New release of the SAP HANA Cloud Connector (v.2.9.)
Since a couple of weeks a new version of the SAP HANA Cloud Connector has been released and a lot of new features are now available.
Maybe the most prominent one is the new administration user interface, which is now aligned with the look&feel of the SAP HANA Cloud Platform Cockpit. Not only the design has been changed, the whole structure has been fully renovated to make it easier for you to configure and administrate your SAP HANA Cloud Connector. It’s worth to have a look at it!
Just to mention a couple of other new features, the version 2.9 of the SAP HANA Cloud Connector allows you now to:
- use a service channel to access the SAP HANA Cloud Platform Virtual Machines via SSH
- configure alerts that are triggered whenever a certificate used in SAP HANA Cloud Connector is about to expire
- use LDAP as additional protocol for accessing systems exposed by the SAP HANA Cloud Connector, which is a prerequisite for using the SAP HANA Cloud Platform Identity Provisioning Service
- connect multiple SAP HANA Cloud Connectors to one SAP HANA Cloud Platform Account
The latter feature is definitely my favorite one of the new release and I want to share in this blog more details on how it works exactly.
When should I use multiple SAP HANA Cloud Connectors?
To be very clear, we really recommend to have only one SAP HANA Cloud Connector whenever it’s possible but for some use cases, you may need 2 or more instances.
Let’s assume that you need to combine data coming from 2 different network locations in one application. With the previous version, this kind of scenario was unfortunately just not possible. This restriction disappears with the latest release. It’s now possible to connect multiple SAP HANA Cloud Connectors to a single SAP HANA Cloud Platform account, so that you can address multiple separate corporate network segments.
How does it work?
1. Configuration of the SAP HANA Cloud Connectors
The different SAP HANA Cloud Connectors are distinguishable via their location ID. You have 2 ways to define this optional property in the SAP HANA Cloud Connector administration user interface:
A. By adding a new account
B. By editing the details of the “Connector State” section
The Location Id is not mandatory but as soon as you want to use multiple SAP HANA Cloud Connectors, only one can have the default value. As you can imagine, the location Id should be unique 😉
2. Configuration of the Connectivity Service in the SAP HANA Cloud Platform Cockpit
Once you have 2 SAP HANA Cloud Connectors connected to your SAP HANA Cloud Platform account, both instances should be visible in the Connectivity section of your SAP HANA Cloud Platform Cockpit.
In order to route requests to a SAP HANA Cloud Connector, the location Id needs to be configured in the respective destinations in the SAP HANA Cloud Platform Cockpit.
So let’s create 2 different destinations based on the following setup:
SAP HANA Cloud Connector 1
SCC name: SCC1 – demo
Location Id: empty (default value)
Virtual Host of the Acces Control: demo1.backend:1234
SAP HANA Cloud Connector 2
SCC name: SCC2 – demo
Location Id: SCC2-DC2
Virtual Host of the Access Control: demo2.backend:9876
First go to the Connectivity section and click on Destinations and then create a new destination.
The first destination redirecting to the first SAP HANA Cloud Connector (SCC1 – demo) has to be configured as usual.
As we didn’t have a location ID for our first SAP HANA Cloud Connector, we keep the property “Location ID” empty.
In case you don’t specify any location Id in the destination, the request will be always redirected to the instance with the default location Id which is “empty”.
The second destination redirecting to the second SAP HANA Cloud Connector needs an additional property in order to define the location Id.
Note: Since end of April 2017, you don’t need anymore to add the additional property “CloudConnectorLocationId”.
Once the destinations are configured, you can now build an application consuming the data coming from different landscapes by using those destinations.
1. Can I use different SAP HANA Cloud Connectors from different releases togehter?
Yes, this is possible but keep in mind that this new feature is only available from version 2.9. That means that SAP HANA Cloud Connector from previous versions must have the default value of the location Id. Moreover for productive usage we strongly recommend to upgrade your instance to the latest version.
2. What about the location Id I have defined in a previous version?
Location IDs that have been provided in previous versions of the SAP HANA Cloud Connector will be dropped during an upgrade to ensure that running scenarios are not disturbed.
3. Is the location Id property in previous version now important?
No, the location Id was only an optional property to describe the SAP HANA Cloud Connector and it’s still the same now. That means that adding a location Id to a SAP HANA Cloud Connector 2.8 will not allows you to connect another SAP HANA cloud Connector without Location Id.
