Invitation: #SAPSysArchs – SAP HANA Cloud Platform – Portal Service – in your Landscape – Monday 6th June 20:30 CET
Invitation for SAP System Architects, Development Architects, Application Architects
and Basis Architects and everybody who is interested, to join the next #SAPSysArchs
Subject: SAP HANA Cloud Platform – Portal Service – in your Landscape
Date: Monday 6th June – 20:30 CET
Meeting Url: https://sap.emea.pgiconnect.com/C5236419
Conference Code; Participant Passcode: 329 122 3879
Local Dial-in Numbers are here
The call will cover the following topics:
1, HANA Cloud Platform – Portal Service – what is it, where do I get
2, How does HANA Cloud Platform – Portal Service work and how can I integrate it with my landscape
especially on premise
3, User provisioning – how can I provision and manage Users in the HANA Cloud Platform – Portal Service
4, How to include HANA Cloud Platform – Portal Service in my monitoring and incident management setup
5, Use cases for HANA Cloud Platform – Portal Service today – what could I use HANA Cloud Platform –
Portal Service for today, what are the early easy opportunities for it
6, Comparison between On-Premise and HANA Cloud Platform – Portal Service
7, The future for HANA Cloud Platform – Portal Service – goals, opportunities, strategy, things for SAP
Customers to think about
With many thanks we will have SAP HANA Cloud Platform Portal Service Product Manager Aviad Rivlin and
colleagues present and on hand as the source of truth in the discussion.
Following the evolving format of the #SAPSysArchs calls, the call will walk through the
“Call-Deck”, which will be appended below in this blog.
The goal of the call as usual is to learn from peers through open common discussion and
solution sharing on contempary SAP system architecture challenges. Therefore, as ever
the aim is discussion rather than lecture.
Looking forward to all feedback and attendance.
Let’s have some fun and fully understand how SAP HANA Cloud Platform Portal Service fits into our Landscapes.
Together we are all #SAPSysArchs, everybody in the SAP Business who is involved in SAP
System Architecture decisions.
A global peer group enabling sharing of discussions, questions, philosophies, throughts and
#SAPSysArchs face many challenges including pressure of having to be the subject matter
expert, the final internal technical authority, and without always having access to support.
Where is the documentation, there is not enough architecture documentation around SCN
or SMP, we’re lucky if a Master Guide gives some architectural insight.
Architect’s don’t blog, why ? Often blogging architecture solutions, philosophies, ideas, could
risk sharing company’s secrets combined with pride of not wishing to be publicly challenged.
What to do ? #SAPSysArchs creates a peer group where on a monthly basis peers can have
an open discussion on a contempary subject, and compare thoughts.
Less a lecture and more a discussion, there are mountains of documentation on SCN, SMP,
TechEd, the #SAPSysArchs calls are primarily an opportunity for open peer discussion, where
attendees bring their challenges and throughts.
Real challenges faced by real people at real companies, rather than PowerPoint Presentations.
Good architectural design and decisions bring many benefits including:
- creating competitive advantage by
- enabling End User productivity, enabling End Users to be productive and keeping them productive
- reducing time and costs
Every company is different, running at different speeds with different budgetary and business
What is the best architectural decision for one company, may not for a variety of reasons be the
best architectural decision for another.
However, enabling #SAPSysArchs to share and compare in peer discussions will benefit all.
The New SCN SAP NetWeaver Architecture Category – An Introduction
SAP HANA Cloud Platform Portal Service
[this deck is currently in processing]
1, HANA Cloud Platform – Portal Service – What is it, Where do I get it ?
Speaking for myself, having been a Basis Administrator on SAP Portal since EP5 SP2 in 2002,
I have always described SAP Portal as the “doorway to your SAP landscape, securing access
to the SAP landscape”.
That’s because since the early days, the SAP Portal focused on web enabling SAP Applications,
and providing a single point of entry to SAP web applications.
How to describe HANA Cloud Platform – Portal Service ?
I would describe HANA Cloud Platform – Portal Service as, “the doorway to your everything,
securing access to everything your organisation wants to put under one single point of entry,
inside SAP, outside of SAP, in your Intranet, in your Extranet, on the Internet”. And the nice
thing is, because it’s in the Cloud, exposing to the Internet and related Security questions are
taken care of out of the box.
But let’s take a step back and start from the beginning, what is the HANA Cloud Platform – Portal Service ?
In SAP’s words,
SAP HANA Cloud Portal is a flexible environment that allows you to quickly and easily create
attractive business sites and extend them by using out of the box, template-based, business content.
