7/21/2019 SAP HCP Cloud Connector.ppt
1/22
SAP HANA Cloud Connector
Prasenjit Paul
7/21/2019 SAP HCP Cloud Connector.ppt
2/22
Agenda
1. What is SAP HANA Cloud Connector ?
2. Advantages of SAP HANA Cloud Connector.
3. Architecture : Connecting Cloud Applications to n!Pre"ise S#ste"
$. %nstall SAP HANA Cloud Connector
&. Setup initial con'guration of SAP HANA Cloud Connector.
(. Connect n Pre"ise S#ste" fro" SAP HANA Cloud via H))P.
7/21/2019 SAP HCP Cloud Connector.ppt
3/22
SAP HANA Cloud connector serves as te lin! "et#een on$de%and applications in SAP HANA Cle'istin( on$pre%ise s)ste%s*
It co%"ines an eas) setup #it a clear con&i(uration o& te s)ste%s tat are e'posed to SAP HAN
In addition+ te resources, availa"ilit) can "e controlled &or te cloud applications in tose s)ste%s
-e Cloud connector runs as on$pre%ise a(ent in a secured net#or! and acts as a reverse invo!ete on$pre%ise net#or! and SAP HANA Cloud Plat&or%*
.ue to its reverse invo!e support+ don,t need to con&i(ure te on$pre%ise &ire#all to allo# e'terna
cloud to internal s)ste%s* -e Cloud connector provides &ine$(rained control over/
n$pre%ise s)ste%s and resources tat sall "e accessi"le ") cloud applic
loud applications tat sall %a!e use o& te Cloud connector*
Cloud connector can "e used in "usiness critical enterprise scenarios* -e tool ta!es care to autoesta"lis "ro!en connections+ provides audit lo((in( o& te in"ound tra&&ic and con&i(uration can(run in a i($availa"ilit) setup*
What is SAP HANA Cloud Connector ?
7/21/2019 SAP HCP Cloud Connector.ppt
4/22
Co%pared to te approac o& openin( ports in te &ire#all and usin( reverse pro'ies in te .M to es
on$pre%ise s)ste%s+ te Cloud connector as te &ollo#in( advanta(es/
-e &ire#all o& te on$pre%ise net#or! does not ave to open an in"ound port to esta"lis connecti
HANA Cloud Plat&or% to an on$pre%ise s)ste%* In te case o& allo#ed out"ound connections+ no %o
re3uired*
-e Cloud connector supports additional protocols+ apart &ro% H--P* or e'a%ple+ te 5C protoc
access to ABAP s)ste%s ") invo!in( &unction %odules*
-e Cloud connector can "e used to connect on$pre%ise data"ase+ or BI tools to SAP HANA data"
-at %eans+ it also supports te opposite connection direction 6&ro% te on$pre%ise s)ste% to te clo
-e Cloud connector allo#s propa(atin( identit) o& cloud users to on$pre%ise s)ste%s in a secure
-e Cloud connector is eas) to install and con&i(ure+ tat is+ it co%es #it a lo# -C and &its #ell to
SAP provides standard support &or it*
Advantages of SAP HANA Cloud Connector
7/21/2019 SAP HCP Cloud Connector.ppt
5/22
Architecture : Connecting Cloud Applications to n!Pre"ise S#ste"s
7/21/2019 SAP HCP Cloud Connector.ppt
6/22
%nstall SAP HANA Cloud Connector on *icrosoft Windo+s S
Prerequisites
.o#nloaded eiter te IP arcive or te MSI installer*Install Microso&t 8isual Studio C99 2010 runti%e li"raries*Install :ava ; or :ava < or use sapjv% :.=
Procedure
Developer Scenario
i*>'tract te ?sapcc$?version@$#indo#s$';4*ip@ IP &ile to an ar"itrar) director) on )our local &ile s)ste%
ii*Can(e to tis director) and start Cloud connector 2*' via te (o*"at "atc &ile*
iii*Continue #it te Ne't Steps section*Productive ScenarioInstall ") dou"le$clic!in( on installer*Continue #it te Ne't Steps section*Next Steps
In a browser, enter: https://:8443, where is the host name of the machine on
have insta""ed the #"o!d connector. If o! access the #"o!d connector "oca"" from the same machine,
enter "oca"host.