How to test it?
Now it’s time for you to discover the new SAP HANA Cloud Connector…
Don’t wait, download it, play around with it and let me know which feature is your favorite one?
Feedback is of course welcome 😉
great blog. Thank you.
What about the other was around? So let's say I want to connect several customers to a single Cloud Connector. Is this a possible Scenario? Any concern of security or performance? Any experience with it?
thank for your comment.
The relation between the SAP HANA Cloud Connector and the SAP HANA Cloud Platform is n to m. That means that you can also have multiple HCP accounts connected to one Cloud Connector. But we strongly recommend to use one Cloud Connector per customer, which can have one or more accounts connected.
Hope it helps.
can I take this as a final statement in terms of support? As we would appreciate to handle more than one customer per Cloud Connector. This would help us to deploy cost effective solutions. Is the major concern on security? Just that we are able to understand the reason behind it.
Thank you .
You can of course bind all yours customers accounts to one Cloud Connector but that means that the Cloud Connector Administrator will see everything, which is from the security perspective not the best approach 😉 So I suppose you are not planning to give the customers access to your Cloud Connector, right? Could you please tell me more about your scenario?
We are in an hosting environment and we would like to offer a low price and a nearly immediately available cloud connection to our customers that they can connect their SAP systems easily to the SAP cloud. If we have a fully configured SAP Cloud Connector ready to use, the only task would be to connect the account and to configure the access control – and our customers could start right away with their cloud scenarios.
We were happy to see that it’s possible to add several accounts to one SAP Cloud Connector. Of course, we would separate test scenarios and productive scenarios on different SAP Cloud Connector. The administration of the connections would be in our responsibility, our customer will not have access to the SAP Cloud Connector administration.
Do you have any other concerns regarding security? We could not find any problems. The separation of the accounts and the connection settings seem to be a good way to separate the customers from each other. What about performance? How many connections in parallel would a SAP Cloud Connector be able to handle?
Our only concern is the principal propagation. The central SAP Cloud Connector would have a certificate from our CA – but the system certificates of the connected SAP systems could be signed by a different CA (the CA of the customer). It should still be possible when using principal propagation for HTTPS but it would not work for RFC. Do you agree? In the case of principal propagation for RFC, the customer could still use an own SAP Cloud Connector. Anyway, we experienced that most of our customers used HTTP(S) connections to the backend systems only.
What do you think? Could this be all in all a valid scenario?
Please be aware that the CloudConnectorLocationId is not yet supported in HCPms.
Thanks a lot for sharing. Do you know if and when it will be possible to connect two or more cloud connectors to a single HCP account ?
this is exactly one of the new feature described in the blog ? With the version 2.9. you can now connect multiple SAP HANA Cloud Connectors to a single HCP account. Just download it, upgrade your instance if you have already one and don’t forget the location id ? That’s all.
Do you know the way of defining the Cloud Connector Location ID at an XS Destination (xshttpdest hana artifact)? Seems there is no formal parameter (yet) for this.
Thanks and regards.
the Location Id should be defined as described in the documentation for Java applications.
Here is an example on how to use the header SAP-Connectivity-SCC-Location_ID in your code:
Thanks for the hint. the documentation will be updated 😉
We are currently using XS Destinations for our XS application. The way for defining the XS destinations ("xshttpdest" HANA artifact) is a little different than a destination for a java application or for a destination defined at the HCP cockpit (for example for HTML5 apps). This is the way for defining XS destinations:
And for a XS destination I have not found yet the way of passing a property in order to reach the right cloud connector with the desired Location ID. (No success with the request parameters for java destinations)
Please comment if there is another way to do it.
Thanks and Regards
Hello Eduardo, have you found a solution for this?
According to the following help page, recently updated, and already tested from my side, the Cloud Connector Location ID could be specified in the XS outbound HTTP request header.
Header ID: "SAP-Connectivity-SCC-Location_ID"
Nice blog Matthieu
From my point of view the nicest feature is the splitting of the Cloud to On-Premise and the On-Premise to Cloud connectivity options. Not sure even whether this was possible in the previous versions but now it is really clear the distinction. I've recently connected to a HANA database in HCP using the On-Premise to Cloud option from an S/4 HANA system and it works well. Knowing this option exists is also great from an architecture point of view. More options to put in front of clients! 🙂
I was actually used to the previous user interface but i can see now that this definitely is more in line with HCP and SCI user experiences so them all being consistent now is a great thing.
