Part 1: How to use SAP Cloud Platform Connectivity and Cloud Connector in the Cloud Foundry environment
*********** Updates ************
Last update on 11.12.2017
See details at the end of the blog
As mentioned in my last blog about the release 2.10. of the Cloud Connector, I would like to take more time to explain in details how to configure the SAP Cloud Platform Connectivity and the Cloud Connector so that you can consume data coming from an on-premise system in a Cloud Foundry based application.
As I want to focus more on the connectivity part, I will keep the application very simple. So the Fiori-based web application will just show a table with products and prices coming from an on-premise backend service. Here a visual overview of what I want to achieve:
This blog will be structured as follow:
Part 1: Initial setup of SAP Cloud Platform Account and Cloud Connector.
To demonstrate it, I will use the following setup:
- SAP Backend system with Fiori Reference applications installed. Odata services have been prepared and configured so that I can add them as resource in the Cloud Connector.
- Cloud Connector v.22.214.171.124. – portable version (of course, it could be a productive version).
- SAP Cloud Platform Trial account (Cloud Foundry environment).
Initial setup of SAP Cloud Platform subaccount
Before configuring anything, we need a SAP Cloud Platform Trial subaccount for the Cloud Foundry environment.
Note: If you created already a Cloud Foundry Trial account in the past, please verify that the global account is not a standalone (account created before Mai 2017) as we have at the moment a small bug with standalone accounts. We are working on it and I will update the blog as soon as this is perfectly working. In the meantime, I would suggest you to create a new Trial Account if you want to test it now.
So let’s go to https://account.hanatrial.ondemand.com/ and register for a trial account.
After the registration a P-user has been created for me: P1942746397. Now I can login and start the Cloud Foundry Trial by clicking in the breadcrumb on “Home” and then on the button “Start Cloud Foundry Trial.
Select your region and initialize your trial subaccount. An organization and a space will be also automatically created.
In order to establish later on the trust between the SAP Cloud Platform Trial subaccount and the Cloud Connector, we will need the ID of the subaccount. You can find it by clicking on the global account in the breadcrumb and then on the “show more” icon of the subaccount tile.
Initial setup of Cloud Connector
Now let’s go to the Cloud Connector and configure it. You can use the same Cloud Connector for the NEO and the Cloud Foundry environments. So if you have already one installed, just make sure that you have at least the version 126.96.36.199 and you are good to go. You can verify the version in the top right corner under Administrator / About.
More information about upgrade can be found here.
If you prefer to test with another Cloud Connector or if you don’t have one in place, you can download it from here and install it as described in the official documentation. Once it’s done, go the the admin UI of the Cloud Connector (https://localhost:8443/), change your password and add your new created Cloud Foundry Trial. Click in the button “Add Subaccount” and insert the details as described below.
Let me emphasize 3 small Cloud Foundry specifications compared to the usual configuration:
- The region is not “hanatrial.ondemand.com” like expected but it should be “cf.eu10.hana.ondemand.com” or “cf.us10.hana.ondemand.com” based on the region you have selected during the creation of your Trial account.
- By selecting Cloud Foundry region host, the label “Subaccount User” would automatically change to “Login E-Mail”. Please use here your email address instead of your P-user.
- Please be aware that the user that establishes the trust between the Cloud Connector and the SAP Cloud Platform must be a Global Account member (See Add Global Account Members) or a Security Administrator (See Security Administrators in Your Subaccount). In the trial account, you’re per default member of the Global Account, so you don’t need to change anything.
Note 1: the configuration for the SAP internal landscape is slightly different. Please drop me an email to get the details.
Note 2: The first time you will map a subaccount to your Cloud Connector, you can see on the right side the settings for the proxy. Don’t forget to add your proxy host and your proxy port if you are behind the proxy. If you forget it, you can configure it later on by going to Configuration > CLOUD > HTTPS Proxy.
Note 3: I didn’t add any location ID. This is an optional field as I’m connecting only this Cloud Connector to this account. Be aware that the location ID is mandatory as soon as you are using multiple Cloud Connectors. See this blog for more information about it.
Once you clicked on “save”, you should see your Subaccount listed to the “Subaccount Dashboard”. Navigate to the detail page to verify that the connection has been activated.
If every works fine, you should see on the top the following notification in green:
The notification mentions that “no active resources available”. Let’s do it and add our odata service of the on-premise backend system (Fiori Reference applications). Click on the tab “Cloud To On-Premise and create an “Access Control” by clicking on the “Add” icon.
Check the official documentation for more details on access control.
Here is my configuration for example:
Important for us are the Virtual Host and the Virtual Port which will be needed later on in the SAP Cloud Platform.
I have also added the needed resources to consume the odata service. Here an overview about the final configuration of the access control:
That’s all! Now we have everything in place to continue in the cloud. In the following part of the blog, I will explain how to setup the SAP Cloud Platform Connectivity and consume the data provided by the Cloud Connector in the Fiori application.
I will publish the second part of the blog very soon. In meantime, just try to create your Cloud Foundry Trial Account, upgrade/install your Cloud Connector and connect both together.
*********** Updates ************
09.01.2017: Small improvements in the blog for a better understanding.
09.08.2018: Added the link of the 3rd part of the blog series explaining how to use principal propagation.
11.12.2018: Security Administrators (without being a Global Account Member) can now establish the connection between the Cloud Connector and the SAP Cloud Platform. See Prerequisites section here.
Feedbacks are of course welcome!