Skip to Content
Author's profile photo Hari Sonnenahalli

HCI PI Tenant Set UP-Part1

HCI PI Tenant Set UP-Part1

I am working on HCI- PI project in which am building custom iflows. When created a scenario and deployed it on HCI tenant, I have faced a number of issues with respect to HCI tenant setup. I am writing these blogs so that it would help integration developer or basis admin to understand HCI tenant initial setup. I know there are few similar blogs based on trial version. My effort is to try and consolidate all the required information at one place so that it would be easy for developers to follow and use. In this blog, we shall understand what are usages of URL’s which is received from SAP when HCI tenant is purchased.

Step1: You will receive an email from SAP about the account details using which you can access HCI tenant. The email consists of 3 URL’s as mentioned below.

1st will be a WEB UI URL

2nd will be an Eclipse URL

3rd will a runtime URL

HCI-PI URL and Usage

https://account.us2.hana.ondemand.com: This is the URL to access Cockpit which is provided by SAP when an HCI cloud account is requested.

Web UI URL (Access via web browser):

https://yourinstance-tmn.hci.us2.hana.ondemand.com/itspaces: This is to access HCI-PI instance to do integration development.

Management URL (Access via Eclipse HCI plugin):

https://yourinstance-tmn.hci.us2.hana.ondemand.com: This is the URL which is configured in Eclipse tool to perform integration development.

Runtime URL (Webservice URL to be configured in backend systems):

https://yourinstance-iflmap.hcisbp.us2.hana.ondemand.com: This is the runtime URL which is used to configure backend system with SAP HCI-PI

Step2: You need to create an account and provide proper authorization so that you can develop and test your integration scenarios. You can follow below link and steps to accomplish initial account setup.

https://www.youtube.com/watch?v=7Ugue1t2o-A

Step3: You need to provide particular roles for integration developer. Please follow steps mentioned below.

1.Login to cockpit using URL mentioned below using SNC user credentials.

https://account.us2.hana.ondemand.com

2. Navigate to security tab on the left panel and click Authorization as shown in the screenshot below.

3.In User, search tab input the SNC user and click show assignments.

 

4.Click on Assign tab and the following screen will pop up and assign roles as mentioned in the screenshot below. One thing to note is account and application type for the specific user role.

5. After assigning the roles your user should look as in the screenshot below. Note: I have assigned some additional roles as I was also involved in admin work. In case you are just responsible for integration development then you can get Integration developer role and ESBMessaging. Send roles which will allow you to develop iflows in HCI tenant.

Note: You need to have ESBMessaging.send and Integration developer role to develop iflowso.

In my next blog will explain how to setup eclipse.

Hope this helps.

See you in my next blog

Assigned tags

      24 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Andrea Bosoni
      Andrea Bosoni

      Thank you, Hari! I have a couple of questions about users and roles. In my understanding only s-users (or p-users and the like) can be used on HCP IS, both for dialog users via UI and for systems sending messages through available channels. Am I right? No way for customers to keep their existing user naming conventions?

      How may we distinguish between dialog and system users, as each s-user could be potentially used for both purposes?

      An s-user will periodically expire, and I’m wondering how that should be handled in case this is used for communication between systems...

      I could not see a place where standard roles or authorization groups could be customized (or new custom roles created). Is this feature available?

      Many thanks in advance!

      Andrea

      Author's profile photo Hari Sonnenahalli
      Hari Sonnenahalli
      Blog Post Author

      Andrea-

      Yes, In HCI there is no service users. Anyone who works on HCI it may be COCKPIT, CLOUD CONNECTOR or TENANT has to have s-user as it is hosted in SAP cloud. Now taking about retaining the same username conventions, if I understand your question correct you mean using the same username and passwords, if yes this can be done by deploying the credentials under security material tab on HCI and referencing the same in communication channel( More appropriate for SFTTP scenarios). The best way to communicate in HCI is to use client certs in which you have the ability to map certs to specific s-user so it is always recommended to have an Admin s-user in the landscape. There are no service or dialog users in HCI the only way it can be differentiated is by roles which you can assign in COCKPIT.

      Hope this helps!

      Thanks

      HS

      Author's profile photo Nidhi Srivastava
      Nidhi Srivastava

      Hi Hari,

      I am not getting the relevant roles in my Cockpit. Please see the screenshot below.

      Do I need to check anywhere else on cloud?

      Thanks,

      Nidhi Srivastava

      Author's profile photo Hari Sonnenahalli
      Hari Sonnenahalli
      Blog Post Author

      Nidhi-

      Do you have admin role to your user ID?using which you're are trying to add additional roles. If yes please open a ticket to SAP under component LOD-HCI-PI-OPS and ask them to review the permission of the HCI tenant and share your tenant details in below format. In case you don't have admin roles please add them and try to add roles in a new session.

      Regards

      HS

      Dear Colleagues,

      Please set the log level for the following loggers:-

      TMN url: https://v0XXX-tmn.avt.us1.hana.ondemand.com

      Application: IFLMAP

      Tenant Name: v0XXX

      Author's profile photo bryan kim kim
      bryan kim kim

      Hi Hari.

      I want to have test on SAP HCI. But I can't find out as on your post and screen. Should I pay for use HCI ?  I heard that it need to have tenant from SAP when I have development.

      Would you like to let me know how to allocate tenant for development?

      Thanks

      Young from Brisbane

      Author's profile photo Hari Sonnenahalli
      Hari Sonnenahalli
      Blog Post Author

      Bryan-

      Yes, you need to get a tenant licence in order to test HCI PI which is part of HCP and provided as a service. You can get a developer version which would be less expensive compared to others.

