Hello Colleagues!

 

In this blog, we shall see the steps to test the connectivity when communicating to SAP Cloud Platform Integration (f.k.a HCI). This blog is part of the series on Understanding Authentication & Testing Connectivity in SAP Cloud Platform Integration. You can access all the blogs here.

 

Let us assume the following scenario:

 

Connectivity_Simplified_Diagram.JPG

You have an SAP ERP system want to test whether SAP Cloud Platform Integration is reachable from SAP ERP. Before, we start on the SAP ERP system – let us test from a Web browser.

 

Testing from a Web Browser

 

I would propose to test first from a browser because it is the best way to understand what to expect in connectivity from SAP Cloud Platform Integration. These are the steps:

 

Prerequisite: You have an SCN user that has the role to communicate with SAP Cloud Platform Integration.

 

Step 1: Create a simple integration flow (SOAP – to – SOAP). Deploy the integration flow, and obtain its endpoint URL

 

You need not provide any WSDL for the sender SOAP endpoint. And ensure that you have selected Basic Authentication in the Sender.

/wp-content/uploads/2015/01/dummy_iflow_624572.png

Note the endpoint that has been created for the integration flow. We need this in our next step.

 

Step 2: Open a Web browser and enter the endpoint URL

 

When asked about the authentication, provide the SCN username and password that has been authorized against this tenant. Also, the role to access via basic authentication must be granted to this user.

browser_entry.JPG.png

Important Point to Note: Only HTTPs-based communication is possible with SAP Cloud Platform Integration. This means when I am sending a request from the Web browser, SAP Cloud Platform Integration presents itself with its certificates. It is important for the client (Web browser) to recognize these certificates. Therefore, the certificate store of the Web browser must have certificate chain of SAP Cloud Platform Integration.

 

Let’s take an example to understand this better. Let’s say I am using Google chrome Web browser to connect to SAP Cloud Platform Integration. When you enter the URL in the browser, you can navigate and check the certificate chain of the SAP Cloud Platform Integration instance. The Web browser must contain the certificate chain of SAP Cloud Platform Integration. Else, it cannot establish a trusted connection. See screenshots below:

 

/wp-content/uploads/2015/01/google_chrome_example_624791.png

 

 

Step 3: Check the Message Monitoring Log

 

If the connectivity is fine, then a message shall be sent to the integration flow. And it shall be visible in the message monitoring log.

Dummy_Channel_Message_Monitoring.JPG

 

Testing from an SAP ERP system

 

In principle, testing from an SAP ERP system is similar to testing from a browser.

 

It is easy to test via an HTTP destination created using the transaction SM 59.

 

  1. Create an HTTP destination in SM 59.
  2. Enter the endpoint URL of the integration flow.
  3. Since ERP is sending the data to SAP Cloud Platform Integration, the ERP system acts as a client. So, the ERP system must recognize the certificate chain of SAP Cloud Platform Integration (if the CA is not already included).
  4. In the SM 59 destination, you can provide the credentials to connect to SAP Cloud Platform Integration. Try with basic authentication first, and then using certificates.
  5. Remember to configure the sender components in integration flows accordingly. This can be done in the STRUST transaction of SAP ERP. Select the SSL Client SSL Client (Standard) certificate, export the certificate and save the file locally as .CER. Import this into the sender component of SAP Cloud Platform Integration.

 

Few screenshots of the procedure described is shown below:

/wp-content/uploads/2015/01/erp_certificate_config_624793.png

 

Conclustion

 

We have taken a simplified setup to explain the connectivity tests. Our experiences with customer implementations show that most landscapes look like this below. Nevertheless, the concepts explained remain the same. And you must configure the Web dispatcher to speak to SAP Cloud Platform Integration. Further, keep a lookout for network filters and firewalls. They could block the calls to the integration instance.

typical_landscape.JPG

Best Regards,

Sujit

To report this post you need to login first.

5 Comments

You must be Logged on to comment or reply to a post.

  1. Sanath Kumar Kura

    Thanks Sujit for nice Article.

    We have scenario where we are establishing the connection b/w ERP systems to HCI. [Inbound]But challenging part to establish the connection between Intranet[ERP] – DMZ[Router] – Public[HCI].

    So would you kindly guide me what kind of ports/hardware is required to establish the connection like

    a) Which ports need to enabled at SAP System

    b) What kind of configuration need to be performed at saprouter to route SAP ERP request to HCI.

    Apart from the above, since we are initiating the connection and using Basic Authentication method could you help me to know if SAP systems can have Self- signed or it must be Signed only.

    Awaiting for your reply.

    Sanath

    (0) 
  2. Aman Raj

    Hi Sujeeth,

    Can we use Web Dispatcher when we are sending data from ERP to HCI because as web dispatcher works as reverse proxy, will it send data outside to HCI tenant.

    Regards,
    Aman

    (0) 
  3. James Ian Moyes

    Hi Sujeeth,

    I need to consume an OData service from a Successfactors LMS cloud system, and it requires an authentication token. I can do this easily from a rest client by getting the token and then adding it to service call. This works, the token is valid for 30 minutes and then has to be retrieved again and … so on.

     

    I need to consume the data from a SAP Fiori application on an on-premise backend. Could you advise me of the best way to do this.

     

    rgds

     

    James

    (0) 

Leave a Reply