Skip to Content

SAP Fiori Cloud provides a simple approach for SAP customers to adopt Fiori User Experience in the cloud. You get to use a Fiori Launchpad with a set of pre-packaged Fiori Apps straight away.  The whole process has been simplified by pushing all the UX related components to the cloud. Components like Launchpad, Fiori Apps, SAPUI5 Libraries are all available as part of the SAP Cloud Platform. You can continue to leverage the existing business processes from your SAP backend system which remains in your premise.

Here are some of the key benefits

  • Time to value – Fiori Cloud is all about simplifying your Fiori Implementation. Get your Fiori Apps up and running in few weeks. You don’t need to spend time procuring infrastructure or need to have any sort of cloud footprint to get started.
  • Simplified and Lean architecture – Fiori Cloud eliminates the need to have an infrastructure for SAP Gateway, Reverse proxy or Mobile platform. You don’t need to install and patch any of these components.
  • Leverage existing investments – You can continue to leverage the existing business processes from your SAP backend system which remains in their data center
  • Maintenance – One of the most important benefits is around maintenance aspects. Imagine if you were to update your SAPUI5 library or apply updates to standard Fiori Apps on your on-premise Frontend server – the time, cost and effort to move the change all the way from DEV to PRD. Generally, some customers have 4-7 system landscape. With Fiori Cloud all these things are taken care by SAP Cloud Platform. If there is a new Fiori App released, you would get it instantly as it’s a cloud service. The best part is the usage of the Preview Environment in SAP Cloud Platform. This environment provides options for customers to review and explore all the new functionality (two weeks in advance) before the official service delivery
  • Single Entry Point – You can now bring together SAP and Non-SAP business processes all under one single entry point – The Fiori Launchpad. It makes it possible to also brings contents from on-premise as well as from the cloud. So, we now have 1 Entry point and 1 UX.
  • Mobilize your apps – Once your Fiori Apps are in the Cloud, your end users can start accessing the apps from anywhere at anytime. You can also take the next step by optimizing your Fiori apps for mobile experience and allow your end users to start using Fiori Apps which leverage device capabilities – like your camera for bar code scanning or even build an offline Fiori App.


When you start to think of a Fiori Cloud Implementation, its important to understand the different landscape options. You probably are aware of the role of the Cloud Connector which establishes an SSL Tunnel between the on-premise environment and the SAP Cloud Platform account.  It is through this SSL tunnel the backend connectivity is established. End users can be on the Internet and securely access the Fiori Apps and business data. However, there are few customers who do not wish to expose the business data on the internet due to various security policies within their organization. Such customers can still leverage Fiori Cloud to simplify their Fiori implementation and at the same time comply with their existing security policies. I will explain more about this later in the blog. But first, let’s try and understand the two landscape scenarios supported by Fiori Cloud – Internal Access Point and External Access Point Landscape. Until few months back, Internal Access Point supported only S4HANA backend system and an External Access Point supported only an SAP Business Suite system. Recently, this restriction has been removed and businesses can start using their backend system with either of these landscape scenarios. In this blog, I will help demystify the difference between these landscape scenarios and highlight when customers should consider using each of them.

External Access Point Landscape Scenario

This is the most widely used scenario where both Internal users as well as external users (outside Corporate network) can start using Fiori Apps hosted on the Cloud Platform. The OData services which provide the business data is routed through the Cloud.

Let’s have a look at the below architecture. Within your premise, you maintain your backend systems. These backend system needs to have the Business Enablement (IW_BEP) component along with the relevant components which provide the OData service for supporting the Fiori Apps in the Cloud.

                                     External Access Point for a SAP Business Suite system


SAP Gateway plays a crucial role in registering the OData services which are available in the backend system. Gateway deployment is an important topic and there are differences in the options available based on the backend system. To know more about these options, please refer this blog “SAP Gateway deployment options in a nutshell

S4HANA system:

If your backend system is a S4HANA system, it supports the below deployment options for Gateway

  • SAP Gateway Hub
  • Embedded Gateway

SAP Business Suite:

if your backend is an SAP Business Suite system, you have more choices. The below Gateway deployments are supported

  • SAP Gateway Hub
  • Embedded Gateway
  • OData Provisioning on SAP Cloud Platform

If you have an on-premise SAP Gateway system, you could continue to use it. However, If you don’t have a SAP Gateway system or wish to decommission it, you can start to use the OData Provisioning service and register each of the OData services form the respective backend systems. The OData Provisioning service plays the role of a Gateway Hub in the cloud. There are differences in the features available in on-premise Gateway and in the OData Provisioning service in the cloud. You can find more information in SAP Note 1830712 . Hence, before you begin your implementation journey, it’s worth exploring this to understand which component fits your requirements and the overall cost savings. If you don’t have Gateway in your premise, OData Provisioning is a great choice as it comes with the cloud qualities like scalability, multi-tenancy, rolling software updates and so on.  If you already have a Gateway in your premise, you can continue to use it to expose OData services and have the UI related components like Fiori Launchpad, Fiori Apps and SAPUI5 libraries all hosted in the cloud platform.

