Deep dive in Hana Cloud Integration.

Don’t be scared by the title of the blog, don’t go away: It’s not you, it’s me!
It is me who joined the SAP Hana Cloud Integration Deep Dive training in Walldorf and I want to share some of the great things I learned there. Off course, just like my previous blogs (1, 2) I will keep it quite simple. If you want the full, deep diving deal, just check out Piyush Gakhar’s profile and keep an eye on his training sessions.

This time we will cover encryption and data stores. When all goes well your two iFlows will look like
this:

1. overzicht.png
iFlow 1: Encryption and writing to a data store.

2. Overzicht.png

iFlow 2: Decryption and getting from data store.

Preparing for encryption

Before we start with building our iFlow we need to add an RSA key pair to our keystore. If you do not know how to create (or adjust) your keystore please read my first blog (direct link to the document ‘How to create a keystore.pdf’).

For creating the RSA key pair I also used KeyStore Explorer (just like we used for creating the keystore). When you open yourkeystore.jks in KeyStore Explorer (KSE) you can right click on an empty space and choose for ‘Generate Key Pair’.

3. KSE create.png

In the next screen you can choose the Key Size. For this example we leave everything as it is.

4. KSE create.png

On the next pop-up screen we change nothing and go directly to the pretty address book next to Name.

5. KSE create.png

There we fill out all the information is needed.

6. KSE create.png

Then we get prompted for an Alias for our key pair:
Please name you RSA key pair “id_rsa”. This name is needed for a good HCI handling.


7. KSE create.png

Now save your keystore and deploy it to your tenant.

Creating the first iFlow

Now everything is set up for the encryption part we are going to build our first iFlow. In this iFlow I choose SuccessFactors as a Sender. Off course you can use any kind of data from any kind of adapter for this exercise. I will not discuss setting up the sender (and the receiver). If you do not know how to set up a sender or receiver please read my previous blogs.

I begin with placing a Multicast on the integration project. You can find this under Message Routing in your pallet. Because I want to show you the different outcomes with and without encryption I multicast my incoming message (from SuccessFactors) two ways.

8. iFlow1.png

On one of the branches I add a Content Encryptor (under security elements). The other branch stays empty.

9. iFlow1.png

The properties of the PKCS7Encryptor are displayed below. You can change it to your likes but for the exercise I will only assign my public key alias.
Under Encryption choose add and set in “id_rsa” as the Public Key Alias.

10. iFlow1.png

11. iFlow1.png

Now we added the encryption to our SFSF data in one branch, and nothing in the other branch. Because I want to use the encrypted file for later, but also show you the different outcomes I will add another multicast right after the PKCS7Encryptor block.

12. iFlow1.png

Now we have a branch we will use to mail the encrypted file, and a branch which we can store in our data store.
On the end of the data store branch, put a Data Store Operation block, which can be found under Message Persistence.

13. iFlow1.png

In the properties of the Write block you can choose a name for your data store. Also you can change the visibility. Please change the visibility from Integration flow to Global, because we are going to need in in iFlow2. The option ‘Encrypt Stored Message’ can be checked on, but this is not the encryption we configured earlier. So if you choose to check this of, your stored message will still be encrypted with you own encryption. In this exercise I will leave it on.

14. iFlow1.png

I connected both branches to an end event and connect those to the receiver. For both I chose the Mail adapter. For the branch without encryption I set up the subject with something like: SFSFfileNOTENCRYPTED and the subject on the other branch will then be: SFSFfileENCRYPTED.

15. iFlow1.png

So now your complete iFlow1 should look something like this:

1. overzicht.png

When we save and deploy the iFlow you should get three different things. One is an email with the encrypted file, the second one is a mail with an unencrypted file and the third is an entry in a data store. You can check the data store in your tenant under Data Store Viewer.

16. iFlow1.png

17. iFlow1.png

The emails should like something like this, but will be different based on your chosen input.

19. iFlow1.png

  Not encrypted



18. iFlow1.png

  Encrypted

Creating the second iFlow

In the second flow we are not going to use a Sender shape, you can delete this. Instead of a sender shape we start this flow with a Timer Start (under events). From the timer start we place a Data Store Operations and select ‘Switch to Get Operation’.

20. iFlow2.png21. iFlow2.png

When you select the Get Operation you need to enter the Data Store Name and the Entry ID. Both can be found in the Data Store Viewer on your tenant.

21b. iFlow2.png

After you point the Get operation to the right data store and the right entry in that data store we create a multicast. This is to prove we really did decrypt the data, and where no decryption took place the file is still encrypted.

22. iFlow2.png

On the ‘to be decrypted’ branch we add, surprisingly, a content decryptor. This can be found under Security Elements.

Because we did not change the settings while we were encrypting, we do not need to change anything now.

Just like in iFlow1 we will connect the two branches to an endpoint and connect those via a mail adapter to the receiver. When you save and deploy this iFlow2 the result should be something equal to what we saw in the first iFlow, that means; a decrypted message (from the Not decrypted branch) and an encrypted message (from the decrypted branch).

23. iFlow2.png

24. iFlow2.png

I hope you learned something from this blog, if not; please let me know. If you want more detailed information please feel free to contact me, and don’t forget to check out Piyush Gakhar’s profile to see when the next HCI Deep Dive training is near you!

Blog 1: Starting with Hana Cloud Integration? Keep this in mind!
Blog 2: Starting with Hana Cloud Integration? Create a simple integration flow (iFlow)!

Blog 3: Deep dive in Hana Cloud Integration.

Blog 4: Hana Cloud Integration and SuccessFactors Integration Center

Blog 5: Hana Cloud Integration in comparison to Dell’s Boomi.

To report this post you need to login first.

6 Comments

You must be Logged on to comment or reply to a post.

Leave a Reply