Hello,
In my previous blog post - I have described the end-to-end steps it takes to establish a live data connectivity between SAP Analytics Cloud and SAP Cloud Platform HANA database which runs on Neo Platform.
But now that the SAP Cloud Platform runs on Cloud Foundry - a few steps in the process would change as well as some new steps needs to performed.
So let's get started with the process:
Pre-requisites:
Image source: https://www.sapanalytics.cloud/learning/data-connections/
Let’s understand what is stored in SAC, The short answer is: metadata and only metadata. SAP Analytics Cloud stores queries for building the stories, measure names, columns names, filter values, and so on. Basically, the metadata lets SAP Analytics Cloud rebuild the query.
But none of the actual data, not even the query results or part of the results, such as totals, are saved to SAP Analytics Cloud. Metadata is transferred to your browser and encrypted in memory.
Build and Deploy HANA Analytic Adapter in CF:
HANA Analytic Adapter (HAA) is a multi-target application deployed in SAP Cloud Platform, Cloud Foundry to connect SAP Analytic Cloud and SAP HANA Service. Find below the steps to build and Deploy HANA Analytic adapter.
Prepare and build MTA- app(HAA)
Download HAA from git repository and extract:\HAA
Download Analytic Adapter
Download the latest version of Analytic Adapter for SAP HANA Extended Application Service Advance Model (HANA – XS Advance) from SAP Cloud Tools.
Extract the xsahaa and place it in the:\HAA\haa-java\target. Create target directory if it does not exist in haa-java.
MTA FILE:
ID: haa _schema-version: '2.0' version: 0.0.1
modules:
- name: haa-java type: java path: haa-java parameters:
memory: 1024M
buildpack: sap_java_buildpack properties:
TARGET_RUNTIME: tome
SAP_JWT_TRUST_ACL: '[{"clientid":"sb-xsahaa-be", "identityzone": "*"}]' JBP_CONFIG_RESOURCE_CONFIGURATION: "['tomee/webapps/ROOT/WEB-
INF/resources.xml': {'xsahaa-hdi-container':'<HDI_CONTAINER-NAME>'}]" USE_NAMED_USER: true
SECONDARY_ROUTING_PERCENT: 0
provides:
- name: haa-java
properties:
url: ${default-url}
requires:
- name: haa-uaa
- name: <HDI_CONTAINER-NAME>
- name: haa type: nodejs path: haa-entry parameters:
memory: 512M
buildpack: nodejs_buildpack requires:
- name: haa-uaa - name: haa-java
group: destinations properties:
name: haa-java
url: ~{url} forwardAuthToken: true timeout: 600000
properties:
CORS: '[{"uriPattern": "^/sap/bc/ina/(.*)$", "allowedOrigin": [{"host":"<URL of SAP ANALYTIC CLOUD>", "protocol":"https"}], "allowedMethods": ["GET", "POST", "OPTIONS"], "allowedHeaders": ["Origin", "Accept", "X-Requested-With", "Content-Type", "Access-Control-Request-Method", "Access-Control-Request-Headers", "Authorization", "X- Sap-Cid", "X-Csrf-Token"], "exposeHeaders": ["Accept", "Authorization", "X-Requested-With", "X-Sap-Cid", "Access-Control-Allow-Origin", "Access-Control-Allow-Credentials", "X-Csrf- Token", "Content-Type"]}]'
COOKIES: '{"SameSite": "None"}'
TENANT_HOST_PATTERN: '^(.*)-<space>-haa.cfapps.(.*).hana.ondemand.com' INCOMING_CONNECTION_TIMEOUT: 600000
resources:
- name: haa-uaa
type: com.sap.xs.uaa parameters:
path: ./xs-security.json
- name: <HDI_CONTAINER-NAME> type: org.cloudfoundry.existing-service
Replace the following:
Login to HANA Cockpit with HANA DB user, make sure the user has User Admin and Role Admin system privilege. Click User Management.
Create a New HANA User, scroll down to define JWT identity authentication. Check the JWT box and click on “Add JWT Identity”, Map the JWT Provider to match the External SAML IdP Email ID attribute and save the configuration.
Click Assign Roles and Add the Access Role and External Privilege role created as part of HDI container deployment and save the configuration. The role name will have naming convention <hdi_schema_name>::access_role.
Click on Assign Privilege, Select Object Privilege tab, add object EXECUTE_MDS with Execute Privilege and _SYS_BI with Select Privilege and save the configuration.
Configure the live connection
Name : <Name of Live Connection> Eg. CFHANA
Description : Description to Live connection
Connection Type : Direct
Host : <cf-subaccount-org-name>-<space>-haa.cfapps.eu10.hana.ondemand.com Port : 443
Authentication Type: SAML Single Sign On
SAP recommends a configuration using CORS for these reasons:
In my previous blog post - I have described the end-to-end steps it takes to establish a live data connectivity between SAP Analytics Cloud and SAP Cloud Platform HANA database which runs on Neo Platform.
But now that the SAP Cloud Platform runs on Cloud Foundry - a few steps in the process would change as well as some new steps needs to performed.
So let's get started with the process:
Pre-requisites:
- SAP Analytic Cloud.
- SAP HANA Service.
- MTA Application.
- Cloud Foundry Command line interface.
- MultiApps CF CLI Plugin.