As I explained earlier, the Cloud Connector is the critical piece which connects with on-premise environment with the Cloud Platform account.

                                                   External Access Point for a SAP S/4HANA system

In the Cloud Platform, all the UX related components are hosted and provided as a service. We have the Fiori Launchpad, Fiori Apps and the SAPUI5 libraries which get updated periodically.

Apart from this, there are lot of other services which come packaged with Fiori Cloud. Business analysts and developers can use BUILD to prototype applications before importing them into SAP WebIDE for developing the applications. There is the Theme designer to style the portal sites. Another key service which handles authentication is the Identity Authentication service. You also can leverage the Fiori Mobile service to quickly mobilize the standard and custom Fiori applications which are deployed on the Cloud Platform.


In an external access point landscape, since the OData services which provide the business data is routed through the Cloud, it enables the access of the Fiori Apps from the Internet. This means, if you want your end users or external users to access the Fiori Apps from outside the corporate network, this option is the best.  If you are also looking to mobilize these Fiori Apps and allow access from mobile devices, I would recommend this landscape.

The next thing to consider is the Classic UIs. Classic UIs are SAP GUI or WebDynpro ABAP screens which are available in your SAP backend system. It is possible to now launch these UIs from the Fiori Launchpad in the Cloud Platform. However, this is only supported if the user accessing these Apps is within the corporate network. If you would like to know more about configuring Classic UIs, you can refer this blog – “Launch Classical UIs from Cloud Portal

In the Roadmap, I see there are plans to enable access of Classic UIs from outside corporate network.

Similarly, Business Explorer (BEx) reports can be integrated within the Fiori Launchpad, but can only be launched by a user when they are within the corporate network.  If you would like to know more about configuring BEx reports, you can refer this blog – “How to view Business Explorer (BEx) reports in SAP Cloud Platform Portal


Internal Access Point Landscape Scenario

The architecture is slightly different for an Internal Access Point landscape. This scenario prevents sensitive OData requests to the backend system to be routed through the cloud. The data and the data requests stay within the customer’s network whereas all the UI components, UI configuration, personalization remain on the Cloud Platform.

Gateway deployment options supported for SAP Business Suite & S4HANA:

  • SAP Gateway Hub
  • Embedded Gateway

                    Internal Access Point for Business Suite/S4HANA backend

You will notice that there is no Cloud Connector and OData Provisioning service in this scenario. A Reverse proxy (for example SAP Web dispatcher) and a SAP Gateway system is required on-premise. If you don’t have an SAP Gateway setup, it is recommended to use the hub deployment option.

This scenario facilitates good performance and supports data security policies, as all the corporate data remains within the corporate network and most of the traffic stays within the LAN.


End users accessing the Fiori Apps as well as Classical UIs need to be on the corporate network. SAP Cloud Platform plays a key role in serving and managing the UI contents. Even in an Internal access point landscape, customers can continue to manage the UI application lifecycle on the Cloud Platform and keep them separated from their on-premise environment. If you are considering to use mobile devices, you probably need to set up VPN to access the business data from outside corporate network.


Access Point settings:

Now that you have understood the different landscape options, you need to know where you would have to enable to relevant settings. An Administrators can select the appropriate Access point for their Fiori Launchpad based site from the Site Properties within the Fiori Configuration Cockpit. This setting will dictate the landscape scenario to be used.

To report this post you need to login first.


You must be Logged on to comment or reply to a post.

  1. Mike Doyle

    Nice blog Murali, it’s good to hear that the restriction has been removed.  Would you expect that the external access point scenario will be used much more than the internal?  I would expect that internal will only be used rarely, perhaps at government sites in particular.

    1. Murali Shanmugham Post author

      Yes, its possible. Fiori Cloud is primarily for SAP users who are using a backend SAP system. You can create HTML5 on Cloud Platform and provide access to vendors too.


  2. Sonia Kalra

    Thanks Murali ..


    Does that mean we can’t use FIORI Cloud for external vendors . Could you provide more details on HTML5 on Cloud and how do we design app using that platform .




Leave a Reply