Many of my blog readers have tried setting up live connections from SAP Analytics Cloud (SAC) to on-prem HANA systems via a reverse proxy, following my earlier blogs. How was your experience? Was it smooth to setup reverse proxy, especially when it comes to Single Sign-on configurations? Needless to say, it is probably not that smooth if you are not an Apache or Web Dispatcher guru, no matter how detailed my earlier blog posts and how-to guides are:).

Well, why do we need the reverse proxy in the first place? It is to make both SAC and the HANA system appear to the web browser under one single host name in order to bypass the browser’s Same Origin Policy. But do we have to live with this cumbersome architecture with high implementation and maintenance effort? Now we have an answer: in SAC wave 2017.05, a new feature named Direct connection has been introduced, which does not require a reverse proxy anymore.

So what’s the magic? The Direct connection leverages the HTML5 CORS specifification, which makes Cross-Origin Resource Sharing possible. Why didn’t we make use of the standard earlier? The reason is that CORS and SAML don’t quite work together due to a specification flaw in CORS. With SAC release 2017.05, we have engineered a pop-up window for the SAML 2 Identity Provider logon screen to gracefully bypass the flaw in the CORS specification.

See the below diagram illustrating the Direct live connection architecture based on CORS.

 

This connectivity option does come with certain prerequisites on your web browser. For corporate landscapes, these settings can be automated by your IT policy, e.g. Active Directory group policy.

  • Allow pop-up windows from the SAP Analytics Cloud domain: [*.]sapbusinessobjects.cloud.
  • Allow 3rd party cookies from the SAP HANA server’s domain.

Additionally, the on-prem HANA system’s XS engine must be accessed via HTTPS protocol, as CORS does not work in the mixed HTTPS/HTTP scenario. The SSL server certificate of the HANA system must be a valid one that is trusted by your users’ web browers and match the HANA system’s fully-qualified domain name.

If for any reason those prerequisites cannot be met in your case, you can always use the reverse proxy option which is still fully supported.

For details on how to setup Direct live HANA connections in SAP Analytics Cloud, follow the below documentation:

  1. Enabling Direct Connectivity for Live Data Connections with Basic Authentication
  2. Enabling Direct Connectivity for Live Data Connections with SSO

Regarding how this option would work in Internet scenarios where the web browser does not have direct access to the HANA system, refer to my next blog Direct Live HANA Connections in the Internet Scenario.

I hope you find this blog helpful. Till next time!

To report this post you need to login first.

14 Comments

You must be Logged on to comment or reply to a post.

  1. Deepu Sasidharan

    This is a great addition!

     

    Does the connection require SAML to be configured or can we use a System account to connect to the HANA system?

    Also are there plan to provide similar option for the BW online connectivity?

    Deepu

    (0) 
    1. Dong Pan Post author

      Thanks Deepu. You can use any HANA user account to connect to HANA, but keep in mind that the user credentials are not persisted in any live connection, so you cannot configure it as an administrator and share it with multiple users. In most real world use cases, end users would not be happy to type in their HANA user credentials every time they open a HANA-based story, so you need some sort of SSO setup. At the moment, SAML is the only SSO option, but we are also working on other options too. Stay tuned!

      (0) 
  2. Ondrej Kloucek

    Hi Dong Pan,

     

    thank you for your article.

    I am utilizing HANA calulation views on BO Cloud stories (reports). I just have one issue regarding this point – description of cost centers in HANA Table (and calculation view) is e.g. COST_1, COST_2 etc..

    But on BOC Stories – when user wants to search cost center by descritiption (reports build on connected models – based on calculaton view) – they need to put search with case sensitivity.For example – “Cost_1”, “cost_1” will not return anything because case sensitivity of HANA search engine.

    Is there any way how to change this settings?

     

    Many thanks.
    Ondrej

    (0) 
    1. Dong Pan Post author

      Hi Ondrej,

      What “search” functionality are you referring to? There are multiple places where you can search, so please let me know exactly in which UI area you are performing the search.

      Thanks,

      Dong

       

      (0) 
      1. Ondrej Kloucek

        Hi Dong,

         

        Thank you for your reply.

         

        I mean all search in case of story / dimension filters..please see attached picture. Basically I am talking about dimension search in filter editation or directly on story / page filter search.

         

        Many thanks.

         

        Ondrej 

         

        (0) 
  3. Allen Sulgrove

    Hi Don,

    We upgraded three of our systems to HANA 2.0 without considering the implications it would have on our SAP Analytics Cloud environment.  The 1.0 environment is working fine but the 2.0 environments will not connect getting the error, “{“Messages”:[{“Number”:42001,”Type”:2,”Text”:”InformationAccess Service GetServerInfo is not available. Install the SAP HANA EPM-MDS plugin.”}]}”.  This error is detailed below in the SAP support.  We are using a reverse proxy connection as mentioned in the article which is states is unsupported in HANA 2.0.  Is there an unsupported way of making this work or is there another method of connecting to HANA 2.0 from SAP Analytics Cloud?  Any help appreciated.

     

    https://apps.support.sap.com/sap/support/knowledge/public/en/2441461

     

     

    Have a great afternoon,

     

    Allen.

    (0) 

Leave a Reply