The root cause is rarely the upgrade itself. It is architectural debt, a hidden “upgrade tax” caused by technical shortcuts taken years earlier. In most cases, the break isn’t caused by SAP; it’s caused by years of Z-cloned apps, direct table reads, and UI logic built outside SAP’s supported frameworks. 

For a CIO this isn’t just a development hurdle, it is a governance failure that erodes the ROI of the entire S/4HANA business case.

What Actually Changes (The Technical Shift)

Upgrading S/4HANA is no longer a simple database refresh. The move to the latest releases involves fundamental shifts in how SAP handles the UI:

• SAPUI5 Evolution: SAPUI5 is now updated continuously. If your apps depend on internal methods, every upgrade becomes a regression event—not a routine patch.
• The OData v4 Leap: SAP is pivoting from OData v2 to v4. Custom extensions built on legacy v2 services often require significant rework or total rewrites to maintain performance and compatibility.
• Clean Core Contracts: SAP has formalized Tier 1 Extensibility (C1 Contracts). Apps that bypass these “released” APIs are essentially reaching into the S/4HANA “basement”—accessing data through unreleased paths that SAP feels no obligation to keep stable.

The Invisible Cost: Technical Debt is an AI Tax

We are entering the era of the “Autonomous Enterprise,” where SAP Joule and Generative AI assistants navigate the ERP for the user. However, AI assistants rely on standard metadata and released APIs to understand business context.

If your Fiori landscape is a web of “Z-clones” and non-standard controllers, you aren’t just breaking your next upgrade—you are “blinding” your future AI. An AI assistant cannot effectively provide insights on a custom-cloned app that doesn’t follow the SAPUI5 standard.

CIO Perspective: Cleaning the core isn’t just about maintenance; it’s about AI-Readiness. Every app you bring back to “Standard” or “Fiori Elements” is an app that can immediately leverage SAP’s multi-billion-dollar investment in Business AI.

The Strategic Path: Extension Governance

Extensibility must be architecture-governed, not developer-driven.

1. The “Golden Path”: Fiori Elements

Freestyle UI5 offers flexibility but maximizes fragility. Fiori Elements should be the default for 80% of use cases. They follow SAP design templates and are automatically aligned with the SAP lifecycle.

Value: Standardization ensures your UI evolves with SAP, not against it.

2. Tiered Extensibility (Key User Tools First)

Before writing code, teams must exhaust Key User Extensibility (Custom Fields and UI Adaptation). These are “upgrade-proof” because SAP owns the compatibility layer.

3. Lifecycle Decoupling: Side-by-Side on SAP BTP

The S/4HANA core is your “System of Record”—it should be stable and governed. Your BTP extensions are your “Systems of Innovation”—they must be agile.

Value: By moving high-change apps to BTP, you ensure that a UI update in a customer portal doesn’t require a full regression test of your entire Finance core.

Embedded vs. Side-by-Side: The Decision Matrix

A CIO Maturity Checklist: Are You Upgrade-Ready?

Before your next upgrade, assess your landscape maturity:

1. The “Clone” Count: How many standard SAP apps were copied to the Z-namespace? (Each is a liability).
2. API Health: What percentage of our custom code uses Tier 1 / Released APIs versus direct table access?
3. Governance Gate: Do we have an Extension Review Board, or is the developer deciding where the code lives?

Modernization Gap: Are we spending more than 30% of our upgrade budget simply “fixing” what we already built?

The Strategic Message

The question for your leadership team is no longer: “Can we build this?” The question is: “Can we upgrade this safely in three years?”Clean Core is not about technical purity; it is a cost-containment strategy. Organizations that treat extension design as a strategic architectural decision will upgrade faster, innovate more safely, and stop paying the “upgrade tax” that stalls digital transformation.

About the Author

José López is a senior SAP technology leader with 20+ years of experience managing and optimizing mission-critical SAP environments. As Principal Director of SAP AMS, he leads end-to-end service delivery for large, complex SAP landscapes.

This is where Tanium stands out. 

Often called the Endpoint Management and Security Platform, Tanium delivers  something most tools can’t: true real-time visibility and control across every  endpoint, even at massive scale. 

Tanium is an endpoint management and security platform designed to give IT  operations and security teams comprehensive, real-time endpoint visibility,  instant data collection measured in seconds rather than hours or days, fast  patching and configuration changes, and effective threat detection and response.  Tanium also enables unified operations and security workflows. What makes  Tanium unique is how it gathers data and issues instructions across endpoints. Instead of relying on heavy servers or expensive infrastructure, Tanium uses a  linear peer-to-peer (P2P) communication model that scales extremely efficiently  across large and distributed environments. 

