Architecture Is Not a Diagram: Why Most SAP Landscapes Are Fragile

2. For Us, Architecture = Decisions

The elements that determine the robustness of an SAP landscape are rarely glamorous:

• Integration patterns must be clear
• Error ownership must exist
• Data governance must be defined
• Monitoring approach must be designed
• Daily operational procedures must be established

Boxes do not create stability – decisions do.

3. Some Possible Real-Life Cases

Case 1 – The Retry Storm

In one project all IDocs were routed through CPI “for flexibility.” There was no idempotency, no back-pressure, no circuit breaker. A small functional mistake created more than 200,000 retries within minutes. SMQ2 queues were blocked and logistics stopped for hours. Everyone looked at Basis first, while the real root cause was hidden in business logic. A single pricing error caused days of disruption.

Lesson: Integrations must protect ERP. Without governance CPI/PO can turn into a weapon against its own system.

Case 2 – Certificate Crisis

The OAuth certificate of an integration expired on Friday night. There was no procedure, no alert, no owner. Critical replication did not work for days and the problem was noticed too late.

Lesson: Certificate lifecycle is not a technical detail; it is the heart of business continuity.

Case 3 – The Queue with No Owner

After a major migration inbound queues were full. Functional team said “Basis problem,” Basis said “interface logic,” integration team said “SAP standard.” Hours were lost only with ownership discussions. The responsible person was on leave and left the team unaware.

Lesson: Taking responsibility is more important than any tool.

Case 4 – The Clean Core Dream

To keep the landscape clean many validations were moved to BTP. But version alignment between CPI iFlows and S/4 releases was not designed. After the first upgrade half of the extensions became incompatible; cleaning queues took days and flows had to be stopped and adapted.

Lesson: If development is not completed with all details, integrations start a war against themselves.

The Real Battlefield

Design → Build → Go-Live → Operations

                          ↑

                     real battlefield

4. Architecture from Basis & BTP Eyes

From our Basis and BTP perspective, architecture must answer concrete questions:

Transport & Lifecycle

• How are CPI iFlow versions aligned with S/4 transports?
• What happens if a transport requires new mapping?
• Is cross-system rollback defined?

Runtime Governance

• Who operates CPI/PO as real production runtime?
• What are queue thresholds and housekeeping rules?

Security Operations

• Is uninterrupted certificate rotation in place?
• Are RFC users controlled?
• Are OAuth and secrets managed and documented?

Upgrade Resilience

• Was the impact of S/4 upgrades on BTP extensions analyzed?
• Were interface regression tests executed?
• Is a decoupling strategy prepared?

Monitoring – Daily Reality

• Is end-to-end monitoring from SM58/SMQ2 to CPI active?
• Are alerts delivered to the right people?

If these are not defined, the landscape is fragile no matter how modern the diagram looks. Even a small configuration change or a new patch may create major problems.