Skip to Content

HCI PI Tenant Set UP-Part1

I am working on HCI- PI project in which am building custom iflows. When created a scenario and deployed it on HCI tenant, I have faced a number of issues with respect to HCI tenant setup. I am writing these blogs so that it would help integration developer or basis admin to understand HCI tenant initial setup. I know there are few similar blogs based on trial version. My effort is to try and consolidate all the required information at one place so that it would be easy for developers to follow and use. In this blog, we shall understand what are usages of URL’s which is received from SAP when HCI tenant is purchased.

Step1: You will receive an email from SAP about the account details using which you can access HCI tenant. The email consists of 3 URL’s as mentioned below.

1st will be a WEB UI URL

2nd will be an Eclipse URL

3rd will a runtime URL

HCI-PI URL and Usage

https://account.us2.hana.ondemand.com: This is the URL to access Cockpit which is provided by SAP when an HCI cloud account is requested.

Web UI URL (Access via web browser):

https://yourinstance-tmn.hci.us2.hana.ondemand.com/itspaces: This is to access HCI-PI instance to do integration development.

Management URL (Access via Eclipse HCI plugin):

https://yourinstance-tmn.hci.us2.hana.ondemand.com: This is the URL which is configured in Eclipse tool to perform integration development.

Runtime URL (Webservice URL to be configured in backend systems):

https://yourinstance-iflmap.hcisbp.us2.hana.ondemand.com: This is the runtime URL which is used to configure backend system with SAP HCI-PI

Step2: You need to create an account and provide proper authorization so that you can develop and test your integration scenarios. You can follow below link and steps to accomplish initial account setup.

https://www.youtube.com/watch?v=7Ugue1t2o-A

Step3: You need to provide particular roles for integration developer. Please follow steps mentioned below.

1.Login to cockpit using URL mentioned below using SNC user credentials.

https://account.us2.hana.ondemand.com

2. Navigate to security tab on the left panel and click Authorization as shown in the screenshot below.

3.In User, search tab input the SNC user and click show assignments.

 

4.Click on Assign tab and the following screen will pop up and assign roles as mentioned in the screenshot below. One thing to note is account and application type for the specific user role.

5. After assigning the roles your user should look as in the screenshot below. Note: I have assigned some additional roles as I was also involved in admin work. In case you are just responsible for integration development then you can get Integration developer role and ESBMessaging. Send roles which will allow you to develop iflows in HCI tenant.

Note: You need to have ESBMessaging.send and Integration developer role to develop iflowso.

In my next blog will explain how to setup eclipse.

Hope this helps.

See you in my next blog

To report this post you need to login first.

19 Comments

You must be Logged on to comment or reply to a post.

  1. Andrea Bosoni

    Thank you, Hari! I have a couple of questions about users and roles. In my understanding only s-users (or p-users and the like) can be used on HCP IS, both for dialog users via UI and for systems sending messages through available channels. Am I right? No way for customers to keep their existing user naming conventions?

    How may we distinguish between dialog and system users, as each s-user could be potentially used for both purposes?

    An s-user will periodically expire, and I’m wondering how that should be handled in case this is used for communication between systems…

    I could not see a place where standard roles or authorization groups could be customized (or new custom roles created). Is this feature available?

    Many thanks in advance!

    Andrea

    (0) 
  2. Hari Sonnenahalli Post author

    Andrea-

    Yes, In HCI there is no service users. Anyone who works on HCI it may be COCKPIT, CLOUD CONNECTOR or TENANT has to have s-user as it is hosted in SAP cloud. Now taking about retaining the same username conventions, if I understand your question correct you mean using the same username and passwords, if yes this can be done by deploying the credentials under security material tab on HCI and referencing the same in communication channel( More appropriate for SFTTP scenarios). The best way to communicate in HCI is to use client certs in which you have the ability to map certs to specific s-user so it is always recommended to have an Admin s-user in the landscape. There are no service or dialog users in HCI the only way it can be differentiated is by roles which you can assign in COCKPIT.

    Hope this helps!

    Thanks

    HS

    (1) 
  3. Hari Sonnenahalli Post author

    Nidhi-

    Do you have admin role to your user ID?using which you’re are trying to add additional roles. If yes please open a ticket to SAP under component LOD-HCI-PI-OPS and ask them to review the permission of the HCI tenant and share your tenant details in below format. In case you don’t have admin roles please add them and try to add roles in a new session.