Tanium uses a modern, distributed architecture built around two core  components: Tanium Server and Tanium Clients (installed on endpoints). 

Optionally, you can also have Module Servers, Zone Servers (for segmented  networks), and if you’re using the SaaS version, Tanium Cloud.

Tanium Server- The Brain of the Platform

The Tanium Server is the central controller. It performs many tasks including  authentication and user access, storing results from endpoints, distributing  instruction (called “questions”), and managing modules such as Patch, Discover,  Comply and Threat Response. The Tanium Server also controls the  communication between the console and all endpoints. However, the Tanium  Server does not hammer endpoints directly, that’s the secret to scalability. 

Tanium Clients- Installed on Each Endpoint

Every managed device, Windows, macOS, and Linux, gets a Tanium Client  installed. The client is extremely lightweight, with a tiny footprint and low CPU. 

However, it’s not to be underestimated. The client handles many important tasks  such as responding to questions, executing actions/patches, forwarding data to  the next client in the chain, and maintaining a secure communication channel.  While all of this is impressive, the magic is in how the clients communicate with  one another. 

The Linear Peer-to-Peer (P2P) Chain

The peer-to-peer chain is Tanium’s patented architecture and is the reason the platform scales to hundreds of thousands of endpoints. The first step in the process is when clients on the same server form a logical chain. The server then sends a question to the first client in the chain. It answers the question, appends its answer, and forwards the question and all collected answers to the next client. The last client in the chain returns the full dataset to the server and awaits its next question.

This peer-to-peer communication is very powerful as it allows near real time results, often under five seconds. Additionally, it allows for minimal server load, doesn’t depend on heavy scanning, and reduces WAN traffic. It is also extremely efficient on large networks, making it ideal for companies of all sizes. The P2P chain is the primary differentiator that traditional tools like SCCM, BigFix, JAMF, etc., do not replicate in the same amount of time. Traditional tools rely on hub-and-spoke models that depend on multiple infrastructure components, resulting in slower data collection and higher operational overhead.

Tanium Modules

Tanium becomes extremely powerful when you activate modules:

• Tanium Discover – Find unmanaged devices
• Tanium Deploy – Software packaging & deployment
• Tanium Patch – OS patching
• Tanium Enforce – Policy + hardening
• Tanium Comply – Vulnerability & compliance scanning
• Tanium Trends – Dashboards & analytics
• Tanium Threat Response – DFIR, EDR capabilities

Modules run on top of the core platform but leverage the same real-time data and P2P communication.

Optional: Zone Servers

Zone servers act as communication proxies for DMZ environments, highly  segmented networks, and remote branches with limited connectivity. They relay  traffic between clients and the Tanium Server without breaking the P2P chain  model. 

But why does Tanium’s Architecture matter? Traditional endpoints require bulky  and outdated tools such as multiple DPs, MPs, SUPs, (SCCM), scanning engines,  network-heavy collections, high server counts, and slow agent wakeups. On the  other hand, Tanium’s modern architecture requires only a single Tanium Sever (or  a pair for HA), Tanium Clients on endpoints, and optionally one Tanium Module  Server. 

That’s it.

This simplicity leads to faster detection of vulnerabilities, complete endpoint  inventory in seconds, lower infrastructure cost, and overall better reliability  across distributed networks.

Apiphani engineers attended AWS re:Invent 2025 to assess what these changes mean for enterprises running complex, mission-critical environments. Rather than cataloging product announcements, we focused on identifying the structural shifts behind them.

Four themes stood out.

1. AWS Is Moving from AI Tools to Autonomous Operations

Across re:Invent 2025, AWS demonstrated a decisive move beyond generative AI assistants toward agentic AI (autonomous agents capable of executing operational tasks across development, infrastructure, and security). Announcements such as Bedrock AgentCore, AWS DevOps and Security Agents, and autonomous software development agents all reinforced the same direction: AI is becoming an active participant in operations, not just an advisory layer.

This represents a meaningful shift for enterprise IT. Incident detection, root-cause analysis, and remediation are no longer envisioned as purely human-driven workflows. Instead, AWS is embedding operational intelligence directly into the platform (as is apiphani), with agents designed to persist, learn, and act across systems.

For enterprises, this challenges traditional support models built around tiered escalation, manual triage, and institutional knowledge concentrated in a small number of senior engineers. Over time, organizations that successfully operationalize autonomous capabilities should see fewer incidents, faster resolution, and less operational noise — while those that don’t may struggle to keep pace with growing system complexity. 

