Skip to Content
Technical Articles
Author's profile photo Thierry PIERRE
Thierry PIERRE
January 22, 2018 3 minute read

SAP Analytics Cloud and HANA Enterprise Cloud – Network perspectives

Foreword

In my last Blog SAP Analytics Cloud – Hybrid Customer Experience based on HANA Enterprise Cloud (HEC) I went over Customer experience with SAP Analytics Cloud and SAP HEC by focusing on project and best practices. I would now like to give a much more technical feedback about this experience especially regarding network settings.

Before reading this post please read my wiki : SAP Analytics Cloud Connectivity Guidelines which could help you to better understand SAP Analytics Cloud connectivity.

SAP HANA Enterprise Cloud is a fully Managed Private Cloud to host on-premise customer applications. SAP HEC hosts more and more on-premise customer SAP Applications. We currently have customers requesting to connect HANA, BW, S4/HANA, etc. from SAP Analytics Cloud.

In the following chapters I am going to detail scenarios which have been proven in some customer Proof of concepts I currently did in past months..

For this blogs, Customer Business users could be located in three different domains:

  • Public domain
  • Customer domain
  • HEC domain

Data Sources are located in two different domains :

  • Customer domain
  • HEC Domain

HEC Data Acquisition scenario

HEC Data Acquisition Scenario

  1. In such scenario, SAP Cloud Connector is located in HEC domain. Customer Domain based data sources are accessed thru a dedicated VPN connection between HEC domain and Customer Domain.
  2. Outbound HEC Service ticket has to be requested to enable SAP Cloud Connector to connect SAP Analytics Cloud Tenants. See my wiki chapter 5.3.1.2 Network prerequisites
    to know more.
  3. Outbound HEC Service ticket has to be requested to enable HEC based Business User to access SAP Analytics Cloud application.

HEC Live Connection with CORS scenario

HEC Live Connection CORS Scenario

  1. In such scenario, specific Outbound HEC Service ticket has to be requested to enable HEC based Business User to access SAP Analytics Cloud application.
  2. Outbound HEC Service ticket has to be requested to enable HEC based Business User to access Customer Domain based data sources.
  3. Inbound HEC Service ticket has to be requested to enable Public Internet based Business User to access Customer Domain based data sources.
  4. Inbound HEC Service ticket has to be requested to enable Public Internet based Business User to access HEC Domain based data sources.

HEC Live Connection with Reverse Proxy scenario

HEC Live Connection Reverse Proxy Scenario

  1. In such scenario, specific Outbound HEC Service ticket has to requested to enable HEC based Reverse Proxy to access SAP Analytics Cloud application.
  2. Outbound HEC Service ticket has to be requested to enable HEC based Reverse Proxy to access Customer Domain based data sources.
  3. Inbound HEC Service ticket has to be requested to enable Public Internet based Business User to access HEC based Reverse Proxy.

HEC Live Connection with Reverse Proxy and SAML2 SSO scenario

SSO SAML2 federation protocol requires network settings to enable smooth flow between Browsers, Identity Provider and Service Providers.

To understand required network settings, find below a reminder of SAML standard flow (Keep in mind color coding).

Standard SAML 2 flow with SAC and Data Sources

HEC SAML Flow Live connection with Reverse Proxy Scenario

In Reverse Proxy configuration, Browser needs to connect SAP Analytics Cloud and Identity Provider through Reverse Proxy. It is not necessary for Back-end Data Sources.

  1. In such scenario, specific Outbound HEC Service ticket has to requested to enable HEC based Reverse Proxy to access SAP Analytics Cloud application SAML2 address (authn).
  2. Outbound HEC Service ticket has to be requested to enable HEC based Reverse Proxy to access Customer Domain based data sources SAML2 Address.

HEC Live Connection with CORS and SAML2 SSO scenario

HEC SAML Flow Scenario with CORS

In CORS configuration, Browser directly connect SAC and Identity Provider.  This configuration is quite simpler to set and administrate.

  1. In such scenario, specific Outbound HEC Service ticket has to requested to enable HEC based Business users to access SAP Analytics Cloud application SAML2 address (authn).
  2. Outbound HEC Service ticket has to be requested to enable HEC based Business users to access Customer Domain based data sources SAML2 Address.

I hope this blog post will help you to successfully connect SAP Analytics Cloud to SAP HANA Enterprise Cloud.

Thanks.

Assigned Tags

      3 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Well studied blog is presented here; it carries explained information that helps the readers with every detail about the subject.

       

      Author's profile photo Shailendar ANUGU
      Shailendar ANUGU

      well done Thierry!! very informative,understandable.

      Author's profile photo Andreas J A Schneider
      Andreas J A Schneider

      Hello thanks for this blog, still I am not clear on the following:

      Assuming the customer is running SAP BW4/HANA in HEC and is adding SAC. How is the data flow when importing data to SAC? Is all of this taking place completely in the SAP Cloud (HEC & SCP)?