Fiori Cloud and supported landscape scenarios
SAP Fiori Cloud provides a simple approach for SAP customers to adopt Fiori User Experience in the cloud. You get to use a Fiori Launchpad with a set of pre-packaged Fiori Apps straight away. The whole process has been simplified by pushing all the UX related components to the cloud. Components like Launchpad, Fiori Apps, SAPUI5 Libraries are all available as part of the SAP Cloud Platform. You can continue to leverage the existing business processes from your SAP backend system which remains in your premise.
Here are some of the key benefits
- Time to value – Fiori Cloud is all about simplifying your Fiori Implementation. Get your Fiori Apps up and running in few weeks. You don’t need to spend time procuring infrastructure or need to have any sort of cloud footprint to get started.
- Simplified and Lean architecture – Fiori Cloud eliminates the need to have an infrastructure for SAP Gateway, Reverse proxy or Mobile platform. You don’t need to install and patch any of these components.
- Leverage existing investments – You can continue to leverage the existing business processes from your SAP backend system which remains in their data center
- Maintenance – One of the most important benefits is around maintenance aspects. Imagine if you were to update your SAPUI5 library or apply updates to standard Fiori Apps on your on-premise Frontend server – the time, cost and effort to move the change all the way from DEV to PRD. Generally, some customers have 4-7 system landscape. With Fiori Cloud all these things are taken care by SAP Cloud Platform. If there is a new Fiori App released, you would get it instantly as it’s a cloud service. The best part is the usage of the Preview Environment in SAP Cloud Platform. This environment provides options for customers to review and explore all the new functionality (two weeks in advance) before the official service delivery
- Single Entry Point – You can now bring together SAP and Non-SAP business processes all under one single entry point – The Fiori Launchpad. It makes it possible to also brings contents from on-premise as well as from the cloud. So, we now have 1 Entry point and 1 UX.
- Mobilize your apps – Once your Fiori Apps are in the Cloud, your end users can start accessing the apps from anywhere at anytime. You can also take the next step by optimizing your Fiori apps for mobile experience and allow your end users to start using Fiori Apps which leverage device capabilities – like your camera for bar code scanning or even build an offline Fiori App.
When you start to think of a Fiori Cloud Implementation, its important to understand the different landscape options. You probably are aware of the role of the Cloud Connector which establishes an SSL Tunnel between the on-premise environment and the SAP Cloud Platform account. It is through this SSL tunnel the backend connectivity is established. End users can be on the Internet and securely access the Fiori Apps and business data. However, there are few customers who do not wish to expose the business data on the internet due to various security policies within their organization. Such customers can still leverage Fiori Cloud to simplify their Fiori implementation and at the same time comply with their existing security policies. I will explain more about this later in the blog. But first, let’s try and understand the two landscape scenarios supported by Fiori Cloud – Internal Access Point and External Access Point Landscape. Until few months back, Internal Access Point supported only S4HANA backend system and an External Access Point supported only an SAP Business Suite system. Recently, this restriction has been removed and businesses can start using their backend system with either of these landscape scenarios. In this blog, I will help demystify the difference between these landscape scenarios and highlight when customers should consider using each of them.
External Access Point Landscape Scenario
This is the most widely used scenario where both Internal users as well as external users (outside Corporate network) can start using Fiori Apps hosted on the Cloud Platform. The OData services which provide the business data is routed through the Cloud.
Let’s have a look at the below architecture. Within your premise, you maintain your backend systems. These backend system needs to have the Business Enablement (IW_BEP) component along with the relevant components which provide the OData service for supporting the Fiori Apps in the Cloud.