2. Cost Optimization Is Becoming a Native Cloud Capability

Another clear emphasis at re:Invent 2025 was cost. AWS introduced new Database Savings Plans, AI-driven cost forecasting, and expanded automation across storage tiering and resource optimization. Collectively, these announcements signal that AWS is moving cost management closer to the infrastructure and runtime layers of the platform.

The implication is significant: cost optimization is no longer positioned as a separate FinOps function or a retrospective reporting exercise. Instead, it is becoming a real-time architectural and operational concern, informed by usage patterns, system behavior, and predictive models.

For enterprise IT leaders, this increases the need for tighter alignment between finance, architecture, and operations. As environments become more automated and dynamic, manual cost controls and disconnected tooling will become increasingly ineffective. The organizations that succeed will be those that design cost awareness directly into how systems are built and operated.

3. Serverless and Traditional Compute Are Converging

AWS also continued to blur the line between serverless and traditional compute. Enhancements such as Lambda Durable Functions, Lambda Managed Instances, and next-generation Graviton processors point toward a convergence of execution models.

Long-running, stateful workloads can now leverage serverless patterns without sacrificing predictability or performance. At the same time, AWS is assuming more responsibility for availability, scaling, and infrastructure management.

For enterprises, this changes the nature of architectural decisions. The question is no longer simply “serverless versus servers,” but where operational responsibility should live, with application teams, internal platform teams, or the cloud provider itself.

This convergence creates opportunities to reduce operational overhead, but it also raises the bar for design discipline. Poorly architected applications will surface performance and cost issues faster than ever in highly automated environments.

4. Regulated and Hybrid Environments Are Now First-Class Design Targets

Finally, AWS made it clear that regulated, sovereign, and hybrid environments are no longer edge cases. Announcements related to AWS AI Factories, expanded hybrid capabilities, and deeper governance and security integration signal a deliberate investment in supporting industries with strict compliance, residency, and operational control requirements.

This marks an important inflection point for enterprises that have delayed modernization due to regulatory constraints. AWS is signaling that hybrid and on-premises deployments are not temporary compromises; they are strategic architectures that will continue to evolve alongside public cloud services.

For regulated enterprises, the challenge will shift from whether modernization is possible to how automation and AI can be introduced responsibly without increasing operational or compliance risk. Success will depend less on technology adoption and more on operational maturity.

Evolution of Enterprise IT Operations

Looking Ahead

Across these themes, one message from AWS re:Invent 2025 was consistent: the future of enterprise IT is autonomous, cost-aware, and deeply embedded into the operational fabric of the platform.

The organizations that benefit most will NOT be those that adopt the most services, but those that can operationalize automation, governance, and cost control across complex, mission-critical environments intentionally and responsibly.

But recent events have proven otherwise. The AWS outage of October 20th disrupted thousands of businesses worldwide due to a single DNS resolution failure in the DynamoDB API for the US-EAST-1 region. That single point of failure rippled through global operations and its effects are still being felt.

The very next week, a global outage triggered by an “inadvertent configuration change” crippled Azure Front Door and associated platforms, including Microsoft 365, Minecraft, and Xbox Network. And in June of this year, Google Cloud went down taking Spotify, Snapchat, and Fitbit with it—for hours.

Collectively, these interruptions are estimated to have cost billions.

The most desired measure of system availability is the Five Nines, meaning a system or application is available and operational 99.999% of the time. That’s about five minutes and fifteen seconds of downtime per year or, if you like, 43 seconds per month. But this level of availability was never a guarantee from the hyperscalers.

Recent events show that even Four Nines (less than an hour of downtime per year) may be out of reach for hyperscalers. Cloud infrastructure after all is rented, not owned. Customers have no control over availability of the underlying systems; they can only trust that their cloud providers uphold the promise of resilience.

For many years, continuous-availability architectures (zero planned downtime plus highly resilient failover) have been the domain of mission-critical, on-prem systems like stock exchanges, telecom networks, and 911 emergency services.

Cloud computing hasn’t yet been able to reach that bar.

As more organizations move mission-critical workloads off-prem, CIOs are being forced to reevaluate risk. The assumption that cloud equals continuity has eroded. Now, the question isn’t whether to move, but how to do it safely.

The path forward starts with visibility. 

Enterprises should run an assessment of their cloud environments to uncover weaknesses in reliability, cost efficiency, and security posture. A well-executed architectural review identifies single points of failure, quantifies exposure, and helps balance performance with cost and resilience. The goal: Restore confidence in cloud operations by designing for availability, not just assuming it.

