How Rev-Trac can enhance your SAP DevSecOps journey with Enforcement

In a constantly evolving world, organizations need to be able to respond and deploy changes to SAP systems at the speed of business. DevSecOps is a methodology that enables organizations to minimize the time a change takes to reach production while ensuring that it is tested and approved.

Previously this was hard to achieve with SAP but with the power of Rev-Trac acting as a DevSecOps orchestration layer; organizations can achieve auditable enforcement throughout the toolchain while migrating changes with speed.

When using Rev-Trac to manage changes in an SAP landscape, the concept of enforcement drives the workflow engine. So, you can configure Rev-Trac to force SAP changes to follow your internally documented change management processes. Meaning when it comes to compliance, this makes for incredibly happy internal and external audit teams.

Rev-Trac automates and simplifies your business requirements which are often manual steps and creates an automated workflow for various changes in the landscape.

Enforcement ensures that changes make it to production only when the correct documentation, approvals and testing are complete. Using native SAP functionality (called a BADI), Rev-Trac intercepts transports and forces them all to be added to a Rev-Trac request to progress down a landscape.

A workflow could include business requirements such as:

  1. Documentation regarding the change is required to be attached before development commences.
  2. Confirmation that an ITSM ticket or User Story is approved before development finishes.
  3. The integration of code review steps that are automatically triggered at the right time in the workflow.
  4. UAT and unit testing can be enforced with an audit trail available for all approvals of a request.

Ultimately, the goal of every SAP IT team is to deliver rapid, low-risk SAP change. This is where Rev-Trac’s enforcement capabilities can help by ensuring all SAP changes are automatically run through several critical safety checks, significantly improving change quality and safety.

Rev-Trac’s safety checks applied before changes reach production and disrupt business activity include our Overtake and Overwrite Protection System (OOPS), which prevents accidental out-of-sequence migrations. At the same time, other checks identify dependent objects which should be in the target SAP system to prevent generation errors or help to pinpoint high-risk changes.

These checks run automatically or on an ad hoc basis to resolve issues quickly and prevent them from migrating to production without appropriate administration authorization and oversight.

SAP change workflow enforcement

If your SAP change management workflow is like many organizations, there are a lot of touch points involving numerous people and even ABAP and non-ABAP technologies. Integrating SAP into the workflow can be challenging without an orchestration engine to ensure the necessary steps happen when they should.

Fortunately, Rev-Trac is more than just an automated SAP change management solution. It is also an orchestration engine, automating and coordinating all the tools to create an end-to-end workflow for developing and maintaining SAP applications. At the same time, Rev-Trac’s enforcement capabilities ensure compliance and prevent any unauthorized changes reaching production.

The example above showcases a potential scenario of how Rev-Trac could be used to manage a CI/CD or DevOps toolchain providing rapid release and integrating with other toolsets.

Integrating Rev-Trac into a toolchain enables SAP teams to reduce manual effort and rekeying of work, eliminate errors and enforce process requirements. Simultaneously, organizations can realize a full ROI on the other tools due to their seamless inclusion in automated workflows.

Just as importantly, from a risk management perspective, the workflow follows a shift left approach. This is where testing and impact analysis are done as soon as possible to quickly fix defects before the change has progressed significantly.

How can you apply to a DevSecOps environment?

In this scenario, Rev-Trac acts as the orchestration engine integrating the right security tools into the development workflow and then automating the process to ensure development doesn’t slow down.

For example, a possible DevSecOps workflow is:

  1. The business requires a change and captures it in an ITSM or agile project management solution. Simultaneously, a Rev-Trac request is automatically created. As work in SAP begins the request hits dependencies. This could be a required specification sheet stored as a dynamic link to the document repository, and development continues.
  2. After development finishes the request reaches the automated code review phase. Rev-Trac automatically calls the code review tool and can enforce a pass or fail based on the results.
  3. When this is completed, the change will be passed to the SAP testing solution, and automated test scripts will run. If successful, Rev-trac automatically approves the status and attaches the test result without any user intervention. Otherwise, the change is rejected and reverted to developers for a fix
  4. At this stage, migration approval is given for successful changes. Each change is migrated to QAS because it has passed all the required tests, and the ITSM ticket is automatically updated with the necessary details.
  5. This ITSM ticket is approved and the changes are synced to Rev-trac. The Rev-Trac ticket owner or CAB team can approve the change to production.

How do integrations work?

Rev-Trac integrations are based on flexible and secure REST APIs. There are three different ways that Rev-Trac integrates with other products.

1. Field Sync

Field sync maintains different fields across different applications by using REST APIs to push and pull data when it is updated. Rev-Trac can also act when a field enters the desired status. For instance, if the Jira status is set to In Progress, a Rev-trac request can be created.

Both ServiceNow and Jira, for example, use the field sync integration to enable common fields to be maintained across multiple platforms. The sync uses REST APIs to push changes when an update is detected, or a ticket created.

2. Approval

This integration enables approval of certain steps in Rev-Trac from another tool. A popular choice is ServiceNow, as upper management can approve at a CAB level and not have to enter SAP for approvals. Rev-Trac can also hold migration until a certain status is reached, preventing unapproved changes from reaching production.

Approval-based integrations also use REST APIs. However, the focus is on keeping the user in the desired program. For example, the user can stay in ServiceNow and not switch to another program to perform the approval step.

On the Rev-Trac side, fields are updated, and migration or a particular approval step is held until the other tool provides appropriate approvals. Rev-Trac’s enforcement capabilities ensure the correct use of all toolsets while eliminating double work, such as separate approvals in multiple tools.

You can establish dependencies with other tools in your organization, like ServiceNow. A good example is a dependency on a CAB-level approval from ServiceNow before allowing a deployment to production.

3. Hand off

The final integration type, hand off, allows Rev-Trac to pass transports and code using REST APIs to another application for review or analysis. Rev-Trac reads the returning data and approves or disapproves a status based on the results. Or it can trigger another event based on the return message.

A hand off integration is helpful when determining whether a particular status should be approved. For example, if transports are successfully imported in QA, Rev-Trac triggers a set of tests for TOSCA to execute. Rev-Trac automatically progresses the changes and associated transports if there are no major failures. Otherwise, it reverts the changes to developers for further investigation or issue resolution. This ensures that no untested code goes through to production. Managers can be confident that all the correct processes have been followed when a request lands on their desk for approval.

Bottom Line

When combined into a DevSecOps toolchain SAP teams can unleash the power of automation coupled with rapid delivery of tested and safe changes into a productive environment. With Rev-Trac enforcement acting as an orchestration layer, change managers can be confident that all tools and safety checks have been performed before the change reaches production.

For more information on Rev-Trac’s capabilities to enhance SAP DevSecOps journeys contact one of our change management experts.