Cloud Portal is a service of the SAP HANA Cloud Platform, and as such, is tightly integrated with
SAP Web IDE (providing advanced developer flows), and SAP Fiori launchpad concepts and solutions
(providing user friendly interfaces and experiences).
Cloud Portal’s key capabilities and main advantages include:
We can see from the attributes it could be argued what is the difference to the On-Premise Portal ?
The biggest difference between the On-Premise Portal and the Hana Cloud Platform – Portal Service, is,
with the Portal Service there is nothing to install, no servers to order, no servers to administer, a huge
effort overhead is taken care of in respect that the Portal Service is in the Cloud and running and ready
to go and you have to do is start working with it.
As we all know, on a Portal implementation Project, how much time and effort is put into simplythe Basis
Team provisioning the Portal so that the Project Team can start working with it ? With the Cloud
Portal Service the bulk of the effort is taken care of.
What does this mean ? Agility, speed. Imagine a Line of Business wanting a Portal solution and being able
to have a Portal platform up and running in hours or days, no lead time for ordering servers, installing in the
data center, downloading software from SAP, installing, etc.
Back to the question, what is SAP HANA Cloud Platform – Portal Service –
it is SAP Portal as a Service in the Cloud, ready to go and quick and agile.
In the call we’ll ask our colleagues from SAP to elaborate here an anything which is missing.
Where do I get SAP HANA Cloud Platform – Portal Service ?
Let’s say, like the On-Premise Portal, I want to deploy the HANA Cloud Platform – Portal Service, where
do I start, what do I do and how do I get it ?
A Line of Business Manager at my company has come back from SAPPHIRE and wants Portal Service
asap. What do I do ?
This needs to be confirmed by colleagues from SAP:
SAP HANA Cloud Platform – Portal Service – as the name suggests, is a Service of the HANA Cloud Platform.
This means, logically, we would need to be a SAP HANA Cloud Platform Customer and have an account.
A customer account allows you to host productive, business-critical applications with 24×7 support.
When you want to purchase a customer account, you can select from a set of predefined packages.
Contact us on SAP HANA Cloud Platform Information published on SAP site or via an SAP sales representative.
In addition, you can upgrade and refine your resources later on.
You can also contact your SAP sales representative and opt for a configuration, tailored to your needs.
After you have purchased your customer account, you will receive an e-mail with a link to the landing page
SAP HANA Cloud Platform provides free and paid accounts: developer, customer, and partner accounts.
The account type determines pricing, conditions of use, resources, services available, and landscape host.
Each account is associated with a region, which represents the location of the data center used by that account.
While developer accounts use the trial landscape, which is located in Europe only, customer and partner
accounts use a productive landscape, which is available on a regional basis.
The specific landscape associated with an account is relevant when you deploy applications (landscape host)
and access the SAP HANA Cloud Platform cockpit (cockpit URL).
The whole introduction and overview is here:
scroll down to the bottom of the page and you see all of the options
How to get a Trial Account and test the Portal Service ?
Click the link http://sapassets.edgesuite.net/sapcom/docs/2015/07/28291252-5a7c-0010-82c7-eda71af511fa.pdf
this is a 45page pdf which covers end to end setting up a trial accound for the Portal Service and runs through
exercises to build up your skills and confidence with it. The document is a gem ! For people like me who prefer pdf’s
(which we can read offline) to HTML, this is one of the nicest documents on HANA Cloud Platform Portal Service that
I have found.
Ok let’s try it and create a Hello World Cloud Portal Service page
Click the Link… https://account.hanatrial.ondemand.com/cockpit
Logon and to continue you have to accept the legal disclaimer…
We are now in the HANA Cloud Platform Cockpit (keep a note of this we’ll need it for something else later)
On the Services page, scroll down to Portal Service and Click on Not Enabled to Enable it
One the next screen click Enable, then click Go To Service
Now we are in the Admin Space for the Portal Service
Click on Site Directory -> Create Site:
Next enter a name for your Site, and choose a Template and click Create
On the next screen, the Site Page, click Add Content
Click the Section + to add content
Click add HTML content
Write a simple Hello World html, (I wanted to do an IFrame of this page, but SCN isn’t allowing IFrames)
Click on the Site Settings button on the left and edit the Security settings of the Site to allow it to be seen by your
intended audience, and make a note of the Site URL
Go back to the Site Pages and click the Publish button
and now the proof of the pudding, try the Url in a browser…
So we now know, what the HCP Portal Service is, how to get it for the Enterprise and how to get the trial
version and make a web page.
