Enhanced Operational Excellence at OPHWC with Workmates

The Odisha State Police Housing and Welfare Corporation Limited (OPHWC) was incorporated as a wholly owned Government of Odisha Company on 24th May 1980 under the Companies Act, 1956 to meet the housing needs of the Police with enhanced priority as a welfare measure.

The Odisha State Police Housing & Welfare Corporation (OSPHWC) has emerged as a trusted construction company with expertise in planning, designing, and constructing critical infrastructure for government departments, particularly in the realm of security and law enforcement. Beyond its core responsibilities, OPHWC has diversified its portfolio to serve educational, healthcare, and vocational sectors. Its significant financial growth and recognition as a ‘Silver’ categorized PSU by the Odisha government underscore its pivotal role in the state’s infrastructure development and its commitment to delivering high-quality construction projects.

• OPHWC was using an On-Premise Data Center Infrastructure SAP ECC to run their SAP operations. They were facing multiple challenges in migration to SAP S4: The key challenge was to address the issues of scale, growing demand and quick response to changing requirements.
  • Performance and Efficiency: OPHWC’s SAP system faced performance issues due to handling extensive data from various sources, resulting in slower response times. This hindered their ability to generate timely reports and gain insights, leading to delays in decision-making.

   

  • Scalability and Adaptability: OPHWC’s on-premises data center couldn’t meet their growing business needs, lacking scalability. Expanding hardware and infrastructure was time-consuming and costly, limiting their ability to adapt to changing demands swiftly.

   

  • Data Migration Expertise: Moving data from ECC to S/4HANA involves handling complexities due to differences in data structures and models. Proficiency in data cleansing, transformation, and mapping to the new S/4HANA model was crucial. OPHWC sought a partner with the needed skills for this complex data migration.

   

  • Cost Efficiency: Maintaining and upgrading the on-premises SAP infrastructure resulted in significant capital and operational expenditures for OPHWC. The organization sought a more cost-effective solution without compromising performance and reliability.

   

  Data Security and Disaster Recovery: OPHWC prioritized safeguarding critical business data. Their on-premises setup posed risks of data loss or breaches, and implementing disaster recovery measures was cumbersome and time-consuming.

• Configuring the SAP on AWS infrastructure involved several key steps. Here is a high-level solution approach we took for OPHWC for configuring the SAP on AWS.
  • Planning and Architecture Design
  • Network & Connectivity
  • Infrastructure Provisioning
  • SAP Installation & Configuration
  • Data Migration & Integration
  • Security & Compliance

   

  Some of the key technical aspects which we undertook during the implementation were:

  • Network Configuration:
    • We established a secure, isolated network using VPC (Virtual Private Cloud) with AWS’s built-in security and firewalls. A VPN server with Linux OS will be set up for network security and compliance. All servers and resources will be located in a private subnet within the AWS Mumbai region to minimize network latency.

   

  • OpenVPN server is placed in the public subnet, while application and database servers are in a private subnet. All servers will be linked to the OpenVPN server, allowing remote access through the OpenVPN client. For added security, default RDP/SSH and database server ports are modified.

   

  • AWS Systems Manager access was provided for potential RDP/SSH credential loss. An Application Load Balancer (ALB) was set up to simulate proper traffic management, routing incoming requests to the application server via the ALB endpoint.

   

  • Monitoring and Logging: Monitoring was facilitated through AWS Enterprise tool CloudWatch, while centralized logging was established using the AWS CloudWatch Logs agent.

   

  • DR and Backup: All infrastructure and database backups were configured to be stored on the S3 storage service with a retention period of 15 days, allowing access at any time. We enabled system, container, and database logs in CloudWatch Logs and copied them to the S3 bucket for archival purposes. CloudTrail recorded changes in AWS infrastructure, maintaining logs for 90 days without extra charges.

OPHWC SAP application was successfully migrated on the AWS environment ready to handle scale and growing demands.

• AWS Infra was able to deliver 25 % more SAPS (SAP Applications Performance Standard) than the existing cloud service providers.
• Enhanced monitoring with dashboards, real-time observability, logging, health checks, and alerting setup help our customer with automated and reduced failover time from 120 Minutes to 15 Minutes.
• The overall security posture on the cloud is improved using cloud-native security features like private networks, encryption at rest and transit, and continuous compliance using AWS Config.
• OPHWC has been able to reduce fixed costs by 30 percent and annual operational costs by 50 percent.
• More redundant and cost-optimized DR process with automated backups for data and infrastructure.

• AWS IAM role-based access control to restrict users to only the required resources.
• Deep visibility into API calls are maintained through AWS Cloud Trail, including who, what, and from where calls were made. All user related activities are tracked and logged.
• For any Administrative task Remote user have need to connect to VPN client for accessing the servers. All the RDP/SSH port are bound with OpenVPN server, also default ports will be changed to the custom port.
• The DB ports are accessible only from the Application containers and are restricted using Security Group.
• All the SAP workloads are under the private subnets, the Fiori application are exposed using the Application Load Balancer. SSL listeners has been setup for ALB and certificate has been issued using AWS ACM.