If your organization depends on continuous uptime, now is the time to take a closer look at what “resilient” really means in the cloud era. Start by assessing where your risk lives and what’s within your control.

About the Author

Mark Kujawski is a Principal Director at apiphani. He leads the company’s Advisory Strategy Practice.

SAP S/4HANA 2023 marks a decisive step toward the intelligent enterprise vision. Beyond being another technical upgrade, it delivers a platform where automation, embedded analytics, and AI-driven decision support come together to simplify operations and improve business outcomes.

1. Smarter Processes Through Automation

SAP has expanded automation capabilities across core business functions, eliminating repetitive tasks and enabling continuous operations. Here’s how.

SAP Build Process Automation Integration

S/4HANA 2023 integrates natively with SAP Build Process Automation (BPA) on SAP BTP, allowing customers to design low-code bots that execute SAP transactions, validate data, and trigger workflow approvals. Examples include automatic journal posting approvals, purchase order release workflows, and background invoice verifications.

Situation-Handling Enhancements

New Situation-Handling Templates automatically alert users when events deviate from expected business rules, such as delayed production orders, migration job failures, or overdue inspections. This enables the following proactive response model: The system detects, informs, and suggests corrective actions before users notice an issue.

Predictive and Preventive Maintenance

Manufacturing and supply-chain processes now benefit from machine-learning models embedded in S/4HANA 2023 that forecast equipment failures or quality issues. SAP calls this Predictive Quality Inspection — leveraging HANA ML and AI Core services. This brings true autonomous maintenance closer to reality.

2. AI and Machine Learning in Core Finance

Financial departments gain from the following intelligent features that reduce manual reconciliation and speed up close cycles:

• Machine-Learning Intercompany Reconciliation (ICR): Automatically detects and proposes matches for cross-company postings.
• Predictive Cash Flow Forecasting: Learns from historical patterns to estimate future liquidity positions.
• Smart Accruals and Automated Adjustments: Rules and ML-based triggers generate accrual postings automatically.

Together, these features redefine the Finance function as data-driven and exception-managed, rather than transaction-driven.

3. Embedded Analytics and Citizen Reporting

The 2023 release brings a new level of flexibility in embedded analytics:

• Drag-and-drop measure ordering, autofill capabilities, and bookmark sharing in the multidimensional grid.
• The “Manage KPIs and Reports” app now allows business users to create and publish analytical apps without developer help.
• PDF export and transportable bookmarks streamline management reporting.

This self-service analytics experience reduces dependency on IT, empowering functional users to become citizen analysts.

4. Governance, Security, and Master Data Intelligence

Data privacy and compliance remain a cornerstone. The new Business Partner Data Controller concept within S/4HANA 2023 introduces up to 10 controllers per record with new authorization objects for fine-grained data governance (B_BUP_DCPA, B_BUP_DCPD).

For master data synchronization, SAP Master Data Integration (MDI) enables federated governance across S/4HANA, Ariba, Concur, and SuccessFactors — a key step toward enterprise-wide data harmonization.

5. Connected Work Experiences

SAP continues bridging business processes with collaboration tools. Examples include:

• Native Microsoft Teams integration, which brings chat, file sharing, and approvals directly into Fiori apps.
• SAP Concur integration, which automates expense reconciliation and approval chains.
• Unified Attachment Service, which allows versioning, line-item attachments, and Outlook shortcuts — reducing manual document management.

The result: A connected, collaborative user experience that blends ERP transactions with modern workplace tools.

6. User Experience and Fiori 3.0 Evolution

With S/4HANA 2023, SAP further refines the Fiori 3.0 Quartz theme, improving accessibility, personalization, and tile organization.

Users can now reorder measures, create favorites, and personalize spaces according to their daily tasks. The interface feels faster, cleaner, and more consistent, which is key for adoption success.

7. Why Version 2023 Matters

S/4HANA systems running on versions 2020 or 2021 will reach end of mainstream maintenance in 2026. Upgrading to S/4HANA 2023 not only extends support but also delivers immediate value in the following ways:

• Reduced manual effort via automation
• Predictive insights embedded in business processes
• Stronger security and compliance posture
• Seamless integration with BTP automation and analytics services

8. Apiphani’s Perspective

At apiphani, we see S/4HANA 2023 as the turning point between digital core modernization and intelligent enterprise enablement.

Our AMS and BASIS teams are already helping customers upgrade to 2023 FPS03, implementing automation use cases in Finance, Supply Chain, and Basis operations (e.g., automated transport handling, archiving, and health monitoring via SAP Build).