Item #1 is answered, colleagues from SAP can elaborate and confirm the approach.
2, How does HANA Cloud Platform – Portal Service work – and how can I
integrate it with my landscape especially on premise
When we look at how the HANA Cloud Platform Portal Service integrates with On-Premise
systems, we need to step back one layer and think about the Hana Cloud Platform itself.
The HANA Cloud Platform is the container for the Portal Service, and the connectivity and
integration to On-Premise is via another HANA Cloud Platform Service – the Connectivity Service.
As the above diagram shows, the integration to On-Premise requires the SAP HANA Cloud
What are the Pre-Requisites of the HANA Cloud Platform Cloud Connector on-premise middleware ?
The overall end to end integration looks like this:
This means the integration from HANA Cloud Platform to On-Premise works using the HANA Cloud
Connector, but how do we do the nuts and bolts of the Portal Service to On-Premise integration and
make the configuration to display an On-Premise ABAP or Java webapp in the Portal Service in the Cloud ?
The process is described in some detail in this SCN blog,
How to connect SAP HANA Cloud Portal to a SAP back-end system?
The solution is, a Destination needs to be created and deployed in the HANA Cloud Platform Connector Service
using the HANA Cloud Platform Cockpit.
The next step would be to write some HTML (using the HANA Cloud Platform Cockpit) incorporating
the Destination in the connectivity (as shown in the example in Tomer Gabbai ‘s blog)
We can see, the Destination provides the Relative Path of the Url to the On-Premise System.
3, User Provisioning – how can I provision and manage Users in the
HANA Cloud Platform – Portal Service
User Provisioning, this means, how do we provision, that our company’s Users can access the
HANA Cloud Platform – Portal Service using their regular Windows or SAP UserID and Password ?
This is also known as Identity and Access Management.
The good news is, all of the common approaches for User Provisioning and Identity and Access
Management are supported using External Identity Providers:
For On-Premise User Stores, the SAP HANA Cloud Platform – Connector Service is required
and then the common SAP or LDAP solutions are supported:
SAP System as an On-Premise User Store
LDAP as an On-Premise User Store:
4, How to include HANA Cloud Platform – Portal Service in my Monitoring
and Incident Management setup
What we are looking for here is evidence and direction on Monitoring the HANA Cloud Platform
using the On-Premise SAP Solution Manager.
The HANA Cloud Platform Monitoring Service is the nerve center for Monitoring.
There are blogs on using the Monitoring Service to retrieve Metrics and configure your own
Critical Notifications by email,
Use the Monitoring Service to Retrieve Metrics from Different HCP Applications
Use the Monitoring Service for Critical Notifications and Self-Healing of HCP Java Applications
and for sure, with some coding there would be a way to custom develop integrations to the
On-Premise Solution Manager and custom code ways for SolMan to create Events and Alerts
from the HANA Cloud Platform Monitoring Service, but in the year 2016 and onwards, if we are
going to move from On-Premise Applications to the on the Cloud Applications then we need
seamless integration of the Cloud Monitoring and the Corporate Monitoring and Incident
Management system and those might be for example Remedy or ServiceNow, but as a minimum
we need Managed System Configuration and out of the box integration with SAP’s Solution
We will ask Colleagues from SAP to elaborate on the plans for Solution Manager Managed System
integration and Solution Manager Monitoring.
What would we like to monitor ? Our Applications and the Cloud Connector Service.
The Cloud Connector Service has a nice Monitoring Cockpit which is great for Basis Administrators,
but needless to say, we need SolMan Integration and automated monitoring:
5, Use cases for HANA Cloud Platform – Portal Service today – what could I
use HANA Cloud Platform – Portal Service for today, what are the early easy
opportunities for it
The Use Case for the HANA Cloud Platform – Portal Service is everything from,
replace on Premise Portal with HCP Portal Service
specific Use Cases
ultimately, it is difficult to argue against replacing an On-Premise Portal with the HCP Portal
The biggest question which I have not yet seen explained easily and transparently is a cost comparison
between Implementing and Operating the On-Premise SAP Portal compared to Implementing and
Operating the HCP Portal Service.
As a Customer I would hope that the HCP Portal Service is cheaper to Operate than the On-Premise.
Why ? A strong argument for going to HCP Portal would be reduced cost of investment in Server/Infrastructure,
Operations and Maintenance and Support.
We need SAP to show the numbers so that we can understand the costs comparisons.
Let’s assume for sake of argument, we can do everything on the HCP Portal Service that we can do
on the On-Premise Portal.
Then question for the whole audience, why shouldn’t we migrate to Portal on the Cloud ?
