Your S/4HANA environment – Part 2 – SAP NW Gateway and Fiori Launchpad
Welcome to the second part of the S/4HANA installation and configuration guide. In today’s post, I will focus on configuration of the Front-end server that will be responsible for the Fiori Launchpad.
Last time I went through the whole installation process of the back-end server. I believe I covered the most important parts. Installation of another ABAP instance is very similar – so I won’t get into details. The only small difference is the process in SUM. The NetWeaver installation media we use is a bit older, so there are more support packages to import.
During our configuration we will follow the UX Best Practices released recently by SAP. It’s a detailed document you can download from SAP Service Marketplace and it covers all the steps you need to execute in order to configure the front-end server.
Each scope item is designed to cover different aspect of the Fiori Launchpad:
- Fiori Apps Deployment covers the initial configuration necessary of the front-end server and connection to the back-end server. This is the main topic in today’s post.
- Fiori Advanced Security Setup is focused on enabling secure communication and Single Sign-on
- Fiori App Extensibility and Customization enables us to create our own theme and brand Fiori apps. It also describes use cases how the Fiori apps can be extended
- Fiori Launchpad Operation shows instructions how to create catalogues and groups, but also covers role and transport management
- Mobilizing SAP S/4HANA Apps is about HANA Cloud Connector and Fiori Client
- Using Screen Personas in SAP S/4HANA includes information about setting up SAP Screen Personas in an S/4HANA environment and shows how to design and develop SAP Screen Personas flavours.
Today we focus on the first part of the UX Best Practices scope. Please feedback your comments on which other points would you like me to describe. I will definitely have a closer look on Screen Personas – not the whole S/4HANA scope is covered by Fiori Apps, therefore I think a better understanding on how can we modify existing Web GUI transactions will be useful.
There is quite a lot to do today, so let’s get started! When you log in to the front-end server you can check the products installed by entering System -> Status:
Our systems are out-of-the box and would require further configuration to be a live production system. The first thing we should do is prepare a separate client on both the front- and back-end systems.
Before executing any of the following steps, I highly recommend preparing a full system backup.
Client copy on the front-end system is standard procedure and no additional task is needed, whereas when we want to activate Best Practices using Solution Builder on the back-end system, the process is definitely more complex and unique.
On SAP Gateway the whole process focus on creating new client (for our setup I will use number 110) and copy customizing data from client 000:
Preparation of the S/4HANA client requires few additional steps. First is to activate five business functions on client 000 before scheduling a client copy:
Beware that activation of business functions cannot be undone.
We can monitor execution of the job – when it’s finished we can move forward.
In SCC4 define new client. Ensure there is no currency assigned.
The new S/4HANA client on which we process the activation should contain only the minimum settings from client 000. All the other settings will be created during activation. Required configuration is contained in around 800 tables delivery class C and G defined in whitelist table /FTI/TWHITEL01. Client dependent tables with delivery class E, S and W are copied in full. In order to achieve that, it is necessary to register the target client in table /FTI/T_NOCLN000 before execution.
We use SCC3 to monitor client copy. We can even see that it’s calling function module to read the whitelist table:
When finished, just to be 100% sure everything went to plan, I did two comparisons: firstly, I checked tables that were not mentioned on the whitelist. Against the client 000 table there were 207 entries and client 100 was empty. Next I compared a table that was on the whitelist and on both client number of rows was the same. Success!
When both clients are ready, we can start setting up the Fiori Launchpad.
Fiori Launchpad configuration
The good thing is that almost the whole configuration of the front-end system is contained in the tasks list – but of course there are manual actions to be performed. I started with the creation of Fiori administrator in the SAP Gateway system and I assigned it a newly created role created with template /IWFND/RT_ADMIN.
After logging in with the newly created user, I entered Task Manager and executed the task list SAP_GATEWAY_BASIC_CONFIG, which focuses on the very initial configuration of the system. It covers basic setup like activating gateway.
Second task list – SAP_SAP2GATEWAY_TRUSTED_CONFIG – is about creating a trusted connection from the back-end to the front-end system and has to be executed on an S/4HANA instance. Prior to execution it is required to define RFC connection to the front-end server.
Now we need to define the connection from the back-end system to the front-end. This task list starts with a manual step. It is necessary to check if the user defined in S/4HANA has the required authorization object S_RFCACL assigned. The best way to do it, is to copy role SAP_S_RFCACL to Z- namespace and add it to your user. When it’s done, we go back to our task list. This time I decided to define connection directly in parameters, instead of manual creation of RFC in SM59.
The status of each activity is green – we can go ahead.
Another task list enables Fiori Launchpad OData and HTTP services. Here you can decide on which port would you like to see your Launchpad.
When this task list is finished, again a manual step is required. This time we need to configure System Logon Procedure. I highly recommend checking Sharth’s blog about customizing the Fiori Logon / Logoff page. Here I just give the example of the required minimum.
Enter t-code SICF and change System Logon Configuration for two services:
To redirect the user back to the login screen after he/she logs out, we need to modify service /bc/icf/logoff and set Redirect to URL under the System Logon.
The last thing before verifying the Fiori Launchpad, is to assign appropriate roles to the administrator and end user.
At this moment the very initial configuration is already in place and we can access the Fiori Launchpad
To complete the first building block of UX Best Practices we should configure Embedded Search. As this requires activating additional Business Functions in the S/4HANA back-end, I decided to leave it for post activation.
Fiori Apps deployment
Now we can deploy the first Fiori applications. The current list of supported applications for S/4HANA can be found in Admin Guide (but I recommend using the Fiori Apps Library instead to have the most recent version). When you enter task list SAP_GATEWAY_ACTIVATE_ODATA_SERV you need to fill three parameters: Define OData services, Select System Alias and Select OData services. To define OData service, you need to format the parameter to fulfil following requirement:
You can see how to import many Fiori Apps at once on this blog.
If you encounter any issues during this task list, please check your Trust Relationship and user authorization (user has to have S_RFCACL authorization)
So far we didn’t enable ESH, so some Fact Sheet apps will return an error. You don’t have to worry about them – we will enable them after the S/4HANA content activation.
Along with OData services, we need to activate ICF services. We can do it by executing manual steps or via task lists. As there are more than 150 services to be activated, I decided to use task list.
Repeat the step and activate the same services for path /sap/bc/bsp/sap. And finally, we have to activate WebDynpro applications on the back-end system using the same task list.
Now let’s generate ABAP Runtime Artifacts – if not generated, some analytical apps might not display any data. We can execute this operation in t-code SACM in the back-end system.
We are almost ready to use our Fiori Launchpad. But if we log in now, no tiles would be displayed. Therefore, we need to assign Fiori roles to the user in the S/4HANA system. Which roles? All is described in apps library:
Now we are ready to test our configuration:
Success! It’s working! We can try to open a sample app:
There is no data yet – as we still haven’t activated S/4HANA. We will do this in the next post!
I hope you like this journey towards S/4HANA. I didn’t cover the whole topic of UX Best Practices. Mostly I didn’t touch on Web Dispatcher and Security. If you would like to see how to set it up – let me know. We might come back to this during further S/4HANA Activation posts.