The message to our clients is clear. Don’t treat your upgrade as a technical event. Make it a foundation for automation and intelligence.

Final Thoughts

SAP S/4HANA 2023 is more than a version update. It’s a shift toward autonomous ERP operations. By leveraging embedded AI, predictive analytics, and low-code automation, organizations can move from reactive management to proactive optimization.

If you’re still on an earlier release, the upgrade path to 2023 isn’t only about compatibility, it’s about capability.

About the Author

José López is a senior SAP technology leader with 20+ years of experience managing and optimizing mission-critical SAP environments. As Principal Director of SAP AMS, he leads end-to-end service delivery for large, complex SAP landscapes.

SAP’s new Business Data Cloud (BDC) is designed to change that. By centralizing and streamlining the way organizations collect, process, and leverage information, BDC promises to transform data into actionable insights.

Instead of wrestling with manual extraction and siloed reporting, executives gain real-time visibility that drives sharper decisions, greater efficiency, and stronger compliance — all within the SAP ecosystem.

For business leaders, this isn’t just another IT feature. It’s a strategic enabler. Whether optimizing financial planning, enhancing supply chain visibility, or strengthening risk management, SAP Business Data Cloud offers an automated, intelligent approach to data.

Why Effective Data Collection Matters

Data is one of the most valuable assets in the modern enterprise — but only if it’s accessible, accurate, and timely. Too often, executives rely on information that is incomplete, inconsistent, or slow in terms of when it becomes available for use. The risks are real and include siloed insights, manual errors, compliance blind spots, and costly inefficiencies.

But when organizations can automate data collection and produce a unified view that offers meaningful insights, they unlock the following business value:

• Real-Time Decision Support – Confident responses to fast-changing markets.
• Operational Efficiency – Less manual work, fewer errors, faster reporting.
• Risk Mitigation & Compliance – Stronger governance and transparency.
• Competitive Advantage – Optimized performance and new revenue opportunities.

The question isn’t whether data collection is important — it’s whether your organization is doing it effectively.

At apiphani, we’ve long recognized the power of data. Our Managed Data Pipelines were built to help organizations unlock hidden value, reframe how they think about data, and generate meaningful business impact.

Real-World Impact

The benefit to companies isn’t just theoretical. It’s real. And it’s measurable.

Recently, Apiphani partnered with Power Systems Manufacturing (PSM) to implement data pipelines that enabled data-driven operations at scale. The result? Tangible improvements in agility, reporting, and executive decision-making for the company. Read more about our method and results here.

Data Agility as a Competitive Advantage

In a digital economy, data agility separates leaders from laggards. Raw data alone isn’t enough. Without scalable pipelines and real-time insights, even the richest information loses impact.

Executives who prioritize automated, intelligent data strategies aren’t just improving efficiency. They’re creating organizations that can adapt faster, outpace competitors, and make smarter decisions today — and tomorrow.

SAP BDC adoption will evolve, but one thing is clear: Success will hinge on how effectively organizations turn raw data into intelligence. The real question is… is your business set up to do it better, faster, and smarter?

About the Author

Tyler Constable is Principal Director of Solutions Engineering at apiphani. He has extensive expertise with SAP, cloud infrastructure, and cloud security. He is an SAP ASUG member and frequently presents at various SAP events. Tyler resides in Milwaukee, Wisconsin.

As AI continues to evolve, a new paradigm is taking shape: Agentic AI – autonomous, goal-seeking software agents capable of making complex decisions and acting without human intervention. In enterprise IT, particularly in SAP landscapes and legacy IT systems, the rise of Agentic AI offers immense potential – but also new layers of complexity.

Agentic vs. Generative AI

Unlike traditional AI models that reactively generate output when prompted, agentic AI exhibits autonomous behavior, operates according to defined goals, and dynamically adapts to new context. 

It can learn, decide, and act independently. Imagine an AI agent that not only identifies underperforming SAP jobs but also initiates remediation, informs stakeholders, and continuously fine-tunes future execution paths – autonomously.

Unfortunately Enterprise IT Isn’t Built for Autonomous Agents

Enterprise environments, especially SAP and hybrid legacy systems, are not built for autonomous agents. These are some of the top SAP challenges:

• Fragmented architectures across modules and middleware
• Limited visibility in on-premises or hybrid deployments
• Governance models that restrict unsupervised automation
• High-risk thresholds tied to financial and operational outcomes

Legacy systems add even more friction with outdated APIs, undocumented processes, and tightly coupled workflows.

