Skip to Content
Author's profile photo Utsav Chobe

Bird’s-eye view of an SMP/HCPms application – How does HCPms, SMP3 SDK, Kapsel, Gateway, PO, HCC fit together?

This blog is for you, if you can relate to the questions below, when you think about mobility solutions.

You may also be like me, coming into the SAP world with no prior knowledge of SAP, having experience of only open source mobility solutions.

To begin with, you would like to have an understanding of the big picture and how individual technologies/platforms come together.

So, the questions…

  • How to create a mobile app in context of SAP products and technologies? What is the architecture?
  • How to expose internal backend services to the Internet, in a secured and maintainable way?
  • How to manage security of the data on mobile device of a user?
  • How to enable and support features like offline capability, push notification etc. for a mobile app?
  • Do I need to maintain a separate user store for authentication purposes?
  • How to get the analytics/statistics of app usage. Factors like the number of users, device types, logs, audits etc.?
  • What is the meaning of buzzwords like Cordova, Kapsel, HCPms and HCC and how do they fit together?

A couple of months ago, I started working on mobility solutions using SMP. SMP3 SDK was released a few months earlier and then it was just an acronym to me.

When I started, I was not sure what to look out for and where to start. However, once I figured out how the various technical components fit together, I could find some fantastic technical blogs to help me with implementation. With this blog, I aim to present the big picture without any technical details.

Problem statement was to come out with a mobile app, which interacts with existing backend either ABAP based, or Java based (PO), which are not even on the Internet.

So how do I connect these two components together?


The answer lies in bridging components with the SAP solutions/products…


GREAT… but what are these SAP technologies/platforms?

So, lets bridge the gap with the components that will come together to weave a solution.

So here we go!



So, now that we know what the ingredients are, let’s have a look at the recipe. To begin, let’s break down our task into smaller sub-tasks:

  • STEP 1: Exposing backend (ABAP/PO) in form of OData services
  • STEP 2: Take the backend (ABAP/PO) from Intranet (internal landscape) to internet (external)
    • Take care of issues like firewall, security etc.
  • STEP 3: Develop a mobile app that
      • securely accesses on-premise backend services
      • saves critical information on the device securely
      • has offline capability
      • has push facility
      • can be developed using JavaScript.

So let’s embark on our journey …


To expose backend (ABAP/PO) services in form of OData, we may make use of:

  • NetWeaver Gateway for ABAP backend
  • Integration Gateway for PO backend. Another alternative could be a bespoke solution of using Apache Olingo/OData4j façade. (The blog here provides information on the bespoke solution)

This takes us a step closer to our understanding:



Next, we need to expose our existing service to the Internet, without exposing the whole internal landscape. This is where HANA Cloud Connector comes into the picture. The Cloud Connector provides a light and easy way to establish secure connections from on-premise systems to SAP HANA Cloud Platform accounts (in our case HCPms, which is discussed next).

Following is the next refinement of our understanding


The output of this step – a logical URL that maps to on-premise services, is configured within applications in HCPms, which are then accessed from mobile apps on device.

HCPms is an on-demand mobile solution hosted on SAP HANA Cloud. HCPms offers authentication, secure on-boarding, native push notifications, and reporting capabilities for enterprise mobile applications. It enables secure and seamless connectivity while on-the-go to on-premise systems hosted behind the internal firewall (or) on the Internet.

This brings us to following understanding:


Let’s identify the last piece of the jigsaw. How to connect from device to HCPms for accessing the backend? This is where Kapsel SDK and Cordova come into the picture.

To understand, what Kapsel (SAP component) is, let’s first have a quick look at Cordova (open source standard).

Mobile apps are specific to a given device OS type for example apps that run on iOS is of *.ipa type, for android they are of *.apk type etc. These apps may be developed using Native SDKs, which would mean different development for same app on different device –


To avoid having two different developments, and instead develop once deploy multiple times a HYBRID approach is used. This is done using Cordova.

The development is done using open standards like JavaScript, HTML5, and CSS3 – referred to as an HTML5 application. This application is wrapped using Cordova, which provides APIs to interact with devices and abstracts all device specific interaction –


Cordova JS API provide JavaScript methods to access device features like

  • Camera,
  • Network Information etc.

Adding respective plugins to your Cordova project configures such capabilities.

SAP has created a similar plugin to:

  • Access local storage in a secured way (encryption enabled)
  • Logon, register and authenticate against the application created in HCPms/SMP
  • Provide offline capabilities
  • … several others

The plugin that provides these and many other features is called as Kapsel.

Kapsel is a set of plugins for Apache Cordova, which adds SMP capabilities to a Cordova application. Kapsel is a part of SMP3 SDK’s collection of libraries aimed at targeting hybrid development.

Note: SMP3 SDK provide other features for native development as well.

This brings us to the following understanding:


For sure, there are alternate options to replace components for instance SMP (on-premise), HCI, API Management (APIGEE), Mocana (App Security), MDM (Mobile Secure) and corporate App Store (Mobile Place) etc.

A word on authentication

Although, not in scope of this blog, but let’s just have a flavour of the authentication capabilities of HCPms. HCPms subscriber can customize an identity provider (IdP) configuration with their own on-premise SAML 2.0 provider. Thus, eliminating a need of having a duplicate user store.


This brings me to end of presenting a high level overview(my interpretation) of an end-to-end scenario for creating an app that consumes backend (on intranet), using SAP technologies. Hope it helps!

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Very nice blog, especially for the persons who is starting to touch SAP SMP/HCPms, it will save you from reading many documents in order to draw a whole picture.

      Author's profile photo Utsav Chobe
      Utsav Chobe
      Blog Post Author

      Thank You Iris!

      Author's profile photo Lyle Johns
      Lyle Johns

      Great article , simple and easy to understand 🙂

      Author's profile photo Achmad Dimyati
      Achmad Dimyati

      Hi Utsav,

      Very interesting future of SAP mobile solution. SAP is really moving fast to different future from current infrastructure design. I am curious, as we still can achieve this with Device (Cordova) with REST calls --> Webdispatcher --> Fiori Front-end --> Backend. SAP Webdispatcher will encapsulate backend and provide security aspect too.

      Any ideas why we should emphasize HCPMs - HCC?

      Thanks ..

      Author's profile photo Thrilochana Rajappa
      Thrilochana Rajappa

      Hi Achmad,

      Though you can achieve accessing of backend data through webdispatcher+ REST calls. HCPms helps in administration and configuration management. HCPms offers authentication, secure on-boarding, native push notifications, analytical and reporting capabilities for enterprise mobile applications.

      Thanks, Thrilochana

      Author's profile photo Thrilochana Rajappa
      Thrilochana Rajappa

      I liked the way you have explained Utsav, Thank you!

      Author's profile photo Former Member
      Former Member

      Another solution we've implemented is deploying a mobile VPN client to mobile devices, and configuring the apps to directly call Odata services on the Netweaver Gateway.

      This solution eliminates the requirement for HCPms and HCC, but of course adds complexity and reduces ease of use by requiring a VPN server and logon process. Also, you do not receive any benefits of HCPms. Just wanted to present it as an alternative architecture that may make sense for certain organizations.

      Author's profile photo Former Member
      Former Member

      Great post!

      Author's profile photo Gourab Banik
      Gourab Banik

      Nice diagrams & very lucidly presented..

      Author's profile photo Adam Harkus
      Adam Harkus

      Can you deploy on offline app (using the kapsel template) in Mobile Secure?

      I want to avoid using any emulators etc.