- Oracle JDK 8.
- Apache Melvin.
Integration Architecture
Image source: https://www.sapanalytics.cloud/learning/data-connections/
Let’s understand what is stored in SAC, The short answer is: metadata and only metadata. SAP Analytics Cloud stores queries for building the stories, measure names, columns names, filter values, and so on. Basically, the metadata lets SAP Analytics Cloud rebuild the query.
But none of the actual data, not even the query results or part of the results, such as totals, are saved to SAP Analytics Cloud. Metadata is transferred to your browser and encrypted in memory.
Build and Deploy HANA Analytic Adapter in CF:
HANA Analytic Adapter (HAA) is a multi-target application deployed in SAP Cloud Platform, Cloud Foundry to connect SAP Analytic Cloud and SAP HANA Service. Find below the steps to build and Deploy HANA Analytic adapter.
Prepare and build MTA- app(HAA)
Download HAA from git repository and extract:\HAA
Download Analytic Adapter
Download the latest version of Analytic Adapter for SAP HANA Extended Application Service Advance Model (HANA – XS Advance) from SAP Cloud Tools.
Extract the xsahaa and place it in the:\HAA\haa-java\target. Create target directory if it does not exist in haa-java.
MTA FILE:
ID: haa _schema-version: '2.0' version: 0.0.1
modules:
- name: haa-java type: java path: haa-java parameters:
memory: 1024M
buildpack: sap_java_buildpack properties:
TARGET_RUNTIME: tome
SAP_JWT_TRUST_ACL: '[{"clientid":"sb-xsahaa-be", "identityzone": "*"}]' JBP_CONFIG_RESOURCE_CONFIGURATION: "['tomee/webapps/ROOT/WEB-
INF/resources.xml': {'xsahaa-hdi-container':'<HDI_CONTAINER-NAME>'}]" USE_NAMED_USER: true
SECONDARY_ROUTING_PERCENT: 0
provides:
- name: haa-java
properties:
url: ${default-url}
requires:
- name: haa-uaa
- name: <HDI_CONTAINER-NAME>
- name: haa type: nodejs path: haa-entry parameters:
memory: 512M
buildpack: nodejs_buildpack requires:
- name: haa-uaa - name: haa-java
group: destinations properties:
name: haa-java
url: ~{url} forwardAuthToken: true timeout: 600000
properties:
CORS: '[{"uriPattern": "^/sap/bc/ina/(.*)$", "allowedOrigin": [{"host":"<URL of SAP ANALYTIC CLOUD>", "protocol":"https"}], "allowedMethods": ["GET", "POST", "OPTIONS"], "allowedHeaders": ["Origin", "Accept", "X-Requested-With", "Content-Type", "Access-Control-Request-Method", "Access-Control-Request-Headers", "Authorization", "X- Sap-Cid", "X-Csrf-Token"], "exposeHeaders": ["Accept", "Authorization", "X-Requested-With", "X-Sap-Cid", "Access-Control-Allow-Origin", "Access-Control-Allow-Credentials", "X-Csrf- Token", "Content-Type"]}]'
COOKIES: '{"SameSite": "None"}'
TENANT_HOST_PATTERN: '^(.*)-<space>-haa.cfapps.(.*).hana.ondemand.com' INCOMING_CONNECTION_TIMEOUT: 600000
resources:
- name: haa-uaa
type: com.sap.xs.uaa parameters:
path: ./xs-security.json
- name: <HDI_CONTAINER-NAME> type: org.cloudfoundry.existing-service
Replace the following:
- <HDI_CONTAINER-NAME> – Replace it with name of hdi container. Eg. hdi_smart_data.
- <URL of SAP ANALYTIC CLOUD CLOUD> – Replace it with URL of SAC. Eg. sac-global-services.eu10.hcs.cloud.sap.
- TENANT_HOST_PATTERN – Replace the <space> with the name of CF space in which the HAA application is deployed. Eg. ‘^(.*)-<space-name>-haa.cfapps
Role & JWT identity authentication in SAP HANA Service:
Login to HANA Cockpit with HANA DB user, make sure the user has User Admin and Role Admin system privilege. Click User Management.
Create a New HANA User, scroll down to define JWT identity authentication. Check the JWT box and click on “Add JWT Identity”, Map the JWT Provider to match the External SAML IdP Email ID attribute and save the configuration.
Click Assign Roles and Add the Access Role and External Privilege role created as part of HDI container deployment and save the configuration. The role name will have naming convention <hdi_schema_name>::access_role.
Click on Assign Privilege, Select Object Privilege tab, add object EXECUTE_MDS with Execute Privilege and _SYS_BI with Select Privilege and save the configuration.
Configure the live connection
Name : <Name of Live Connection> Eg. CFHANA
Description : Description to Live connection
Connection Type : Direct
Host : <cf-subaccount-org-name>-<space>-haa.cfapps.eu10.hana.ondemand.com Port : 443
Authentication Type: SAML Single Sign On
SAP recommends a configuration using CORS for these reasons:
- You will have direct connectivity with no additional devices required. Your browser directly connects SAP Analytics Cloud, your IdP, and backend data sources by securely unlocking the same-origin policy.
- Because there are no additional devices, a direct connection enables better performance.
- This configuration is easy to set up.
- SAP Managed Tags:
3 Comments