How to Lay the Groundwork for Agentic AI

Adopting Agentic AI isn’t just about implementing new technology, it’s about ensuring your IT environment is ready for autonomous agents to operate safely, effectively, and in alignment with business goals. Whether you manage SAP systems, hybrid clouds, or legacy applications, preparing for this shift requires a few foundational steps.

1. Move Beyond Traditional Monitoring to End-to-End Observability

Most companies already use application or infrastructure monitoring, but these tools often operate in silos and provide limited business context. To fully enable AI agents, organizations need end-to-end observability – a holistic view that combines data across infrastructure, applications, and processes into meaningful, actionable insights.

• Ask yourself: Can you quickly connect a technical failure to its business impact?
• Are your monitoring systems predictive, or do they only react once an issue occurs?

2. Build an Agent-Ready Architecture

AI agents thrive in environments where systems are modular, event-driven, and connected. This means creating flexible APIs, modernizing middleware, and ensuring that hybrid or cloud environments can interact seamlessly.

• Consider adopting containerized APIs and event-driven triggers to create an adaptable foundation.
• Ensure your architecture supports integration with next-gen platforms like SAP Business Technology Platform (BTP).

3. Establish Guardrails for Autonomy

Autonomy without oversight is risky. As companies explore Agentic AI, it’s critical to set governance frameworks that balance independence with control.

• Define approval workflows, SLA-aware policies, and audit trails to prevent AI agents from taking unapproved actions.
• Treat AI governance as you would cybersecurity, as an integral layer of trust and accountability.

4. Modernize Legacy Systems Incrementally

Legacy applications often pose the greatest challenge for agentic AI adoption due to outdated APIs and tightly coupled workflows. Instead of “rip-and-replace” projects, organizations can encapsulate legacy processes into smaller, service-oriented units that are easier for AI agents to monitor and eventually control.

• Start by identifying high-value processes where automation can deliver quick wins.
• Use service wrappers or API layers to make legacy systems more “AI-ready” without full-scale modernization.

Why This Matters

These steps aren’t just technical best practices, they’re prerequisites for realizing the value of Agentic AI. 

Companies that invest now in visibility, architecture, and governance will be positioned to leverage AI agents not only for efficiency but also for proactive decision-making and risk reduction.

Emerging Use Cases for Agentic AI Show Promise

Early, real-world use cases for agentic AI in enterprise environments show promise and include:

• Automatically resolving SAP job failures by adjusting scheduling and priority
• Dynamically adjusting system resource allocations based on forecasted demand
• Making proactive role and authorization updates triggered by anomalous access behavior
• Conducting service mapping in legacy systems to support zero-trust and compliance needs

The Agentic Frontier

The convergence of Agentic AI with SAP and legacy systems represents a pivotal shift. Companies that embrace it gain a strategic edge in agility, efficiency, and risk mitigation. However, the path forward demands a thoughtful balance of autonomy and control.

Want to explore practical strategies for preparing your enterprise systems for Agentic AI? Stay tuned for upcoming insights on implementation best practices.

About the author: Ravinder Sokhi is a Principal Director at apiphani. He builds high-performing teams that excel in delivering mission-critical IT solutions globally. He also delivers large-scale cloud computing migrations and transformations.

Authors:
Lori Meyer, Cloud Systems Administrator (Linux), apiphani
Victor Forsythe, Senior Systems Developer, apiphani

For organizations running Red Hat Enterprise Linux (RHEL), regular patching cycles—monthly or quarterly—are essential for maintaining security, performance, and compliance. 

In large-scale environments, however, this routine task can escalate into a serious operational challenge. At scale (100+ servers), a single patching window can stretch beyond 6 hours, especially when kernel upgrades, STIG hardening, and point-in-time data collection are involved. 

These extended maintenance windows can introduce tool-availability issues and even trigger downtime, potentially affecting business continuity. Minimize or avoid these challenges with smart tuning of Ansible – our open-source automation tool of choice.

The Objective: Fast, Scalable, and Secure Patching

Meeting SLAs across a diverse infrastructure, while minimizing downtime, requires a smarter approach to orchestration. We implemented targeted Ansible performance parameters to streamline operations without compromising control or security.

The results were compelling: A 20–36% reduction in patch duration across customer environments.

Key Ansible Tuning Parameters and Their Impact

These are the specific configurations we adopted, including performance insights from real-world use.

1. strategy = free

What it does: Enables hosts to execute tasks independently rather than synchronizing, step-by-step, across all nodes.

Why it matters: Slower hosts won’t impede or hold back faster ones. This asynchronous execution shortens overall job duration in mixed-performance environments.