If we agree we can migrate to Portal on the Cloud, where would the ideal opportunities be to move
to the Portal on the Cloud ?
. Lines of Business Managers come back from SAPPHIRE and want the HCP Portal Service asap
. Hardware lifecycle – the On-Premise Portal hardware has come to end of life, and a Hardware migration
is required, this is the ideal opportunity to move to Portal on the Cloud
. Release Upgrade/Support Pack cycle, a big project, and also an opportunity to move to the Cloud, but,
the worst case on this option is that the Hardware has more years left on its lifecycle and is still be paid for
after the move to the Cloud which would raise questions about moving at this stage
Question for the audience, what other opportunities are there for moving to the Cloud ?
My personal favourite Specific Use Case is that we use the HANA Cloud Platform – Portal Service as the
point of entry forall of our Internet Facing SAP web applications, eg:
. FSCM Biller Direct
. SNC Partner Access
The benefit of this would be to replace both the Web Access Management Solution and the Internet
Facing (On-Premise) SAP Portal in one go with the HANA Cloud Platform – Portal Service.
We would therefore:
a) reduce complexity of the Web Access Management Solution (eg CA SiteMinder) and potential
dependency on other Teams
b) no longer have to have the On-Premise SAP Portal facing the Internet and all risks involved
c) no longer have to worry about the Security Vulnerabilities of the Internet Facing Portal as SAP
would be trusted to have taken care of security
We will ask SAP Colleagues to elaborate and members of the call to discuss
6 Securing HANA Cloud Platform – Portal Service
We will assume that the SAP HANA Cloud Platform is regularly Security Penetration Tested
by third party companies to ensure there are no vulnerabilities.
But what else ?
Securing the connectivity between On-Premise and the HANA Cloud Platform:
For more detailed information on things like Cross Site Scripting, Cross Site Request Forgery, checkout the
Securing HTML5 Applications section
7) Transporting in the HANA Cloud Platform Portal Service
In the HANA Cloud Platform, an entity like Dev Portal Service, or QA Portal Service or Prod Portal
Service is called an Account.
We move away from Dev Server, QA Server, Prod Server to the terminology Dev Account, QA Account
and Prod Account.
The Customer can configure the Accounts they so wish to build the landscape suited to their Business and
Members can then be added to Accounts and have Roles assigned to them.
Some useful links:
Why do we talk about the Accounts here, because Transporting in the HANA Cloud Platform is based around
moving objects from Account to Account
Let’s assume we have a HCP Portal Service with different Accounts representing different Stages of the Landscape.
How do we Transport ?
HANA Cloud Platform is building up CTS+ capability and the destination is clear to see. Currently the
functionality is clearly marked as Beta, but encapsulates the targets of Change Transport System +,
including integration with Solution Manager etc.
8, The future for HANA Cloud Platform – Portal Service – goals, opportunities,
strategy, things for SAP Customers to think about
We’ll ask SAP Colleagues to elaborate
9, Migrating from On-Premise SAP Portal to the HANA Cloud Platform – Portal Service
There is very little documentation around (if any) giving guidance on a strategy for migrating from
the On-Premise Portal to the HCP Portal Service. Normally we would be able to find a Master
Guide on SAP Support Portal and other useful guides for Upgrades and Migrations
What would a Customer/Partner be looking for from such documentation ?
Assumption, our company has made the decision to run a Project to migrate from on Premise
Portal to the Cloud Portal, what next ? What do we need to think about ?
In general Portal does not contain Business Data so we don’t need to think about migrating
We will need to be thinking about all of the:
. Applications running on/through the Portal
. Applications and backend integrations
. Custom Developments running on the Portal
. Look and Feel – a migration from On-Premise to Cloud is a reason to redesign the Look and Feel
. Proof of Concept to prove that we can do everything we do today from the On-Premise on the
. Users Roles and Authorisations and… Favourites
We can discuss this more in the call, aspects for consideration, strategy and whether SAP are
planning any Best Practice Guides for migrating from On-Premise Portal to HCP Portal Service
How do we size, performance tune and performance optimize the HCP Portal Service ?
11, Homework – Setup a Trial Account and Test Drive the HANA Cloud Platform – Portal Service
This is easy, follow the Hello World example in item #1 and for the more adventurous, have a look at
at this one – http://sapassets.edgesuite.net/sapcom/docs/2015/07/28291252-5a7c-0010-82c7-eda71af511fa.pdf
That’s it !
p.s. the next call will be on SAP HANA TDI (Tailored DataCenter Integration) in September (after the holiday season)