Introducing Direct Live HANA Connections in SAP Analytics Cloud
Many of my blog readers have tried setting up live connections from SAP Analytics Cloud (SAC) to on-prem HANA systems via a reverse proxy, following my earlier blogs. How was your experience? Was it smooth to setup reverse proxy, especially when it comes to Single Sign-on configurations? Needless to say, it is probably not that smooth if you are not an Apache or Web Dispatcher guru, no matter how detailed my earlier blog posts and how-to guides are:).
Well, why do we need the reverse proxy in the first place? It is to make both SAC and the HANA system appear to the web browser under one single host name in order to bypass the browser’s Same Origin Policy. But do we have to live with this cumbersome architecture with high implementation and maintenance effort? Now we have an answer: in SAC wave 2017.05, a new feature named Direct connection has been introduced, which does not require a reverse proxy anymore.
So what’s the magic? The Direct connection leverages the HTML5 CORS specifification, which makes Cross-Origin Resource Sharing possible. Why didn’t we make use of the standard earlier? The reason is that CORS and SAML don’t quite work together due to a specification flaw in CORS. With SAC release 2017.05, we have engineered a pop-up window for the SAML 2 Identity Provider logon screen to gracefully bypass the flaw in the CORS specification.
See the below diagram illustrating the Direct live connection architecture based on CORS.
This connectivity option does come with certain prerequisites on your web browser. For corporate landscapes, these settings can be automated by your IT policy, e.g. Active Directory group policy.
- Allow pop-up windows from the SAP Analytics Cloud domain: [*.]sapbusinessobjects.cloud.
- Allow 3rd party cookies from the SAP HANA server’s domain.
Additionally, the on-prem HANA system’s XS engine must be accessed via HTTPS protocol, as CORS does not work in the mixed HTTPS/HTTP scenario. The SSL server certificate of the HANA system must be a valid one that is trusted by your users’ web browsers and match the HANA system’s fully-qualified domain name. For more details on how to configure HTTPS/SSL for HANA XS, refer to SAP Note 2502174.
If for any reason those prerequisites cannot be met in your case, you can always use the reverse proxy option which is still fully supported.
For details on how to setup Direct live HANA connections in SAP Analytics Cloud, follow the below documentation:
- Enabling Direct Connectivity for Live Data Connections with Basic Authentication
- Enabling Direct Connectivity for Live Data Connections with SSO
Regarding how this option would work in Internet scenarios where the web browser does not have direct access to the HANA system, refer to my next blog Direct Live HANA Connections in the Internet Scenario.
I hope you find this blog helpful. Till next time!
This is awesome!
Great to know, thank you! Cheers, H
This is a great addition!
Does the connection require SAML to be configured or can we use a System account to connect to the HANA system?
Also are there plan to provide similar option for the BW online connectivity?
Deepu
Thanks Deepu. You can use any HANA user account to connect to HANA, but keep in mind that the user credentials are not persisted in any live connection, so you cannot configure it as an administrator and share it with multiple users. In most real world use cases, end users would not be happy to type in their HANA user credentials every time they open a HANA-based story, so you need some sort of SSO setup. At the moment, SAML is the only SSO option, but we are also working on other options too. Stay tuned!
Thanks Dong for the response!
Hi, do you have notice if share credentials con live connections is possible now?
Regards,
This is wonderful Dong !!!!
Thanks Dong! We were able to use this guide to expose SAP ITOA data in BOC!
Thanks for letting me know, Angela! I am happy that the blog was helpful:).
Hi Have you tried this with Hana 2.0 Express ?
/Petter
As of now, HANA 2.0 is not supported by SAC yet.
Hi Dong Pan,
thank you for your article.
I am utilizing HANA calulation views on BO Cloud stories (reports). I just have one issue regarding this point - description of cost centers in HANA Table (and calculation view) is e.g. COST_1, COST_2 etc..
But on BOC Stories - when user wants to search cost center by descritiption (reports build on connected models - based on calculaton view) - they need to put search with case sensitivity.For example - "Cost_1", "cost_1" will not return anything because case sensitivity of HANA search engine.
Is there any way how to change this settings?
Many thanks.
Ondrej
Hi Ondrej,
What "search" functionality are you referring to? There are multiple places where you can search, so please let me know exactly in which UI area you are performing the search.
Thanks,
Dong
Hi Dong,
Thank you for your reply.
I mean all search in case of story / dimension filters..please see attached picture. Basically I am talking about dimension search in filter editation or directly on story / page filter search.
Many thanks.
Ondrej
Hi Don,
We upgraded three of our systems to HANA 2.0 without considering the implications it would have on our SAP Analytics Cloud environment. The 1.0 environment is working fine but the 2.0 environments will not connect getting the error, “{"Messages":[{"Number":42001,"Type":2,"Text":"InformationAccess Service GetServerInfo is not available. Install the SAP HANA EPM-MDS plugin."}]}”. This error is detailed below in the SAP support. We are using a reverse proxy connection as mentioned in the article which is states is unsupported in HANA 2.0. Is there an unsupported way of making this work or is there another method of connecting to HANA 2.0 from SAP Analytics Cloud? Any help appreciated.
https://apps.support.sap.com/sap/support/knowledge/public/en/2441461
Have a great afternoon,
Allen.
Hi Don and everyboby!
We have an opportunity to implement a SAC project with HANA 2.0, with Sap business Suite(ERP).... It's true Hana Live connecting is not supported yet with HANA 2.0.... but ¿what another option we have? ¿ Direct connection SAC to ERP with infosets? ¿is there another chance to connect to Hana in offline mode? We need to reuse Analytics/calculations views.... Thks for advance!
Thanks Dong,
Although not the topic of this blog, for those interested
Here is a step-by-step log with videos how to configure Apache SSL reverse proxy for use with SAP Analytics Cloud Live Connections (using CORS):