7/21/2019 SAP HCP Cloud Connector.ppt
7/22
%nstall SAP HANA Cloud Connector
Initial Configuration
ollo#in( steps "elo# /
o( inCan(e )our pass#ordSet up para%eters and H--PS pro')>sta"lis connections to SAP HANA Cloud Plat&or%
Log in to the Cloud connector
In a e" "ro#ser+ enter/ ttps/DD?ostna%e@/?port@
6 note / E44F is de&ault port and use localost i&
url open in sa%e s)ste% #ere clouds connector is runnin( 7
or Gser Na%e D Pass#ord enter
Adinistrator ! anage 6case sensitive7*
Coose "et#een %aster and sado# installation* Gse Master
ttps/DDlocalost/E44F
7/21/2019 SAP HCP Cloud Connector.ppt
8/22
E
Change "our pass#ord
Can(e te pass#ord once lo(in &or &irst ti%e*
Pass#ord can "e can(ed a(ain Ad%inistrator user &ro% te
Settin(s %enu/
%nstall SAP HANA Cloud Connector , contd.. -
7/21/2019 SAP HCP Cloud Connector.ppt
9/22
%nstall SAP HANA Cloud Connector , contd.. -
A&ter &irst lo( on+ te Cloud connector collects te &ollo#in( re3uired
in&or%ation/
or andscape Host+ speci&) te SAP HANA Cloud Plat&or%
landscape tat sould "e used*
>nter re(istered Account Na%e+ Account Gser and Pass#ord+ o&
SAP HANA Cloud Plat&or%*
%ptiona"/ .e&ine a .ispla) Na%e+ #ic allo#s to easil) reco(nie
a speci&ic account
%ptiona"/ .e&ine a ocation I.+ #ic identi&ies te location o& tis
Cloud connector &or a speci&ic account
>nter pro') ost and port*
ptionall)/ Provide a .escription 6&ree$te't7 &or tis Cloud
connector instance*
coose Appl)*
7/21/2019 SAP HCP Cloud Connector.ppt
10/22
-o can(e pro') settin(s 6&or e'a%ple+ "ecause te co%pan)
&ire#all rules ave can(ed7+ coose te Settin(s %enu in te
upper ri(t corner* So%e pro') servers re3uire credentials &or
autentication* In tis case+ need to provide te relevant
userDpass#ord in&or%ation*
%nstall SAP HANA Cloud Connector , contd.. -
7/21/2019 SAP HCP Cloud Connector.ppt
11/22
-o can(e te description o& Cloud connector+ in te upper ri(t
corner coose Settin(s+ open te Connector In&o section and edit
te description
%nstall SAP HANA Cloud Connector , contd.. -
7/21/2019 SAP HCP Cloud Connector.ppt
12/22
-o can(e te description &or Cloud connector+ in te upper
ri(t corner coose Settin(s+ open te Connector In&o section
and edit te description*
%nstall SAP HANA Cloud Connector , contd.. -
7/21/2019 SAP HCP Cloud Connector.ppt
13/22
nce te initial setup as "een co%pleted success&ull)+
te tunnel to te cloud endpoint is open 6even tou( no
re3uests are allo#ed to pass until )ou ave co%pleted te
access control setup7*
Clic! on .isconnect "utton 6or te Connect "utton to
reconnect to SAP HANA Cloud Plat&or%7*
-e )ello# state icon and te te't indicates tat tere is
still no resource e'posed tat could "e used &ro% a cloud
application* -is re3uires additional con&i(uration+ #ic is
%entioned in te 5elated In&or%ation section*
%nstall SAP HANA Cloud Connector ! sta/lish connections to SAP HANA CPlatfor"
% t ll SAP HANA Cl d C t t /li h ti t SAP HANA C
7/21/2019 SAP HCP Cloud Connector.ppt
14/22
-e (reen icons ne't to andscape Host and H--PS
Pro') indicate tat te) "ot are valid and #or! properl)*
In case o& a ti%eout or a connectivit) issue+ te icon is
respectivel) )ello# 6#arnin(7 or red 6error7+ and a tooltip
displa)s te cause o& te pro"le%*
-e Account Gser is te user tat as ori(inall)
esta"lised te tunnel* .urin( a nor%al operation+ tis
user is no lon(er needed "ut so%e certi&icates+
e'can(ed durin( esta"lisin( a connection to an
account+ are used instead
%nstall SAP HANA Cloud Connector ! sta/lish connections to SAP HANA CPlatfor" , Contd.. -
7/21/2019 SAP HCP Cloud Connector.ppt
15/22
Cloud Connector: %nstallation of a S#ste" Certi'cate for *utual Authenti
I%port an *0J client certi&icate into te Cloud
connector*
-is s)ste% certi&icate needs to "e provided as
P=CSK12 &ile containin( te client certi&icate+ te
correspondin( private !e) and te CA root
certi&icate tat si(ned te client certi&icate 6plus
potentiall) te certi&icates o& an) inter%ediate
CAs+ i& te certi&icate cain is lon(er tan 27*
7/21/2019 SAP HCP Cloud Connector.ppt
16/22
1;
I&a s)ste% certi&icate as "een i%ported success&ull)+ its distin(uised na%e+ te na%e o& te issuer+ ante validit) dates are displa)ed/
Cloud Connector: %nstallation of a S#ste" Certi'cate for *utual Authenti
Cl d C C ' i A C l ,H))P-
7/21/2019 SAP HCP Cloud Connector.ppt
17/22
$xposing Intranet S"stes
-o allo# on$de%and applications to access a certain "ac!$end s)ste% on te intranet+ need to insert an e
Cloud connector access control %ana(e%ent*
Lo to te Access Control ta" pa(e*
Coose Add*
&ac'-end (pe/ Select te description tat "est %atces te addressed "ac!$end s)ste%* -is is i%po
%eterin( in&or%ation/ tunnel connections to an) !ind o& SAP s)ste% are &ree o& car(e+ #ile usin( te tu
to a non$SAP s)ste% costs a &ee* urter%ore+ it #ill de&ine+ #ic steps te #iard #ill o&&er and #ic v
)rotoco"/ -is &ield allo#s to decide #eter te Cloud connector sould use H--P or H--PS &or te c
"ac!$end s)ste%*o I& )ou speci&) H--PS and tere is a s)ste% certi&icate i%ported in te Cloud connector+ te latte
tat certi&icate &or per&or%in( a client$certi&icate$"ased lo(in to te "ac!$end s)ste%*o I& tere is no s)ste% certi&icate i%ported+ te Cloud connector opens an H--PS connection #ito
Cloud Connector: Con'guring Access Control ,H))P-
Cl d C t C ' i A C t l ,H))P-
7/21/2019 SAP HCP Cloud Connector.ppt
18/22
Interna" *ost and Interna" )ort specif the act!a" host and port !nder
which the tar+et sstem can be reached within the intranet.
