SAP monitoring

Monitor your SAP landscape from one screen

Q: Does the agent need inbound network access to my SAP hosts?

No. The agent is outbound-only — it polls Farrenio over HTTPS for its config and pushes metrics the same way. No new firewall rules, no exposed ports on your SAP boxes.

Q: Can my service desk see alerts without touching production?

Yes. The service_desk role is read-only on alerts and incidents — no SAP transaction access, no config changes, no token reveal. Granular 69-permission RBAC means you can carve out exactly what each team sees.

Q: How long does a proof of concept take?

A 30-minute call to scope. We typically have one production SID streaming live metrics within an hour of agent install — the rest of the landscape follows as fast as you can roll out the package.

Your systems, collectors and alerts in a single live view, with the SAP-side context built in.

01 / 03

Farrenio Collector Management — live agent fleet, version distribution and update queue

Heartbeat

4s · 2.1 KB/s

SLA · 30d

99.94%

3 new alerts

Built for productionChecking status…

MFA-required 69-perm RBAC Multi-tenant GDPR-aware SOC2-aligned audit

Use cases

Built for the teams that keep SAP running

Whether you operate one production system or a multi-tenant estate, Farrenio meets you where you are.

Basis teams

Run SM50, SM37, ST22, RFC checks from one console — no Windows GUI.

See SAP operations

Service desks

Read-only alert monitoring with escalation tracking and audit-grade history.

Inspect alerts

Managed-service providers

Multi-tenant by design. Per-customer RBAC and isolated audit trails.

Multi-tenant model

Security & compliance

MFA-gated, 69-permission RBAC, 365-day audit retention, SOC2-aligned.

Review the security model

SAP coverage

The SAP transactions your team already runs without the GUI

12 Basis transactions covered today across NetWeaver, S/4HANA, HANA DB and the OS layer. One web console, cross-system search, audit-logged everywhere.

SM50

Work processes

Live DIA/BTC/UPD/SPO state across instances

SM37

Background jobs

Cancel, rerun, slate analysis, cancelled-job alerts

ST22

Short dumps

Stack traces with frequency + trend analytics

ST04

DB monitor

HANA / DB02 metrics, expensive statements

ST03

Performance

Response-time analytics, transaction load

SM21

System log

Filtered tailing across all SIDs

SM12

Lock entries

Detect orphaned locks, drill by user/object

SM04

User sessions

Active sessions, idle / abandoned cleanup

SM66

Global WP overview

Fan-out across the whole cluster

SM59

RFC destinations

Connection checks + auth probes

DB02

Space / growth

Tablespace pressure forecasting

Host layer

CPU, mem, disk, inode, sapcontrol

Adding 4 more transactions next quarter — vote on the roadmap after sign-in.

Solutions

Everything you need to run SAP, in one place

Four pillars cover the daily work of a Basis team: deploy, observe, secure, respond.

Fleet & Deployment

Deploy agents in minutes

A guided wizard generates a complete config, install script, and one-shot API token. Live status panel shows the agent's first heartbeats and which collectors are streaming.

Three-step wizard: pick system → configure → deploy
HANA SYSTEMDB + tenant out of the box
Self-test on first run, fail-fast on bad credentials
Adopt existing agents, no duplicate registrations

Farrenio SAP Systems — health, trends and Basis transactions across the landscape

SAP Operations

See every Basis transaction at a glance

Real-time SM50 / SM37 / ST22 / DB02 / SM21 across every system, indexed and searchable. No more "SE16N in 12 windows" — your data's already cross-system.

SM50 work processes, per-instance fan-out
ST22 short dumps with trace + frequency analytics
DB02 / ST04 database health and expensive statements
SM37 background jobs — rerun, cancel from the web UI

Security & Access

Hardened security that delegates

69 fine-grained permissions across 6 roles, all delegatable via a Role Management UI. Auto-block on burst failures, allowlist exempts, MFA everywhere, and a full audit trail.

69-permission RBAC with privilege-escalation prevention
Auto-block on credential-stuffing patterns
PIN or MFA gate for API token reveal
365-day audit retention, every event indexed

Farrenio Alerts — active rules with unhandled, open and 24h counts

Alerts & Incidents

Alerts that route themselves

Per-metric thresholds, on-call rotation, escalation rules. One alert can fan to Slack, Teams, PagerDuty, and email — same rule, no glue code. Promote to incident with a click.

Threshold rules with per-customer overrides
Escalation by severity, after-hours, on-call
Email, Slack, Teams, PagerDuty — fan-out built in
Promote any alert to an incident workflow

ROI

What a Basis team gets back

Based on benchmark workflows from teams running 6–25 SAP systems. Your mileage will vary — we ship live dashboards so you can measure it yourself.