External Access Point for a SAP Business Suite system
SAP Gateway plays a crucial role in registering the OData services which are available in the backend system. Gateway deployment is an important topic and there are differences in the options available based on the backend system. To know more about these options, please refer this blog “SAP Gateway deployment options in a nutshell”
If your backend system is a S4HANA system, it supports the below deployment options for Gateway
- SAP Gateway Hub
- Embedded Gateway
SAP Business Suite:
if your backend is an SAP Business Suite system, you have more choices. The below Gateway deployments are supported
- SAP Gateway Hub
- Embedded Gateway
- OData Provisioning on SAP Cloud Platform
If you have an on-premise SAP Gateway system, you could continue to use it. However, If you don’t have a SAP Gateway system or wish to decommission it, you can start to use the OData Provisioning service and register each of the OData services form the respective backend systems. The OData Provisioning service plays the role of a Gateway Hub in the cloud. There are differences in the features available in on-premise Gateway and in the OData Provisioning service in the cloud. You can find more information in SAP Note 1830712 . Hence, before you begin your implementation journey, it’s worth exploring this to understand which component fits your requirements and the overall cost savings. If you don’t have Gateway in your premise, OData Provisioning is a great choice as it comes with the cloud qualities like scalability, multi-tenancy, rolling software updates and so on. If you already have a Gateway in your premise, you can continue to use it to expose OData services and have the UI related components like Fiori Launchpad, Fiori Apps and SAPUI5 libraries all hosted in the cloud platform.
As I explained earlier, the Cloud Connector is the critical piece which connects with on-premise environment with the Cloud Platform account.
External Access Point for a SAP S/4HANA system
In the Cloud Platform, all the UX related components are hosted and provided as a service. We have the Fiori Launchpad, Fiori Apps and the SAPUI5 libraries which get updated periodically.
Apart from this, there are lot of other services which come packaged with Fiori Cloud. Business analysts and developers can use BUILD to prototype applications before importing them into SAP WebIDE for developing the applications. There is the Theme designer to style the portal sites. Another key service which handles authentication is the Identity Authentication service. You also can leverage the Fiori Mobile service to quickly mobilize the standard and custom Fiori applications which are deployed on the Cloud Platform.
In an external access point landscape, since the OData services which provide the business data is routed through the Cloud, it enables the access of the Fiori Apps from the Internet. This means, if you want your end users or external users to access the Fiori Apps from outside the corporate network, this option is the best. If you are also looking to mobilize these Fiori Apps and allow access from mobile devices, I would recommend this landscape.
The next thing to consider is the Classic UIs. Classic UIs are SAP GUI or WebDynpro ABAP screens which are available in your SAP backend system. It is possible to now launch these UIs from the Fiori Launchpad in the Cloud Platform. However, this is only supported if the user accessing these Apps is within the corporate network. If you would like to know more about configuring Classic UIs, you can refer this blog – “Launch Classical UIs from Cloud Portal”
In the Roadmap, I see there are plans to enable access of Classic UIs from outside corporate network.
Similarly, Business Explorer (BEx) reports can be integrated within the Fiori Launchpad, but can only be launched by a user when they are within the corporate network. If you would like to know more about configuring BEx reports, you can refer this blog – “How to view Business Explorer (BEx) reports in SAP Cloud Platform Portal”
Internal Access Point Landscape Scenario
The architecture is slightly different for an Internal Access Point landscape. This scenario prevents sensitive OData requests to the backend system to be routed through the cloud. The data and the data requests stay within the customer’s network whereas all the UI components, UI configuration, personalization remain on the Cloud Platform.
Gateway deployment options supported for SAP Business Suite & S4HANA:
- SAP Gateway Hub
- Embedded Gateway
Internal Access Point for Business Suite/S4HANA backend
You will notice that there is no Cloud Connector and OData Provisioning service in this scenario. A Reverse proxy (for example SAP Web dispatcher) and a SAP Gateway system is required on-premise. If you don’t have an SAP Gateway setup, it is recommended to use the hub deployment option.
This scenario facilitates good performance and supports data security policies, as all the corporate data remains within the corporate network and most of the traffic stays within the LAN.
End users accessing the Fiori Apps as well as Classical UIs need to be on the corporate network. SAP Cloud Platform plays a key role in serving and managing the UI contents. Even in an Internal access point landscape, customers can continue to manage the UI application lifecycle on the Cloud Platform and keep them separated from their on-premise environment. If you are considering to use mobile devices, you probably need to set up VPN to access the business data from outside corporate network.
Access Point settings:
Now that you have understood the different landscape options, you need to know where you would have to enable to relevant settings. An Administrators can select the appropriate Access point for their Fiori Launchpad based site from the Site Properties within the Fiori Configuration Cockpit. This setting will dictate the landscape scenario to be used.
