAP Library structure

SAP systems are implemented as client-server frameworks built in three levels: database server level, application server level and the presentation level (front ends). Depending on the size of your SAP system, your physical network architecture may or may not reflect this three-tier framework. For example, a small system may not have separate application and database server machines (the work processes run on the same machine as the database). The system may also only have a limited number of front ends in a single subnet connected to the server machine. However, in a large SAP system, several application servers usually communicate with the database server, as well as a large number of front ends. Therefore, the physical topology of your network can vary from simple to complex.

There are several possibilities to consider when organizing your network topology. The topology can vary from a single LAN segment to multiple IP subnets. We highly recommend you install your application server and central database server on separate machines and place them in a separate subnet as indicated in the graphic below:

Separating Frontend LANs from the Server LAN

This graphic is explained in the accompanying text

By placing your SAP system servers in a separate subnet, you increase the access control to your server LAN, thereby increasing the security level of your system.


We discourage placing SAP system servers into any existing subnet without first considering the appropriate security issues.

If you have several systems (or groups of systems) with varying security levels, then we recommend you create separate server LANs for each "group" of related systems. Determining these system "groups" and the security levels that they require, is a very individual process. We do have consultants available for assistance.




End of Content Area