irt!a" *ost specifies the host name exact" as it is specified as the
propert in the *(() destination confi+!ration in 01) *121
#"o!d )"atform.
)rincipa" (pe defines what 'ind of principa" is !sed when
confi+!rin+ a destination on the c"o!d side !sin+ this sstem
mappin+ with a!thentication tpe )rincipa" )ropa+ation.
(he s!mmar shows information abo!t the sstem to be stored
Cloud Connector: Con'guring Access Control ,H))P-
%ptiona": dit s!ch a sstem mappin+ via dit5 to ma'
connector ro!te the re!ests for sa"es-sstem.c"o!d:44
bac'-end sstem.
Clo d Connector Con'g ring Access Control ,H))P-
7/21/2019 SAP HCP Cloud Connector.ppt
19/22
Liiting the Accessi%le Services for H&&P'S(
In addition to a""owin+ access to a partic!"ar host and port, a"so
need to specif which paths eso!rces5 are a""owed to be
invo'ed on that host.(he #"o!d connector !ses ver strict white-"ists for its access
contro", so on" those s for which o! exp"icit" +ranted
access are a""owed.
1"" other *(()05 re!ests are denied b the #"o!d connector.(o define the permitted s eso!rces5 for a partic!"ar bac'-
end sstem, choose the "ine correspondin+ to that bac'-end
sstem.
1 dia"o+ appears promptin+ o! to enter the specific path
that o! want to a""ow to be invo'ed.
Cloud Connector: Con'guring Access Control ,H))P-
Cloud Connector: Con'guring Access Control ,H))P-
7/21/2019 SAP HCP Cloud Connector.ppt
20/22
*
$na%ling!Disa%ling )esources *n+the+,l"
In some cases, it is !sef!" for testin+ p!rposes to temporari" disab"e certain reso!rces witho!t havin+ to
de"ete them from the confi+!ration. (his a""ows !ser to easi" re-provide access to these reso!rces at a "a
point of time witho!t havin+ to tpe in everthin+ once a+ain.
(o disab"e a reso!rce, se"ect it and choose the 7isab"e b!tton:
(he traffic "i+ht t!rns red, and from now on, the #"o!d connector wi"" den a"" re!ests comin+ in for this
reso!rce.
(he traffic "i+ht t!rns red, and from now on, the #"o!d connector wi"" den a"" re!ests comin+ in for this
reso!rce. (o enab"e the reso!rce a+ain, se"ect it and choose the nab"e b!tton.
It is a"so possib"e to mar' m!"tip"e "ines and then to disab"e/enab"e a"" of them in one +o b c"ic'in+ the
nab"e/7isab"e b!ttons in the top row.
Cloud Connector: Con'guring Access Control ,H))P-
Cloud Connector: Con'guring Access Control ,H))P-
7/21/2019 SAP HCP Cloud Connector.ppt
21/22
21
$xaples-
Dprod!ction/acco!ntin+ and )ath on" s!b-paths are exc"!ded5 are se"ected. %n" re!ests of the for/prod!ction/acco!ntin+ or ( /prod!ction/acco!ntin+9name;va"!ename=;va"!e=... are a""owed.
rep"aced b )%0(, )(, 7(, and so on.5
/prod!ction/acco!ntin+ and )ath and a"" s!b-paths are se"ected. 1"" re!ests of the form ( /prod!c
p"!s-some-more-st!ff-here9name;va"!e... are a""owed.
/ and )ath and a"" s!b-paths are se"ected. 1"" re!ests to this server are a""owed.
Cloud Connector: Con'guring Access Control ,H))P-
7/21/2019 SAP HCP Cloud Connector.ppt
22/22