2. pipelining = true

What it does: Consolidates SSH operations to reduce connection overhead.

Why it matters: Reuses existing SSH sessions instead of opening new ones for each task, saving time and resources.

Important: Ensure that /etc/sudoers does not include requiretty; otherwise, pipelining will fail. Note that some enterprise environments may restrict pipelining due to security policies.

3. ansible_ssh_common_args = ‘-o ServerAliveInterval=60 -o ServerAliveCountMax=10’

What it does: Maintains SSH session persistence during long or idle operations.

Why it matters: Helps maintain stable connections during long-running tasks—such as kernel upgrades or log collection—particularly in high-latency or low-activity environments.

• ServerAliveInterval=60: Sends a keep-alive every 60 seconds
• ServerAliveCountMax=10: Drops the connection after 10 failed attempts (i.e., ~10 minutes)

4. ansible_forks = 20

What it does: Sets the number of parallel worker processes that Ansible uses to execute tasks.

Why it matters: Dramatically accelerates throughput in large environments because more forks equal more tasks running concurrently. 

Tuning Tip: Start with 10 –20 forks. Scale based on your control node’s CPU and RAM. Over-provisioning may degrade performance on under-powered systems.

5. ansible_ssh_args = ‘-o ControlMaster=auto -o ControlPersist=60s’

What it does: Enables SSH multiplexing to reuse a single connection for multiple tasks.

Why it matters: Reduces the cost of repeatedly opening and closing SSH sessions, which is especially beneficial for task-heavy playbooks targeting the same hosts.

• ControlPersist=60s: Keeps connections alive for reuse within a 60-second window
• Configurable: For playbooks with longer gaps between tasks, consider increasing to 120 – 300 seconds.

Key Results

After optimizing these Ansible parameters, our clients experienced the following benefits:

• 20–36% reduction in patching duration
• Fewer service interruptions during maintenance windows
• No SSH timeouts during long-running tasks
• More predictable and reliable compliance processes

Final Thoughts

Automation is powerful, but only when properly tuned to fit your scale and operational needs. These simple Ansible optimizations deliver measurable value in mission-critical RHEL environments.

If you are wrestling with long patch windows or irregular automation behavior, implement these tuning parameters. Your servers – and your SLAs – will thank you.

About The Authors

Lori Meyer is a Cloud Systems Administrator at apiphani and a military veteran. Her 10 years of IT experience include roles at Intel and VMware, as well as multiple certifications in AI, Cloud Computing, Cloud-Native Linux Administration, ITIL, Security, and SysOps.

Victor Forsythe is a Senior Systems Developer at apiphani. He is a certified AWS Solution Architect and Linux Foundation Certified SysAdmin. He is known for his deep experience in Linux, cloud infrastructure (AWS), automation (Ansible), Bash, Docker, and Git. 

Authors:
James Kendrick, Principal Director, Professional Services, apiphani
Duane Tomlinson, Data Success Manager, Atlan

Data informs nearly all business decisions and is the main driver of company innovation. A 2025 Gartner poll found that 89% of CEO and senior business executives say effective data, analytics, and AI governance is essential for enabling business and technology innovation. Yet, many organizations have neither a data strategy nor a data governance program in place. 

Recipe for Data Success

Implementing a data strategy and governance program doesn’t happen overnight. Companies that rush into it often lack a clear vision and goals for their data. Without these, and without a plan for broadly communicating the strategic importance of your data program – and its critical success factors – you may be putting the program’s success at risk. 

In an informed organization, everyone understands why data strategy and governance are important. They also know their role in its implementation and have been educated on the end benefits. Conversely, poor communication creates confusion between the data strategy designers and those involved in its execution. This confusion wastes time, can be hard to recover from, and puts your whole data program at risk.

How to Implement a Data Strategy & Governance Program

Apiphani worked with Atlan, a leading active metadata platform and a modern data collaboration workspace, to create a combined human / technical environment for our client, a global manufacturer of innovative gas turbine components used by the clean energy industry.

Our objective was to instill data as a critical part of the client’s evolving digital culture. Together, we implemented a catalog and governance program for data product assets that were classified into 10 data domains. This gives our client the ability to sustain value at scale, as new and evolving data products are continually developed.

In this article, we share what we learned from our experience and explore a framework that includes the five steps necessary to achieve a data governance program, in motion, that fits your company’s culture.

Step 1: Set Context for Governance Over the Expansive Use of Data

The success of any initiative depends on how well it’s executed. A clear vision with well-defined goals and outcomes are a critical success factor. 