    Regards

    HS

    Dear Colleagues,

    Please set the log level for the following loggers:-

    TMN url: https://v0XXX-tmn.avt.us1.hana.ondemand.com

    Application: IFLMAP

    Tenant Name: v0XXX

    (0) 
  4. bryan kim kim

    Hi Hari.

    I want to have test on SAP HCI. But I can’t find out as on your post and screen. Should I pay for use HCI ?  I heard that it need to have tenant from SAP when I have development.

    Would you like to let me know how to allocate tenant for development?

    Thanks

    Young from Brisbane

    (0) 
  5. Hari Sonnenahalli Post author

    Bryan-

    Yes, you need to get a tenant licence in order to test HCI PI which is part of HCP and provided as a service. You can get a developer version which would be less expensive compared to others.

    Regards

    HS

    (0) 
    1. bryan kim kim

      Hi Hari

       

      Thanks for let me know. I want to purchase tenant license for test HCI PI . Would you let me know where can I purchase or how to purchase for tenant for that ?  I haven’t found any link or url for that.

      Please help …..

      Thanks

      Bryan.

      (0) 
  6. Hari Sonnenahalli Post author

    Please find details below. Now HCP is renamed as SCP (SAP Cloud Platform)

    You have no access to an account yet. Contact your account representative or go to the following page: http://www.sap.com/pc/tech/cloud/software/cloud-applications/index.html.

    If you like to get a trial account, mail to: hci.trial@sap.com.

    When an account and tenant have been provided by SAP, you will receive a mail from SAP with the subject text SAP HANA Cloud Integration – Notification. This mail contains information on your account and test and productive tenant and a number of URLs. For more information on the purpose of the URLs, see the table below.

    Do not reply to the SAP HANA Cloud Integration – Notification mail. This is an unmonitored mailbox. If you have any further questions, create a ticket (component LOD-HCI).

    (0) 
  7. Thallita Cardeal

    Hey Hari!

    I hope you are fine!

    Please can you help me?

    Can only add a user that has S-user or P-user? I read something about LDAP ID, is this true? If so, how could it be done?

     

    (0) 
  8. Thallita Cardeal

    Dear Hari, thank you very much for your return and I hope you are fine!

    I have one more question, if possible: How do I not allow users to set their credentials? The idea is that only the system administrator has access to security material. Is it possible, if so, how?

    (Monitor> Manage Security Material> Security Material)

     


    Note: The registered roles for the developers are:

    Group DEVELOPERS (hci)

    ESBMessaging.send (iflmap)
    NodeManager.deploysecuritycontent
    NodeManager.deploycontent
    IntegrationOperationServer.read
    AuthGroup.ReadOnly
    AuthGroup.ContentPublisher
    AuthGroup.BusinessExpert
    AuthGroup.TenantPartnerDirectoryConfigurator
    AuthGroup.SystemDeveloper
    AuthGroup.IntegrationDeveloper

    *** Only on the USERS tab esbmessagestorage.read

    (0) 
    1. Hari Sonnenahalli Post author

      Just provide users if they developers with following roles and not admin roles.It should work. Please let me know.

      Group DEVELOPERS (hci)

      ESBMessaging.send (iflmap)

      (1) 
      1. Thallita Cardeal

        Hello Hari, once again, thank you very much!
        I did not understand. So I’ve been reading no SAP content, no description.

        I did not understand whether to remove an ESBMessaging.send (iflmap) role or just let it set for the developer.
        In any case, I removed an ESBMessaging.send (iflmap) role and I still manage to edit the service material.
        The idea is that only the environment administrator can create such credentials, know_host and etc.

        What should I do?

        Once again, thank you !!

         

        (0) 
          1. Thallita Cardeal

            Thank you so much Hari!
            I did tests too. I created a new group and assigned each of my roles listed above.

            It was only possible not to edit the security material when only the operation view was released. That is, any other parameter that is for developer (from this my list of parameters) gives the user powers to edit the security material.

            I’ll wait for your return. Thank you very much!

            See you soon.

            (0) 

Leave a Reply