Great read, thanks for sharing!
Thanks Alper. I thought you only read HANA stuffs 🙂
Nice blog Murali, it's good to hear that the restriction has been removed. Would you expect that the external access point scenario will be used much more than the internal? I would expect that internal will only be used rarely, perhaps at government sites in particular.
Hi Mike, Yes, External access point is what most of the customers are implementing.
Hi Murali Shanmugham, are there all SAP Business Suite transaction (SAP GUI and WebGui) are available in this way or are there certain restrictions?
Hi Klaus, you can only launch transactions as WebGUI for HTML.
Can external user be vendors who donot have SAP User id existing in the system ?
Yes, its possible. Fiori Cloud is primarily for SAP users who are using a backend SAP system. You can create HTML5 on Cloud Platform and provide access to vendors too.
Thanks Murali ..
Does that mean we can't use FIORI Cloud for external vendors . Could you provide more details on HTML5 on Cloud and how do we design app using that platform .
Fiori Cloud refers to the use of Fiori Apps which integrate with OData services in the backend system. Its primarily meant for internal users/employees. External users could also use Fiori apps hosted as part of Fiori Cloud, but you need to ensure that they are "users" in the backend SAP system.
hi, with Fiori cloud the biggest advantage (also coming out of your blog) is the lifecycle management that is taken care of completely outside customer's efforts. But could this also be a 'negative'
Once a customer is live with a certain app (they do some testing before they are actually live), they might actually be reluctant to 'change' anything without testing. But with Fiori on the cloud, this is outside customer's purview and in a way changes are being 'pushed' e.g. updates to UI5 libraries / launchpad version / HANA version that is hosting customers tenant?
What is your feedback on this?
Good question. All updates to libraries/HANA versions are published in the release notes. There is also a preview environment where customers can go and test the new functionalities before it is released productively. If you look at SAPUI5 versions/Fiori Launchpad versions, SAP releases new versions and customer can decide when to turn on the new version in the site settings. As of today, the latest supported version is 1.52 and the Maintenance versions are 1.38/1.44. Once 1.38 goes out of maintenance, Portal site would automatically be upgraded to the next version (if the customer has not done it).
Below is the information available in the release notes:
SAPUI5 version 1.28 is out of maintenance and has been removed from the Site Settings screen for new sites. When editing an existing site that was previously assigned to version 1.28, the assignment in the Site Settings screen changes to 1.38 automatically upon Save. For version 1.38 to take effect in the runtime as well, you need to publish the site.
Thank you Murali. Could you please confirm if the below list (of things that fall into the lifecycle management aspects of Fiori on the cloud) is accurate :
From your explanation above, which of these would be still in customer's control ?
And these changes, would it involve a certain downtime
I can confirm that life cycle management aspects of SAPUI5 libraries, Fiori Launchpad and HANA are taken care by the SAP Cloud Platform. Obviously, when the customer decides to use the self-service option to upgrade their DB, there will be a downtime due to DB restart.
Since your question goes out of scope of this blog, I would suggest you raise a question and tag me and I would be happy to respond to it.
A followup question : So for both access points a Netweaver Gateway is still required on-premise? for both internal and external access point scenarios ?
So in a way this is an extra piece of infrastructure (assuming customers prefer a hub and not to install something into their S/4) ..
NW Gateway is optional in External access point. As of today, SAP still recommends using on-premise Gateway for S4HANA use cases.
Thank you Murali
Is there any reason as of today, to still required a Gateway for S/4 scenarios for the External Access Point scenario ? I could not find this documented anywhere . And would you know when this restriction would be lifted?
On a side note, would it be possible for a customer to start with OP for Fiori and later move to Fiori on the Cloud? What would be the technical steps to do so ? Is it a simple task in summary
Its best if you raise a question in the S4HANA forum for some of the S4HANA folks to respond.
With regard to migration, yes you can start on-premise and move your Fiori apps to Cloud Platform later on. Here are the instructions - https://blogs.sap.com/2017/08/16/deploy-transactional-sap-fiori-apps-for-sap-business-suite-to-sap-cloud-platform/