Thanks for your feedback and happy to hear that you like the new structure of the UI.
Great blog... Thanks for the updates 🙂
You also mentioned about the possibility to configure alerts for used certificates - do you also have more elaborate details for this scenario ?
Also with this release of the cloud connector, found that the number of entries for "Cloud To On-Premise" are restricted to 10 (instead of a scroll earlier). Is there a possibility to scroll or search for easier access to entries located further down in the list ?
Thanks again for the very informative blog.
Thanks for your comments.
You can configure the SAP HANA Cloud Connector to send out emails whenever critical situations occur that may prevent it from operating flawlessly in the near or not so distant future. More details can be found in the official documentation here.
For example whenever one of the certificates expires, scenarios might no longer work as expected so that it is important to get notified in time about the expiration. The default expiration warning time is 30 days.
Note that this isnt working when the SMTP server requires authentication, i have a ticket open and hopefully should be fixed soon. I will update back once this solved.
thanks for the info.
Iindeed we are already working on it to make it available soon.
just seen that I forgot to answer your second question 😉
Indeed we don't have a search function for the access control right now but the restriction to 10 should not be a problem. If you click on the link "Show more" you can display further access controls...
Could you please tell me approx. how many access control do you have so that a search would be useful?
Thank you for this.. I'm tying to understand how this new multiple connector to single HCP works with the User Store in the Cloud Connector and the Coporate User store functionality of Cloud Identity Service.
Previously we could not make use of the feature as we have a multiple domain Forrest which the cloud connector could not query beyond a single domain.
Am I right to think now that we can have multiple connectors each with its own User store (in effect one per domain in our Forrest) and expose all of them to Cloud Identity Service corporate user store via the HCP service Identity Authentication Add-On?
I have downloaded the software and also configured it as it should be.
Despite maintaining all these values i get the error "Failure Reason:Backend status could not be determined"
is there any additional parameter i have missed and how do i know the SCP is using the SCC to connect to the my on premise system.
I found the issue and corrected it,
I did not set the paramter CloudConnectorLocationId = "LocationID" (this will be specified in the SCC during initial Hana trial connection parameter configuration ), so after setting this i got the message that "Success: Connection to "mysystem" successful".
Thank you for this blog because if not for this i would not have known about this parameter.
Merci beaucoup Matthieu! 😉
This is an excellent what's new, even better than the documentation on how to use the Location ID. This blog should be in the documentation.
As I was just integrating two separate networks in the portal(one network of SAP machines and one of Windows servers from two remote host partners), this release just nailed it!
Thank you very much!
Content de pouvoir aider 😉
It's great article and just what I was looking for. We use Cloud Connector 2.10.2 and make multiple connections with different Location IDs to our instance on HCP. However, when we click on Cloud Connectors on HCP we only see one Cloud Connector displayed at the time.
How can we correct this?
humm, strange behaviour. I'm not aware about such a bug. Can you please give me more details? How many SCCs are you using? Do they have all the same version? If not, which versions? OS? Portable? Can you see in the SCC Amin UI that they are all connected to the same Subaccount?
We tried with two SCC (same version 2.10.2) installed on different servers and with different location ID. OS is ubuntu, portable. In SCC Admin UI we use same subaccount. What we actually see on HCP in Cloud Connctors section is that information about connected CC intermittently switches from one SCC to another, it does not display list of connected SCC like in your articles. Maybe our HCP instance should be upgraded??
I would be interested in seeing that in a short remote meeting. Can you please accept my Xing request and send me your email address so that we can take it offline. Thanks.
as mentioned today, you can use only multiple Cloud Connectors in the same SAP Cloud Platform subaccount if they have different Connector IDs. The location ID helps here only to choose which Cloud Connector, you want to use.
If you still want to use Docker images with the Cloud Connector preinstalled, you can delete the Connector ID (<sccClientId>) from the file /scc_config/scc_config.ini. It will be then generated automatically later on by starting the Cloud Connector.
But be aware that then everybody in your team will use his own Cloud Connector. That means no common configuration 😉 Alternative would be to install one instance somewhere else and you share the same Cloud Connector with your team.
Hope it helps...
This is great. With this information I can make every developer build docker image with SCC preinstalled and with different connector ID, And because developers will not have password for their instance of SCC they won't be able to touch configuration so it will be common for all developers. 😉
Thank you for your help, I really appreciate it.