      Regards

      HS

      Author's profile photo bryan kim kim
      bryan kim kim

      Hi Hari

       

      Thanks for let me know. I want to purchase tenant license for test HCI PI . Would you let me know where can I purchase or how to purchase for tenant for that ?  I haven't found any link or url for that.

      Please help .....

      Thanks

      Bryan.

      Author's profile photo Hari Sonnenahalli
      Hari Sonnenahalli
      Blog Post Author

      I will get you details in couple of days.

      Thanks

      HS

      Author's profile photo Hari Sonnenahalli
      Hari Sonnenahalli
      Blog Post Author

      Please find details below. Now HCP is renamed as SCP (SAP Cloud Platform)

      You have no access to an account yet. Contact your account representative or go to the following page: http://www.sap.com/pc/tech/cloud/software/cloud-applications/index.html.

      If you like to get a trial account, mail to: hci.trial@sap.com.

      When an account and tenant have been provided by SAP, you will receive a mail from SAP with the subject text SAP HANA Cloud Integration – Notification. This mail contains information on your account and test and productive tenant and a number of URLs. For more information on the purpose of the URLs, see the table below.

      Do not reply to the SAP HANA Cloud Integration – Notification mail. This is an unmonitored mailbox. If you have any further questions, create a ticket (component LOD-HCI).

      Author's profile photo bryan kim kim
      bryan kim kim

      Thanks Hari.

      Just question. SAP HCI is necessary sign up with company level. Do i have any way to use as personal or individual level?

      https://www.sapappsdevelopmentpartnercenter.com/en/signup/exploration-member/

      Did you sign up company level ?

      Thanks so much my reply inquiry.

      Best regards

      Bryan

      Author's profile photo Hari Sonnenahalli
      Hari Sonnenahalli
      Blog Post Author

      You can do both but using if your company is SAP partner then it is better to use company.

       

      Regards

       

      HS

      Author's profile photo Former Member
      Former Member

      Hey Hari!

      I hope you are fine!

      Please can you help me?

      Can only add a user that has S-user or P-user? I read something about LDAP ID, is this true? If so, how could it be done?

       

      Author's profile photo Hari Sonnenahalli
      Hari Sonnenahalli
      Blog Post Author

      You need to have S-user in order to work on HC I PI.

      Author's profile photo Pandey Anuj
      Pandey Anuj

      Hi Hari,

      I think P-User can also be used to access HCI.

      Thanks

      Anuj

       

      Author's profile photo Former Member
      Former Member

      Dear Hari, thank you very much for your return and I hope you are fine!

      I have one more question, if possible: How do I not allow users to set their credentials? The idea is that only the system administrator has access to security material. Is it possible, if so, how?

      (Monitor> Manage Security Material> Security Material)

       


      Note: The registered roles for the developers are:

      Group DEVELOPERS (hci)

      ESBMessaging.send (iflmap)
      NodeManager.deploysecuritycontent
      NodeManager.deploycontent
      IntegrationOperationServer.read
      AuthGroup.ReadOnly
      AuthGroup.ContentPublisher
      AuthGroup.BusinessExpert
      AuthGroup.TenantPartnerDirectoryConfigurator
      AuthGroup.SystemDeveloper
      AuthGroup.IntegrationDeveloper

      *** Only on the USERS tab esbmessagestorage.read

      Author's profile photo Hari Sonnenahalli
      Hari Sonnenahalli
      Blog Post Author

      Just provide users if they developers with following roles and not admin roles.It should work. Please let me know.

      Group DEVELOPERS (hci)

      ESBMessaging.send (iflmap)

      Author's profile photo Former Member
      Former Member

      Hello Hari, once again, thank you very much!
      I did not understand. So I've been reading no SAP content, no description.

      I did not understand whether to remove an ESBMessaging.send (iflmap) role or just let it set for the developer.
      In any case, I removed an ESBMessaging.send (iflmap) role and I still manage to edit the service material.
      The idea is that only the environment administrator can create such credentials, know_host and etc.

      What should I do?

      Once again, thank you !!

       

      Author's profile photo Hari Sonnenahalli
      Hari Sonnenahalli
      Blog Post Author

      Let me try to do some test and provide you a answer.

       

      Thanks

       

      HS

      Author's profile photo Former Member
      Former Member

      Thank you so much Hari!
      I did tests too. I created a new group and assigned each of my roles listed above.

      It was only possible not to edit the security material when only the operation view was released. That is, any other parameter that is for developer (from this my list of parameters) gives the user powers to edit the security material.

      I'll wait for your return. Thank you very much!

      See you soon.

      Author's profile photo Andrei Stefanescu
      Andrei Stefanescu

      Hi Hari,

      Thank you! this was helpful and solved my problem that I could not copy the desired integration scenario 😉

      Kind Regards

      Andrei

      Author's profile photo Prakash D
      Prakash D

      Hi Hari,

       

      Nice blog.

      Now CPI Trail is available.

      Where I can see esbmessaging.send role in cockpit.

      Please Help me on that.

       

      Thank you Advance

      Author's profile photo Prakash D
      Prakash D

      Hi Hari,

       

      What is the Sub Account name in cockpit, to give it in Cloud Connector.

       

      Do I need to give HTTPS Proxy here?

       

      Please help on this.

       

      Thanks

       

      Author's profile photo Hari Sonnenahalli
      Hari Sonnenahalli
      Blog Post Author

      Prakash-

       

      You can find the account name following the path as shown in the screenshot below. The sub account name is the technical name which can be found in the specific account type. Hope this helps.

      Regards

      HS

       

       

      Author's profile photo Hari Sonnenahalli
      Hari Sonnenahalli
      Blog Post Author