Successful organizations start by engaging a data champion who can advocate for expanding the role of data in driving successful business outcomes. Next they involve key business leaders who either have a need for specific data, or who have already requested specific data to drive better business outcomes. 

Engaging with these leaders uncovers opportunities to use data more expansively. Understanding their business challenges is also necessary. What’s preventing them from leveraging specific data for key business decisions? Difficulty extracting it from its current source? Lack of a “single source of truth”? Finding the answer begins to lay the foundation of the value of data governance. 

Once you involve the right business leaders, identify the following information:

1. Specific data opportunities, data challenges, data initiatives, or compelling events
2. Current state of data strategy and progress in advancing data usage
3. Current data and analytics environment, including its strengths and weaknesses
4. Data domains and data products around which to organize the future state 

Often, we see the initial data governance effort tied to retroactive governance. This means there has been an initial push on the existing data within the organization, and there has been some effort to enrich this data and then drive awareness of the enhanced discoverability of the data, considering “Enabling Self-Service” complete. 

What’s often forgotten are the future-state human behaviors that must be adopted to ensure the data enrichment is proactively embedded within the organization’s business processes. Ask these questions:

• What is the operating model? 
• What are the governance priorities for data domains and products? 
• What will the beneficiary’s workflow look like? 

These are all considerations to ensure retroactive work becomes proactive in the future.

Step 2: Formulate and Align Around a Governance Scope

Next, formulate a data governance program to match the current state. It may change or expand over time in accordance with data’s expanding role in driving successful business outcomes (see Step 1).

Start scoping by evaluating and understanding the current state and goals of the business in the context of the following five pillars of expansive use of data:

As a workshop speaker, I had the privilege of leading a session titled “Private, Secure and Custom AI Assistant Using LLMs, WebUI, with RAG for Cyber Applications”. The session focused on a step-by-step approach to building a private, self-hosted artificial intelligence (AI) solution using open-source large language models (LLMs) and Open WebUI, enabling organizations to deploy powerful AI without compromising sensitive information. I left the session inspired by the sharp minds in the room, eager to learn and contribute to shaping the future of cybersecurity using AI. In this blog, I’ll recap highlights of the event as well as my top takeaways from WiCyS 2025 as there were many lessons learned that can be applied throughout the industry.

Event Highlights

Recognizing the need for broader accessibility, WiCyS introduced a virtual component to the 2025 conference. The virtual event held April 9–10, featured unique presentations and an International Virtual Career Fair, allowing participants worldwide to engage with the content. This hybrid approach ensured that more individuals could benefit from the conference’s offerings, regardless of their ability to attend in person. 

A highlight of the event was the keynote delivered by Bloomberg’s Mansi Chaturvedi titled, “Advice for my younger self: embracing change and finding confidence”. Chaturvedi emphasized how she was nurtured, encouraged, and valued by the top management team at Bloomberg. She was required to lead and develop in a role that was not particularly her major area of strength. She challenged herself to brace for the challenges and became very successful with the support of her team and even the company’s CEO.

My Top Takeaways From WiCyS 2025

1. The Power of Representation and Mentorship

WiCyS continues to lead the way in building an inclusive space for women and underrepresented groups in cybersecurity. What stood out most was the genuine commitment from attendees, sponsors, and organizers to not only open doors but hold them open for others. From the career fair booths to lightning talks, the focus on mentorship and professional development was incredible.

2. Collaboration Over Competition

My workshop turned into a two-way learning session. I met students, early-career professionals, and veterans in the field, all exchanging ideas freely. The conference buzzed with cross-disciplinary collaboration — bringing together academia, industry, and government in powerful ways. It was a reminder that our greatest advances in cybersecurity will come when we break silos and work together.

3. Innovation Needs Inclusion

Many of the keynote speakers and panelists reinforced a message I deeply resonate with: “inclusion and collaboration fuels innovation”. From discussions on securing AI systems to talks on building secure open-source ecosystems, WiCyS 2025 showcased how diversity of thought is essential to tackling complex cybersecurity challenges.

Looking Ahead

As someone who has spoken at different technical events, WiCyS 2025 stands out for its heart. It’s not just about knowledge-sharing — it’s about building community and empowering people to grow, lead, and make an impact.

I’m proud to have been part of this year’s conference and I’m already looking forward to what the WiCyS community will do next.

Whether you attended in person, tuned in virtually, or are just hearing about WiCyS now — know this: there’s a place for you in cybersecurity. And communities like WiCyS are here to help you thrive.

Stay curious, stay bold, and stay connected.