~6 h

per Basis admin / week

reclaimed from SAP GUI

Cross-system SM50 / SM37 / ST22 queries take seconds instead of opening one GUI window per SID.

<60 s

agent install → live data

time-to-first-metric

A single Python daemon, no firewall changes, no inbound ports. Heartbeat shows up immediately.

lost incidents

every action audit-trailed

365-day immutable audit retention. Every login, every config change, every sapcontrol command.

Calculate your ROI

Plug in your estate — see your numbers

SAP systems in your landscape8systems

Across PRD / QAS / DEV / sandbox, every SID counts

Basis admins on your team3admins

Engineers actively running SM50 / SM37 / ST22 every week

Fully-loaded admin cost80€/h

€/hour incl. salary + overhead — adjust to your local rate

Hours saved / year

1,056

≈ 22 h / week

Labour value / year

€84,480

@ €80/h fully-loaded

Payback

1.3 mo

Business tier · €9,000/yr

Year-1 ROI

9.4×

Net €75,480 reclaimed

Like what you see?

We'll size a tier to your landscape — no commitment.

The traditional way

SAP GUI · 12 windows · per-SID hops

Open GUI, pick SID, run SM50, screenshot
Repeat for QAS, DEV, sandbox…
No history, no cross-SID search
Audit trail = your memory + Confluence page

The Farrenio way

One web console · all systems · audit-logged

Cross-SID search across SM50 / SM37 / ST22 in one query
Live WebSocket updates — no manual refresh
Every command logged with user, IP, before/after state
Mobile-friendly — triage from your phone if it pages you

Security

Built like a fortress,
delegated like a SaaS.

Permissions, audit, and brute-force protection aren't bolted on — they're the spine of every endpoint and every UI surface.

69-permissions across 6 roles, every checkbox enforced at the API layer
Role-permission edits logged with full diff (granted / revoked / by whom)
Privilege-escalation refused at the boundary and audited as denied attempts
Auto-block on 10 failures in 5 min OR ≥3 distinct emails
Allowlist exempts known-good probes and office IPs
JWT revoked on role / email / customer change
Token reveal requires PIN OR fresh TOTP — one-shot verification JWT

Audit event types captured

14 types

login_successlogin_failedlogin_blockedmfa_failedrole_changedrole_permissions_updatedauth_block_createdauth_block_removedauth_allowlist_createdauth_allowlist_removeduser_inviteduser_password_resetescalation_deniedrole_change_denied

Each event carries actor, target, IP, user-agent, and the action's full delta — 365-day retention by default.

AWS Reseller · Cloud Services

An AWS Reseller and Cloud Services provider

Farrenio acts as an AWS Reseller and Cloud Services provider, supporting customers throughout their cloud adoption, optimization and operational journey. We help organizations leverage Amazon Web Services for:

Infrastructure modernization
SAP workloads on AWS — RISE-aligned where it makes sense
Migration projects · landing zones · account vending
Cloud operations · monitoring · incident response
Cost optimization · rightsizing · reserved-capacity strategy

Trusted Partners

FAQ

What buyers ask before signing up

Does the agent need inbound network access to my SAP hosts?

No. The agent is outbound-only — it polls Farrenio over HTTPS for its config and pushes metrics the same way. No new firewall rules, no exposed ports on your SAP boxes.

How does Farrenio see SAP data without SAP credentials in your cloud?

Credentials live in the agent's local config on your host, encrypted at rest with Fernet. Farrenio never sees a single SAP password, RFC user, or HANA SQL connection string.

What happens to my data — is this multi-tenant?

Yes, but every customer's data is scoped by tenant ID at the MongoDB query level. RBAC is enforced server-side on every endpoint, and audit logs are per-tenant with 365-day retention.

Can I bring my own SSO?

Google OAuth ships today. SAML / OIDC enterprise SSO is available on the Enterprise plan — talk to us about your IdP.

Do you support S/4HANA and classic NetWeaver?

Both. The collectors talk to sapcontrol + RFC + HANA SQL — protocols that haven't changed across versions. Tested against ECC 6.0, S/4 1909+, and HANA 2.0 SPS04+.

How do you handle credential stuffing and password attacks?

Per-IP and per-email rate limiting, automatic blocking after a configurable burst, allowlist for known-good sources, and MFA-gated reveal for sensitive tokens. Every blocked attempt is audit-logged with geolocation.

Can my service desk see alerts without touching production?

Yes. The "service_desk" role is read-only on alerts and incidents — no SAP transaction access, no config changes, no token reveal. Granular 69-permission RBAC means you can carve out exactly what each team sees.

How long does a proof of concept take?