Due to the vacation season it might have slipped your attention that there was a new release of the SAP HANA Cloud Connector at the end of 2014 which provides some cool and useful new features. I like to shortly recap them in this blog post and also point you to two new documents we have published along with 2.5.0 release of the Cloud Connector.
The most important new feature in the Cloud Connector is that you can now establish service channels to certain services in the cloud in order to access those services from outside of HCP. Right now, we support service channels to SAP HANA databases running in your cloud account as only service channel type, but additional service channel types might follow in the future. With a service channel to a HANA database, you are able to make JDBC or ODBC calls from on-premise to HANA in the cloud. You might ask what the difference is to the already existing database tunnel of HCP. Well, the database tunnel via neo command line tool was never meant for productive scenarios which require the tunnel connection to run reliably all the time. The database tunnel connection via command line expires after 24 hours and does not support an auto-reconnect behavior, nor does it provide other features like audit logging or high availability. While this is fully sufficient for development scenarios, it is a blocker for productive scenarios. With the integration of the database tunnel into the Cloud Connector, the tunnel connection now is kept reliably open and can be used for scenarios like connecting BI tools or replication tools against the HANA database in the cloud. You find more details on the service channels to a HANA database here.
Another new feature of the Cloud Connector is that you can now use it to connect your corporate LDAP server securely as an user store for your applications running on HCP. Java applications running on HCP can use the on-premise LDAP to check credentials, search for users, and retrieve their details. In addition to the user information, the cloud application may request information about the groups of which a specific user is a member (the documentation how to use this feature is coming with the next HCP release in a few days).
Apart of this, the new Cloud Connector version supports Kerberos as additional authentication type for principal propagation. This is useful if you have systems in your corporate network which are protected by SPNego authentication and you like to call them from a cloud application while preserving the identity of the cloud user. More details how to use this can be found here.
So far to the new features in Cloud Connector version 2.5.0… Let’s move on to two new documents that we have published about it in SCN:
- A solution brief of the Cloud Connector can be found here. It describes the features of the Cloud Connector, relevant scenarios and outlines the benefits of the Cloud Connector e.g. when comparing it to other approaches like using a reverse proxy.
- A security whitepaper about the Cloud Connector can be found here. It should answer your questions about security when using the Cloud Connector.
We hope these documents are helpful for you and are looking for your feedback!
All the best,